** Also affects: unattended-upgrades (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: shim-signed (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: unattended-upgrades (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: shim-signed (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: unattended-upgrades (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: shim-signed (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1673817
Title:
update-secure-boot-policy behaving badly with unattended-upgrades
Status in shim-signed package in Ubuntu:
Fix Released
Status in unattended-upgrades package in Ubuntu:
Invalid
Status in shim-signed source package in Trusty:
New
Status in unattended-upgrades source package in Trusty:
New
Status in shim-signed source package in Xenial:
New
Status in unattended-upgrades source package in Xenial:
New
Status in shim-signed source package in Yakkety:
New
Status in unattended-upgrades source package in Yakkety:
New
Bug description:
[Impact]
Any user with unattended upgrades enabled and DKMS packages in a Secure Boot
environment might be prompted to change Secure Boot policy, which will fail and
crash in unattended-upgrades.
[Test case]
1) Install new package
2) Create /var/lib/dkms/TEST-DKMS
3) Reboot triggering unattended-upgrades:
<process TBD>
Upgrade should run smoothly and complete without issue (see original
description).
[Regression Potential]
Any failure to prompt for or change Secure Boot policy in mokutil (crashes of
update-secureboot-policy, higher CPU usage, etc.) would constitute a regression
of this SRU.
Any other issues related to booting in Secure Boot mode should instead
be directed to bug 1637290 (shim update).
---
Currently, unattended-upgrades will automatically install all updates
for those running development releases of Ubuntu (LP: #1649709)
Today, my computer was acting very sluggish. Looking at my process
list, I saw/ usr/sbin/update-secureboot-policy was using a log of CPU.
I killed the process. I have a /var/crash/shim-signed.0.crash but
since it's 750 MB, I didn't bother submitting it or looking at it
more. Maybe it crashed because I killed the process. Also, I see that
unattended-upgrades-dpkg.log is 722 MB.
Today's update included both VirtualBox and the linux kernel.
I am attaching an excerpt of /var/log/unattended-upgrades/unattended-
upgrades-dpkg.log
This message was repeated a very large number of times (but I only
included it once in the attachment:
"Invalid password
The Secure Boot key you've entered is not valid. The password used must be
between 8 and 16 characters."
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: shim-signed 1.23+0.9+1474479173.6c180c6-0ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-11.13-generic 4.10.1
Uname: Linux 4.10.0-11-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.4-0ubuntu2
Architecture: amd64
CurrentDesktop: GNOME
Date: Fri Mar 17 11:15:04 2017
EcryptfsInUse: Yes
InstallationDate: Installed on 2017-02-23 (21 days ago)
InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Alpha amd64 (20170219)
SourcePackage: shim-signed
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
