Description of problem:
Package shim-unsigned-x64 fails to build from source in Fedora rawhide, Fedora 31 and Fedora 30. It has been not rebuilt since Fedora 28.
According to the policy, it is set to be retired cca a week before the branching. That is during the first week of February 2020.
I am afraid that this might be a crucial package and its retirement might hurt the Fedora project, hence I am opening this bugzilla. Please rebuild the package to avoid the retirement.
If rebuilding is not possible nor desired, please work with FESCo to get a policy exception.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
$ fedpkg build
This package is tracked by Koschei. See:
The build log says:
gcc: command not found
I will see if that's the only problem.
(In reply to Miro Hrončok from comment #0)
> The build log says:
> gcc: command not found
> I will see if that's the only problem.
The current problem is:
In file included from /builddir/build/BUILD/shim-13/netboot.c:36:
/usr/include/efi/efi.h:41:10: fatal error: efibind.h: No such file or directory
41 | #include "efibind.h"
your package has not been built successfully in 31. Action is required from you.
If you can fix your package to build, perform a build in koji, and either create
an update in bodhi, or close this bug without creating an update, if updating is
not appropriate . If you are working on a fix, set the status to ASSIGNED to
acknowledge this. Following the latest policy for such packages , your package
will be orphaned if this bug remains in NEW state more than 8 weeks.
A week before the mass branching of Fedora 32 according to the schedule ,
any packages not successfully rebuilt at least on Fedora 30 will be
retired regardless of the status of this bug.
Actually looks like an issue with gnu-efi. Also note due to secure-boot signing ACL requirements this package can only be built by people in the ACL.
Nominating as prioritized bug, because, as said on the devel mailing list, we want booting x86 images with secure-boot.
Right now the plan for this is to rebuild it when the next version of shim is released, which will happen once I've gotten sufficient feedback on the proposed openssl changes. It really doesn't matter that it hasn't been rebuilt, the current build works just fine and it doesn't link against anything at all in the distro.
Discussed in today's Prioritized Bugs meeting. Rejected as a prioritized bug since it is not a bug, but an edge case in policy. shim, shim-unsigned-x64, and shim-unsigned-aarch64 should be excepted from the long-term FTBFS cleanup.
Peter, will you please request the exception trough https://pagure.io/fesco/issues ? You know the technical reasons why this package should not follow the policy.
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle.
Changing version to 32.