[Bug 1898729] Re: shim can end up being removed

Launchpad Bug Tracker 1898729 at bugs.launchpad.net
Tue Oct 20 21:07:11 UTC 2020 

This bug was fixed in the package shim-signed - 1.44

---------------
shim-signed (1.44) groovy; urgency=medium

  * Set XB-Important: yes and Protected: yes on shim-signed package
    so that it cannot be removed by accident (LP: #1898729)

 -- Julian Andres Klode <juliank at ubuntu.com>  Tue, 20 Oct 2020 12:05:37
+0200

** Changed in: shim-signed (Ubuntu Groovy)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1898729

Title:
  shim can end up being removed

Status in shim-signed package in Ubuntu:
  Fix Released
Status in shim-signed source package in Focal:
  New
Status in shim-signed source package in Groovy:
  Fix Released

Bug description:
  [Impact]
  System unbootable because shim-signed was marked auto and removed during upgrade.

  [Test case]
  lxc launch ubuntu:focal shimtest
  lxc exec shimtest apt install shim-signed
  lxc exec shimtest apt-mark auto shim-signed
  lxc exec shimtest apt autoremove # check it's listed
  lxc exec shimtest mount -t tmpfs tmpfs /boot/efi # hack around check
  lxc exec shimtest do-release-upgrade -d
  lxc exec shimtest apt policy shim-signed # ensure shim is still there

  [Regression potential]
  Scripts removing shim-signed will fail and need to pass --allow-remove-essential now.

  [Original bug report]
  I just did a set of package updates in focal that ended up with shim shim-signed mokutil being autoremoved.

  I rebooted without noticing, and had to manually recover the system
  thereafter. :(

  Julian says there was a period of time where these were marked auto. I
  suppose that I installed during this window, and now some dependency
  change meant that as far as apt was concerned they weren't required
  any more.

  Can we please consider never proposing these packages for autoremoval?
  apt has NeverAutoRemove for this which could be used, or some other
  appropriate method.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1898729/+subscriptions

More information about the foundations-bugs mailing list