Bug 1212811

Summary: MokManager wants to remove needed cert
Product: [openSUSE] openSUSE Distribution Reporter: Neil Rickert <nwr10cst-oslnx>
Component: KernelAssignee: openSUSE Kernel Bugs <kernel-bugs>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: tiwai
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Neil Rickert 2023-06-28 12:04:50 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Build Identifier: 

I'm currently using a kernel from Kernel:/stable:/Backport/standard/ (as explained in bug 1212808 ).

Yesterday, I decided to update that kernel (from 6.3.9-lp154.2.1.g0df701d to 6.4.0-lp154.2.1.gd68cda5). To do this:
I enabled the repo
I used Yast software management
I told it to install the newer kernel and remove the older one
I then disabled the repo once again

On reboot, I got a MokManager blue screen wanting to remove the cert that had been added for the older kernel.  This seems a mistake, since it is still needed for the newer kernel.

As best I can tell, Yast first removed the older kernel and that generated a request to remove the cert.  It then installed the newer kernel, but because the cert was already loaded it did not generate a request to add the cert.

(When I next update this kernel, I'll make sure to install the new kernel first, and then remove the old kernel afterwards to avoid this issue).

Yes, I could have left it to the purge-kernels service to remove the old.  But that would have instead removed the standard Leap 15.5 kernel, and I wanted to avoid that.

Reproducible: Didn't try
Comment 1 Takashi Iwai 2023-07-10 16:04:35 UTC 
I'm afraid that it's difficult to handle this correctly, if you already removed the kernel package once, then installed manually after that -- that is, it's not happening in a shot as an "update".
Comment 2 Neil Rickert 2023-07-10 19:58:57 UTC 
Feel free to close this as WONTFIX if you think that appropriate.  And thanks for looking at it.
Comment 3 Takashi Iwai 2023-07-11 06:27:36 UTC 
OK.