[Bug 1770579] Re: Failure to quote variable containing secureboot password (errors out with whitespace) package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 2

Mathieu Trudel-Lapierre mathieu.tl at gmail.com
Mon Jun 11 19:37:19 UTC 2018 

** Description changed:

- This happens when I tried to setup boot key during 18.04 upgrade.  
+ [Impact]
+ Any user of third-party (dkms) modules with Secure Boot enabled, who uses a space in the mok password.
+ 
+ [Test case]
+ 1) Delete /var/lib/shim-signed/mok/MOK.* if exists.
+ 2) Run 'sudo update-secureboot-policy --new-key'
+ 3) Run 'sudo update-secureboot-policy --enroll-key'
+ 4) When prompted, enter a password containing the space character.
+ 
+ [Regression potential]
+ Issues to watch out for are any related to password handling (failure to get the password and continue out of the debconf prompts without error), failure to enroll keys, or being unable to use dkms modules after reboot and successful enrolment of the key.
+ 
+ --
+ 
+ This happens when I tried to setup boot key during 18.04 upgrade.
  Exits with Error code 2
  
  ProblemType: Package
  DistroRelease: Ubuntu 18.04
  Package: shim-signed 1.34.9+13-0ubuntu2
  ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
  Uname: Linux 4.15.0-20-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  .proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  Date: Wed May  9 20:01:47 2018
  EFITables:
-  May 11 23:30:27 dheepan-tower kernel: efi: EFI v2.40 by American Megatrends
-  May 11 23:30:27 dheepan-tower kernel: efi:  ESRT=0xbfed1d98  ACPI=0xbe576000  ACPI 2.0=0xbe576000  SMBIOS=0xbfed0000  SMBIOS 3.0=0xbfecf000  MPS=0xfc9e0 
-  May 11 23:30:27 dheepan-tower kernel: secureboot: Secure boot disabled
-  May 11 23:30:27 dheepan-tower kernel: esrt: Reserving ESRT space from 0x00000000bfed1d98 to 0x00000000bfed1dd0.
+  May 11 23:30:27 dheepan-tower kernel: efi: EFI v2.40 by American Megatrends
+  May 11 23:30:27 dheepan-tower kernel: efi:  ESRT=0xbfed1d98  ACPI=0xbe576000  ACPI 2.0=0xbe576000  SMBIOS=0xbfed0000  SMBIOS 3.0=0xbfecf000  MPS=0xfc9e0
+  May 11 23:30:27 dheepan-tower kernel: secureboot: Secure boot disabled
+  May 11 23:30:27 dheepan-tower kernel: esrt: Reserving ESRT space from 0x00000000bfed1d98 to 0x00000000bfed1dd0.
  ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 2
  InstallationDate: Installed on 2017-11-18 (173 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
  MokSBStateRT: 6   0   0   0   1
  Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3
  PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1
  RelatedPackageVersions:
-  dpkg 1.19.0.5ubuntu2
-  apt  1.6.1
+  dpkg 1.19.0.5ubuntu2
+  apt  1.6.1
  SecureBoot: 6   0   0   0   1
  SourcePackage: shim-signed
  Title: package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 2
  UpgradeStatus: Upgraded to bionic on 2018-05-09 (1 days ago)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1770579

Title:
  Failure to quote variable containing secureboot password (errors out
  with whitespace) package shim-signed 1.34.9+13-0ubuntu2 failed to
  install/upgrade: installed shim-signed package post-installation
  script subprocess returned error exit status 2

Status in shim-signed package in Ubuntu:
  Fix Released
Status in shim-signed source package in Bionic:
  Triaged
Status in shim-signed source package in Cosmic:
  Fix Released

Bug description:
  [Impact]
  Any user of third-party (dkms) modules with Secure Boot enabled, who uses a space in the mok password.

  [Test case]
  1) Delete /var/lib/shim-signed/mok/MOK.* if exists.
  2) Run 'sudo update-secureboot-policy --new-key'
  3) Run 'sudo update-secureboot-policy --enroll-key'
  4) When prompted, enter a password containing the space character.

  [Regression potential]
  Issues to watch out for are any related to password handling (failure to get the password and continue out of the debconf prompts without error), failure to enroll keys, or being unable to use dkms modules after reboot and successful enrolment of the key.

  --

  This happens when I tried to setup boot key during 18.04 upgrade.
  Exits with Error code 2

  ProblemType: Package
  DistroRelease: Ubuntu 18.04
  Package: shim-signed 1.34.9+13-0ubuntu2
  ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
  Uname: Linux 4.15.0-20-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  .proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
  ApportVersion: 2.20.9-0ubuntu7
  Architecture: amd64
  Date: Wed May  9 20:01:47 2018
  EFITables:
   May 11 23:30:27 dheepan-tower kernel: efi: EFI v2.40 by American Megatrends
   May 11 23:30:27 dheepan-tower kernel: efi:  ESRT=0xbfed1d98  ACPI=0xbe576000  ACPI 2.0=0xbe576000  SMBIOS=0xbfed0000  SMBIOS 3.0=0xbfecf000  MPS=0xfc9e0
   May 11 23:30:27 dheepan-tower kernel: secureboot: Secure boot disabled
   May 11 23:30:27 dheepan-tower kernel: esrt: Reserving ESRT space from 0x00000000bfed1d98 to 0x00000000bfed1dd0.
  ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 2
  InstallationDate: Installed on 2017-11-18 (173 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
  MokSBStateRT: 6   0   0   0   1
  Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3
  PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1
  RelatedPackageVersions:
   dpkg 1.19.0.5ubuntu2
   apt  1.6.1
  SecureBoot: 6   0   0   0   1
  SourcePackage: shim-signed
  Title: package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 2
  UpgradeStatus: Upgraded to bionic on 2018-05-09 (1 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1770579/+subscriptions

More information about the foundations-bugs mailing list