Ubuntu
shim-signed package

key generation fails if hostname length > 31 chars

Bug #1765905 reported by Ryan Amick on 2018-04-21

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	shim-signed (Ubuntu)	Fix Released	Critical	Unassigned

Bug Description

key generation fails if short hostname length > 31 chars

failed on install with apt in terminal. My computer had froze while on browser. i had to hard reset, then i did update then upgrade. tried upgrade -f

ProblemType: Package
DistroRelease: Ubuntu 18.04
Package: shim-signed 1.34.1+13-0ubuntu2
ProcVersionSignature: Ubuntu 4.15.0-15.16-generic 4.15.15
Uname: Linux 4.15.0-15-generic x86_64
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.9-0ubuntu6
Architecture: amd64
Date: Fri Apr 20 20:45:53 2018
ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 1
InstallationDate: Installed on 2018-02-10 (70 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20180105.1)
Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3
PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1
RelatedPackageVersions:
dpkg 1.19.0.5ubuntu2
apt 1.6.1
SecureBoot: 6 0 0 0 0
SourcePackage: shim-signed
Title: package shim-signed 1.34.1+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 1
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Tags:

Revision history for this message

Ryan Amick (finisdiem) wrote on 2018-04-21:

AptOrdering.txt Edit (7.5 KiB, text/plain; charset="utf-8")
BootEFIContents.txt Edit (69 bytes, text/plain; charset="utf-8")
Dependencies.txt Edit (1.9 KiB, text/plain; charset="utf-8")
Df.txt Edit (585 bytes, text/plain; charset="utf-8")
Dmesg.txt Edit (64.3 KiB, text/plain; charset="utf-8")
DpkgHistoryLog.txt Edit (37.6 KiB, text/plain; charset="utf-8")
DpkgTerminalLog.txt Edit (26.8 KiB, text/plain; charset="utf-8")
EFIBootMgr.txt Edit (863 bytes, text/plain; charset="utf-8")
EFITables.txt Edit (978 bytes, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.2 KiB, text/plain; charset="utf-8")

Revision history for this message

Steve Langasek (vorlon) wrote on 2018-04-21:

From the dpkg log:

problems making Certificate Request
140700872008128:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:../crypto/asn1/a_mbstr.c:109:maxsize=64

from dmesg:

[ 19.639051] systemd[1]: Set hostname to <finisdiem-HP-Pavilion-g6-Notebook-PC>.

This definitely causes the openssl req option, -subj "/CN=`hostname -s` Secure Boot Module Signature key", to exceed 64 bytes.

We should probably just take the first 31 bytes of the hostname.

Changed in shim-signed (Ubuntu):
status:	New → Triaged
importance:	Undecided → Critical
description:	updated

Steve Langasek (vorlon) on 2018-04-21

summary:

- package shim-signed 1.34.1+13-0ubuntu2 failed to install/upgrade:
- installed shim-signed package post-installation script subprocess
- returned error exit status 1
+ key generation fails if hostname length > 31 chars

Revision history for this message

Steve Langasek (vorlon) wrote on 2018-04-21:

Fixed in 1.34.3 in bionic-proposed. Since this bug has only ever been in -proposed, marking this fix-released.

shim-signed (1.34.3) bionic; urgency=medium

* Only take the first 31 bytes of the hostname. LP: #1765905.

Changed in shim-signed (Ubuntu):
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntushim-signed package

key generation fails if hostname length > 31 chars

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
shim-signed package