** Description changed: Please update ubuntu-advantage-tools to version 17. These are the changes: * Added enable-fips-updates command. This command enables the fips-updates repository to install updates to FIPS modules. The updated modules from fips-updates repository are non-certified. * Add repository pinning for FIPS packages * Check that all prerequisite packages are installed when enabling FIPS * Support returning the status for a single service All but the last bit are about FIPS, which is not enabled for Bionic. We would like to have it in bionic to allow us to SRU it to xenial, where fips is enabled and supported. The last change (status for a single service) is mostly a cosmetic general feature: $ ua status fips esm: disabled (not available) fips: disabled (not available) livepatch: disabled vs $ ua status fips fips: disabled (not available) Build log: https://launchpad.net/~ahasenack/+archive/ubuntu/ua-tools-fips-updates-1759280/+build/14502245 Notice that tests are run at package build time PPA for testing: https://launchpad.net/~ahasenack/+archive/ubuntu/ua- tools-fips-updates-1759280 + + + Upgrade test + ============ + Starting from: + ubuntu-advantage-tools: + Installed: 16 + Candidate: 16 + Version table: + *** 16 500 + 500 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages + 100 /var/lib/dpkg/status + + ubuntu@bionic-ua:~$ ua status + esm: disabled (not available) + fips: disabled (not available) + livepatch: disabled + + ubuntu@bionic-ua:~$ sudo ua enable-fips + Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic + ubuntu@bionic-ua:~$ + + + Adding PPA: + ubuntu@bionic-ua:~$ sudo add-apt-repository ppa:ahasenack/ua-tools-fips-updates-1759280 -y -u + (...) + ubuntu@bionic-ua:~$ sudo apt install ubuntu-advantage-tools + Reading package lists... Done + Building dependency tree + Reading state information... Done + The following package was automatically installed and is no longer required: + grub-pc-bin + Use 'sudo apt autoremove' to remove it. + The following packages will be upgraded: + ubuntu-advantage-tools + 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. + Need to get 17.2 kB of archives. + After this operation, 6144 B of additional disk space will be used. + Get:1 http://ppa.launchpad.net/ahasenack/ua-tools-fips-updates-1759280/ubuntu bionic/main amd64 ubuntu-advantage-tools all 17~ppa1 [17.2 kB] + Fetched 17.2 kB in 1s (25.1 kB/s) + (Reading database ... 90710 files and directories currently installed.) + Preparing to unpack .../ubuntu-advantage-tools_17~ppa1_all.deb ... + Unpacking ubuntu-advantage-tools (17~ppa1) over (16) ... + Setting up ubuntu-advantage-tools (17~ppa1) ... + Processing triggers for man-db (2.8.2-1) ... + + Post upgrade: + ubuntu@bionic-ua:~$ ua status + esm: disabled (not available) + fips: disabled (not available) + livepatch: disabled + + ubuntu@bionic-ua:~$ ua status fips + fips: disabled (not available) + + ubuntu@bionic-ua:~$ sudo ua enable-fips + Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic + + ubuntu@bionic-ua:~$ sudo ua enable-fips-updates + Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic
** Description changed: Please update ubuntu-advantage-tools to version 17. These are the changes: * Added enable-fips-updates command. This command enables the fips-updates repository to install updates to FIPS modules. The updated modules from fips-updates repository are non-certified. * Add repository pinning for FIPS packages * Check that all prerequisite packages are installed when enabling FIPS * Support returning the status for a single service All but the last bit are about FIPS, which is not enabled for Bionic. We would like to have it in bionic to allow us to SRU it to xenial, where fips is enabled and supported. The last change (status for a single service) is mostly a cosmetic general feature: $ ua status fips esm: disabled (not available) fips: disabled (not available) livepatch: disabled vs $ ua status fips fips: disabled (not available) Build log: https://launchpad.net/~ahasenack/+archive/ubuntu/ua-tools-fips-updates-1759280/+build/14502245 Notice that tests are run at package build time PPA for testing: https://launchpad.net/~ahasenack/+archive/ubuntu/ua- tools-fips-updates-1759280 - Upgrade test ============ Starting from: ubuntu-advantage-tools: - Installed: 16 - Candidate: 16 - Version table: - *** 16 500 - 500 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages - 100 /var/lib/dpkg/status + Installed: 16 + Candidate: 16 + Version table: + *** 16 500 + 500 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages + 100 /var/lib/dpkg/status ubuntu@bionic-ua:~$ ua status esm: disabled (not available) fips: disabled (not available) livepatch: disabled ubuntu@bionic-ua:~$ sudo ua enable-fips Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic - ubuntu@bionic-ua:~$ - + ubuntu@bionic-ua:~$ Adding PPA: ubuntu@bionic-ua:~$ sudo add-apt-repository ppa:ahasenack/ua-tools-fips-updates-1759280 -y -u (...) ubuntu@bionic-ua:~$ sudo apt install ubuntu-advantage-tools Reading package lists... Done - Building dependency tree + Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: - grub-pc-bin + grub-pc-bin Use 'sudo apt autoremove' to remove it. The following packages will be upgraded: - ubuntu-advantage-tools + ubuntu-advantage-tools 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 17.2 kB of archives. After this operation, 6144 B of additional disk space will be used. Get:1 http://ppa.launchpad.net/ahasenack/ua-tools-fips-updates-1759280/ubuntu bionic/main amd64 ubuntu-advantage-tools all 17~ppa1 [17.2 kB] - Fetched 17.2 kB in 1s (25.1 kB/s) + Fetched 17.2 kB in 1s (25.1 kB/s) (Reading database ... 