[Bug 1767091] Re: package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 30
Launchpad Bug Tracker
1767091 at bugs.launchpad.net
Thu Jun 28 07:29:31 UTC 2018
This bug was fixed in the package shim-signed - 1.34.9.1
---------------
shim-signed (1.34.9.1) bionic; urgency=medium
* update-secureboot-policy: fix quoting for key/again password handling to
mokutil. (LP: #1770579)
* update-secureboot-policy: don't allow backtracking at the "main" question
for whether to enroll a new MOK. (LP: #1767091)
-- Mathieu Trudel-Lapierre <cyphermox at ubuntu.com> Mon, 11 Jun 2018
15:23:28 -0400
** Changed in: shim-signed (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1767091
Title:
package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade:
installed shim-signed package post-installation script subprocess
returned error exit status 30
Status in shim-signed package in Ubuntu:
Fix Released
Status in shim-signed source package in Bionic:
Fix Released
Bug description:
[Impact]
Users of SecureBoot with DKMS modules can trigger a maintainer script crash by using the buttons presented in the debconf UI, leaving the package in an unconfigured state.
[Test case]
1) Delete /var/lib/shim-signed/mok/MOK.* if exists.
2) Run 'sudo update-secureboot-policy --new-key'
3) Run 'sudo update-secureboot-policy --enroll-key'
4) When prompted to "enable Secure Boot", hit the Back button.
With no patch applied, the dialog will fall into an invalid state and
error out, with the characteristic "return code 30" error as seen in
the bug report.
With the patch applied, no Back button will be present -- the user
should not be allowed to back up out of the enrolment dialog except by
making the conscious decision to enable SecureBoot / enroll a MOK or
continue with no changes, as are the two options presented.
[Regression Potential]
Issues to watch out for are any related to password handling (failure to get the password and continue out of the debconf prompts without error), failure to enroll keys, or being unable to use dkms modules after reboot and successful enrolment of the key. Any erroring out of the debconf prompts at install should be investigated as possible regressions from this SRU.
---
during partial update from 17.10 to 18.04
ProblemType: Package
DistroRelease: Ubuntu 18.04
Package: shim-signed 1.34.9+13-0ubuntu2
ProcVersionSignature: Ubuntu 4.13.0-38.43-generic 4.13.16
Uname: Linux 4.13.0-38-generic x86_64
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] Aucun fichier ou dossier de ce type: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Thu Apr 26 11:31:05 2018
DistributionChannelDescriptor:
# This is a distribution channel descriptor
# For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
canonical-oem-somerville-xenial-amd64-20160624-2
ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 30
InstallationDate: Installed on 2018-03-26 (30 days ago)
InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20160624-10:47
MokSBStateRT: 6 0 0 0 1
Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3
PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1
RelatedPackageVersions:
dpkg 1.19.0.5ubuntu2
apt 1.6.1
SecureBoot: 6 0 0 0 1
SourcePackage: shim-signed
Title: package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 30
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1767091/+subscriptions
More information about the foundations-bugs
mailing list