[Kernel-packages] [Bug 1558438] Re: "Disable secure boot" workflow is broken

2016-03-20 Thread Launchpad Bug Tracker 
This bug was fixed in the package grub2 - 2.02~beta2-36ubuntu2

---
grub2 (2.02~beta2-36ubuntu2) xenial; urgency=medium

  * debian/postinst.in: (LP: #1558438)
- fix quoting variables for setup_mok_validation() to account for passwords
  that might have special characters.
- use printf rather than straight echo to pass values to mokutil.
- ask the user to confirm password; not just write it once, this will avoid
  issues with typos in the Secure Boot keys.

 -- Mathieu Trudel-Lapierre   Fri, 18 Mar 2016
21:35:50 -0400

** Changed in: grub2 (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1558438

Title:
  "Disable secure boot" workflow is broken

Status in dkms package in Ubuntu:
  Fix Released
Status in grub2 package in Ubuntu:
  Fix Released
Status in dkms source package in Xenial:
  Fix Released
Status in grub2 source package in Xenial:
  Fix Released

Bug description:
  I upgraded to grub2 2.02~beta2-36ubuntu1 and was presented with the
  new prompt to disable secure boot, since I have a dkms package
  installed.  The password I entered was 14 characters long.  On the
  terminal, I see:

  Installing for x86_64-efi platform.
  Installation finished. No error reported.
  password should be 8~16 characters
  password should be 8~16 characters
  password should be 8~16 characters
  Abort

  Looking at the code:

  db_get dkms/secureboot_key
  length=`echo $RET | wc -c`
  if [ $length -lt 8 ] || [ $length -gt 16 ]; then
  db_fset dkms/text/bad_secureboot_key seen false
  db_input critical dkms/text/bad_secureboot_key
  STATE=$(($STATE - 2))
  elif [ $length -ne 0 ]; then
  echo "${RET}\n${RET}" | mokutil 
--disable-validation >/dev/null || true
  fi

  There are a few problems here:

   * You *must* use echo "$RET" rather than echo $RET; the password could 
contain metacharacters.  In general you should always surround any $-expansion 
in a shell script with "" unless you specifically know that you're in one of 
the special cases where you need to not do so.
   * This is a /bin/bash script for historical reasons.  echo "${RET}\n${RET}" 
is non-portable syntax and only works in shells such as dash with the other 
style of echo.  You should use this instead: printf '%s\n%s\n' "$RET" "$RET"
   * While you're here, it seems to me that a password confirmation page would 
be a good idea, given that you obviously can't see what you're typing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1558438/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1558438] Re: "Disable secure boot" workflow is broken

2016-03-19 Thread Mathieu Trudel-Lapierre 
dkms would be affected the same way, they both use the same code.

I will fix today.

** Also affects: dkms (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: dkms (Ubuntu)
   Importance: Undecided => Critical

** Changed in: dkms (Ubuntu)
   Status: New => Triaged

** Changed in: grub2 (Ubuntu)
   Status: New => Triaged

** Changed in: dkms (Ubuntu)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (mathieu-tl)

** Changed in: grub2 (Ubuntu)
 Assignee: (unassigned) => Mathieu Trudel-Lapierre (mathieu-tl)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1558438

Title:
  "Disable secure boot" workflow is broken

Status in dkms package in Ubuntu:
  Triaged
Status in grub2 package in Ubuntu:
  Triaged

Bug description:
  I upgraded to grub2 2.02~beta2-36ubuntu1 and was presented with the
  new prompt to disable secure boot, since I have a dkms package
  installed.  The password I entered was 14 characters long.  On the
  terminal, I see:

  Installing for x86_64-efi platform.
  Installation finished. No error reported.
  password should be 8~16 characters
  password should be 8~16 characters
  password should be 8~16 characters
  Abort

  Looking at the code:

  db_get dkms/secureboot_key
  length=`echo $RET | wc -c`
  if [ $length -lt 8 ] || [ $length -gt 16 ]; then
  db_fset dkms/text/bad_secureboot_key seen false
  db_input critical dkms/text/bad_secureboot_key
  STATE=$(($STATE - 2))
  elif [ $length -ne 0 ]; then
  echo "${RET}\n${RET}" | mokutil 
--disable-validation >/dev/null || true
  fi

  There are a few problems here:

   * You *must* use echo "$RET" rather than echo $RET; the password could 
contain metacharacters.  In general you should always surround any $-expansion 
in a shell script with "" unless you specifically know that you're in one of 
the special cases where you need to not do so.
   * This is a /bin/bash script for historical reasons.  echo "${RET}\n${RET}" 
is non-portable syntax and only works in shells such as dash with the other 
style of echo.  You should use this instead: printf '%s\n%s\n' "$RET" "$RET"
   * While you're here, it seems to me that a password confirmation page would 
be a good idea, given that you obviously can't see what you're typing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1558438/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1558438] Re: "Disable secure boot" workflow is broken

