Public bug reported:
Using AWS AMI: ami-0193aa0a9df84a08b
Attempting to enable fips-updates with the ua command line tool fails
with error that apt "Unable to locate package ubuntu-aws-fips."
Canonical has told me directly 20.04 is now FIPS 140-2 Level 1
certified.
Output:
ubuntu@ip-xx-xx-xx-xx:~$ lsb_release -rd
Description: Ubuntu 20.04.2 LTS
Release: 20.04
ubuntu@ip-xx-xx-xx-xx:~$ ua version
27.2.2~20.04.1
ubuntu@ip-xx-xx-xx-xx:~$ sudo ua status --all
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis yes disabled Center for Internet Security Audit Tools
esm-apps yes disabled UA Apps: Extended Security Maintenance (ESM)
esm-infra yes disabled UA Infra: Extended Security Maintenance (ESM)
fips yes disabled NIST-certified core packages
fips-updates yes disabled NIST-certified core packages with priority
security updates
livepatch yes disabled Canonical Livepatch service
Enable services with: ua enable <service>
Account: xxxx
Subscription: xxxx
Valid until: 9999-12-31 00:00:00+00:00
Technical support level: essential
ubuntu@ip-xx-xx-xx-xx:~$ sudo ua --debug enable fips-updates
DEBUG: Executed with sys.argv: ['/usr/bin/ua', '--debug', 'enable',
'fips-updates']
This will install the FIPS core packages and will include priority updates
with security fixes.
Are you sure? (y/N) y
DEBUG: Writing file:
/var/lib/ubuntu-advantage/private/machine-access-fips-updates
DEBUG: Writing file: /etc/apt/preferences.d/ubuntu-fips-updates
DEBUG: Ran cmd: apt-cache policy, rc: 0 stderr: b''
DEBUG: Writing file: /etc/apt/sources.list.d/ubuntu-fips-updates.list
DEBUG: Writing file: /etc/apt/auth.conf.d/90ubuntu-advantage
DEBUG: Exporting GPG key /usr/share/keyrings/ubuntu-advantage-fips.gpg
Updating package lists
DEBUG: Ran cmd: apt-get update, rc: 0 stderr: b''
DEBUG: Reading file: /var/lib/ubuntu-advantage/private/machine-token.json
Installing FIPS Updates packages
DEBUG: Failed running command 'apt-get install --assume-yes --allow-downgrades
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to locate package
ubuntu-aws-fips
DEBUG: Failed running command 'apt-get install --assume-yes --allow-downgrades
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to locate package
ubuntu-aws-fips
Retrying 3 more times.
DEBUG: Failed running command 'apt-get install --assume-yes --allow-downgrades
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to locate package
ubuntu-aws-fips
DEBUG: Failed running command 'apt-get install --assume-yes --allow-downgrades
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to locate package
ubuntu-aws-fips
Retrying 2 more times.
DEBUG: Failed running command 'apt-get install --assume-yes --allow-downgrades
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to locate package
ubuntu-aws-fips
DEBUG: Failed running command 'apt-get install --assume-yes --allow-downgrades
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to locate package
ubuntu-aws-fips
Retrying 1 more times.
DEBUG: Failed running command 'apt-get install --assume-yes --allow-downgrades
-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
ubuntu-aws-fips' [exit(100)]. Message: E: Unable to locate package
ubuntu-aws-fips
DEBUG: Reading file: /etc/apt/auth.conf.d/90ubuntu-advantage
Updating package lists
DEBUG: Ran cmd: apt-get update, rc: 0 stderr: b''
Could not enable FIPS Updates.
DEBUG: Reading file: /var/lib/ubuntu-advantage/notices.json
DEBUG: Removing file: /var/lib/ubuntu-advantage/notices.json
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1939449
Title:
Ubuntu Pro UA fails to enable fips-updates on 20.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1939449/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
