Package: apt
Version: 2.5.1
Severity: normal
"apt update" fails if the system runs in FIPS mode:
| # apt update
| Hit:2 http://deb.debian.org/debian-debug sid InRelease
| fatal error in libgcrypt, file ../../src/misc.c, line 92, function
_gcry_fatal_error: requested algo not in md context
|
| Fatal error: requested algo not in md context
| Aborted
The backtrace is:
| #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
| #1 0xf78a630c in __GI_abort () at abort.c:79
| #2 0xf75ce110 in _gcry_fatal_error (rc=rc@entry=5,
text=text@entry=0xf765cb80 "requested algo not in md context") at
../../src/misc.c:97
| #3 0xf75e65b0 in md_read (algo=, a=,
a=) at ../../cipher/md.c:1095
| #4 0xf7e435ac in HexDigest (hd=, algo=) at ./apt-pkg/contrib/hashes.cc:429
| #5 0xf7e44a18 in Hashes::GetHashString
(this=this@entry=0xe6d8, hash=hash@entry=Hashes::MD5SUM) at
./apt-pkg/contrib/hashes.cc:457
| #6 0xf7e5bfd4 in debListParser::Description_md5
(this=0xaad9cf10) at ./apt-pkg/deb/deblistparser.cc:295
| #7 0xf7ecc020 in pkgCacheGenerator::MergeListVersion
(this=this@entry=0xaab31470, List=..., Pkg=..., Version=...,
OutVer=@0xe8c8: 0x0) at ./apt-pkg/pkgcachegen.cc:490
| #8 0xf7ecdb0c in pkgCacheGenerator::MergeList
(this=this@entry=0xaab31470, List=..., OutVer=,
OutVer@entry=0x0) at ./apt-pkg/pkgcachegen.cc:286
| #9 0xf7eb030c in pkgDebianIndexFile::Merge (this=,
Gen=..., Prog=) at ./apt-pkg/indexfile.cc:348
| #10 0xf7ec8ef4 in operator()
(__closure=__closure@entry=0xebc0, I=0xaab0a340) at
./apt-pkg/pkgcachegen.cc:1557
| #11 0xf7ecedb4 in
std::for_each<__gnu_cxx::__normal_iterator >, BuildCache(pkgCacheGenerator&, OpProgress*,
map_filesize_t&, map_filesize_t, const pkgSourceList*, FileIterator,
FileIterator):: > (__f=..., __last=0x0,
__first=0xaab0a340) at /usr/include/c++/11/bits/stl_algo.h:3820
| #12 BuildCache (Gen=..., Progress=,
Progress@entry=0xf280, CurrentSize=@0xecf0: 100043188,
TotalSize=, TotalSize@entry=100043188,
| List=List@entry=0x0, Start=..., End=...) at ./apt-pkg/pkgcachegen.cc:1586
| #13 0xf7ed0994 in pkgCacheGenerator::MakeStatusCache (List=...,
Progress=Progress@entry=0xf280, OutMap=OutMap@entry=0xef18,
OutCache=OutCache@entry=0xef20)
| at /usr/include/c++/11/bits/stl_iterator.h:1026
| #14 0xf7e0b2dc in pkgCacheFile::BuildCaches (this=0xf0c0,
Progress=0xf280, WithLock=) at ./apt-pkg/cachefile.cc:127
| #15 0xf7f9e6fc in DoUpdate(CommandLine&) () from
/lib/aarch64-linux-gnu/libapt-private.so.0.0
| #16 0xf7e27d20 in CommandLine::DispatchArg (this=0xf448,
Map=, NoMatch=true) at ./apt-pkg/contrib/cmndline.cc:369
| #17 0xf7f633f4 in DispatchCommandLine(CommandLine&,
std::vector >
const&) ()
|from /lib/aarch64-linux-gnu/libapt-private.so.0.0
| #18 0x1898 in ?? ()
| #19 0xf78a6614 in __libc_start_main (main=0x17c0, argc=2,
argv=0xf5d8, init=, fini=,
rtld_fini=,
| stack_end=) at ../csu/libc-start.c:332
| #20 0x19b8 in ?? ()
In FIPS mode MD5 is not allowed, so every usage results in a fatal error.
One workarounds would be:
Check for FIPS mode with gcry_fips_mode_active and don't try to use it
then.
Bastian
-- Package-specific info:
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.18.0-2-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
-- no debconf information