group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1673817] Re: update-secure-boot-policy behaving badly with unattended-upgrades

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1673817@xxxxxxxxxxxxxxxxxx>
Date: Mon, 03 Apr 2017 19:46:50 -0000
Reply-to: Bug 1673817 <1673817@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package shim-signed - 1.27~16.04.1

---------------
shim-signed (1.27~16.04.1) xenial; urgency=medium

  * Backport shim 0.9+1474479173.6c180c6-1ubuntu1 to 16.04. (LP:
#1637290)

shim-signed (1.27) zesty; urgency=medium

  [ Steve Langasek ]
  * Update to the signed 0.9+1474479173.6c180c6-1ubuntu1 binary from
    Microsoft.
  * update-secureboot-policy:
    - detect when we have no debconf prompting and error out instead of ending
      up in an infinite loop.  LP: #1673817.
    - refactor to make the code easier to follow.
    - remove a confusing boolean that would always re-prompt on a request to
      --enable, but not on a request to --disable.

  [ Mathieu Trudel-Lapierre ]
  * update-secureboot-policy:
    - some more fixes to properly handle non-interactive mode. (LP: #1673817)

shim-signed (1.23) zesty; urgency=medium

  * debian/control: bump the Depends on grub2-common since that's needed to
    install with the new updated EFI binaries filenames.

shim-signed (1.22) yakkety; urgency=medium

  * Update to the signed 0.9+1474479173.6c180c6-0ubuntu1 binary from Microsoft.
    (LP: #1581299)
  * Update paths now that the shim binary has been renamed to include the
    target architecture.
  * debian/shim-signed.postinst: clean up old MokManager.efi from EFI/ubuntu;
    since it's being replaced by mm$arch.efi.

 -- Mathieu Trudel-Lapierre <cyphermox@xxxxxxxxxx>  Thu, 23 Mar 2017
16:58:44 -0400

** Changed in: shim-signed (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1673817

Title:
  update-secure-boot-policy behaving badly with unattended-upgrades

Status in shim-signed package in Ubuntu:
  Fix Released
Status in unattended-upgrades package in Ubuntu:
  Invalid
Status in shim-signed source package in Trusty:
  New
Status in unattended-upgrades source package in Trusty:
  New
Status in shim-signed source package in Xenial:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  New
Status in shim-signed source package in Yakkety:
  Fix Released
Status in unattended-upgrades source package in Yakkety:
  New

Bug description:
  [Impact]
  Any user with unattended upgrades enabled and DKMS packages in a Secure Boot environment might be prompted to change Secure Boot policy, which will fail and crash in unattended-upgrades.

  [Test case]
  = unattended upgrade =
  1) Create /var/lib/dkms/TEST-DKMS
  2) Install new package
  3) Trigger unattended-upgrades: unattended-upgrades -d

  Upgrade should run smoothly for all the processing but fail to
  complete; shim-signed should end the unattended upgrade with a error
  as unattended change of the Secure Boot policy can not be done.
  Upgrade should not hang in high CPU usage.

  = standard upgrade =
  1) Create /var/lib/dkms/TEST-DKMS
  2) install new package.
  3) Verify that the upgrade completes normally. 

  
  [Regression Potential]
  Any failure to prompt for or change Secure Boot policy in mokutil while in an *attended* upgrade scenario would constitute a regression of this SRU.

  Any other issues related to booting in Secure Boot mode should instead
  be directed to bug 1637290 (shim update).

  ---

  Currently, unattended-upgrades will automatically install all updates
  for those running development releases of Ubuntu (LP: #1649709)

  Today, my computer was acting very sluggish. Looking at my process
  list, I saw/ usr/sbin/update-secureboot-policy was using a log of CPU.

  I killed the process. I have a /var/crash/shim-signed.0.crash but
  since it's 750 MB, I didn't bother submitting it or looking at it
  more. Maybe it crashed because I killed the process. Also, I see that
  unattended-upgrades-dpkg.log is 722 MB.

  Today's update included both VirtualBox and the linux kernel.

  I am attaching an excerpt of /var/log/unattended-upgrades/unattended-
  upgrades-dpkg.log

  This message was repeated a very large number of times (but I only
  included it once in the attachment:

  "Invalid password

  The Secure Boot key you've entered is not valid. The password used must be
  between 8 and 16 characters."

  ProblemType: Bug
  DistroRelease: Ubuntu 17.04
  Package: shim-signed 1.23+0.9+1474479173.6c180c6-0ubuntu1
  ProcVersionSignature: Ubuntu 4.10.0-11.13-generic 4.10.1
  Uname: Linux 4.10.0-11-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
  ApportVersion: 2.20.4-0ubuntu2
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Fri Mar 17 11:15:04 2017
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2017-02-23 (21 days ago)
  InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Alpha amd64 (20170219)
  SourcePackage: shim-signed
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817/+subscriptions