Bug#968974: sbkeysync fails to return non-zero on error

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#968974: sbkeysync fails to return non-zero on error
From: dann frazier <dannf@dannf.org>
Date: Mon, 24 Aug 2020 15:11:28 -0600
Message-id: <[🔎] 159830348824.209029.5678173738045033300.reportbug@xps13.dannf>
Reply-to: dann frazier <dannf@dannf.org>, 968974@bugs.debian.org

Package: sbsigntool
Version: 0.9.2-2
Severity: normal
Tags: patch upstream

I found that sbkeysync will exit 0 even if it fails to update the DBX w/
a new revocation list. I discovered this while verifying an issue where
OVMF-based VMs do not have enough space to load the new revocation file
published in response to "boothole". A patch for this is available upstream:

https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/commit/?id=f12484869c9590682ac3253d583bf59b890bb826

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sbsigntool depends on:
ii  libc6      2.31-3
ii  libssl1.1  1.1.1g-1
ii  libuuid1   2.36-2

sbsigntool recommends no packages.

sbsigntool suggests no packages.

-- no debconf information

Reply to:

Prev by Date: Processed: found 960688 in 1.4.5-1, found 942013 in 2.90.0
Next by Date: Bug#968997: fwupdmgr: "Successfully" updates BIOS firmware, no effect on reboot
Previous by thread: Processed: found 960688 in 1.4.5-1, found 942013 in 2.90.0
Next by thread: Bug#968997: fwupdmgr: "Successfully" updates BIOS firmware, no effect on reboot
Index(es):
- Date
- Thread