Bug#1110177: systemd-boot postinst fails if ESP is not mounted
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Jul 31 08:42:58 BST 2025
Package: systemd-boot
Version: 257.7-1
Severity: normal
X-Debbugs-Cc: f.gruenbichler at proxmox.com
Hi!
on a system with systemd-boot-efi installed (and not it's signed counterpart),
but shim-signed installed, systemd-boot's postinst will fail every other time
if the ESP is not mounted.
I used reinstalling shim-signed as trigger here:
Log started: 2025-07-31 03:09:11
Preparing to unpack .../shim-signed_1.46+15.8-1_amd64.deb ...
Unpacking shim-signed:amd64 (1.46+15.8-1) over (1.46+15.8-1) ...
Setting up shim-signed:amd64 (1.46+15.8-1) ...
No DKMS packages installed: not changing Secure Boot validation state.
Processing triggers for systemd-boot (257.7-1) ...
[1mdpkg:[0m error processing package systemd-boot (--configure):
installed systemd-boot package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
systemd-boot
Log ended: 2025-07-31 03:09:12
Log started: 2025-07-31 03:09:14
Preparing to unpack .../shim-signed_1.46+15.8-1_amd64.deb ...
Unpacking shim-signed:amd64 (1.46+15.8-1) over (1.46+15.8-1) ...
Setting up shim-signed:amd64 (1.46+15.8-1) ...
No DKMS packages installed: not changing Secure Boot validation state.
Setting up systemd-boot (257.7-1) ...
Log ended: 2025-07-31 03:09:14
The culprit is the invocation of
esp_path="$(bootctl --quiet --print-esp-path 2>/dev/null)"
in remove_shim() in systemd-boot's postinst, combined with `set -e`.
Executing this command exits with exit code 1 if no ESP can be found.
I understand this is a bit of an exotic setup, but I don't think having this
particular combination of packages installed without a currently mounted ESP is
in some way forbidden, and there might be valid reasons like manually managing
multiple ESPs, or robustness concerns about having the ESP mounted all the
time, that make it likely to trigger in practice.
I think the fix is quite simple - gracefully handle no ESP being mounted, which
seems to already be the intention. E.g., the invocation could be extended with
a final `|| true` to make it infallible.
-- System Information:
Debian Release: 13.0
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.38+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd-boot depends on:
ii libc6 2.41-11
ii libsystemd-shared 257.7-1
ii systemd 257.7-1
ii systemd-boot-efi 257.7-1
ii systemd-boot-tools 257.7-1
Versions of packages systemd-boot recommends:
ii efibootmgr 18-2
ii shim-signed 1.46+15.8-1
Versions of packages systemd-boot suggests:
pn systemd-ukify <none>
-- no debconf information
More information about the Pkg-systemd-maintainers
mailing list