[Kernel-packages] [Bug 2044722] Re: Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: linux-aws (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/2044722
Title:
Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips
(>= 5.15.0.1042.43) but it is not installable
Status in linux-aws package in Ubuntu:
Confirmed
Bug description:
I'm testing the fips-review packages on AWS for Jammy. That fails
with:
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
Steps to reproduce:
1) aws ec2 run-instances --image-id
resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
--instance-type m6a.large --key-name toabctl
2) ssh into the instance
3) ua attach $MY_UA_TOKEN
4) ua enable fips-preview # (answer with yes)
The result is:
# ua enable fips-preview
One moment, checking your subscription first
FIPS Preview cannot be enabled with Livepatch.
Disable Livepatch and proceed to enable FIPS Preview? (y/N) y
Disabling incompatible service: Livepatch
This will install crypto packages that have been submitted to NIST for review
but do not have FIPS certification yet. Use this for early access to the FIPS
modules.
Please note that the Livepatch service will be unavailable after
this operation.
Warning: This action can take some time and cannot be undone.
Are you sure? (y/N) y
Updating FIPS Preview package lists
Installing FIPS Preview packages
Updating standard Ubuntu package lists
Could not enable FIPS Preview.
Updating package lists
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
See /var/log/ubuntu-advantage.log
From that log:
["2023-11-27T09:58:33.581", "DEBUG", "ubuntupro.system", "subp", 714, "Failed
running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"
ubuntu-aws-fips' [exit(100)]. Mes
sage: E: Unable to correct problems, you have held broken packages.\n", {}]
["2023-11-27T09:58:33.581", "WARNING", "ubuntupro.system", "subp", 715,
"Stderr: E: Unable to correct problems, you have held broken
packages.\n\nStdout: Reading package lists...\nBuilding dependency
tree...\nReading state information...\nSome packages c
ould not be installed. This may mean that you have\nrequested an impossible
situation or if you are using the unstable\ndistribution that some required
packages have not yet been created\nor been moved out of Incoming.\nThe
following information may help
to resolve the situation:\n\nThe following packages have unmet
dependencies:\n ubuntu-aws-fips : Depends: linux-aws-fips (>= 5.15.0.1042.43)
but it is not installable\n", {}]
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-advantage-tools 30~22.04
ProcVersionSignature: Ubuntu 6.2.0-1016.16~22.04.1-aws 6.2.16
Uname: Linux 6.2.0-1016-aws x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudID: aws
CloudName: aws
CloudPlatform: ec2
CloudRegion: eu-central-1
CloudSubPlatform: metadata (http://169.254.169.254)
Date: Mon Nov 27 09:59:57 2023
Ec2AMI: ami-097610d2a71255e7d
Ec2AMIManifest: (unknown)
Ec2Architecture: x86_64
Ec2AvailabilityZone: eu-central-1a
Ec2Imageid: ami-097610d2a71255e7d
Ec2InstanceType: m6a.large
Ec2Instancetype: m6a.large
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Ec2Region: eu-central-1
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: ubuntu-advantage-tools
UpgradeStatus: No upgrade log present (probably fresh install)
cloud-id.txt: aws
livepatch-status.txt-error:
Failed running command '/snap/bin/canonical-livepatch status' [exit(1)].
Message: Machine is not enabled. Please run 'sudo canonical-livepatch enable'
with the
token obtained from https://ubuntu.com/livepatch.
pro-journal.txt:
Nov 27 09:57:07.273351 ip-172-31-20-161 systemd[1]: Condition check resulted
in Ubuntu Pro reboot cmds being skipped.
Nov 27 09:57:13.549831 ip-172-31-20-161 systemd[1]: Condition check resulted
in Ubuntu Pro Background Auto Attach being skipped.
uaclient.conf:
contract_url: https://contracts.canonical.com
log_level: debug
Note: there is no hold package:
# apt-mark showhold
root@ip-172-31-20-161:~#
To
[Kernel-packages] [Bug 2044722] Re: Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable
I'm running into this issue as well, though the following lines are
included in my output:
```
Depends: openssl (= 3.0.2-0ubuntu1.10+Fips1) but 3.0.2-0ubuntu1.12 is to be
installed
Depends: libssl3 (= 3.0.2-0ubuntu1.10+Fips1) but 3.0.2-0ubuntu1.12 is to be
installed
```
I already have `3.0.2-0ubuntu1.12` installed, though.
```
$ dpkg -s openssl
Package: openssl
Status: install ok installed
Priority: important
Section: utils
Installed-Size: 2053
Maintainer: Ubuntu Developers
Architecture: amd64
Multi-Arch: foreign
*Version: 3.0.2-0ubuntu1.12*
Depends: libc6 (>= 2.34), libssl3 (>= 3.0.2-0ubuntu1.2)
Suggests: ca-certificates
Conffiles:
/etc/ssl/openssl.cnf 6b4a72a4ce84bab35d884e536295e14f
Description: Secure Sockets Layer toolkit - cryptographic utility
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It contains the general-purpose command line binary /usr/bin/openssl,
useful for cryptographic operations such as:
* creating RSA, DH, and DSA key parameters;
* creating X.509 certificates, CSRs, and CRLs;
* calculating message digests;
* encrypting and decrypting with ciphers;
* testing SSL/TLS clients and servers;
* handling S/MIME signed or encrypted mail.
Homepage: https://www.openssl.org/
Original-Maintainer: Debian OpenSSL Team
```
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/2044722
Title:
Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips
(>= 5.15.0.1042.43) but it is not installable
Status in linux-aws package in Ubuntu:
New
Bug description:
I'm testing the fips-review packages on AWS for Jammy. That fails
with:
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
Steps to reproduce:
1) aws ec2 run-instances --image-id
resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
--instance-type m6a.large --key-name toabctl
2) ssh into the instance
3) ua attach $MY_UA_TOKEN
4) ua enable fips-preview # (answer with yes)
The result is:
# ua enable fips-preview
One moment, checking your subscription first
FIPS Preview cannot be enabled with Livepatch.
Disable Livepatch and proceed to enable FIPS Preview? (y/N) y
Disabling incompatible service: Livepatch
This will install crypto packages that have been submitted to NIST for review
but do not have FIPS certification yet. Use this for early access to the FIPS
modules.
Please note that the Livepatch service will be unavailable after
this operation.
Warning: This action can take some time and cannot be undone.
Are you sure? (y/N) y
Updating FIPS Preview package lists
Installing FIPS Preview packages
Updating standard Ubuntu package lists
Could not enable FIPS Preview.
Updating package lists
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
See /var/log/ubuntu-advantage.log
From that log:
["2023-11-27T09:58:33.581", "DEBUG", "ubuntupro.system", "subp", 714, "Failed
running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"
ubuntu-aws-fips' [exit(100)]. Mes
sage: E: Unable to correct problems, you have held broken packages.\n", {}]
["2023-11-27T09:58:33.581", "WARNING", "ubuntupro.system", "subp", 715,
"Stderr: E: Unable to correct problems, you have held broken
packages.\n\nStdout: Reading package lists...\nBuilding dependency
tree...\nReading state information...\nSome packages c
ould not be installed. This may mean that you have\nrequested an impossible
situation or if you are using the unstable\ndistribution that some required
packages have not yet been created\nor been moved out of Incoming.\nThe
following information may help
to resolve the situation:\n\nThe following packages have unmet
dependencies:\n ubuntu-aws-fips : Depends: linux-aws-fips (>= 5.15.0.1042.43)
but it is not installable\n", {}]
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-advantage-tools 30~22.04
ProcVersionSignature: Ubuntu 6.2.0-1016.16~22.04.1-aws 6.2.16
Uname: Linux 6.2.0-1016-aws x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudID: aws
CloudName: aws
CloudPlatform: ec2
CloudRegion: eu-central-1
CloudSubPlatform: metadata (http://169.254.169.254)
Date: Mon
[Kernel-packages] [Bug 2044722] Re: Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable
** Tags removed: need-amd64-retrace
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/2044722
Title:
Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips
(>= 5.15.0.1042.43) but it is not installable
Status in linux-aws package in Ubuntu:
New
Bug description:
I'm testing the fips-review packages on AWS for Jammy. That fails
with:
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
Steps to reproduce:
1) aws ec2 run-instances --image-id
resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
--instance-type m6a.large --key-name toabctl
2) ssh into the instance
3) ua attach $MY_UA_TOKEN
4) ua enable fips-preview # (answer with yes)
The result is:
# ua enable fips-preview
One moment, checking your subscription first
FIPS Preview cannot be enabled with Livepatch.
