New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SecureDrop install fails on hardware due to issue with the Ubuntu 14.04.5 version of dpkg #3901

Closed
zenmonkeykstop opened this Issue Oct 23, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@zenmonkeykstop
Copy link
Contributor

zenmonkeykstop commented Oct 23, 2018

Description

When installing SecureDrop to a fresh Ubuntu 14.04 server, the ./securedrop-admin install command may fail with one or more errors similar to the following:

fatal: [app]: FAILED! => {"cache_update_time": 1540315459, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\"     install 'securedrop-keyring'' failed: E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).\n", "rc": 100, "stderr": "E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).\n", "stderr_lines": ["E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution)."], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nYou might want to run 'apt-get -f install' to correct these:\nThe following packages have unmet dependencies:\n shim-signed : Depends: shim (= 13-0ubuntu2) but it is not going to be installed\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "You might want to run 'apt-get -f install' to correct these:", "The following packages have unmet dependencies:", " shim-signed : Depends: shim (= 13-0ubuntu2) but it is not going to be installed"]}

This is due to the version of dpkg shipping with Ubuntu 14.04.5 not being able to process certain deb packages correctly (in this case the shim package). Related Ubuntu issue (now closed) is: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1730627

Steps to Reproduce

  • Install Ubuntu 14.04.5 on hardware set up to use UEFI to boot
  • Proceed with the SecureDrop installation process

Expected Behavior

Install completes without error

Actual Behavior

Install fails with error above.

Comments

Manually upgrading dpkg and then forcing apt-get to complete pending installs as a workaround seems to clear the error. Log in to the app and mon servers and on each, perform the following:

apt-get download dpkg
sudo dpkg -i dpkg_*
sudo apt-get -f install
@eloquence

This comment has been minimized.

Copy link
Contributor

eloquence commented Oct 23, 2018

@zenmonkeykstop

This comment has been minimized.

Copy link
Contributor

zenmonkeykstop commented Oct 26, 2018

This issue is closed with the upstream release of a new version of the shim-signed package. For posterity, we issued an advisory, including workaround steps, which is available here:
https://securedrop.org/news/advisory-server-installation-failure-uefi-boot-mode/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment