if someone is using secure-boot it would be safer if the bootloader is updated and signed
You should sign the loader AND THEN install it. See https://github.com/systemd/systemd/pull/21566
Search Criteria
Package Details: systemd-boot-pacman-hook 3-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/systemd-boot-pacman-hook.git (read-only, click to copy) |
|---|---|
| Package Base: | systemd-boot-pacman-hook |
| Description: | Pacman hook to upgrade systemd-boot after systemd upgrade. |
| Upstream URL: | None |
| Licenses: | GPL |
| Submitter: | Nierro |
| Maintainer: | Nierro |
| Last Packager: | Scrumplex |
| Votes: | 171 |
| Popularity: | 1.03 |
| First Submitted: | 2016-06-18 15:25 (UTC) |
| Last Updated: | 2021-12-27 16:36 (UTC) |
Dependencies (1)
- systemd (systemd-chromiumosAUR, systemd-selinuxAUR, systemd-fmlAUR, systemd-gitAUR)
Required by (0)
Sources (1)
whynothugo commented on 2021-12-24 23:07 (UTC) (edited on 2021-12-24 23:08 (UTC) by whynothugo)
Scrumplex commented on 2021-12-24 19:14 (UTC)
Thanks! Also merry xmas from me!
Nierro commented on 2021-12-24 18:49 (UTC) (edited on 2021-12-24 18:49 (UTC) by Nierro)
Here we go :) Thanks! I might drop the package entirely in the future; at least i will leave it in good hands!
Oh, also, merry xmas!
Scrumplex commented on 2021-12-24 18:48 (UTC)
@Nierro: Thanks for the offer! If you feel like you don't need this package anymore, feel free to add me as a co-maintainer :D I will certainly still use it on my securely booted notebook :D
Nierro commented on 2021-12-24 18:44 (UTC)
Uh i see, that makes sense.
Btw for my use case (and most use cases i think), the new service is quite enough.
Would you like to step up and maintain this package?
Scrumplex commented on 2021-12-24 18:42 (UTC) (edited on 2021-12-24 18:42 (UTC) by Scrumplex)
@Nierro not quite! I edited to Wiki today documenting this feature. The systemd unit only runs on every boot when enabled. So the updated bootloader will be active on the second reboot after upgrading systemd. Also: if someone is using secure-boot it would be safer if the bootloader is updated and signed after the package upgrade, as the user wouldn't necessarily notice a failed service unit. So there is still a use-case.
Nierro commented on 2021-12-24 18:39 (UTC)
@Scrumplex from what i read, it seems like this package is now useless:
A new unit systemd-boot-update.service has been added. If enabled (the default) and the sd-boot loader is detected to be installed, it is automatically updated to the newest version when out of date. This is useful to ensure the boot loader remains up-to-date, and updates automatically propagate from the OS tree in /usr/.
Nierro commented on 2021-12-24 17:01 (UTC)
@Scrumplex i will git this a look, thanks!
Scrumplex commented on 2021-12-24 10:08 (UTC)
With systemd 250 (currently in testing). You could start the new systemd-boot-update.service oneshot service, instead of running bootctl update inside your hook.
Nierro commented on 2021-05-16 19:39 (UTC)
Done, sorry for the late response!
Pinned Comments
Scrumplex commented on 2021-12-27 16:37 (UTC) (edited on 2021-12-27 16:38 (UTC) by Scrumplex)
I have updated the hook now, to use the systemd unit instead of doing the update ourselves. If you are still running systemd 249 or older, don't use this, as it relies on systemd 250.