group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #14618
[Bug 1673817] Re: update-secure-boot-policy behaving badly with unattended-upgrades
An upload of shim-signed to trusty-proposed has been rejected from the
upload queue for the following reason: "needs adjusted versioned dep on
grub2-common; drop ref to LP: #1624096 from changelog".
** Changed in: unattended-upgrades (Ubuntu Trusty)
Status: New => Invalid
** Changed in: unattended-upgrades (Ubuntu Xenial)
Status: New => Invalid
** Changed in: unattended-upgrades (Ubuntu Yakkety)
Status: New => Invalid
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1673817
Title:
update-secure-boot-policy behaving badly with unattended-upgrades
Status in shim-signed package in Ubuntu:
Fix Released
Status in unattended-upgrades package in Ubuntu:
Invalid
Status in shim-signed source package in Trusty:
New
Status in unattended-upgrades source package in Trusty:
Invalid
Status in shim-signed source package in Xenial:
Fix Released
Status in unattended-upgrades source package in Xenial:
Invalid
Status in shim-signed source package in Yakkety:
Fix Released
Status in unattended-upgrades source package in Yakkety:
Invalid
Bug description:
[Impact]
Any user with unattended upgrades enabled and DKMS packages in a Secure Boot environment might be prompted to change Secure Boot policy, which will fail and crash in unattended-upgrades.
[Test case]
= unattended upgrade =
1) Create /var/lib/dkms/TEST-DKMS
2) Install new package
3) Trigger unattended-upgrades: unattended-upgrades -d
Upgrade should run smoothly for all the processing but fail to
complete; shim-signed should end the unattended upgrade with a error
as unattended change of the Secure Boot policy can not be done.
Upgrade should not hang in high CPU usage.
= standard upgrade =
1) Create /var/lib/dkms/TEST-DKMS
2) install new package.
3) Verify that the upgrade completes normally.
[Regression Potential]
Any failure to prompt for or change Secure Boot policy in mokutil while in an *attended* upgrade scenario would constitute a regression of this SRU.
Any other issues related to booting in Secure Boot mode should instead
be directed to bug 1637290 (shim update).
---
Currently, unattended-upgrades will automatically install all updates
for those running development releases of Ubuntu (LP: #1649709)
Today, my computer was acting very sluggish. Looking at my process
list, I saw/ usr/sbin/update-secureboot-policy was using a log of CPU.
I killed the process. I have a /var/crash/shim-signed.0.crash but
since it's 750 MB, I didn't bother submitting it or looking at it
more. Maybe it crashed because I killed the process. Also, I see that
unattended-upgrades-dpkg.log is 722 MB.
Today's update included both VirtualBox and the linux kernel.
I am attaching an excerpt of /var/log/unattended-upgrades/unattended-
upgrades-dpkg.log
This message was repeated a very large number of times (but I only
included it once in the attachment:
"Invalid password
The Secure Boot key you've entered is not valid. The password used must be
between 8 and 16 characters."
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: shim-signed 1.23+0.9+1474479173.6c180c6-0ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-11.13-generic 4.10.1
Uname: Linux 4.10.0-11-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.4-0ubuntu2
Architecture: amd64
CurrentDesktop: GNOME
Date: Fri Mar 17 11:15:04 2017
EcryptfsInUse: Yes
InstallationDate: Installed on 2017-02-23 (21 days ago)
InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Alpha amd64 (20170219)
SourcePackage: shim-signed
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817/+subscriptions
