You have been subscribed to a public bug:
I'm testing the fips-review packages on AWS for Jammy. That fails with:
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
Steps to reproduce:
1) aws ec2 run-instances --image-id
resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
--instance-type m6a.large --key-name toabctl
2) ssh into the instance
3) ua attach $MY_UA_TOKEN
4) ua enable fips-preview # (answer with yes)
The result is:
# ua enable fips-preview
One moment, checking your subscription first
FIPS Preview cannot be enabled with Livepatch.
Disable Livepatch and proceed to enable FIPS Preview? (y/N) y
Disabling incompatible service: Livepatch
This will install crypto packages that have been submitted to NIST for review
but do not have FIPS certification yet. Use this for early access to the FIPS
modules.
Please note that the Livepatch service will be unavailable after
this operation.
Warning: This action can take some time and cannot be undone.
Are you sure? (y/N) y
Updating FIPS Preview package lists
Installing FIPS Preview packages
Updating standard Ubuntu package lists
Could not enable FIPS Preview.
Updating package lists
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
See /var/log/ubuntu-advantage.log
From that log:
["2023-11-27T09:58:33.581", "DEBUG", "ubuntupro.system", "subp", 714, "Failed
running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"
ubuntu-aws-fips' [exit(100)]. Mes
sage: E: Unable to correct problems, you have held broken packages.\n", {}]
["2023-11-27T09:58:33.581", "WARNING", "ubuntupro.system", "subp", 715,
"Stderr: E: Unable to correct problems, you have held broken
packages.\n\nStdout: Reading package lists...\nBuilding dependency
tree...\nReading state information...\nSome packages c
ould not be installed. This may mean that you have\nrequested an impossible
situation or if you are using the unstable\ndistribution that some required
packages have not yet been created\nor been moved out of Incoming.\nThe
following information may help
to resolve the situation:\n\nThe following packages have unmet dependencies:\n
ubuntu-aws-fips : Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not
installable\n", {}]
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-advantage-tools 30~22.04
ProcVersionSignature: Ubuntu 6.2.0-1016.16~22.04.1-aws 6.2.16
Uname: Linux 6.2.0-1016-aws x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudID: aws
CloudName: aws
CloudPlatform: ec2
CloudRegion: eu-central-1
CloudSubPlatform: metadata (http://169.254.169.254)
Date: Mon Nov 27 09:59:57 2023
Ec2AMI: ami-097610d2a71255e7d
Ec2AMIManifest: (unknown)
Ec2Architecture: x86_64
Ec2AvailabilityZone: eu-central-1a
Ec2Imageid: ami-097610d2a71255e7d
Ec2InstanceType: m6a.large
Ec2Instancetype: m6a.large
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Ec2Region: eu-central-1
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: ubuntu-advantage-tools
UpgradeStatus: No upgrade log present (probably fresh install)
cloud-id.txt: aws
livepatch-status.txt-error:
Failed running command '/snap/bin/canonical-livepatch status' [exit(1)].
Message: Machine is not enabled. Please run 'sudo canonical-livepatch enable'
with the
token obtained from https://ubuntu.com/livepatch.
pro-journal.txt:
Nov 27 09:57:07.273351 ip-172-31-20-161 systemd[1]: Condition check resulted
in Ubuntu Pro reboot cmds being skipped.
Nov 27 09:57:13.549831 ip-172-31-20-161 systemd[1]: Condition check resulted
in Ubuntu Pro Background Auto Attach being skipped.
uaclient.conf:
contract_url: https://contracts.canonical.com
log_level: debug
Note: there is no hold package:
# apt-mark showhold
root@ip-172-31-20-161:~#
** Affects: linux-aws (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug ec2-images jammy need-amd64-retrace
--
Enabling fips-preview on Jammy AWS fails with: Unexpected APT error
https://bugs.launchpad.net/bugs/2044722
You received this bug notification because you are a member of Kernel Packages,
which is subscribed to linux-aws in Ubuntu.
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
