Ubuntu
dkms package

DKMS seems to hang after installing a module.

Bug #1781001 reported by rew
50
This bug affects 15 people
Affects Status Importance Assigned to Milestone
dkms (Ubuntu)
Fix Released
High
Unassigned
Bionic
Fix Released
High
Unassigned
Ubuntu ubuntu-18.04.1

Bug Description

[Impact]
All users of third-party modules on Ubuntu when running under SecureBoot experience a package manager hang trying to initially configure the dkms package from the commandline.

[Test cases]
1) Install Ubuntu on an UEFI system
2) Clear any files in /var/lib/shim-signed/mok: "sudo rm -rf /var/lib/shim-signed/mok/*"
3) Install virtualbox-dkms: "sudo apt install virtualbox-dkms"
4) Verify that you are prompted for a password to enroll a new MOK, and that you are asked that password at reboot.

Without the patch, no prompt will appear at install of virtualbox-dkms.

[Regression Potential]
Shuffling of file descriptors as required by this change may impact dkms builds if these builds do special steps requiring different file descriptors. Any failure to install a -dkms package should be investigated as a potential regression coming from this SRU.

----

(while gathering info for this bugreport, my knowledge about this issue has been growing. So the top part was written with not everything known yet)

In my case I installed tp_smapi, but on the internet I've found others that have installed other modules.

When configuring the tp-smapi-dkms package it says it will uninstall the module first and the it reports: Building initial module for 4.15.0-23-generic

After that it hangs, or so it seems. It turns out that somewhere in there a script is being called with output redirected to /dev/null. But under certain circumstances, in my case "the computer is configured for secure boot", whiptail is being called asking for a password.

Whiptail outputs curses codes to write stuff to the screen but that is redirected to /dev/null. It then waits for input from the user. I've debugged this to the point that it is saying this:

 whiptail --backtitle Package configuration --title Configuring Secure Boot --output-fd 12 --nocancel --msgbox Your system has UEFI Secure Boot enabled. UEFI Secure Boot requires additional configuration to work with third-party drivers. The system will assist you in configuring UEFI Secure Boot. To permit the use of third-party drivers, a new Machine-Owner Key (MOK) has been generated. This key now needs to be enrolled in your system's firmware. To ensure that this change is being made by you as an authorized user, and not by an attacker, you must choose a password now and then confirm the change after reboot using the same password, in both the "Enroll MOK" and "Change Secure Boot state" menus that will be presented to you when this system reboots. If you proceed but do not confirm the password upon reboot, Ubuntu will still be able to boot on your system but any hardware that requires third-party drivers to work correctly may not be usable. --scrolltext 20 77

but, as I said the output is redirected to /dev/null.

The call-tree is as follows:
-dpkg(18879)---tp-smapi-dkms.p(18880)---common.postinst(18881)---dkms(19146)---dkms(19161)---frontend(20224)-+-update-securebo(20238)
           | | `-whiptail(20253)

(with the update-secureboot and whiptail both being children from "frontend". ).
The tp-smapi-dkms.postinst program is still being called with stdout connected to my controlling terminal. The common.postinst has stdout connected ot /dev/null, so I'd first look in /var/lib/dpkg/info/tp-smapi-dkms.postinst....
I have looked there, and I don't see a reason why it would redirect the output of a subprocess to /dev/null. (the word does not occur in the short script.)
Alternatively I'd think that maybe the subprocess /usr/lib/dkms/common.postinst would redirect its own stdout to /dev/null.

On the other hand.... I found
  dkms build -m $NAME -v $VERSION -k $KERNEL $ARCH > /dev/null

which explains the dkms subprocess running with output redirected to devnull, but not why the common.postinst runs with output redirected to devnull.

Anyway. DKMS kernel module install postponed, apt inoperable until I can physically access the machine....

Should have been automatically added, but here goes:
1:
Description: Ubuntu 18.04 LTS
Release: 18.04
2: dkms: 2.3-3ubuntu9.1
3: People (not just me) expect a simple apt-get install <a module> to not hang wihtout explaining why.
4: it hung without any explanation.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: dpkg 1.19.0.5ubuntu2
ProcVersionSignature: Ubuntu 4.15.0-23.25-generic 4.15.18
Uname: Linux 4.15.0-23-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
Date: Tue Jul 10 16:54:20 2018
ExecutablePath: /usr/bin/dpkg
InstallationDate: Installed on 2018-06-28 (11 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
SourcePackage: dpkg
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
rew (r-e-wolff) wrote :
rew (r-e-wolff)
affects: dpkg (Ubuntu) → dkms (Ubuntu)
description: updated
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "This causes the proper behaviour for me, probably a bit noisy for others in other situations. At least a workaround." seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
rew (r-e-wolff) wrote :

Dear bot,
Yes, it's a patch.

Revision history for this message
rew (r-e-wolff) wrote :

Dear bot,
In your explanation you tell me to think about it and remove the patch flag if it is inappropriate. But then you go ahead and do it yourself without thinking about it? Liar!

Steve Langasek (vorlon)
Changed in dkms (Ubuntu):
status: New → Fix Committed
importance: Undecided → High
Mathieu Trudel-Lapierre (cyphermox)
description: updated
description: updated
Steve Langasek (vorlon)
description: updated
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello rew, or anyone else affected,

Accepted dkms into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dkms/2.3-3ubuntu9.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in dkms (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in dkms (Ubuntu Bionic):
milestone: none → ubuntu-18.04.1
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dkms - 2.3-3ubuntu11

---------------
dkms (2.3-3ubuntu11) cosmic; urgency=medium

  * 0009-Add-support-for-UEFI-Secure-Boot-validation-toggling.patch: source
    /usr/share/debconf/confmodule from dkms_common.postinst to ensure we have
    all the environment ready to successfully show debconf prompts when dkms
    modules are being built. (LP: #1781001)

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 16 Jul 2018 16:14:29 -0400

Changed in dkms (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Guillaume (xiu42) wrote :

Just tested https://launchpad.net/ubuntu/+source/dkms/2.3-3ubuntu9.2 (had the same issue while installing wireguard), works as expected, thanks!

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dkms - 2.3-3ubuntu9.2

---------------
dkms (2.3-3ubuntu9.2) bionic; urgency=medium

  * 0009-Add-support-for-UEFI-Secure-Boot-validation-toggling.patch: source
    /usr/share/debconf/confmodule from dkms_common.postinst to ensure we have
    all the environment ready to successfully show debconf prompts when dkms
    modules are being built. (LP: #1781001)

 -- Mathieu Trudel-Lapierre <email address hidden> Wed, 18 Jul 2018 09:33:31 -0400

Changed in dkms (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Adam Conrad (adconrad) wrote : Update Released

The verification of the Stable Release Update for dkms has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.