package shim-signed 1.16~14.04.1+0.8-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script was killed by signal (Terminated)

Bug #1599051 reported by superg28
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
shim-signed (Ubuntu)
Undecided
Mathieu Trudel-Lapierre

Bug Description

A dialogue asked if I would like to disable the UEFI Secure boot, I selected it and was expecting a input field but got a dialog that the password was invalid. There was no was to go back or to cancel/close the operation.

ProblemType: Package
DistroRelease: Ubuntu 14.04
Package: shim-signed 1.16~14.04.1+0.8-0ubuntu2
ProcVersionSignature: Ubuntu 3.13.0-87.133-generic 3.13.11-ckt39
Uname: Linux 3.13.0-87-generic x86_64
NonfreeKernelModules: wl nvidia
ApportVersion: 2.14.1-0ubuntu3.21
Architecture: amd64
BootEFIContents:
 grub.cfg
 grubx64.efi
 MokManager.efi
 shimx64.efi
Date: Tue Jul 5 09:15:51 2016
DuplicateSignature: package:shim-signed:1.16~14.04.1+0.8-0ubuntu2:subprocess installed post-installation script was killed by signal (Terminated)
ErrorMessage: subprocess installed post-installation script was killed by signal (Terminated)
InstallationDate: Installed on 2016-03-08 (118 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
RelatedPackageVersions:
 dpkg 1.17.5ubuntu5.7
 apt 1.0.1ubuntu2.14
SourcePackage: shim-signed
Title: package shim-signed 1.16~14.04.1+0.8-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script was killed by signal (Terminated)
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
superg28 (gharington) wrote :
tags: removed: need-duplicate-check
Steve Langasek (vorlon)
Changed in shim-signed (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

How did you get that prompt? It looks like you received it as part of an upgrade procedure (testing proposed), but was this shown through a graphical upgrade tool (update-manager), or on the command-line, in a terminal?

Revision history for this message
superg28 (gharington) wrote : Re: [Bug 1599051] Re: package shim-signed 1.16~14.04.1+0.8-0ubuntu2 failed to install/upgrade: subprocess installed post-installation script was killed by signal (Terminated)

Hi,

Yes, it was during a software update with update-manager and it was a
gui dialog that popped up

On 05/07/2016 22:51, Mathieu Trudel-Lapierre wrote:
> How did you get that prompt? It looks like you received it as part of an
> upgrade procedure (testing proposed), but was this shown through a
> graphical upgrade tool (update-manager), or on the command-line, in a
> terminal?
>

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Right; I would expect that the GUI dialog should allow you to go forward and re-enter password and password confirmation in this case -- I was able to confirm that hitting back otherwise fails for some reason (we actually do need db_capb backup to go back and forth outside of the password prompts). Maybe just disabling backup on error is what is necessary.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

For reference; I could only get this prompt (see screenshot at http://imgur.com/z5Uplsz) by installing cdebconf-gtk and libgtk2-perl to properly enable the GTK frontend for debconf. I suspect there may otherwise be an issue with that frontend and dealing with db_capb backup.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Since I got the URL wrong anyway; uploaded the screenshot again here.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

I filed https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1599981 to track the issues we've found in aptdaemon which appear to be causing this.

We'll workaround this issue by prompting for the password in clear text. I'm finishing up testing this alternative now. It appears to be the least bad option given that update-manager and aptdaemon run without root privileges, which would be necessary for access to the debconf password database. This would also explain why you can't run into this particular issue if update-manager is run with sudo.

Changed in shim-signed (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package shim-signed - 1.17

---------------
shim-signed (1.17) yakkety; urgency=medium

  * update-secureboot-policy: rework setting capabilities to stop having
    the backup capability while showing an error message; which won't affect
    the Dialog debconf frontend but otherwise made the GTK frontend confusing.
  * update-secureboot-policy: all debconf prompts should be at priority
    critical: there is no good default to pick, we must prompt the user.
  * debian/templates: make the password inputs be standard inputs; this is an
    unfortunate workaround to aptdaemon not having access to the debconf
    password database on desktop; since the frontend runs as an unprivileged
    user. See bug LP#1599981 (LP: #1599051)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 07 Jul 2016 16:58:45 -0400

Changed in shim-signed (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers