It is a fact and a reassurance that disabling this feature is safe. It may not be the current issue, but it will be one shortly if it's not addressed. In troubleshooting a user's system several things may come up that weren't part of the op, but for completeness and to prevent future problems we tend to address them as we go. It makes no sense not to since we are volunteers and not paid helpdesk. I do recognize your point though.
Could not get Lock:
This means that another process is using it. Do you have another terminal window or a package manager like Synaptic open?
As aravisian said, some things cannot be removed until they are configured (blame the software developers for that). It is something simply re-enabled if it's that important to you (like in next reboot). It will cause issues with your system in the future (an fyi).
I'm curious if it is a snap or flatpak?
Too many cooks...?
Just inform all of you who are participating this discussion, I created a new thread
and moved some of the postings with my moderator magic wand
Aravisian, I do hear you and I'm also trying to understand what creating a private third party driver MOK will do. The dialogue box suggests, well actually it's quite clear, that it wants to enroll a private key in the system's firmware and this will be used during UEFI Secure Boot.
What then happens when I uninstall VirtualBox, will the private MOK be disenrolled from my system firmware? Who knows, I don't, do you?
I am genuinely, and with reasonable grounds, reluctant to create a third party driver private MOK which will be written to the system firmware and used in secure boot. Then hope it will be disenrolled if I uninstall the software that wanted to put it there in the first place.
By the way, I had no idea that in Linux a user had to first configure a bit of software before uninstalling it, even if they've never used it. That might have saved me a lot of grief but that's the price of being naive newbie....
No, just Firefox to post these messages and Screenshot. Nothing else open.
It could be Kellog's Crispies for all I know I do everything through the inbuilt one in Zorin called Software....
Can you please close all terminal windows. Then open a new one and enter in:
sudo killall apt apt-get
Once done, try running the command
sudo apt remove --purge virtualbox*
IF you still get the "could not get lock" error, please run the following in terminal and paste the output here:
ps aux | grep -i apt
Sadly, no. I believe that the enrollment will remain. However, I am absolutely certain that it is not a threat in any way whatsoever.
I understand being cautious. However, I disagree with you both here as the level of caution you are expressing is excessive. It would be no different than if someone expressed a refusal to run the updater or Synaptic Package Manager.
To give a bit of perspective, your computer and kernel are currently running about 700,000 lines of code of Third Party drivers.
No, that was only to see what apt process may have been causing the "Could not get a lock" error.
Rory, what you have in front of you is a Choice.
See, where you stand now is you will not be able to use apt until apt is satisfied that all packages are properly configured.
In short - Your Zorin OS is broken.
Tom believes it is preferable to reinstall the system than to proceed with the configuration.
That is an option. However, it comes with problems of its own. For example, you will be back with the preinstalled VirtualBox. You could just leave it be...
The other option would be to reinstall Zorin OS Pro, but as a Minimal install, which won't install VB. But, it won't install all the other apps that come with Pro, either. It's a bit of cutting off your nose to spite your face.
The last option is the one that I recommend. I understand that you have concerns. The most I can offer is that it is not a risk, even if you feel like you are taking a risk.
Enrolling the package in MOK is actually pretty normal and standard and there are a very large number of Linux apps already signed and included in the kernel. You are already using them. You just did not get a Prompt for them.
OK, but when I try to run sudo dpkg --configure -a I get straight back to the configure UEFI malarkey. It feels all a bit Monty Python
This is the very issue for me though Aravisian, it's not already signed. The very large bunch of Linux apps I am already using, are signed.
The other issue is that I will have made a change to my system firmware by something which I've never used and I will uninstall and which will be left in the system firmware settings. But first I have to configure the thing I will never use, then create what is essentially a private key for it and allow it to modify my system firmware settings, then uninstall it and let it leave behind its' detritus in system firmware.
It's really boggling my mind.....I thought Windows was the bad boy?
IMO... Gnome is worse.
I understand. I really do. But these are your options. I, personally, cannot do anything that can change them.
The only thing I can do is reassure you it is safe, just inconvenient.
Well I've read some of the things you've written about GNOME and I don't pretend to understand all the nuances because I'm naive when it comes to Linux. But broken promises of the kind I believe you've noted, would be a concern. I'm simply at a level of ignorance at the moment and have just been pleased to get Zorin on my laptop and start to explore it a little.
I do hear you mate, I honestly do. However, I'm likely to take the nuclear option and reinstall 16 Pro. That might sound drastic to you and other experienced Linux users and I would want to say how much it impresses me just how helpful everyone is, in their own time and at their own expense. It says a lot.
I guess when it comes to issues like this one I'm experiencing I take the approach, to paraphrase Jung, "I don't need to believe, I either know or I don't know." It's clear that I don't know, so I'll nuke my current installation by overwriting it with a fresh install.
My final question would be; if I reinstall and start fresh, I'll know to first configure VirtualBox before trying to uninstall it. However, will I end up in the same position that in the process of configuring it will present me with the very same request to create the private MOK? If so I'll be right back where I am now and no better off.
Exactly. Because Secure Boot is Enabled... This will happen.
Actually... I usually promote a nice clean fresh install. I think that you have the options listed and you chose one.
To me, it was important that you understood the options to the best extent possible. I am sure it would be safe - and that is expressed. However, if you prefer to reinstall - that is totally fine, too. As noted, it may bring about the above.
Fair enough. I think the most effective route for me, now I know a little more than I did when I woke up this morning, is to fresh install and never touch VirtualBox nor ever accept any updates for it.
You can also use the terminal command
apt-mark to lock virtualbox to prevent updates.
sudo apt-mark hold virtualbox
Aravisian, thank you for that, it's really helpful and I'll do exactly that