Per my last comment on IRC, I think 'exit 1' is actually better here because we aren't taking the specified action. grub calls update- secureboot-policy || true, but that just sets the trigger anyway. shim- signed calls without the || true, and so the trigger will fail under this condition. But ultimately it's going to fail no matter what, we're better off failing immediately instead of only when someone notices the full logs and kills the process.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1673817 Title: update-secure-boot-policy behaving badly with unattended-upgrades To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs