We have this script which attempts to force installation of the right signed EFI packages from the ISO (which come from ship-live in the seed) but does it in a really strange way:
- adds the ISO to sources
- deletes all lines in sources.list that include http, essentially rendering sources.list useless
- runs an update
- installs packages, without allowing for upgrades
Some possible changes to consider:
- set ISO source to a higher priority
- don't touch sources.list
- if Internet, allow upgrades! although there's a commit that suggests that updating EFI packages is bad???