How to fix apt upgrade error on shim-signed package (error processing package shim-signed)

Written by - 0 comments

Published on - Listed in Virtualization Linux


After I migrated a local VMware Player virtual machine to a QEMU/KVM virtual machine (which worked surprisingly well and with improved performance!), I ran into an apt error a few weeks later.

shim-signed package upgrade issue

The mentioned virtual machine runs Linux Mint with a Cinnamon Desktop and after running the system updates, the following error showed up in the GUI:

A manual apt-get dist-upgrade confirmed the error:

ck@mintvm:~$ sudo apt-get dist-upgrade
[...]
Errors were encountered while processing:
 shim-signed
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:
Setting up shim-signed (1.51.4+15.8-0ubuntu1) ...
Unknown device "/dev/disk/by-id/*": No such file or directory
mount: /var/lib/grub/esp: special device /dev/sda2 does not exist.
dpkg: error processing package shim-signed (--configure):

 installed shim-signed package post-installation script subprocess returned error exit status 32
Errors were encountered while processing:
 shim-signed

The most interesting information: The post-install script of the shim-signed package somehow wanted to access /dev/sda2 - which does not exist anymore since the VM was migrated (this would now be /dev/vda2):

ck@mintvm:~$ blkid
/dev/vda2: UUID="D3A2-0E8E" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="d86e6df3-d66a-46ad-bbab-a535d220eb0c"
/dev/vda3: UUID="23d9573c-3c80-442c-8658-1d4bf6595c60" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="423655c6-49ad-46e1-9d0d-1291739ca743"

Where is /dev/sda2 still configured?

Somewhere in the system a config must still contain a reference to the original /dev/sda disk. But where?

Obviously the first place I looked at was /etc/fstab, but the entries are using the UUID of the partitions:

ck@mintvm:~$ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sda3 during installation
UUID=23d9573c-3c80-442c-8658-1d4bf6595c60 /               ext4    errors=remount-ro 0       1
# /boot/efi was on /dev/sda2 during installation
UUID=D3A2-0E8E  /boot/efi       vfat    umask=0077      0       1
/swapfile                                 none            swap    sw              0       0

And even though the VM was migrated from a VMware Virtual Machine to a KVM/QEMU VM, the UUIDs remain the same (see blkid output above). The machine wouldn't boot either if this wasn't the case.

A grep search inside /etc/ did not reveal any hits (besides the comment in /etc/fstab).

The mentioned post-install script (/var/lib/dpkg/info/shim-signed.postinst) did not contain any hard-coded /dev/sda2 entry either. Where is this still configured if not within /etc/?

The Debconf config!

After some research I came across a very helpful question on Ask Ubuntu, where the OP basically ran into the same problem. The answer pointed to /var/cache/debconf/config.dat. As it turns out, this file does indeed contain a reference to the old /dev/sda2:

root@mintvm:~# grep sda2 /var/cache/debconf/config.dat
Value: /dev/sda2
Value: /dev/sda2, /dev/vda2

Taking a closer look reveals these entries inside the file:

Name: grub-efi/install_devices
Template: grub-efi/install_devices
Value: /dev/sda2
Owners: grub-common, grub-pc
Flags: seen
Variables:
[...]
Name: grub-efi/install_devices_disks_changed
Template: grub-efi/install_devices_disks_changed
Value: /dev/sda2, /dev/vda2
Owners: grub-common, grub-pc
Flags: seen
Variables:

The first entry (grub-efi/install_devices) still refers to /dev/sda2 as value. The second entry (grub-efi/install_devices_disks_changed) correctly identifies the newer /dev/vda2.

As there is no longer any /dev/sda drive around, let's get fully rid of it and replace /dev/sda2 by /dev/vda2:

root@mintvm:~# sed -i "s/sda2/vda2/" /var/cache/debconf/config.dat

Note: A closer look at the shim-signed postinstall script confirms that this debconf config.dat file is indeed read and therefore uses information/values from that file.

shim-signed package upgrade working again

After the change in /var/cache/debconf/config.dat, let's try the package upgrade once more:

root@mintvm:~# apt-get upgrade
apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up shim-signed (1.51.4+15.8-0ubuntu1) ...
Unknown device "/dev/disk/by-id/*": No such file or directory
Installing grub to /boot/efi.
Installing for x86_64-efi platform.
grub-install: warning: EFI variables cannot be set on this system.
grub-install: warning: You will have to complete the GRUB setup manually.
Installation finished. No error reported.

And finally this ran through correctly! Problem fixed!


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   OpenSearch   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder