[Bug 1191804] New: kernel cannot be updated if Secure Boot is disabled
https://bugzilla.suse.com/show_bug.cgi?id=1191804 Bug ID: 1191804 Summary: kernel cannot be updated if Secure Boot is disabled Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Kernel Assignee: kernel-bugs@opensuse.org Reporter: kukuk@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- (3/3) Installing: kernel-default-5.14.11-1.2.x86_64 [...........error] Installation of kernel-default-5.14.11-1.2.x86_64 failed: Error: Subprocess failed. Error: RPM failed: SecureBoot disabled Platform is in Setup Mode Abort, retry, ignore? [a/r/i] (a): a Warning: %posttrans scripts skipped while aborting: kernel-default-5.14.11-1.2.x86_64.rpm -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c1 Takashi Iwai <tiwai@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |msuchanek@suse.com, | |tiwai@suse.com --- Comment #1 from Takashi Iwai <tiwai@suse.com> --- Looks like some inconsistency in the recent SB support changes. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c2 --- Comment #2 from Michal Suchanek <msuchanek@suse.com> --- Created attachment 853216 --> https://bugzilla.suse.com/attachment.cgi?id=853216&action=edit console log Please add -x to the shell interpreter in /usr/lib/module-init-tools/kernel-scriptlets/cert-script and /usr/lib/module-init-tools/kernel-scriptlets/rpm-script and attach the output. I do not see any error -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c3 Michal Suchanek <msuchanek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #853216|0 |1 is obsolete| | --- Comment #3 from Michal Suchanek <msuchanek@suse.com> --- Created attachment 853221 --> https://bugzilla.suse.com/attachment.cgi?id=853221&action=edit console log -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c4 --- Comment #4 from Thorsten Kukuk <kukuk@suse.com> --- Created attachment 853223 --> https://bugzilla.suse.com/attachment.cgi?id=853223&action=edit zypper up trace output Luckily this system is running MicroOS, else you have to do fresh re-installation of the system: after a broken update you will not see the error anymore... -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #853223|text/x-log |text/plain mime type| | -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c5 Ondrej Holecek <oholecek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |oholecek@suse.com --- Comment #5 from Ondrej Holecek <oholecek@suse.com> --- Just to clarify for others, this seems not to be related to the SB as I have exactly the same error but with SB enabled:
(1/2) Installing: kernel-default-5.14.11-1.2.x86_64 [.............error] Installation of kernel-default-5.14.11-1.2.x86_64 failed: Error: Subprocess failed. Error: RPM failed: SecureBoot enabled
This seems to be related to MicroOS. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c6 --- Comment #6 from Michal Suchanek <msuchanek@suse.com> --- Some of the scripts may require bash -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c7 --- Comment #7 from Thorsten Kukuk <kukuk@suse.com> --- (In reply to Michal Suchanek from comment #6)
Some of the scripts may require bash
/bin/sh on MicroOS is bash. But yes, if they require bash, they should call it. But I doubt that this is the error here. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c8 --- Comment #8 from Ondrej Holecek <oholecek@suse.com> --- For me the script fails on depmod call: /usr/sbin/depmod -F boot/System.map-5.14.11-1-default -ae 5.14.11-1-default depmod: ERROR: could not open directory /lib/modules/5.14.11-1-default: No such file or directory depmod: FATAL: could not search modules: No such file or directory Seems something is missing /usr prefix -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c9 --- Comment #9 from Michal Suchanek <msuchanek@suse.com> --- Is the kernel inherited from Factory or rebuilt? And suse-module-tools and kmod as well. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c10 --- Comment #10 from Michal Suchanek <msuchanek@suse.com> --- Actually I think that some of these tools won't work without the compatibility symlink from /lib to /usr/lib, and MicroOS might not have it. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c11 --- Comment #11 from Thorsten Kukuk <kukuk@suse.com> --- (In reply to Michal Suchanek from comment #10)
Actually I think that some of these tools won't work without the compatibility symlink from /lib to /usr/lib, and MicroOS might not have it.
It's standard Tumbleweed RPMs and MicroOS has of course the /lib -> usr/lib link. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c12 --- Comment #12 from Michal Suchanek <msuchanek@suse.com> --- (In reply to Thorsten Kukuk from comment #11)
(In reply to Michal Suchanek from comment #10)
Actually I think that some of these tools won't work without the compatibility symlink from /lib to /usr/lib, and MicroOS might not have it.
It's standard Tumbleweed RPMs and MicroOS has of course the /lib -> usr/lib link.
