[Bug 2080297] Re: installed shim-signed package post-installation script subprocess returned error exit status 32

Julian Andres Klode 2080297 at bugs.launchpad.net
Mon Sep 30 11:27:11 UTC 2024 

*** This bug is a duplicate of bug 2083176 ***
    https://bugs.launchpad.net/bugs/2083176

Apologies there was some misunderstanding here, in that /boot/efi is the
only option.

I am going to mark this as a duplicate of bug 2083176, my general
perspective is:


If we had one partition configured before, and /boot/efi is the only option now, then we should automatically select /boot/efi.

If we had multiple targets selected before, then we still need to prompt
(or fail in non-interactive mode), the failure scenario there would
otherwise be:

1. You accidentally unplug disk 2
2. A grub update silently reconfigures to install to disk 1 only
3. You notice disk 2 is unplugged, plug it back in (or replace it with a new disk 2)
4. Disk 2 is never being updated again

Scary!

** This bug has been marked a duplicate of bug 2083176
   grub-efi install device being prompted on upgrade, despite only /boot/efi being an option.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/2080297

Title:
  installed shim-signed package post-installation script subprocess
  returned error exit status 32

Status in shim-signed package in Ubuntu:
  Opinion

Bug description:
  We use Packer to build Ubuntu 20.04/22.04 images for our devices and
  the root disk in Packer starts out as a virtio disk mounted to
  /dev/vda1. When we restore these images to our Intel NUC devices, they
  are restored to either a SATA or NVME device. These images and the
  devices are setup to do UEFI booting leveraging grub, however secure
  boot is disabled in the BIOS.

  When we attempt to do automated non interactive OS upgrades on these
  devices using Ansible for either 20.04 or 22.04, we get the following
  equivalent error from shim-signed packaged:

  $ sudo apt-get install -f
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
  1 not fully installed or removed.
  After this operation, 0 B of additional disk space will be used.
  Setting up shim-signed (1.51.4+15.8-0ubuntu1) ...
  mount: /var/lib/grub/esp: special device /dev/vda1 does not exist.
  dpkg: error processing package shim-signed (--configure):
   installed shim-signed package post-installation script subprocess returned error exit status 32
  Errors were encountered while processing:
   shim-signed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  Here we show the output of running `apt-get install -f` manually and
  it brings up the ncurses prompt in the attached image at which point
  we press ESC instead of OK to mimic what is happening when Ansible
  runs.

  Ansible is running the equivalent of "sudo aptitude safe-upgrade" with
  the environment variable "DEBIAN_FRONTEND=noninteractive" set. The
  shim-signed package seems to be ignoring the request for a
  noninteractive install and causes the upgrade to fail since we cannot
  send in confirmation for the ncurses prompt from Ansible.

  We would like to request that this package's post-install script be
  updated to properly adhere to noninteractive install behavior expected
  of most packages or provide different expected environment variables
  which can be set for advanced selection of answers to any prompts.

  Ive opened this bug ticket against 22.04 but I have confirmed the same
  issue exists on 20.04 as well.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: shim-signed 1.51.3+15.7-0ubuntu1
  ProcVersionSignature: Ubuntu 6.8.0-40.40~22.04.3-generic 6.8.12
  Uname: Linux 6.8.0-40-generic x86_64
  .proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
  ApportVersion: 2.20.11-0ubuntu82.6
  Architecture: amd64
  BootEFIContents:
   BOOTX64.CSV
   grub.cfg
   grubx64.efi
   mmx64.efi
   shimx64.efi
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Sep 10 17:50:16 2024
  EFIBootMgr: Error: command ['efibootmgr', '-v'] failed with exit code 2: EFI variables are not supported on this system.
  EFITables:
   Aug 26 00:44:49 transformer fstrim[8155]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
   Sep 02 00:32:42 transformer fstrim[225707]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
   Sep 09 00:08:43 transformer fstrim[442197]: /boot/efi: 945 MiB (990953472 bytes) trimmed on /dev/sda1
  InstallationDate: Installed on 2023-01-03 (615 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 (20220809.1)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: shim-signed
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/2080297/+subscriptions

More information about the foundations-bugs mailing list