90710 files and directories currently installed.) Preparing to unpack .../ubuntu-advantage-tools_17~ppa1_all.deb ... Unpacking ubuntu-advantage-tools (17~ppa1) over (16) ... Setting up ubuntu-advantage-tools (17~ppa1) ... Processing triggers for man-db (2.8.2-1) ... Post upgrade: ubuntu@bionic-ua:~$ ua status esm: disabled (not available) fips: disabled (not available) livepatch: disabled ubuntu@bionic-ua:~$ ua status fips fips: disabled (not available) ubuntu@bionic-ua:~$ sudo ua enable-fips Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic ubuntu@bionic-ua:~$ sudo ua enable-fips-updates Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic + + + Testing + ======= + Merges are gated on a test run on github. Example:https://travis-ci.org/CanonicalLtd/ubuntu-advantage-script/builds/358429122 + + Tests also run during package build. + + Since fips is disabled in bionic, I tested this new code with a xenial + build. This will have to be done again when the xenial sru time comes, + and will be shown in more detail there. ** Description changed: Please update ubuntu-advantage-tools to version 17. These are the changes: * Added enable-fips-updates command. This command enables the fips-updates repository to install updates to FIPS modules. The updated modules from fips-updates repository are non-certified. * Add repository pinning for FIPS packages * Check that all prerequisite packages are installed when enabling FIPS * Support returning the status for a single service - All but the last bit are about FIPS, which is not enabled for Bionic. We - would like to have it in bionic to allow us to SRU it to xenial, where - fips is enabled and supported. + All but the last bit are about FIPS, which is not enabled for Bionic. + Because of that I'm not sure a feature freeze exception is required + (since the new features are not enabled for bionic), but I rather error + on the side of caution. We would like to have it in bionic to allow us + to SRU it to xenial, where fips is enabled and supported. The last change (status for a single service) is mostly a cosmetic general feature: $ ua status fips esm: disabled (not available) fips: disabled (not available) livepatch: disabled vs $ ua status fips fips: disabled (not available) Build log: https://launchpad.net/~ahasenack/+archive/ubuntu/ua-tools-fips-updates-1759280/+build/14502245 Notice that tests are run at package build time PPA for testing: https://launchpad.net/~ahasenack/+archive/ubuntu/ua- tools-fips-updates-1759280 Upgrade test ============ Starting from: ubuntu-advantage-tools: Installed: 16 Candidate: 16 Version table: *** 16 500 500 http://br.archive.ubuntu.com/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status ubuntu@bionic-ua:~$ ua status esm: disabled (not available) fips: disabled (not available) livepatch: disabled ubuntu@bionic-ua:~$ sudo ua enable-fips Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic ubuntu@bionic-ua:~$ Adding PPA: ubuntu@bionic-ua:~$ sudo add-apt-repository ppa:ahasenack/ua-tools-fips-updates-1759280 -y -u (...) ubuntu@bionic-ua:~$ sudo apt install ubuntu-advantage-tools Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: grub-pc-bin Use 'sudo apt autoremove' to remove it. The following packages will be upgraded: ubuntu-advantage-tools 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 17.2 kB of archives. After this operation, 6144 B of additional disk space will be used. Get:1 http://ppa.launchpad.net/ahasenack/ua-tools-fips-updates-1759280/ubuntu bionic/main amd64 ubuntu-advantage-tools all 17~ppa1 [17.2 kB] Fetched 17.2 kB in 1s (25.1 kB/s) (Reading database ... 90710 files and directories currently installed.) Preparing to unpack .../ubuntu-advantage-tools_17~ppa1_all.deb ... Unpacking ubuntu-advantage-tools (17~ppa1) over (16) ... Setting up ubuntu-advantage-tools (17~ppa1) ... Processing triggers for man-db (2.8.2-1) ... Post upgrade: ubuntu@bionic-ua:~$ ua status esm: disabled (not available) fips: disabled (not available) livepatch: disabled ubuntu@bionic-ua:~$ ua status fips fips: disabled (not available) ubuntu@bionic-ua:~$ sudo ua enable-fips Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic ubuntu@bionic-ua:~$ sudo ua enable-fips-updates Sorry, but Canonical FIPS 140-2 Modules is not supported on bionic - Testing ======= Merges are gated on a test run on github. Example:https://travis-ci.org/CanonicalLtd/ubuntu-advantage-script/builds/358429122 Tests also run during package build. Since fips is disabled in bionic, I tested this new code with a xenial build. This will have to be done again when the xenial sru time comes, and will be shown in more detail there. ** Summary changed: - [FFe] version 17: FIPS updates + [bionic] [FFe] ubuntu-advantage-tools version 17: FIPS updates -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to ubuntu-advantage-tools in Ubuntu. https://bugs.launchpad.net/bugs/1759280 Title: [bionic] [FFe] ubuntu-advantage-tools version 17: FIPS updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1759280/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
