[CentOS] Fixing grub/shim issue Centos 7

Fri Aug 7 14:07:49 UTC 2020
Simon Matter <simon.matter at invoca.ch>

> On 8/7/20 5:30 AM, Phil Perry wrote:
>> On 07/08/2020 10:01, Johnny Hughes wrote:
>>> On 8/7/20 3:46 AM, Nicolas Kovacs wrote:
>>>> Le 07/08/2020 à 09:40, Alessandro Baggi a écrit :
>>>>> Probably many users have not updated their machines between the bug
>>>>> release and
>>>>> the resolution (thanks to your fast apply in the weekend, thank you)
>>>>> and many
>>>>> update their centos machines on a 2 months base (if not worst). I
>>>>> think also
>>>>> that many users of CentOS user base have not proclamed their
>>>>> disappointement/the issue on this list or in other channels. For
>>>>> example I
>>>>> simply updated in the wrong time.
>>>>
>>>> I'm using yum-cron to keep all my server updated on a daily basis.
>>>>
>>>> And my question "How could this have passed Q & A" was obviously
>>>> directed at
>>>> Red Hat... and *not* at Johnny Hughes and the CentOS team who do
>>>> their best to
>>>> deliver the best possible downstream system. I raise my morning
>>>> coffee mug to
>>>> your health, guys.
>>>>
>>>> Cheers,
>>>>
>>>> Niki
>>>>
>>> I can assure you .. a BUNCH of testing was done.  Because of the scope
>>> of this udpate, the CentOS team was looped in during the embargo stage
>>> (we normally are not .. Red Hat Engineering got permission to make this
>>> happen for this issue). Normally we see things that are open source
>>> only
>>> .. not embargoed content.  Once the embargo gets lifted, the items
>>> become open source.  Kudos to the RH team for making this happen.
>>>
>>> The CentOS team worked with the RHEL team on this update for several
>>> days (more than a week, for sure, maybe 2 weeks)
>>>
>>> I gained MUCH respect for all those guys .. especially  Peter Jones. 
>>> He
>>> is Mr.Secure Boot.
>>>
>>> I personally tested both the c8 and c7 solutions on several machines
>>> (All i have access to actually, including several personal machines
>>> that
>>> have secureboot).  I saw some of the testing that happened on the RHEL
>>> side.  It was extensive.
>>>
>>
>> I'll just add to Johnny's already comprehensive reply. As a member of
>> the CentOS QA team, I personally tested the update on 3 physical
>> machines and all worked fine. Moreover, the QA team was not able to
>> replicate the issue on a single physical machine available to them - the
>> first indication of a problem came from public reports. We give up a
>> huge amount of our personal time and resources to ensure CentOS (and
>> RHEL) are the very best products they can be. I'm unsure what more could
>> have been done.
>
> Thanks Phil,
>
> I very much appreciate all you and the rest of the QA team do.
>
> I know it is a knee jerk reaction to say .. how did that not get caught.
>  I actually said it MYSELF for this very issue.  But looking back, I am
> not sure how we could have caught it.
>
> "Stuff Happens"  :)
>

Crowd testing? Feed the green bananas to the crowd and let them ripe. It
works well for some of the biggest software companies :-)

At least it could make sense for directly hardware related stuff like
kernel, boot loader, firmware/microcode and similar.

Regards,
Simon