key generation fails if hostname length > 31 chars
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shim-signed (Ubuntu) |
Fix Released
|
Critical
|
Unassigned |
Bug Description
key generation fails if short hostname length > 31 chars
failed on install with apt in terminal. My computer had froze while on browser. i had to hard reset, then i did update then upgrade. tried upgrade -f
ProblemType: Package
DistroRelease: Ubuntu 18.04
Package: shim-signed 1.34.1+13-0ubuntu2
ProcVersionSign
Uname: Linux 4.15.0-15-generic x86_64
.proc.sys.
ApportVersion: 2.20.9-0ubuntu6
Architecture: amd64
Date: Fri Apr 20 20:45:53 2018
ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 1
InstallationDate: Installed on 2018-02-10 (70 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20180105.1)
Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3
PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1
RelatedPackageV
dpkg 1.19.0.5ubuntu2
apt 1.6.1
SecureBoot: 6 0 0 0 0
SourcePackage: shim-signed
Title: package shim-signed 1.34.1+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 1
UpgradeStatus: No upgrade log present (probably fresh install)
summary: |
- package shim-signed 1.34.1+13-0ubuntu2 failed to install/upgrade: - installed shim-signed package post-installation script subprocess - returned error exit status 1 + key generation fails if hostname length > 31 chars |
From the dpkg log:
problems making Certificate Request :error: 0D07A097: asn1 encoding routines: ASN1_mbstring_ ncopy:string too long:.. /crypto/ asn1/a_ mbstr.c: 109:maxsize= 64
140700872008128
from dmesg:
[ 19.639051] systemd[1]: Set hostname to <finisdiem- HP-Pavilion- g6-Notebook- PC>.
This definitely causes the openssl req option, -subj "/CN=`hostname -s` Secure Boot Module Signature key", to exceed 64 bytes.
We should probably just take the first 31 bytes of the hostname.