Update, October 25: The upstream issue causing the problem described in this advisory has been resolved. If you encounter this problem again during the installation, please let us know by filing a bug report.
During a SecureDrop installation against servers with with UEFI boot mode enabled, the
./securedrop-admin install command may fail with one or more Ansible messages including the following text:
The following packages have unmet dependencies: shim-signed: Depends: shim (= 13-0ubuntu2) but it is not going to be installed
This error is caused by an upstream issue with a new version of the
shim package for Ubuntu 14.04.5. The root cause of the error is that the new version of this package was built using a format not supported by Ubuntu 14.04.5. The issue is being tracked upstream and should be fixed soon.
In the meantime, you can work around the issue by manually upgrading
dpkg and then completing pending package installs. To do so, first log in to your Application Server, using local SSH from the Admin Workstation. Once you are logged in, run the following commands from your home directory:
sudo apt-get update mkdir dpkg-fix-2018 cd dpkg-fix-2018 apt-get download dpkg sudo dpkg -i dpkg_* sudo apt-get -f install
Then, log in to your Monitor Server and repeat the process.
After completing the
dpkg upgrade on both servers, you can proceed with the installation by running the
./securedrop-admin install command again from the base of the SecureDrop repository (
~/Persistent/securedrop/) on your Admin Workstation.