Failure to quote variable containing secureboot password (errors out with whitespace) package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 2
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shim-signed (Ubuntu) |
Fix Released
|
High
|
Mathieu Trudel-Lapierre | ||
Bionic |
Fix Released
|
High
|
Mathieu Trudel-Lapierre | ||
Cosmic |
Fix Released
|
High
|
Mathieu Trudel-Lapierre |
Bug Description
[Impact]
Any user of third-party (dkms) modules with Secure Boot enabled, who tries to use a space in the mok password, will experience a maintainer script failure and the package will be left unconfigured.
[Test case]
1) Delete /var/lib/
2) Run 'sudo update-
3) Run 'sudo update-
4) When prompted, enter a password containing the space character.
[Regression potential]
Issues to watch out for are any related to password handling (failure to get the password and continue out of the debconf prompts without error), failure to enroll keys, or being unable to use dkms modules after reboot and successful enrolment of the key.
--
This happens when I tried to setup boot key during 18.04 upgrade.
Exits with Error code 2
ProblemType: Package
DistroRelease: Ubuntu 18.04
Package: shim-signed 1.34.9+13-0ubuntu2
ProcVersionSign
Uname: Linux 4.15.0-20-generic x86_64
NonfreeKernelMo
.proc.sys.
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
Date: Wed May 9 20:01:47 2018
EFITables:
May 11 23:30:27 dheepan-tower kernel: efi: EFI v2.40 by American Megatrends
May 11 23:30:27 dheepan-tower kernel: efi: ESRT=0xbfed1d98 ACPI=0xbe576000 ACPI 2.0=0xbe576000 SMBIOS=0xbfed0000 SMBIOS 3.0=0xbfecf000 MPS=0xfc9e0
May 11 23:30:27 dheepan-tower kernel: secureboot: Secure boot disabled
May 11 23:30:27 dheepan-tower kernel: esrt: Reserving ESRT space from 0x00000000bfed1d98 to 0x00000000bfed1dd0.
ErrorMessage: installed shim-signed package post-installation script subprocess returned error exit status 2
InstallationDate: Installed on 2017-11-18 (173 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
MokSBStateRT: 6 0 0 0 1
Python3Details: /usr/bin/python3.6, Python 3.6.5, python3-minimal, 3.6.5-3
PythonDetails: /usr/bin/python2.7, Python 2.7.15rc1, python-minimal, 2.7.15~rc1-1
RelatedPackageV
dpkg 1.19.0.5ubuntu2
apt 1.6.1
SecureBoot: 6 0 0 0 1
SourcePackage: shim-signed
Title: package shim-signed 1.34.9+13-0ubuntu2 failed to install/upgrade: installed shim-signed package post-installation script subprocess returned error exit status 2
UpgradeStatus: Upgraded to bionic on 2018-05-09 (1 days ago)
Related branches
- Steve Langasek: Approve
-
Diff: 54 lines (+17/-4)2 files modifieddebian/changelog (+9/-0)
update-secureboot-policy (+8/-4)
tags: | removed: need-duplicate-check |
Changed in shim-signed (Ubuntu Bionic): | |
assignee: | nobody → Mathieu Trudel-Lapierre (cyphermox) |
importance: | Undecided → High |
status: | New → Triaged |
tags: | added: id-5af999195fa3c7cd33a518db |
description: | updated |
description: | updated |
Line 90 of this script is:
local key=$1
This is an error in the code; up until this point the password is quoted everywhere so that it will properly handle whitespace within the string, then at this point it is not.