** Description changed: + [Impact] + Any user with unattended upgrades enabled and DKMS packages in a Secure Boot environment might be prompted to change Secure Boot policy, which will fail and crash in unattended-upgrades. + + [Test case] + 1) Install new package + 2) Create /var/lib/dkms/TEST-DKMS + 3) Reboot triggering unattended-upgrades: + <process TBD> + + Upgrade should run smoothly and complete without issue (see original + description). + + [Regression Potential] + Any failure to prompt for or change Secure Boot policy in mokutil (crashes of update-secureboot-policy, higher CPU usage, etc.) would constitute a regression of this SRU. + + Any other issues related to booting in Secure Boot mode should instead + be directed to bug 1637290 (shim update). + + --- + Currently, unattended-upgrades will automatically install all updates for those running development releases of Ubuntu (LP: #1649709) Today, my computer was acting very sluggish. Looking at my process list, I saw/ usr/sbin/update-secureboot-policy was using a log of CPU. I killed the process. I have a /var/crash/shim-signed.0.crash but since it's 750 MB, I didn't bother submitting it or looking at it more. Maybe it crashed because I killed the process. Also, I see that unattended- upgrades-dpkg.log is 722 MB. Today's update included both VirtualBox and the linux kernel. I am attaching an excerpt of /var/log/unattended-upgrades/unattended- upgrades-dpkg.log This message was repeated a very large number of times (but I only included it once in the attachment: "Invalid password - The Secure Boot key you've entered is not valid. The password used must be + The Secure Boot key you've entered is not valid. The password used must be between 8 and 16 characters." ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: shim-signed 1.23+0.9+1474479173.6c180c6-0ubuntu1 ProcVersionSignature: Ubuntu 4.10.0-11.13-generic 4.10.1 Uname: Linux 4.10.0-11-generic x86_64 NonfreeKernelModules: zfs zunicode zavl zcommon znvpair ApportVersion: 2.20.4-0ubuntu2 Architecture: amd64 CurrentDesktop: GNOME Date: Fri Mar 17 11:15:04 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-02-23 (21 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Alpha amd64 (20170219) SourcePackage: shim-signed UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1673817 Title: update-secure-boot-policy behaving badly with unattended-upgrades Status in shim-signed package in Ubuntu: Fix Released Status in unattended-upgrades package in Ubuntu: Invalid Status in shim-signed source package in Trusty: New Status in unattended-upgrades source package in Trusty: New Status in shim-signed source package in Xenial: New Status in unattended-upgrades source package in Xenial: New Status in shim-signed source package in Yakkety: New Status in unattended-upgrades source package in Yakkety: New Bug description: [Impact] Any user with unattended upgrades enabled and DKMS packages in a Secure Boot environment might be prompted to change Secure Boot policy, which will fail and crash in unattended-upgrades. [Test case] 1) Install new package 2) Create /var/lib/dkms/TEST-DKMS 3) Reboot triggering unattended-upgrades: <process TBD> Upgrade should run smoothly and complete without issue (see original description). [Regression Potential] Any failure to prompt for or change Secure Boot policy in mokutil (crashes of update-secureboot-policy, higher CPU usage, etc.) would constitute a regression of this SRU. Any other issues related to booting in Secure Boot mode should instead be directed to bug 1637290 (shim update). --- Currently, unattended-upgrades will automatically install all updates for those running development releases of Ubuntu (LP: #1649709) Today, my computer was acting very sluggish. Looking at my process list, I saw/ usr/sbin/update-secureboot-policy was using a log of CPU. I killed the process. I have a /var/crash/shim-signed.0.crash but since it's 750 MB, I didn't bother submitting it or looking at it more. Maybe it crashed because I killed the process. Also, I see that unattended-upgrades-dpkg.log is 722 MB. Today's update included both VirtualBox and the linux kernel. I am attaching an excerpt of /var/log/unattended-upgrades/unattended- upgrades-dpkg.log This message was repeated a very large number of times (but I only included it once in the attachment: "Invalid password The Secure Boot key you've entered is not valid. The password used must be between 8 and 16 characters." ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: shim-signed 1.23+0.9+1474479173.6c180c6-0ubuntu1 ProcVersionSignature: Ubuntu 4.10.0-11.13-generic 4.10.1 Uname: Linux 4.10.0-11-generic x86_64 NonfreeKernelModules: zfs zunicode zavl zcommon znvpair ApportVersion: 2.20.4-0ubuntu2 Architecture: amd64 CurrentDesktop: GNOME Date: Fri Mar 17 11:15:04 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-02-23 (21 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Alpha amd64 (20170219) SourcePackage: shim-signed UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
