Ubuntu
calamares package

Calamares based flavours do not set grub-{efi,pc}/install_devices debconf

Bug #2063354 reported by Mate Kukri
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
calamares (Ubuntu)
Fix Released
Critical
Simon Quigley
Ubuntu ubuntu-24.04
Noble
Fix Released
Critical
Simon Quigley
Ubuntu ubuntu-24.04

Bug Description

This debconf is required to be set for grub package reinstallations (especially grub-pc) to work correctly.

This was masked in the 23.10 cycle due to https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1889556.

That workaround was removed in the 24.04 cycle in https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2043995.

This will result in Calamares based installs throwing debconf prompt at the user to choose a GRUB install device upon GRUB package upgrades.

See original description
Mate Kukri (mkukri)
description: updated
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote (last edit ):

This is a release blocker for all of Lubuntu, Kubuntu, Ubuntu Unity 24.04. It will result in either confusing and unsightly debconf prompts (in the case of Lubuntu), or it could result in GRUB never being updated at all, presenting a security hole that could lead to Secure Boot bypass (in the case of Kubuntu). It's unclear whether Ubuntu Unity will do the former or the latter, but in either event this is NOT something we want to let people end up with on their systems.

Changed in calamares-settings-ubuntu (Ubuntu):
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Simon Quigley (tsimonq2)
milestone: none → ubuntu-24.04
Revision history for this message
Aaron Rainbolt (arraybolt3) wrote :

Oh, and this could result in failure to boot if Canonical ever rotates their SBAT key again, since if GRUB doesn't update and the SBAT variable does, SHIM will refuse to boot it.

Revision history for this message
Mate Kukri (mkukri) wrote :

ive said this on IRC, but putting it here for the record: UEFI still installs via the /boot/efi mountpoint as a fallback, so don't be concerned about secure boot.

of course it should still be fixed due to user annoyance and outdated BIOS bootloader

Simon Quigley (tsimonq2)
Changed in calamares (Ubuntu Noble):
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Simon Quigley (tsimonq2)
no longer affects: calamares-settings-ubuntu (Ubuntu)
Changed in calamares (Ubuntu Noble):
milestone: none → ubuntu-24.04
no longer affects: calamares-settings-ubuntu (Ubuntu Noble)
Revision history for this message
Simon Quigley (tsimonq2) wrote :

Raw, async testing instructions, as requested from IRC:

Two separate virt-manager VMs, one configured with BIOS, the other with EFI (no secureboot). Synced the main.py file over to the installed location in each VM, ran through the Calamares installation progress with max debugging mode, then once the install was finished I chroot'ed into the newly-installed system and verified that `sudo debconf-show grub-pc` showed the newly-inserted entry. As a baseline, arraybolt3 ran through both an EFI and a BIOS install with Xubuntu, which uses the Flutter installer, and gave me the full output of `sudo debconf-show grub-pc` for each which I then `sort`ed and `diff`ed on my system. We expect this new output to be identical to what the new installer produces.

https://irclogs.ubuntu.com/2024/04/24/%23lubuntu-devel.html

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package calamares - 3.3.5-0ubuntu4

---------------
calamares (3.3.5-0ubuntu4) noble; urgency=medium

  * Populate grub-{efi,pc}/install_devices debconf config (LP: #2063354).

 -- Simon Quigley <email address hidden> Wed, 24 Apr 2024 15:28:29 -0500

Changed in calamares (Ubuntu Noble):
status: Confirmed → Fix Released
Revision history for this message
ԜаӀtеr Ⅼарсһуnѕkі (wxl) wrote :

BTW I'm thinking this is the same as https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/2063354

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.