Bug#1012625: systemd-boot: update to split -boot and -boot-efi out of systemd can harm working system

Dustin L. Howett dustin at howett.net
Fri Jun 10 16:21:06 BST 2022 

Package: systemd-boot
Version: 251.2-4
Severity: normal
X-Debbugs-Cc: dustin at howett.net

The upgrade to systemd-251.2-4 removed systemd-boot and the EFI stub
glue from /usr/lib/systemd/boot. This can result in an eventual failure
to boot[1], especially when combined with a package such as `sicherboot`
that manages the installation of secure boot signed kernels.

On upgrade:

---

sicherboot: Installing 5.18.1 to ESP
objcopy: '/usr/lib/systemd/boot/efi/linuxia32.efi.stub': No such file
objcopy: --change-section-vma .initrd=0x0000000003000000 never used
objcopy: --change-section-vma .linux=0x0000000000040000 never used
objcopy: --change-section-vma .cmdline=0x0000000000030000 never used
objcopy: --change-section-vma .osrel=0x0000000000020000 never used
run-parts: /etc/initramfs/post-update.d//zz-sicherboot exited with return code 1
dpkg: error processing package initramfs-tools (--configure):
 installed initramfs-tools package post-installation script subprocess returned error exit status 1

---

I realize that some of the burden here is on sicherboot to express a
dependency on systemd-boot and systemd-boot-efi; however, this change to
the systemd package has the potential to break non-sicherboot user flows
as well.

[1] or to upgrade to new supported versions of the bootloader
transparently, potentially exposing users to security issues.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.18.1 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd-boot depends on:
ii  libc6              2.33-7
ii  libsystemd-shared  251.2-4
ii  systemd-boot-efi   251.2-4

Versions of packages systemd-boot recommends:
ii  efibootmgr  17-1

systemd-boot suggests no packages.

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list