Bug#1051981: systemd-boot kernel postinst script calls ukify which requires python3

Christopher Obbard chris.obbard at collabora.com
Fri Sep 15 10:06:10 BST 2023 

Package: src:systemd
Version: 254.1-3
Severity: important
X-Debbugs-Cc: chris.obbard at collabora.com

Dear Maintainer,

Installing a new kernel on a system which uses systemd-boot as the
bootloader fails if python3 is not installed. Here's the snippet from apt
upgrade:

    /etc/kernel/postinst.d/zz-systemd-boot:
    Installing kernel version 6.4.0-4-amd64 in systemd-boot...
    /usr/bin/env: ‘python3’: No such file or directory
    /usr/lib/kernel/install.d/60-ukify.install failed with exit status 127.

This renders the new kernel unusable as it never actually gets installed
in the right place for systemd-boot.

/etc/kernel/postinst.d/zz-systemd-boot calls kernel-install, which in turn
calls /usr/lib/kernel/install.d/60-ukify.install which calls /lib/systemd/ukify
to attempt to create a unified kernel image. These are both python3 scripts.

To workaround this, I have deleted /usr/lib/kernel/install.d/60-ukify.install
as we don't (yet!) create uki images with the ukify utility anyway. When
the ukify postinst script _does_ run, it currently just detects the
environment variable KERNEL_INSTALL_LAYOUT != "uki" (set from some config
files) and exits early, not even creating the uki. So this is opt-in.

/lib/systemd/ukify is shipped in the systemd package along with
/usr/lib/kernel/install.d/60-ukify.install, which I think is wrong as
systemd package does not have the right dependencies for this script.


Perhaps we should split the ukify bits into its own package (systemd-ukify)
which depends on python3 and should be manually installed? Also this package
can then depend on e.g. sbsigntool and other packages to actually manage
the signing (but that can be a separate bug!).

Thanks!

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.4.0-4-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages systemd-boot depends on:
ii  libc6              2.37-7
ii  libsystemd-shared  254.1-3
ii  systemd-boot-efi   254.1-3

Versions of packages systemd-boot recommends:
ii  efibootmgr  17-2

systemd-boot suggests no packages.

-- no debconf information

More information about the Pkg-systemd-maintainers mailing list