Results 1 to 3 of 3

Thread: how to check the origin of the software that triggered for an update

  1. #1
    Join Date
    Jul 2021
    Beans
    1

    how to check the origin of the software that triggered for an update

    Hi im running ubuntu 21.04, i have this 2 suspicious update today
    1. Debian base system master password and group files
      Code:
      * update-passwd.c: Skip debconf question when changing irc's home
          directory from /var/run/ircd to /run/ircd, since these are equivalent
          (LP: #1916651)
      as far as i know, i dont have any irc client installed
    2. Secure Boot chain-loading bootloader (Microsoft-signed binary)
      Code:
      Changes for shim-signed versions:
      Installed version: 1.48+15.4-0ubuntu5
      Available version: 1.50+15.4-0ubuntu7
      
      Version 1.50: 
      
        * download-signed: Fetch signed artefacts from versioned URL instead
          of current/ symlink to work around caching (LP: #1936640)


    How do i check the origin of the running software that trigger this update ?

  2. #2
    Join Date
    Aug 2006
    Beans
    13,283
    Distro
    Ubuntu Mate 20.04 Focal Fossa

    Re: how to check the origin of the software that triggered for an update

    The bug report is here: https://bugs.launchpad.net/ubuntu/+s...d/+bug/1916651.

    Apparently, "irc" is one of the many users on the system. To see them all, brace yourself, and run <cut -d: -f1 /etc/passwd>.

    C'est la vie. If we had to install and configer every singe file, the experience would have been very tedious indeed.

  3. #3
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: how to check the origin of the software that triggered for an update

    Secure Boot chain-loading bootloader (Microsoft-signed binary)
    In order to dual boot any Linux distribution with Microsoft Windows and have Secure Boot enabled the distribution must include boot code that Microsoft accepts as trusted. It just so happens that Microsoft will accept boot code that has been signed by Canonical the sponsor of Ubuntu. The distribution will also need some code called a "shim" that has been verified by Microsoft as trustworthy.

    If these pieces of authenticated or signed code are not present or their certificates are not listed in the Microsoft secure boot database then the Linux operating system will be prevented by secure boot from loading.

    On Ubuntu, all pre-built binaries intended to be loaded as part of the boot process, with the exception of the initrd image, are signed by Canonical's UEFI certificate, which itself is implicitly trusted by being embedded in the shim loader, itself signed by Microsoft.
    https://wiki.ubuntu.com/UEFI/SecureBoot

    As the system boots, firmware loads the shim binary as specified in firmware BootEntry variables. Ubuntu installs its own BootEntry at installation time and may update it any time the GRUB bootloader is updated. Since the shim binary is signed by Microsoft; it is validated and accepted by the firmware when verifying against certificates already present in firmware. Since the shim binary embeds a Canonical certificate as well as its own trust database, further elements of the boot environment can, in addition to being signed by one of the acceptable certificates pre-loaded in firmware, be signed by Canonical's UEFI key.
    Regards
    Last edited by grahammechanical; July 29th, 2021 at 06:20 PM.
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •