Problem (maybe) with grub2 update

English Install/Boot/Login
#1

Leap 51.1
kde
nvidia video card

I just did zypper up and apparently a new version of grub2 was installed along with a kernel update and a lot of other things. I was watching the update and saw a series of lines that showed

( 36/165) Installing: grub2-2.02-lp151.21.12.1.x86_64 .....................[done]
Additional rpm output:
libgcrypt selftest: binary  (0): Selftest failed (/usr/lib64/.libgcrypt.so.20.hmac)                                                                               
Ohhhh jeeee: ... this is a bug (global.c:150:global_init)                        
/var/tmp/rpm-tmp.Lg2O0p: line 7:  3126 Aborted                 (core dumped) /usr/bin/systemctl daemon-reload                                                     
libgcrypt selftest: binary  (0): Selftest failed (/usr/lib64/.libgcrypt.so.20.hmac)                                                                               
Ohhhh jeeee: ... this is a bug (global.c:150:global_init)                        
/var/tmp/rpm-tmp.5v7SVE: line 24:  3132 Aborted                 (core dumped) /usr/bin/systemctl daemon-reload                                                    
libgcrypt selftest: binary  (0): Selftest failed (/usr/lib64/.libgcrypt.so.20.hmac)                                                                               
Ohhhh jeeee: ... this is a bug (global.c:150:global_init)                        
/var/tmp/rpm-tmp.5v7SVE: line 24:  3135 Aborted                 (core dumped) /usr/bin/systemctl try-restart grub2-once.service

The Ohhhh jeeee lines gave ne an insecure feeling! Do I dare try to reboot? I know my system is going to be unstable until I do, but I’m a little afraid grub won’t work properly.

I did two other machines using ssh and neither of them showed any problem.
I tried using yast and did an refresh and it showed no problems.

What to do?

#2

Show output of “zypper se -s libgcrypt”.

#3 
UNIVAC:~ # zypper se -s libgcrypt
Loading repository data...
Reading installed packages...

S  | Name                   | Type       | Version            | Arch   | Repository               
---+------------------------+------------+--------------------+--------+--------------------------
   | libgcrypt              | srcpackage | 1.8.2-lp151.9.16.1 | noarch | openSUSE-Leap-15.1-Update
   | libgcrypt              | srcpackage | 1.8.2-lp151.9.13.1 | noarch | openSUSE-Leap-15.1-Update
   | libgcrypt              | srcpackage | 1.8.2-lp151.9.10.1 | noarch | openSUSE-Leap-15.1-Update
   | libgcrypt              | srcpackage | 1.8.2-lp151.9.7.1  | noarch | openSUSE-Leap-15.1-Update
   | libgcrypt              | srcpackage | 1.8.2-lp151.9.4.1  | noarch | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.16.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.13.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.10.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.7.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.4.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.8.1    | x86_64 | openSUSE-Leap-15.1-Oss   
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.16.1 | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.13.1 | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.10.1 | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.7.1  | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-cavs         | package    | 1.8.2-lp151.9.4.1  | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.16.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.13.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.10.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.7.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.4.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.8.1    | x86_64 | openSUSE-Leap-15.1-Oss   
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.16.1 | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.13.1 | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.10.1 | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.7.1  | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-devel        | package    | 1.8.2-lp151.9.4.1  | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt-devel-32bit  | package    | 1.8.2-lp151.9.16.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel-32bit  | package    | 1.8.2-lp151.9.13.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel-32bit  | package    | 1.8.2-lp151.9.10.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel-32bit  | package    | 1.8.2-lp151.9.7.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel-32bit  | package    | 1.8.2-lp151.9.4.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt-devel-32bit  | package    | 1.8.2-lp151.8.1    | x86_64 | openSUSE-Leap-15.1-Oss   
i+ | libgcrypt20            | package    | 1.8.2-lp151.9.16.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.13.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.10.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.7.1  | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.4.1  | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.8.1    | x86_64 | openSUSE-Leap-15.1-Oss   
v  | libgcrypt20            | package    | 1.8.2-lp151.9.16.1 | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.13.1 | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.10.1 | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.7.1  | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20            | package    | 1.8.2-lp151.9.4.1  | i586   | openSUSE-Leap-15.1-Update
i+ | libgcrypt20-32bit      | package    | 1.8.2-lp151.9.16.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-32bit      | package    | 1.8.2-lp151.9.13.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-32bit      | package    | 1.8.2-lp151.9.10.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-32bit      | package    | 1.8.2-lp151.9.7.1  | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-32bit      | package    | 1.8.2-lp151.9.4.1  | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-32bit      | package    | 1.8.2-lp151.8.1    | x86_64 | openSUSE-Leap-15.1-Oss   
i  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.16.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.13.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.10.1 | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.7.1  | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.4.1  | x86_64 | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.8.1    | x86_64 | openSUSE-Leap-15.1-Oss   
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.16.1 | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.13.1 | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.10.1 | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.7.1  | i586   | openSUSE-Leap-15.1-Update
v  | libgcrypt20-hmac       | package    | 1.8.2-lp151.9.4.1  | i586   | openSUSE-Leap-15.1-Update
   | libgcrypt20-hmac-32bit | package    | 1.8.2-lp151.9.16.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt20-hmac-32bit | package    | 1.8.2-lp151.9.13.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt20-hmac-32bit | package    | 1.8.2-lp151.9.10.1 | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt20-hmac-32bit | package    | 1.8.2-lp151.9.7.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt20-hmac-32bit | package    | 1.8.2-lp151.9.4.1  | x86_64 | openSUSE-Leap-15.1-Update
   | libgcrypt20-hmac-32bit | package    | 1.8.2-lp151.8.1    | x86_64 | openSUSE-Leap-15.1-Oss   
UNIVAC:~ #

Gad! Looks like I had better do a fresh install instead of upgrading to 15.2!

#4

This looks OK. My guess is that hmac subpackage was updated either way before or way after libgcrypt itself. Could you post lines from /var/log/zypp/history for the day you did this update (today I assume)?

Did you intentionally enable libgcypt FIPS mode?

#5

I think you can reboot safely. It doesn’t error out on the GRUB install, rather on an rpm operation related to libgcrypt.

#6

I’m going to try it.

#7

Checking the available updates, I do see that there is a “libgcrypt” update available.

I’m guessing that update caused your problems, rather than the grub2 update. I installed the grub2 update here yesterday, with no issues. I have not yet installed the “libgcrypt” update.

#8

Well, it worked! Yay!

Thanks for taking the time to help me with this. I really didn’t want to try it and have to spend several hours on my laptop trying to get this machine back up.

Should I report this to the people at Grub, or is it just a one time thing that’ll go away with the next update? Especially now that 15.2 seems to be available? (I thought it wasn’t going to be available until next month)

Bart

#9

It hasn’t been released yet. It’s in beta…
https://software.opensuse.org/distributions/testing