2016-03-18 Thread Brian Murray 
** Also affects: grub2 (Ubuntu Xenial)
   Importance: Critical
 Assignee: Mathieu Trudel-Lapierre (mathieu-tl)
   Status: Triaged

** Also affects: dkms (Ubuntu Xenial)
   Importance: Critical
 Assignee: Mathieu Trudel-Lapierre (mathieu-tl)
   Status: Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1558438

Title:
  "Disable secure boot" workflow is broken

Status in dkms package in Ubuntu:
  Triaged
Status in grub2 package in Ubuntu:
  Triaged
Status in dkms source package in Xenial:
  Triaged
Status in grub2 source package in Xenial:
  Triaged

Bug description:
  I upgraded to grub2 2.02~beta2-36ubuntu1 and was presented with the
  new prompt to disable secure boot, since I have a dkms package
  installed.  The password I entered was 14 characters long.  On the
  terminal, I see:

  Installing for x86_64-efi platform.
  Installation finished. No error reported.
  password should be 8~16 characters
  password should be 8~16 characters
  password should be 8~16 characters
  Abort

  Looking at the code:

  db_get dkms/secureboot_key
  length=`echo $RET | wc -c`
  if [ $length -lt 8 ] || [ $length -gt 16 ]; then
  db_fset dkms/text/bad_secureboot_key seen false
  db_input critical dkms/text/bad_secureboot_key
  STATE=$(($STATE - 2))
  elif [ $length -ne 0 ]; then
  echo "${RET}\n${RET}" | mokutil 
--disable-validation >/dev/null || true
  fi

  There are a few problems here:

   * You *must* use echo "$RET" rather than echo $RET; the password could 
contain metacharacters.  In general you should always surround any $-expansion 
in a shell script with "" unless you specifically know that you're in one of 
the special cases where you need to not do so.
   * This is a /bin/bash script for historical reasons.  echo "${RET}\n${RET}" 
is non-portable syntax and only works in shells such as dash with the other 
style of echo.  You should use this instead: printf '%s\n%s\n' "$RET" "$RET"
   * While you're here, it seems to me that a password confirmation page would 
be a good idea, given that you obviously can't see what you're typing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1558438/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1558438] Re: "Disable secure boot" workflow is broken

2016-03-18 Thread Launchpad Bug Tracker 
This bug was fixed in the package dkms - 2.2.0.3-2ubuntu11

---
dkms (2.2.0.3-2ubuntu11) xenial; urgency=medium

  * debian/patches/shim_secureboot_support.patch: (LP: #1558438)
- fix quoting variables for setup_mok_validation() to account for passwords
  that might have special characters.
- use printf rather than straight echo to pass values to mokutil.
- ask the user to confirm password; not just write it once, this will avoid
  issues with typos in the Secure Boot keys.
  * debian/templates:
- rename dkms/text/bad_secureboot_key to dkms/error/bad_secureboot_key.
- add dkms/text/secureboot_key_mismatch.
- add dkms/secureboot_key_again.

 -- Mathieu Trudel-Lapierre   Fri, 18 Mar 2016
20:54:11 -0400

** Changed in: dkms (Ubuntu Xenial)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1558438

Title:
  "Disable secure boot" workflow is broken

Status in dkms package in Ubuntu:
  Fix Released
Status in grub2 package in Ubuntu:
  Triaged
Status in dkms source package in Xenial:
  Fix Released
Status in grub2 source package in Xenial:
  Triaged

Bug description:
  I upgraded to grub2 2.02~beta2-36ubuntu1 and was presented with the
  new prompt to disable secure boot, since I have a dkms package
  installed.  The password I entered was 14 characters long.  On the
  terminal, I see:

  Installing for x86_64-efi platform.
  Installation finished. No error reported.
  password should be 8~16 characters
  password should be 8~16 characters
  password should be 8~16 characters
  Abort

  Looking at the code:

  db_get dkms/secureboot_key
  length=`echo $RET | wc -c`
  if [ $length -lt 8 ] || [ $length -gt 16 ]; then
  db_fset dkms/text/bad_secureboot_key seen false
  db_input critical dkms/text/bad_secureboot_key
  STATE=$(($STATE - 2))
  elif [ $length -ne 0 ]; then
  echo "${RET}\n${RET}" | mokutil 
--disable-validation >/dev/null || true
  fi

  There are a few problems here:

   * You *must* use echo "$RET" rather than echo $RET; the password could 
contain metacharacters.  In general you should always surround any $-expansion 
in a shell script with "" unless you specifically know that you're in one of 
the special cases where you need to not do so.
   * This is a /bin/bash script for historical reasons.  echo "${RET}\n${RET}" 
is non-portable syntax and only works in shells such as dash with the other 
style of echo.  You should use this instead: printf '%s\n%s\n' "$RET" "$RET"
   * While you're here, it seems to me that a password confirmation page would 
be a good idea, given that you obviously can't see what you're typing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1558438/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp