Changing from Xorg video driver to NVIDIA driver using Software & Updates does not display debconf prompt

Bug #1679784 reported by Amos on 2017-04-04
220
This bug affects 26 people
Affects Status Importance Assigned to Milestone
software-properties (Ubuntu)
Critical
Unassigned
Trusty
Critical
Steve Langasek
Xenial
Critical
Steve Langasek
Yakkety
Critical
Steve Langasek

Bug Description

[SRU Justification]
software-properties does not display debconf prompts. while most debconf prompts have default answers and this is fine, for installing dkms modules on a SecureBoot-capable system we specifically have a critical debconf prompt with no possible default answer that users need to step through in order for their dkms modules to be usable.

[Test case]
1. sudo apt-add-repository ppa:vorlon/debconf-tests
2. sudo apt update
3. Launch Settings -> Software & Updates -> Additional Drivers
4. Confirm that you are offered the option of using the 'noisy-fake-driver' package.
5. Select this driver and apply changes.
6. Confirm that no debconf prompt is shown, and the driver package fails to install ('dpkg -l noisy-fake-driver' shows 'iF').
7. Reset the package state by removing the driver again.
8. Enable -proposed.
9. Run update-manager and verify that the new software-properties package is successfully installed from -proposed, pulling in libgtk2-perl in the process.
10. Close Software & Updates and re-launch it.
11. Select the 'noisy-fake-driver' package again.
12. Confirm that you are shown a debconf prompt, and the driver package installs successfully.

[Regression potential]
The actual code change is small and self-contained, but the fix also requires pulling in new package dependencies which will also need to be promoted from universe to main in the process. We need to take extra care to ensure the upgrade path is correct. This SRU should also be done serially one release at a time to gather feedback at each stage.

[Original bug description]
I've encountered this repeatedly.

In the first installation -- on updating via Software Updater, this crashed on upgrading the shim-signed package.

On suggestions from here:

I upgrade the system via CLI, i.e. dist-upgrade. This seemed to work, however when I now try to swap the display driver, from xorg --> nvidia. This now triggered the same issue.

ProblemType: Package
DistroRelease: Ubuntu 16.04
Package: shim-signed 1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Uname: Linux 4.4.0-72-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Tue Apr 4 18:21:32 2017
DuplicateSignature:
 package:shim-signed:1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1
 Processing triggers for shim-signed (1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1) ...
 Running in non-interactive mode, doing nothing.
 dpkg: error processing package shim-signed (--configure):
  subprocess installed post-installation script returned error exit status 1
ErrorMessage: subprocess installed post-installation script returned error exit status 1
InstallationDate: Installed on 2017-04-04 (0 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
RelatedPackageVersions:
 dpkg 1.18.4ubuntu1.1
 apt 1.2.19
SourcePackage: shim-signed
Title: package shim-signed 1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
UpgradeStatus: No upgrade log present (probably fresh install)

Amos (amosfolarin) wrote :
tags: removed: need-duplicate-check
Steve Langasek (vorlon) wrote :

The error in your log is:

Processing triggers for shim-signed (1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1) ...
Running in non-interactive mode, doing nothing.
dpkg: error processing package shim-signed (--configure):
 subprocess installed post-installation script returned error exit status 1

This shows that shim needs to interact with you in order to disable secureboot on your system; this is correct, if you are installing the nvidia modules you need SB disabled so that kernel module signatures are not enforced.

And your DpkgHistoryLog.txt shows that dpkg is being run via aptdaemon.

Start-Date: 2017-04-04 18:20:35
Commandline: aptdaemon role='role-commit-packages' sender=':1.100'
Install: libcuda1-375:amd64 (375.39-0ubuntu0.16.04.1, automatic), libvdpau1:amd64 (1.1.1-3ubuntu1, automatic), vdpau-driver-all:amd64 (1.1.1-3ubuntu1, automatic), nvidia-prime:amd64 (0.8.2, automatic), libxnvctrl0:amd64 (361.42-0ubuntu1, automatic), lib32gcc1:amd64 (1:6.0.1-0ubuntu1, automatic), libc6-i386:amd64 (2.23-0ubuntu7, automatic), screen-resolution-extra:amd64 (0.17.1, automatic), mesa-vdpau-drivers:amd64 (12.0.6-0ubuntu0.16.04.1, automatic), ocl-icd-libopencl1:amd64 (2.2.8-1, automatic), libjansson4:amd64 (2.7-3, automatic), bbswitch-dkms:amd64 (0.8-3ubuntu1, automatic), nvidia-opencl-icd-375:amd64 (375.39-0ubuntu0.16.04.1, automatic), nvidia-375:amd64 (375.39-0ubuntu0.16.04.1), nvidia-settings:amd64 (361.42-0ubuntu1, automatic)

So clearly, aptdaemon is being run in a context that has no debconf frontend.

This is really not acceptable that we have such bugs after all this time.

