On 8/6/21 5:57 PM, Adrian Zaugg wrote:
> In der Nachricht vom Friday, 6 August 2021 03:25:58 CEST steht:
>> Which Beowulf iso did you use? I think we fixed this in the 3.1.1
>> point-release isos, but you still may hit it on an upgrade.
>
> It happened on upgraded systems.
>
> Thanx for fixing the ISO.
>
> Don't you see a way to prevent the issue happening on upgraded systems, e.g.
> blacklisting grub-efi-amd64-signed or using another mechanism?
>
> Regards, Adrian.
>
> BTW: I uninstalled grub-efi-amd64-signed without concern because of Debian bug
> #906124 [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906124]
>
>

If grub-efi-amd64-signed is getting installed on upgrade from ascii to
beowulf, one way I can think of preventing it is to pin that package
before doing the upgrade. For example:

in /etc/apt/preferences.d/no-signed

Package: grub-efi-amd64-signed
Pin: release n=beowulf
Pin-Priority: -1

Aha! I see that grub-efi-amd64-bin Recommends grub-efi-amd64-signed, so
another way to block it is to block Recommends.

in /etc/apt/apt.conf.d/00norecommends

APT::Install-Recommends "no";

or else add '--no-install-recommends' to a command-line install.

I can't think of any clean ways for us to do this for the end user. Maybe
someone else has a better idea.

fsmithred