Comment 0 for bug 1839873

I've encountered this bug during installation of KDE neon (uses Ubuntu 18.04 LTS as base system) on my computer, but it seems this bug is rather caused by the ubiquity package itself.

Steps to reproduce:
1. Have secure boot enabled in BIOS settings,
2. Start Ubuntu/etc installation in UEFI mode and with internet access,
3. Let the installer to download updates during installation,
4. Use manual partitioning to specify the root partition on the disk, where an EFI partition already exists.

What you expect to happen: The system is successfully installed on a secure boot enabled computer in EFI mode.

What happened instead: GRUB installation fails, thus the installation fails.

Details:
After the root filesystem is copied, the installer continues with other tasks such as apt update, user accounts management, grub installation, etc. but it failed every time during the bootloader installation stage.

By examining the syslog of live environment during installation, I have seen installation of grub-efi-amd64-signed package (in the target system) has failed. I've traced the problem and pinpointed it to the following section in the /usr/share/grub-installer/grub-installer (provided by ubiquity package) script:

case "$grub_package" in
   *)
 # Will pull in os-prober based on global setting for Recommends
 apt-install $grub_package || exit_code=$?
 case $grub_package in
     *-signed)
  apt-install shim-signed || true
  apt-install grub-pc || true
  ;;
 esac
 ;;
esac

On my computer, the "apt-install $grub_package" command tries installing grub-efi-amd64-signed package into the target environment, but this package fails during configuration stage because it needs shim-signed and mokutil packages to be already installed on the target environment first. Instead, the installer installs shim-signed package after grub-efi-amd64-signed package, hence the error occurs.

Proposals for fixing the problem:
1. Modify /usr/share/grub-installer/grub-installer script so that "apt-install $grub_package || exit_code=$?" line is executed after the case block where shim-signed package is installed (this modification has solved the problem for me and the system is installed successfully without any further errors)

or,

2. Make shim-signed package a dependency for grub-efi-amd64-bin package.

I'm currently unavailable to attach any syslog files because I've already fixed the problem before installation and therefore my /var/log/installer/syslog has no mentions of an error at all. I can still attach it if required though, or I can attempt a failed installation again to create a syslog which contains the error I've mentioned (if I find a spare disk to install).