Disable Livepatch and proceed to enable FIPS Preview? (y/N) y
Disabling incompatible service: Livepatch
This will install crypto packages that have been submitted to NIST for review
but do not have FIPS certification yet. Use this for early access to the FIPS
modules.
Please note that the Livepatch service will be unavailable after
this operation.
Warning: This action can take some time and cannot be undone.
Are you sure? (y/N) y
Updating FIPS Preview package lists
Installing FIPS Preview packages
Updating standard Ubuntu package lists
Could not enable FIPS Preview.
Updating package lists
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
See /var/log/ubuntu-advantage.log
From that log:
["2023-11-27T09:58:33.581", "DEBUG", "ubuntupro.system", "subp", 714, "Failed
running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"
ubuntu-aws-fips' [exit(100)]. Mes
sage: E: Unable to correct problems, you have held broken packages.\n", {}]
["2023-11-27T09:58:33.581", "WARNING", "ubuntupro.system", "subp", 715,
"Stderr: E: Unable to correct problems, you have held broken
packages.\n\nStdout: Reading package lists...\nBuilding dependency
tree...\nReading state information...\nSome packages c
ould not be installed. This may mean that you have\nrequested an impossible
situation or if you are using the unstable\ndistribution that some required
packages have not yet been created\nor been moved out of Incoming.\nThe
following information may help
to resolve the situation:\n\nThe following packages have unmet
dependencies:\n ubuntu-aws-fips : Depends: linux-aws-fips (>= 5.15.0.1042.43)
but it is not installable\n", {}]
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-advantage-tools 30~22.04
ProcVersionSignature: Ubuntu 6.2.0-1016.16~22.04.1-aws 6.2.16
Uname: Linux 6.2.0-1016-aws x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudID: aws
CloudName: aws
CloudPlatform: ec2
CloudRegion: eu-central-1
CloudSubPlatform: metadata (http://169.254.169.254)
Date: Mon Nov 27 09:59:57 2023
Ec2AMI: ami-097610d2a71255e7d
Ec2AMIManifest: (unknown)
Ec2Architecture: x86_64
Ec2AvailabilityZone: eu-central-1a
Ec2Imageid: ami-097610d2a71255e7d
Ec2InstanceType: m6a.large
Ec2Instancetype: m6a.large
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Ec2Region: eu-central-1
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: ubuntu-advantage-tools
UpgradeStatus: No upgrade log present (probably fresh install)
cloud-id.txt: aws
livepatch-status.txt-error:
Failed running command '/snap/bin/canonical-livepatch status' [exit(1)].
Message: Machine is not enabled. Please run 'sudo canonical-livepatch enable'
with the
token obtained from https://ubuntu.com/livepatch.
pro-journal.txt:
Nov 27 09:57:07.273351 ip-172-31-20-161 systemd[1]: Condition check resulted
in Ubuntu Pro reboot cmds being skipped.
