[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
This bug is awaiting verification that the linux-azure- fips/5.4.0-1135.142+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-azure-fips' to 'verification-done-focal-linux-azure-fips'. If the problem still exists, change the tag 'verification-needed-focal-linux-azure-fips' to 'verification-failed-focal-linux-azure-fips'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-azure-fips-v2 verification-needed-focal-linux-azure-fips -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
This bug is awaiting verification that the linux-aws- fips/5.4.0-1130.140+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-aws-fips' to 'verification-done-focal-linux-aws-fips'. If the problem still exists, change the tag 'verification-needed-focal-linux-aws-fips' to 'verification-failed-focal-linux-aws-fips'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-aws-fips-v2 verification-needed-focal-linux-aws-fips -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
This bug is awaiting verification that the linux-fips/5.4.0-1104.114 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-fips' to 'verification-done-focal- linux-fips'. If the problem still exists, change the tag 'verification- needed-focal-linux-fips' to 'verification-failed-focal-linux-fips'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-fips-v2 verification-needed-focal-linux-fips -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
This bug is awaiting verification that the linux-fips/5.4.0-1104.114 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-fips' to 'verification-done-focal- linux-fips'. If the problem still exists, change the tag 'verification- needed-focal-linux-fips' to 'verification-failed-focal-linux-fips'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
This bug is awaiting verification that the linux-gcp- fips/5.4.0-1134.143+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-gcp-fips' to 'verification-done-focal-linux-gcp-fips'. If the problem still exists, change the tag 'verification-needed-focal-linux-gcp-fips' to 'verification-failed-focal-linux-gcp-fips'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-gcp-fips-v2 verification-needed-focal-linux-gcp-fips -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
** Changed in: linux (Ubuntu) Status: In Progress => Fix Committed ** Changed in: linux (Ubuntu Focal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
** Also affects: apt (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Focal) Assignee: (unassigned) => Magali Lemes do Sacramento (magalilemes) ** Changed in: linux (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Focal) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2055825] Re: fips-updates: upgrade from 20.04 to 22.04 fails
** Description changed: - Upgrade from 20.04 to 22.04 failed with "Fatal: unexpected error from - getentropy: Invalid argument". We have fips-updates enabled thru Ubuntu - pro subscription. Tried to upgrade from 18.04 to 22.04. Upgrade from - 18.04 to 204 is successful but upgrade from 20.04 to 22.04 failed. Apt - or do-release-upgrade commands no longer working after the upgrade - failed so we have to restore the host to the Ubuntu 20.04 snapshots. + SRU Justification + + [Impact] + Focal systems with fips-updates enabled cannot be upgraded to Jammy. During + the upgrade, there is a point where the userspace packages are upgraded to + their Jammy version, but are run on a Focal FIPS kernel. Specifically, the + Jammy version of libgcrypt relies on the getrandom syscall with the GRND_RESEED + flag set. This flag, however, is only implemented on the Jammy FIPS kernel. So, + when the Jammy version of libgcrypt is run alongside a Focal FIPS kernel, + a fatal error occurs. + + [Fix] + Have getrandom not reject the GRND_RESEED flag. For Focal systems, this flag + should only be used during the upgrade process from Focal to Jammy, as the + Jammy userspace packages running on the Focal kernel will rely on it. + + [Test] + Summary: In a FIPS enabled machine using the fips-updates channel, test the + upgrade from Focal to Jammy. + + [Where things could go wrong] + This touches the getrandom syscall, so we have many places where things could + go wrong. However, we are just adding another possible flag for it, and not + really adding/removing/altering any other functionality, so the regression + potential is low. + + Original Report --- + Upgrade from 20.04 to 22.04 failed with "Fatal: unexpected error from getentropy: Invalid argument". We have fips-updates enabled thru Ubuntu pro subscription. Tried to upgrade from 18.04 to 22.04. Upgrade from 18.04 to 204 is successful but upgrade from 20.04 to 22.04 failed. Apt or do-release-upgrade commands no longer working after the upgrade failed so we have to restore the host to the Ubuntu 20.04 snapshots. # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 20.04.6 LTS Release:20.04 Codename: focal Upgrade log: Processing triggers for libc-bin (2.35-0ubuntu3.6) ... Errors were encountered while processing: - systemd - ntfs-3g - dbus - libpam-systemd:amd64 - systemd-sysv - libnss-systemd:amd64 - friendly-recovery - samba-common-bin - samba - update-notifier-common + systemd + ntfs-3g + dbus + libpam-systemd:amd64 + systemd-sysv + libnss-systemd:amd64 + friendly-recovery + samba-common-bin + samba + update-notifier-common Fatal: unexpected error from getentropy: Invalid argument fatal error in libgcrypt, file ../../src/misc.c, line 146, function _gcry_logv: internal error (fatal or bug) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