If it had the missing /usr would not make any difference (In reply to Ondrej Holecek from comment #8)
For me the script fails on depmod call:
/usr/sbin/depmod -F boot/System.map-5.14.11-1-default -ae 5.14.11-1-default depmod: ERROR: could not open directory /lib/modules/5.14.11-1-default: No such file or directory depmod: FATAL: could not search modules: No such file or directory
Seems something is missing /usr prefix
-- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c13 --- Comment #13 from Ondrej Holecek <oholecek@suse.com> --- Yes, sorry my fault. Indeed there is a link. This was a result of calling depmod on my active snapshot where the new kernel was being installed in different snapshot. Sorry for the noise. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c14 --- Comment #14 from Thorsten Kukuk <kukuk@suse.com> --- rpm -Uhvvvv gives this hint: ln: failed to create hard link '/etc/uefi/certs/BDD31A9E.crt.delete': File exists And yes, the file does really exists and is 8 days old, so from a previous (not the latest update). Question is, why there is this left-over and why the ln does not overwrite it. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c15 --- Comment #15 from Michal Suchanek <msuchanek@suse.com> --- This file must remain after the package is removed so we cannot rely on rpm removing it but if rpm is interrupted before all scripts finish it may remain. Should deal with the leftover file. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c16 Michal Suchanek <msuchanek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://github.com/openSUSE | |/suse-module-tools/pull/49 --- Comment #16 from Michal Suchanek <msuchanek@suse.com> --- https://github.com/openSUSE/suse-module-tools/pull/49 -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c20 --- Comment #20 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2021:3509-1: An update that has 5 recommended fixes can now be installed. Category: recommended (important) Bug References: 1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): suse-module-tools-15.3.13-3.11.1 -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c21 --- Comment #21 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3509-1: An update that has 5 recommended fixes can now be installed. Category: recommended (important) Bug References: 1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: SUSE MicroOS 5.1 (src): suse-module-tools-15.3.13-3.11.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): suse-module-tools-15.3.13-3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c22 --- Comment #22 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3515-1: An update that has 5 recommended fixes can now be installed. Category: recommended (important) Bug References: 1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: SUSE MicroOS 5.0 (src): suse-module-tools-15.2.15-4.9.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): suse-module-tools-15.2.15-4.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c23 Martin Wilck <martin.wilck@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.wilck@suse.com --- Comment #23 from Martin Wilck <martin.wilck@suse.com> --- Michal spotted that I'd missed the fix for comment 14 in my SLE15-SP3 submission, but erroneously referenced it in the changelog. So here's one more: sr#257162 -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c24 Martin Wilck <martin.wilck@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #24 from Martin Wilck <martin.wilck@suse.com> --- (In reply to Martin Wilck from comment #23)
So here's one more: sr#257162
broken too => sr#257167 -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c26 --- Comment #26 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2021:1406-1: An update that has 5 recommended fixes can now be installed. Category: recommended (important) Bug References: 1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: openSUSE Leap 15.2 (src): suse-module-tools-15.2.15-lp152.5.9.1 -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c30 --- Comment #30 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3663-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1191804 CVE References: JIRA References: Sources used: SUSE MicroOS 5.1 (src): suse-module-tools-15.3.14-3.14.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): suse-module-tools-15.3.14-3.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c31 --- Comment #31 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2021:3663-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1191804 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): suse-module-tools-15.3.14-3.14.1 -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c32 Michal Suchanek <msuchanek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #32 from Michal Suchanek <msuchanek@suse.com> --- Update released. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c35 --- Comment #35 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3820-1: An update that has 9 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1158817,1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): suse-module-tools-15.0.10-3.12.1 SUSE Linux Enterprise Server 15-LTSS (src): suse-module-tools-15.0.10-3.12.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): suse-module-tools-15.0.10-3.12.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): suse-module-tools-15.0.10-3.12.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c36 --- Comment #36 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3869-1: An update that has 8 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): suse-module-tools-15.1.23-3.19.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): suse-module-tools-15.1.23-3.19.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): suse-module-tools-15.1.23-3.19.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): suse-module-tools-15.1.23-3.19.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): suse-module-tools-15.1.23-3.19.1 SUSE Enterprise Storage 6 (src): suse-module-tools-15.1.23-3.19.1 SUSE CaaS Platform 4.0 (src): suse-module-tools-15.1.23-3.19.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c37 --- Comment #37 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3966-1: An update that has 8 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): suse-module-tools-12.11-3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are the assignee for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1191804 https://bugzilla.suse.com/show_bug.cgi?id=1191804#c38 --- Comment #38 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:3970-1: An update that has 8 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1189841,1189879,1190598,1191200,1191260,1191480,1191804,1191922 CVE References: JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): suse-module-tools-12.6.1-27.6.1 SUSE OpenStack Cloud Crowbar 8 (src): suse-module-tools-12.6.1-27.6.1 SUSE OpenStack Cloud 9 (src): suse-module-tools-12.6.1-27.6.1 SUSE OpenStack Cloud 8 (src): suse-module-tools-12.6.1-27.6.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): suse-module-tools-12.6.1-27.6.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): suse-module-tools-12.6.1-27.6.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): suse-module-tools-12.6.1-27.6.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): suse-module-tools-12.6.1-27.6.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): suse-module-tools-12.6.1-27.6.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): suse-module-tools-12.6.1-27.6.1 HPE Helion Openstack 8 (src): suse-module-tools-12.6.1-27.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are the assignee for the bug.
participants (1)
-
bugzilla_noreply@suse.com