Nov 27 09:57:13.549831 ip-172-31-20-161 systemd[1]: Condition check resulted
in Ubuntu Pro Background Auto Attach being skipped.
uaclient.conf:
contract_url: https://contracts.canonical.com
log_level: debug
Note: there is no hold package:
# apt-mark showhold
root@ip-172-31-20-161:~#
To manage notifications about this bug go to:
[Kernel-packages] [Bug 2044722] Re: Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable
Hello, Thomas
this seems to be something wrong with the metapackage itself. I believe
u-a-t is doing what it should, but the dependency chain for ubuntu-aws-
fips is broken, based on the logs:
> The following packages have unmet dependencies:\n ubuntu-aws-fips :
Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable\n
FIPS people may know better how to deal with this.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/2044722
Title:
Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips
(>= 5.15.0.1042.43) but it is not installable
Status in linux-aws package in Ubuntu:
New
Bug description:
I'm testing the fips-review packages on AWS for Jammy. That fails
with:
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
Steps to reproduce:
1) aws ec2 run-instances --image-id
resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
--instance-type m6a.large --key-name toabctl
2) ssh into the instance
3) ua attach $MY_UA_TOKEN
4) ua enable fips-preview # (answer with yes)
The result is:
# ua enable fips-preview
One moment, checking your subscription first
FIPS Preview cannot be enabled with Livepatch.
Disable Livepatch and proceed to enable FIPS Preview? (y/N) y
Disabling incompatible service: Livepatch
This will install crypto packages that have been submitted to NIST for review
but do not have FIPS certification yet. Use this for early access to the FIPS
modules.
Please note that the Livepatch service will be unavailable after
this operation.
Warning: This action can take some time and cannot be undone.
Are you sure? (y/N) y
Updating FIPS Preview package lists
Installing FIPS Preview packages
Updating standard Ubuntu package lists
Could not enable FIPS Preview.
Updating package lists
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to correct problems, you have
held broken packages.
See /var/log/ubuntu-advantage.log
From that log:
["2023-11-27T09:58:33.581", "DEBUG", "ubuntupro.system", "subp", 714, "Failed
running command 'apt-get install --assume-yes --allow-downgrades -o
Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\"
ubuntu-aws-fips' [exit(100)]. Mes
sage: E: Unable to correct problems, you have held broken packages.\n", {}]
["2023-11-27T09:58:33.581", "WARNING", "ubuntupro.system", "subp", 715,
"Stderr: E: Unable to correct problems, you have held broken
packages.\n\nStdout: Reading package lists...\nBuilding dependency
tree...\nReading state information...\nSome packages c
ould not be installed. This may mean that you have\nrequested an impossible
situation or if you are using the unstable\ndistribution that some required
packages have not yet been created\nor been moved out of Incoming.\nThe
following information may help
to resolve the situation:\n\nThe following packages have unmet
dependencies:\n ubuntu-aws-fips : Depends: linux-aws-fips (>= 5.15.0.1042.43)
but it is not installable\n", {}]
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-advantage-tools 30~22.04
ProcVersionSignature: Ubuntu 6.2.0-1016.16~22.04.1-aws 6.2.16
Uname: Linux 6.2.0-1016-aws x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudID: aws
CloudName: aws
CloudPlatform: ec2
CloudRegion: eu-central-1
CloudSubPlatform: metadata (http://169.254.169.254)
Date: Mon Nov 27 09:59:57 2023
Ec2AMI: ami-097610d2a71255e7d
Ec2AMIManifest: (unknown)
Ec2Architecture: x86_64
Ec2AvailabilityZone: eu-central-1a
Ec2Imageid: ami-097610d2a71255e7d
Ec2InstanceType: m6a.large
Ec2Instancetype: m6a.large
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Ec2Region: eu-central-1
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: ubuntu-advantage-tools
UpgradeStatus: No upgrade log present (probably fresh install)
cloud-id.txt: aws
livepatch-status.txt-error:
Failed running command '/snap/bin/canonical-livepatch status' [exit(1)].
Message: Machine is not enabled. Please run 'sudo canonical-livepatch enable'
with the
token obtained from https://ubuntu.com/livepatch.
pro-journal.txt:
Nov 27 09:57:07.273351 ip-172-31-20-161 systemd[1]: Condition check resulted
in Ubuntu Pro reboot cmds being skipped.
Nov 27 09:57:13.549831 ip-172-31-20-161 systemd[1]: Condition
