Bug#968974: sbkeysync fails to return non-zero on error
Package: sbsigntool
Version: 0.9.2-2
Severity: normal
Tags: patch upstream
I found that sbkeysync will exit 0 even if it fails to update the DBX w/
a new revocation list. I discovered this while verifying an issue where
OVMF-based VMs do not have enough space to load the new revocation file
published in response to "boothole". A patch for this is available upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/commit/?id=f12484869c9590682ac3253d583bf59b890bb826
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sbsigntool depends on:
ii libc6 2.31-3
ii libssl1.1 1.1.1g-1
ii libuuid1 2.36-2
sbsigntool recommends no packages.
sbsigntool suggests no packages.
-- no debconf information
Reply to: