[Bug 1898729] Re: shim can end up being removed
Julian Andres Klode
1898729 at bugs.launchpad.net
Tue Oct 20 15:12:45 UTC 2020
** Description changed:
- I just did a set of package updates in focal that ended up with shim
- shim-signed mokutil being autoremoved.
+ [Impact]
+ System unbootable because shim-signed was marked auto and removed during upgrade.
+
+ [Test case]
+ lxc launch ubuntu:focal shimtest
+ lxc exec shimtest apt install shim-signed
+ lxc exec shimtest apt-mark auto shim-signed
+ lxc exec shimtest apt autoremove # check it's listed
+ lxc exec shimtest mount -t tmpfs tmpfs /boot/efi # hack around check
+ lxc exec shimtest do-release-upgrade -d
+ lxc exec shimtest apt policy shim-signed # ensure shim is still there
+
+
+
+ I just did a set of package updates in focal that ended up with shim shim-signed mokutil being autoremoved.
I rebooted without noticing, and had to manually recover the system
thereafter. :(
Julian says there was a period of time where these were marked auto. I
suppose that I installed during this window, and now some dependency
change meant that as far as apt was concerned they weren't required any
more.
Can we please consider never proposing these packages for autoremoval?
apt has NeverAutoRemove for this which could be used, or some other
appropriate method.
** Description changed:
[Impact]
System unbootable because shim-signed was marked auto and removed during upgrade.
[Test case]
lxc launch ubuntu:focal shimtest
lxc exec shimtest apt install shim-signed
lxc exec shimtest apt-mark auto shim-signed
lxc exec shimtest apt autoremove # check it's listed
lxc exec shimtest mount -t tmpfs tmpfs /boot/efi # hack around check
lxc exec shimtest do-release-upgrade -d
lxc exec shimtest apt policy shim-signed # ensure shim is still there
+ [Regression potential]
+ Scripts removing shim-signed will fail.
-
+ [Original bug report]
I just did a set of package updates in focal that ended up with shim shim-signed mokutil being autoremoved.
I rebooted without noticing, and had to manually recover the system
thereafter. :(
Julian says there was a period of time where these were marked auto. I
suppose that I installed during this window, and now some dependency
change meant that as far as apt was concerned they weren't required any
more.
Can we please consider never proposing these packages for autoremoval?
apt has NeverAutoRemove for this which could be used, or some other
appropriate method.
** Description changed:
[Impact]
System unbootable because shim-signed was marked auto and removed during upgrade.
[Test case]
lxc launch ubuntu:focal shimtest
lxc exec shimtest apt install shim-signed
lxc exec shimtest apt-mark auto shim-signed
lxc exec shimtest apt autoremove # check it's listed
lxc exec shimtest mount -t tmpfs tmpfs /boot/efi # hack around check
lxc exec shimtest do-release-upgrade -d
lxc exec shimtest apt policy shim-signed # ensure shim is still there
[Regression potential]
- Scripts removing shim-signed will fail.
+ Scripts removing shim-signed will fail and need to pass --allow-remove-essential now.
[Original bug report]
I just did a set of package updates in focal that ended up with shim shim-signed mokutil being autoremoved.
I rebooted without noticing, and had to manually recover the system
thereafter. :(
Julian says there was a period of time where these were marked auto. I
suppose that I installed during this window, and now some dependency
change meant that as far as apt was concerned they weren't required any
more.
Can we please consider never proposing these packages for autoremoval?
apt has NeverAutoRemove for this which could be used, or some other
appropriate method.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1898729
Title:
shim can end up being removed
Status in shim-signed package in Ubuntu:
Triaged
Status in shim-signed source package in Focal:
New
Status in shim-signed source package in Groovy:
Triaged
Bug description:
[Impact]
System unbootable because shim-signed was marked auto and removed during upgrade.
[Test case]
lxc launch ubuntu:focal shimtest
lxc exec shimtest apt install shim-signed
lxc exec shimtest apt-mark auto shim-signed
lxc exec shimtest apt autoremove # check it's listed
lxc exec shimtest mount -t tmpfs tmpfs /boot/efi # hack around check
lxc exec shimtest do-release-upgrade -d
lxc exec shimtest apt policy shim-signed # ensure shim is still there
[Regression potential]
Scripts removing shim-signed will fail and need to pass --allow-remove-essential now.
[Original bug report]
I just did a set of package updates in focal that ended up with shim shim-signed mokutil being autoremoved.
I rebooted without noticing, and had to manually recover the system
thereafter. :(
Julian says there was a period of time where these were marked auto. I
suppose that I installed during this window, and now some dependency
change meant that as far as apt was concerned they weren't required
any more.
Can we please consider never proposing these packages for autoremoval?
apt has NeverAutoRemove for this which could be used, or some other
appropriate method.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1898729/+subscriptions
More information about the foundations-bugs
mailing list