[Bug 1898729] Re: shim can end up being removed

[Steve Langasek]

sorry, I overlooked that this had been marked for 0-day SRU and
improperly unblocked it for groovy migration.  I've now rolled it back.

** Changed in: shim-signed (Ubuntu Groovy)
       Status: Fix Released => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1898729

Title:
  shim can end up being removed

Status in shim-signed package in Ubuntu:
  Fix Committed
Status in shim-signed source package in Focal:
  New
Status in shim-signed source package in Groovy:
  Fix Committed

Bug description:
  [Impact]
  System unbootable because shim-signed was marked auto and removed during upgrade.

  [Test case]
  lxc launch ubuntu:focal shimtest
  lxc exec shimtest apt install shim-signed
  lxc exec shimtest apt-mark auto shim-signed
  lxc exec shimtest apt autoremove # check it's listed
  lxc exec shimtest mount -t tmpfs tmpfs /boot/efi # hack around check
  lxc exec shimtest do-release-upgrade -d
  lxc exec shimtest apt policy shim-signed # ensure shim is still there

  [Regression potential]
  Scripts removing shim-signed will fail and need to pass --allow-remove-essential now.

  [Original bug report]
  I just did a set of package updates in focal that ended up with shim shim-signed mokutil being autoremoved.

  I rebooted without noticing, and had to manually recover the system
  thereafter. :(

  Julian says there was a period of time where these were marked auto. I
  suppose that I installed during this window, and now some dependency
  change meant that as far as apt was concerned they weren't required
  any more.

  Can we please consider never proposing these packages for autoremoval?
  apt has NeverAutoRemove for this which could be used, or some other
  appropriate method.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1898729/+subscriptions