Ubuntu
grub2 package

package shim-signed 1.37~18.04.8+15+1552672080.a4a1fbe-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 1

Bug #1926690 reported by amira hame
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
grub2 (Ubuntu)
Fix Released
Critical
Steve Langasek

Bug Description

 latest during upgrade from ubuntu 16.04 to latest version

ProblemType: Package
DistroRelease: Ubuntu 18.04
Package: shim-signed 1.37~18.04.8+15+1552672080.a4a1fbe-0ubuntu2
ProcVersionSignature: Ubuntu 4.15.0-142.146~16.04.1-generic 4.15.18
Uname: Linux 4.15.0-142-generic x86_64
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.9-0ubuntu7.23
Architecture: amd64
BootEFIContents:
 grub.cfg
 grubx64.efi
 mmx64.efi
 shimx64.efi
Date: Fri Apr 30 06:21:24 2021
DistributionChannelDescriptor:
 # This is a distribution channel descriptor
 # For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
 canonical-oem-somerville-xenial-amd64-osp1-20171027-1
EFITables:
 أفريل 30 03:15:54 beemi-Inspiron-15-3573 kernel: efi: EFI v2.60 by American Megatrends
 أفريل 30 03:15:54 beemi-Inspiron-15-3573 kernel: efi: ACPI 2.0=0x792be000 ACPI=0x792be000 SMBIOS=0x798be000 SMBIOS 3.0=0x798bd000 ESRT=0x73a81698 MEMATTR=0x713c7018
 أفريل 30 03:15:54 beemi-Inspiron-15-3573 kernel: secureboot: Secure boot could not be determined (mode 0)
 أفريل 30 03:15:54 beemi-Inspiron-15-3573 kernel: esrt: Reserving ESRT space from 0x0000000073a81698 to 0x0000000073a816d0.
ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 1
InstallationDate: Installed on 2019-04-03 (757 days ago)
InstallationMedia: Ubuntu 16.04 "Xenial" - Build amd64 LIVE Binary 20171027-10:57
Python3Details: /usr/bin/python3.6, Python 3.6.9, python3-minimal, 3.6.7-1~18.04
PythonDetails: /usr/bin/python2.7, Python 2.7.17, python-minimal, 2.7.15~rc1-1
RelatedPackageVersions:
 dpkg 1.19.0.5ubuntu2.3
 apt 1.6.13
SecureBoot: 6 0 0 0 0
SourcePackage: shim-signed
Title: package shim-signed 1.37~18.04.8+15+1552672080.a4a1fbe-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 1
UpgradeStatus: Upgraded to bionic on 2021-04-30 (0 days ago)

Revision history for this message
amira hame (beemi98) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
Steve Langasek (vorlon)
tags: added: regression-proposed
Changed in shim-signed (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

This is because one-grub update was published in xenial, but not in bionic.

Thus upgrading from xenial-proposed to bionic-updates introduces regression.

To mitigate this issue you can temporarily eanble bionic-proposed and install all packages from there.

This is due to breakage introduced in xenial-update at the end of april.

Changed in shim-signed (Ubuntu):
assignee: nobody → Steve Langasek (vorlon)
affects: shim-signed (Ubuntu) → grub2 (Ubuntu)
Changed in grub2 (Ubuntu):
assignee: Steve Langasek (vorlon) → nobody
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

@vorlon please do not publish packages in earlier series before later ones, as otherwise, as shown above, upgrade from xenial to bionic introduces regressions.

Changed in grub2 (Ubuntu):
assignee: nobody → Steve Langasek (vorlon)
Steve Langasek (vorlon)
tags: removed: regression-proposed
Revision history for this message
Steve Langasek (vorlon) wrote :

All published now for xenial and bionic.

I think there may still be an issue where the unpack vs configuration order is not guaranteed on upgrades within a release, and we may have new grub-efi-amd64-signed unpacked, new grub-common not unpacked, and shim-signed attempting to be configured (which invokes old grub-install). But I'll open a separate bug report for this.

Changed in grub2 (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.