** No longer affects: unattended-upgrades (Ubuntu) ** No longer affects: unattended-upgrades (Ubuntu Trusty)
** No longer affects: unattended-upgrades (Ubuntu Xenial) ** No longer affects: unattended-upgrades (Ubuntu Yakkety) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unattended-upgrades in Ubuntu. https://bugs.launchpad.net/bugs/1673817 Title: update-secure-boot-policy behaving badly with unattended-upgrades Status in shim-signed package in Ubuntu: Fix Released Status in shim-signed source package in Trusty: Fix Released Status in shim-signed source package in Xenial: Fix Released Status in shim-signed source package in Yakkety: Fix Released Bug description: [Impact] Any user with unattended upgrades enabled and DKMS packages in a Secure Boot environment might be prompted to change Secure Boot policy, which will fail and crash in unattended-upgrades. [Test case] = unattended upgrade = 1) Create /var/lib/dkms/TEST-DKMS 2) Install new package 3) Trigger unattended-upgrades: unattended-upgrades -d Upgrade should run smoothly for all the processing but fail to complete; shim-signed should end the unattended upgrade with a error as unattended change of the Secure Boot policy can not be done. Upgrade should not hang in high CPU usage. = standard upgrade = 1) Create /var/lib/dkms/TEST-DKMS 2) install new package. 3) Verify that the upgrade completes normally. [Regression Potential] Any failure to prompt for or change Secure Boot policy in mokutil while in an *attended* upgrade scenario would constitute a regression of this SRU. Any other issues related to booting in Secure Boot mode should instead be directed to bug 1637290 (shim update). --- Currently, unattended-upgrades will automatically install all updates for those running development releases of Ubuntu (LP: #1649709) Today, my computer was acting very sluggish. Looking at my process list, I saw/ usr/sbin/update-secureboot-policy was using a log of CPU. I killed the process. I have a /var/crash/shim-signed.0.crash but since it's 750 MB, I didn't bother submitting it or looking at it more. Maybe it crashed because I killed the process. Also, I see that unattended-upgrades-dpkg.log is 722 MB. Today's update included both VirtualBox and the linux kernel. I am attaching an excerpt of /var/log/unattended-upgrades/unattended- upgrades-dpkg.log This message was repeated a very large number of times (but I only included it once in the attachment: "Invalid password The Secure Boot key you've entered is not valid. The password used must be between 8 and 16 characters." ProblemType: Bug DistroRelease: Ubuntu 17.04 Package: shim-signed 1.23+0.9+1474479173.6c180c6-0ubuntu1 ProcVersionSignature: Ubuntu 4.10.0-11.13-generic 4.10.1 Uname: Linux 4.10.0-11-generic x86_64 NonfreeKernelModules: zfs zunicode zavl zcommon znvpair ApportVersion: 2.20.4-0ubuntu2 Architecture: amd64 CurrentDesktop: GNOME Date: Fri Mar 17 11:15:04 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2017-02-23 (21 days ago) InstallationMedia: Ubuntu-GNOME 17.04 "Zesty Zapus" - Alpha amd64 (20170219) SourcePackage: shim-signed UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1673817/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
