1

I'm using the Ubuntu Mainline Kernel Updater to keep my installs on mainline because I want to start helping uncover kernel bugs in early releases. I've been doing this since late 4.15 release cycle using the linked update script. Starting with the 4.17 release cycle the Ubuntu Kernel PPA has been missing the deb builds for the kernel itself since rc2 but they came back in rc4/5 with the unsigned name. I know on the mailing list there were patches surrounding root of trust during the boot process and if they should be tied to certain UEFI flags. I also know this involved signing kernel releases and drivers, so I suspect that may be the cause of the name change and therefore non-functioning script.

I was hoping to get some more insight as to where on the Ubuntu side I would receive communications regarding why certain RCs were incomplete and why the others changed. Obv Bionic dropped and I figured that might be the reason some were incomplete.

Should I just go ahead and patch the updater script to use the unsigned images? I'm not terribly concerned about the presence (or lack thereof) of the chain of trust feature.

Thanks

Edit 1

PR to Fix the Script My Fork if the Repo Remains Silent

guyfleeman
  • 191
  • 1
    The team to contact with these questions is the Ubuntu Kernel Team. I don't believe they frequent Ask Ubuntu, and you may get a faster response when reaching out to them directly. – Thomas Ward May 14 '18 at 18:19
  • For anyone who stumbled across this, I opened a PR at https://github.com/GM-Script-Writer-62850/Ubuntu-Mainline-Kernel-Updater/pull/30 to fix this change. – guyfleeman May 18 '18 at 22:48
  • Not sure about your "fork" but there was a bug in Kernel 4.17-rc2, 4.14.36 and 4.16.3. See: https://askubuntu.com/questions/1027767/cannot-remove-apt-package-unmet-dependencies/1029546#1029546 and https://askubuntu.com/questions/1030043/unable-to-upgrade-kernel-after-4-16-3/1030377#1030377. Also today someone asked why kernels were no longer signed: https://askubuntu.com/questions/1039201/why-ubuntu-stopped-publishing-signed-linux-kernel-images-since-4-16-4#comment1692276_1039201 – WinEunuuchs2Unix May 23 '18 at 04:41
  • Fork was based off of Andy's response below. He's on the kernel team and said the change in naming scheme was here to stay. The script now fetches kernels properly. It still failes for a plethora of other outside of my direct control. – guyfleeman May 23 '18 at 15:16

1 Answers1

3

Early -rcs commonly are not buildable due to upstream bugs. The later switch to -unsigned is deliberate and permenant for later versions. These relate to a change to have always signed kernels on full installed so the linux-image-* package now always contains a signed kernel if one exists. The unsigned kernel is shipped in linux-image-unsigned-*. These kernels are by definition always unsigned.

Andy
  • 852