[Bug 2080297] [NEW] installed shim-signed package post-installation script subprocess returned error exit status 32

Julio Lajara 2080297 at bugs.launchpad.net
Tue Sep 10 21:55:19 UTC 2024 

Public bug reported:

We use Packer to build Ubuntu 20.04/22.04 images for our devices and the
root disk in Packer starts out as a virtio disk mounted to /dev/vda1.
When we restore these images to our Intel NUC devices, they are restored
to either a SATA or NVME device. These images and the devices are setup
to do UEFI booting leveraging grub, however secure boot is disabled in
the BIOS.

When we attempt to do automated non interactive OS upgrades on these
devices using Ansible for either 20.04 or 22.04, we get the following
equivalent error from shim-signed packaged:

$ sudo apt-get install -f
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up shim-signed (1.51.4+15.8-0ubuntu1) ...
mount: /var/lib/grub/esp: special device /dev/vda1 does not exist.
dpkg: error processing package shim-signed (--configure):
 installed shim-signed package post-installation script subprocess returned error exit status 32
Errors were encountered while processing:
 shim-signed
E: Sub-process /usr/bin/dpkg returned an error code (1)

Here we show the output of running `apt-get install -f` manually and it
brings up the ncurses prompt in the attached image at which point we
press ESC instead of OK to mimic what is happening when Ansible runs.

Ansible is running the equivalent of "sudo aptitude safe-upgrade" with
the environment variable "DEBIAN_FRONTEND=noninteractive" set. The shim-
signed package seems to be ignoring the request for a noninteractive
install and causes the upgrade to fail since we cannot send in
confirmation for the ncurses prompt from Ansible.

We would like to request that this package's post-install script be
updated to properly adhere to noninteractive install behavior expected
of most packages or provide different expected environment variables
which can be set for advanced selection of answers to any prompts.

Ive opened this bug ticket against 22.04 but I have confirmed the same
issue exists on 20.04 as well.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: shim-signed 1.51.3+15.7-0ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-40.40~22.04.3-generic 6.8.12
Uname: Linux 6.8.0-40-generic x86_64
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.11-0ubuntu82.6
Architecture: amd64
BootEFIContents:
 BOOTX64.CSV
 grub.cfg
 grubx64.efi
 mmx64.efi
 shimx64.efi
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Tue Sep 10 17:50:16 2024
EFIBootMgr: Error: command ['efibootmgr', '-v'] failed with exit code 2: EFI variables are not supported on this system.
EFITables:
 Aug 26 00:44:49 transformer fstrim[8155]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
 Sep 02 00:32:42 transformer fstrim[225707]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
 Sep 09 00:08:43 transformer fstrim[442197]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
InstallationDate: Installed on 2023-01-03 (615 days ago)
InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: shim-signed
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: shim-signed (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug jammy

** Attachment added: "shim-signed ncurses prompt"
   https://bugs.launchpad.net/bugs/2080297/+attachment/5815417/+files/shim-signed_prompt.png

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2080297

Title:
  installed shim-signed package post-installation script subprocess
  returned error exit status 32

Status in shim-signed package in Ubuntu:
  New

Bug description:
  We use Packer to build Ubuntu 20.04/22.04 images for our devices and
  the root disk in Packer starts out as a virtio disk mounted to
  /dev/vda1. When we restore these images to our Intel NUC devices, they
  are restored to either a SATA or NVME device. These images and the
  devices are setup to do UEFI booting leveraging grub, however secure
  boot is disabled in the BIOS.

  When we attempt to do automated non interactive OS upgrades on these
  devices using Ansible for either 20.04 or 22.04, we get the following
  equivalent error from shim-signed packaged:

  $ sudo apt-get install -f
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  1 not fully installed or removed.
  After this operation, 0 B of additional disk space will be used.
  Setting up shim-signed (1.51.4+15.8-0ubuntu1) ...
  mount: /var/lib/grub/esp: special device /dev/vda1 does not exist.
  dpkg: error processing package shim-signed (--configure):
   installed shim-signed package post-installation script subprocess returned error exit status 32
  Errors were encountered while processing:
   shim-signed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  Here we show the output of running `apt-get install -f` manually and
  it brings up the ncurses prompt in the attached image at which point
  we press ESC instead of OK to mimic what is happening when Ansible
  runs.

  Ansible is running the equivalent of "sudo aptitude safe-upgrade" with
  the environment variable "DEBIAN_FRONTEND=noninteractive" set. The
  shim-signed package seems to be ignoring the request for a
  noninteractive install and causes the upgrade to fail since we cannot
  send in confirmation for the ncurses prompt from Ansible.

  We would like to request that this package's post-install script be
  updated to properly adhere to noninteractive install behavior expected
  of most packages or provide different expected environment variables
  which can be set for advanced selection of answers to any prompts.

  Ive opened this bug ticket against 22.04 but I have confirmed the same
  issue exists on 20.04 as well.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: shim-signed 1.51.3+15.7-0ubuntu1
  ProcVersionSignature: Ubuntu 6.8.0-40.40~22.04.3-generic 6.8.12
  Uname: Linux 6.8.0-40-generic x86_64
  .proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
  ApportVersion: 2.20.11-0ubuntu82.6
  Architecture: amd64
  BootEFIContents:
   BOOTX64.CSV
   grub.cfg
   grubx64.efi
   mmx64.efi
   shimx64.efi
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Sep 10 17:50:16 2024
  EFIBootMgr: Error: command ['efibootmgr', '-v'] failed with exit code 2: EFI variables are not supported on this system.
  EFITables:
   Aug 26 00:44:49 transformer fstrim[8155]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
   Sep 02 00:32:42 transformer fstrim[225707]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
   Sep 09 00:08:43 transformer fstrim[442197]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
  InstallationDate: Installed on 2023-01-03 (615 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: shim-signed
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/2080297/+subscriptions

More information about the foundations-bugs mailing list