[xubuntu-users] Supposedly essential Microsoft-signed binary
Ralf Mardorf
silver.bullet at zoho.com
Mon Apr 3 05:37:16 UTC 2023
Hi,
I'm building a new computer and struggle a little bit with the new
hardware. Since the new Intel GPU doesn't allow to enable CSM, I can't
boot using syslinux from an old SSD. On an Ventoy USB stick I had the
Xubuntu 20.04.1 live media at hand, so I installed it, since it was the
fastest and easiest way in this situation to get a working bootloader.
GRUB does the job, but as expected, the menu entries needed editing, so
I edited grub.cfg directly, to get what I need. It's just a temporarily
workaround, in the end I much likely will replace GRUB by another
bootloader.
To get Internetaccess I need to build a kernel module first.
On an Arch Linux install that is on the old SSD I already build a
r8125-dkms package before I migrated the SSD from the old to the new
computer, so I downloaded the r8125 tarball for the Xubuntu install when
running an Arch Linux session, then I booted Xubuntu.
When I tried to build the r8125 module on the fresh Xubuntu 20.04
install autorun.sh returned that I don't have "make" installed, so I
restarted the machine, booted into my Arch Linux install to fix it, by
booting Xubuntu via systemd-nspawn.
[root at archlinux rocketmouse]# systemd-nspawn -bqD /mnt/m1.xubu20.04
[...]
root at xubu:~# ls -hl /usr/src/r8125-9.011.00/
total 20K
-rwxr-xr-x 1 weremouse weremouse 2,1K Dez 6 13:07 autorun.sh
-rw-r--r-- 1 root root 61 Apr 3 06:06 log.txt
-rwxr-xr-x 1 weremouse weremouse 1,9K Dez 6 13:07 Makefile
-rwxr-xr-x 1 weremouse weremouse 4,0K Dez 6 13:07 README
drwxr-xr-x 2 weremouse weremouse 4,0K Dez 12 13:23 src
root at xubu:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
I decided that before I install "build-essential" and probably one or
the other package, too, as a temporarily workaround to hold a few
packages, to avoid that an updated = broken grub.cfg delays building my
new computer.
root at xubu:~# apt-mark showhold
grub-common
grub-efi-amd64-bin
grub-efi-amd64-signed
grub-pc
grub-pc-bin
grub2-common
linux-generic
linux-headers-generic
linux-image-generic
root at xubu:~# apt update && apt full-upgrade
[...]
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
shim-signed
535 upgraded, 9 newly installed, 1 to remove and 9 not upgraded.
Need to get 654 MB of archives.
After this operation, 595 MB of additional disk space will be used.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'
?] n
Abort.
So I aborted to takle a look what this package is good for.
IMO it's good for absolutely nothing. The description is
"Secure Boot chain-loading bootloader (Microsoft-signed binary)"
I guess that I can live without this and I don't understand why this
package is "essential".
When I tried to update again, I got this:
root at xubu:~# apt update && apt full-upgrade
[...]
336 packages can be upgraded. Run 'apt list --upgradable' to see
them.
Waiting for cache lock: Could not get lock /var/lib/dpkg/lock-
frontend. It is held by process 1566 (unattended-upgr)... 70s
So an automation probably does something _really_ harmful, since before
I install updates, I always take a look at all packages. You will never
see me using something like an "--assume-yes" option. An automated
process cannot decide what is essential to me and what not.
IMO this is misunderstood user-friendliness. The personal responsibility
of computer users should be promoted. Consider to make less automated
processes the default, but by default to install packages such as
"build-essential".
Regards,
Ralf
More information about the xubuntu-users
mailing list