Ubuntu
shim-signed package

package shim-signed 1.54+15.7-0ubuntu1 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 2

Bug #2006515 reported by David Fleischmann
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
shim-signed (Ubuntu)
Triaged
Undecided
Julian Andres Klode

Bug Description

N/A

ProblemType: Package
DistroRelease: Ubuntu 22.10
Package: shim-signed 1.54+15.7-0ubuntu1
ProcVersionSignature: Ubuntu 5.19.0-31.32-generic 5.19.17
Uname: Linux 5.19.0-31-generic aarch64
NonfreeKernelModules: prl_fs_freeze prl_fs prl_tg
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] No such file or directory: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.23.1-0ubuntu3
Architecture: arm64
BootEFIContents:
 BOOTAA64.CSV
 grub.cfg
 grubaa64.efi
 mmaa64.efi
 shimaa64.efi
CasperMD5CheckResult: pass
Date: Wed Feb 8 09:11:39 2023
DuplicateSignature:
 package:shim-signed:1.54+15.7-0ubuntu1
 Installing new version of config file /etc/kernel/postinst.d/zz-shim ...
 update-alternatives: error: alternative link /usr/lib/shim/shimaa64.efi.signed is already managed by shimx64.efi.signed
 dpkg: error processing package shim-signed (--configure):
  installed shim-signed package post-installation script subprocess returned error exit status 2
EFITables:
 Feb 08 09:10:24 ubuntu-linux-22-04-desktop kernel: efi: EFI v2.70 by EDK II
 Feb 08 09:10:24 ubuntu-linux-22-04-desktop kernel: efi: SMBIOS 3.0=0xbf7f0000 ACPI 2.0=0xbc120000 MEMATTR=0xbe1a5a98 MOKvar=0xbbee0000 MEMRESERVE=0xbbef6298
 Feb 08 09:10:24 ubuntu-linux-22-04-desktop kernel: secureboot: Secure boot disabled
ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 2
InstallationDate: Installed on 2022-07-07 (215 days ago)
InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release arm64 (20220421)
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
 dpkg 1.21.9ubuntu1
 apt 2.5.3ubuntu0.1
SecureBoot: 6 0 0 0 0
SourcePackage: shim-signed
Title: package shim-signed 1.54+15.7-0ubuntu1 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 2
UpgradeStatus: Upgraded to kinetic on 2023-01-30 (8 days ago)

Revision history for this message
David Fleischmann (davidfleischmann) wrote :
Apport retracing service (apport)
tags: removed: need-duplicate-check
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in shim-signed (Ubuntu):
status: New → Confirmed
Revision history for this message
Alper (alperdurukan) wrote :

Bug confirmed and here is terminal output:
root@A:~# apt install shim-signed
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  shim-signed
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 0 B/561 kB of archives.
After this operation, 4838 kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously unselected package shim-signed.
dpkg: warning: files list file for package 'grub-efi-arm64' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'grub-efi' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'grub-efi-arm64-signed' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'grub2-common' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'grub-common' missing; assuming package has no files currently installed
dpkg: warning: files list file for package 'grub-efi-arm64-bin' missing; assuming package has no files currently installed
(Reading database ... 279455 files and directories currently installed.)
Preparing to unpack .../shim-signed_1.54+15.7-0ubuntu1_arm64.deb ...
Unpacking shim-signed (1.54+15.7-0ubuntu1) ...
Setting up shim-signed (1.54+15.7-0ubuntu1) ...
update-alternatives: error: alternative link /usr/lib/shim/shimaa64.efi.signed is already managed by shimx64.efi.signed
dpkg: error processing package shim-signed (--configure):
 installed shim-signed package post-installation script subprocess returned error exit status 2
Errors were encountered while processing:
 shim-signed
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@A:~#

Revision history for this message
Steve Langasek (vorlon) wrote :

This bug is limited to arm64 systems that have installed the 1.52+15.7-0ubuntu1 version of shim-signed that briefly made its way into the lunar release pocket before being withdrawn, or systems that installed a correspondingly-buggy version of shim-signed from -proposed.

We do not plan to do further work in the packages to address this upgrade path.

You can fix your systems by running the command:

sudo update-alternatives --remove-all shimx64.efi.signed

and then repeating the upgrade procedure.

I note that the logs in comment show this problem persisting even in the case that shim-signed is a new package - i.e. alternatives were not cleared on package removal. It looks like there is still a bug in the current package, that alternatives are not removed on removal of the package, but should be. Removal of shim-signed is an unlikely action during ordinary operations, so the severity of this is not high, but assigning this bug to Julian to take a further look.

Changed in shim-signed (Ubuntu):
assignee: nobody → Julian Andres Klode (juliank)
status: Confirmed → Triaged
Revision history for this message
Julian Andres Klode (juliank) wrote :

That's right, yeah. I did not add removal code this round. You do need --allow-remove-essential to remove it and possibly end up breaking the system, so handling removals wasn't high on my awareness list

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.