When I run update-manager (AKA Software Updater) here, I see that aptdaemon does get run with the correct environment of 'DEBCONF_PIPE=/tmp/aptdaemon-jcxymk3r/debconf.socket DEBIAN_FRONTEND=passthrough'. So this doesn't appear to be a problem in the version of update-manager that I have here.

Can you please describe exactly how you went about installing the nvidia driver, step by step? What did you click on at each step, etc.

To work around the problem on your system now, you should be able to run 'sudo dpkg --configure -a' from a terminal to go through the process of disabling SecureBoot.

Changed in shim-signed (Ubuntu):
importance: Undecided → Critical
status: New → Incomplete

On 4 April 2017 at 19:19, Steve Langasek <email address hidden>
wrote:

> Processing triggers for shim-signed (1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1)
> ...
> Running in non-interactive mode, doing nothing.
> dpkg: error processing package shim-signed (--configure):
> subprocess installed post-installation script returned error exit status 1
>
> This shows that shim needs to interact with you in order to disable
> secureboot on your system; this is correct, if you are installing the
> nvidia modules you need SB disabled so that kernel module signatures are
> not enforced.

Thanks -- I was presented with the option to disable the SB during the
install. But that didn't persist after reboot, I realised that the ​once I
disabled the UEFI-Windows Secure boot in the BIOS the problems went away.

--
- Amos Folarin

Glad to know that you were able to resolve the problem. Can you still answer the question from my previous mail so that we're able to help other users avoid this problem? I.e.:

> Can you please describe exactly how you went about installing the nvidia
> driver, step by step? What did you click on at each step, etc.

On 6 April 2017 at 01:03, Steve Langasek <email address hidden>
wrote:

> Glad to know that you were able to resolve the problem. Can you still
> answer the question from my previous mail so that we're able to help
> other users avoid this problem? I.e.:
>
> > Can you please describe exactly how you went about installing the nvidia
> > driver, step by step? What did you click on at each step, etc.
>

​Of course,

Once the OS was installed. Reboot (at which point I probably should have
disabled the Secure Boot in the BIOS).

I avoided using the gui to do the updates, because it hung during the
update in my previous attempt (rendering the system unbootable -- went to
mauve screen with no text [not sure if this would have been resolved by
disabling SB in BIOS though as I just went for a re-install]). Looking
around it was suggested that I should try using the CLI to do the upgrade.

I think the main issue was the option to disable secure boot during the
install process did not persist, so when upgrading and installing certain
things that needed SB disabled this caused a problem. I'm not sure why this
worked with the CLI but didn't than the Software Updater.

So I did this (and while it did work):

   1. Install OS
   2. $ sudo apt-get update
   3. $ sudo apt-get dist-upgrade
   4. opened the Settings >> Software & Updates >> Additional Drivers
   [selected the now installed NVIDIA driver in place of the Xorg one]
   5. Reboot
   6. Disable Secure Boot in BIOS
   7. Fin.

​But probably should have done this:

   1. Install OS
   2. ​Reboot​

   3. ​
   Disable Secure Boot in BIOS​

   4. $ sudo apt-get update
   5. $ sudo apt-get dist-upgrade
   6. opened the Settings >> Software & Updates >> Additional Drivers
   [selected the now installed NVIDIA driver in place of the Xorg one]
   7. Reboot
   8. Fin.


Anway hope that helps.

--
- Amos Folarin

Steve Langasek (vorlon) on 2017-04-10
Changed in shim-signed (Ubuntu):
status: Incomplete → Triaged
summary: - package shim-signed 1.27~16.04.1+0.9+1474479173.6c180c6-1ubuntu1 failed
- to install/upgrade: subprocess installed post-installation script
- returned error exit status 1 Crashed on changing from Xorg video driver
- to NVIDIA driver
+ Changing from Xorg video driver to NVIDIA driver using Software &
+ Updates does not display debconf prompt
Steve Langasek (vorlon) on 2017-04-10
Changed in software-properties (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
Changed in shim-signed (Ubuntu):
status: Triaged → Invalid
Steve Langasek (vorlon) wrote :

I believe the problem is that nothing ensures that the desktop components which select and install software have access to a GUI debconf frontend.

I think the proper solution is for each of the frontends to aptdaemon to depend/recommend a suitable debconf frontend component (libgtk2-perl, libqtgui4-perl/libqtcore4-perl).

For 17.04, this includes at least gnome-software and software-properties-gtk.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.96.24.13

---------------
software-properties (0.96.24.13) zesty; urgency=medium

  * software-properties-gtk: also fix the backend code to set the gnome
    debconf frontend, without which libgtk2-perl goes unused.

 -- Steve Langasek <email address hidden> Mon, 10 Apr 2017 14:25:17 -0700

Changed in software-properties (Ubuntu):
status: Triaged → Fix Released
Steve Langasek (vorlon) wrote :

debdiff for yakkety. In order to ensure the correct upgrade semantics, this needs to go to the security pocket.

Tyler Hicks (tyhicks) wrote :

Thanks! The debdiff looks good. The only adjustment that I made was yakkety -> yakkety-security since this needs to go to the security pocket.

I've uploaded the package to the ubuntu-security-proposed PPA:

  https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa

Let the security team know when this package should be copied to yakkety-proposed.

no longer affects: shim-signed (Ubuntu Trusty)
no longer affects: shim-signed (Ubuntu Xenial)
no longer affects: shim-signed (Ubuntu Yakkety)
Changed in software-properties (Ubuntu Yakkety):
status: New → Confirmed
importance: Undecided → Critical
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in software-properties (Ubuntu Trusty):
status: New → Confirmed
Changed in software-properties (Ubuntu Xenial):
status: New → Confirmed
Changed in software-properties (Ubuntu Trusty):
importance: Undecided → Critical
Changed in software-properties (Ubuntu Xenial):
importance: Undecided → Critical
no longer affects: shim-signed (Ubuntu)

Hello Amos, or anyone else affected,

Accepted software-properties into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/software-properties/0.96.24.7.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in software-properties (Ubuntu Yakkety):
status: Confirmed → Fix Committed
tags: added: verification-needed
Steve Langasek (vorlon) on 2017-04-27
description: updated
Steve Langasek (vorlon) on 2017-04-27
description: updated
Steve Langasek (vorlon) on 2017-04-27
description: updated
Steve Langasek (vorlon) on 2017-04-27
description: updated
Steve Langasek (vorlon) wrote :

Confirmed this test case for yakkety, with the modification that I was using a liveCD so update-manager couldn't install all the packages due to space and I fell back to installing with apt-get, after confirming that the packages did show up in the update-manager UI for installation.

Steve Langasek (vorlon) wrote :

Per bdmurray's guidance, I have also now tested through update-manager, by unselecting those packages not needed to be upgraded to test this, and confirmed that I get the right result this way also. (Selecting software-properties-gtk for installation is sufficient for update-manager to automatically resolve the dependencies on libgtk2-perl and friends.)

tags: added: verification-done-yakkety
removed: verification-needed
Steve Langasek (vorlon) on 2017-04-29
Changed in software-properties (Ubuntu Xenial):
milestone: none → ubuntu-16.04.3
assignee: nobody → Steve Langasek (vorlon)
Changed in software-properties (Ubuntu Trusty):
assignee: nobody → Steve Langasek (vorlon)
Changed in software-properties (Ubuntu Yakkety):
assignee: nobody → Steve Langasek (vorlon)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.96.24.7.2

---------------
software-properties (0.96.24.7.2) yakkety-security; urgency=medium

  * software-properties-gtk:
    - fix the backend code to set the gnome debconf frontend, without which
      libgtk2-perl goes unused.
    - depend on libgtk2-perl to ensure it's available, since it was not seeded
      on the desktop at release time. This is only a Recommends: in zesty,
      but we need to ensure this isn't ignored on upgrade.
    LP: #1679784.

 -- Steve Langasek <email address hidden> Fri, 14 Apr 2017 16:01:47 -0700

Changed in software-properties (Ubuntu Yakkety):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for software-properties has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Hello Amos, or anyone else affected,

Accepted software-properties into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/software-properties/0.96.20.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in software-properties (Ubuntu Xenial):
status: Confirmed → Fix Committed
tags: added: verification-needed
Steve Langasek (vorlon) wrote :

Successfully ran through the test case on a xenial live image.

tags: added: verification-done-xenial
removed: verification-needed
Brian Murray (brian-murray) wrote :

Hello Amos, or anyone else affected,

Accepted software-properties into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/software-properties/0.92.37.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in software-properties (Ubuntu Trusty):
status: Confirmed → Fix Committed
tags: added: verification-needed
Steve Langasek (vorlon) wrote :

Fix confirmed for trusty as well.

tags: added: verification-done-trusty
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.96.20.7

---------------
software-properties (0.96.20.7) xenial; urgency=medium

  * software-properties-gtk:
    - fix the backend code to set the gnome debconf frontend, without which
      libgtk2-perl goes unused.
    - depend on libgtk2-perl to ensure it's available, since it was not seeded
      on the desktop at release time. This is only a Recommends: in zesty,
      but we need to ensure this isn't ignored on upgrade.
    LP: #1679784.

 -- Steve Langasek <email address hidden> Thu, 27 Apr 2017 16:21:42 -0700

Changed in software-properties (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.92.37.8

---------------
software-properties (0.92.37.8) trusty; urgency=medium

  * software-properties-gtk:
    - fix the backend code to set the gnome debconf frontend, without which
      libgtk2-perl goes unused.
    - depend on libgtk2-perl to ensure it's available, since it was not seeded
      on the desktop at release time. This is only a Recommends: in zesty,
      but we need to ensure this isn't ignored on upgrade.
    LP: #1679784.

 -- Steve Langasek <email address hidden> Thu, 27 Apr 2017 16:28:45 -0700

Changed in software-properties (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.