Public bug reported: There are some number of clients that need to install FIPS or FIPS- Updates packages in an offline/air-gapped environment. To do this they need to use the UA client in a non-air-gapped machine to configure the FIPS repositories and then manually download the required packages for transfer to and installation in their offline environment.
However, by default behavior when enabling FIPS with the UA client, automatically installs the ubuntu-fips package which then downloads and installs all the dependency packages. Because these packages are installed automatically, using the previous recommended method for downloading these packages does not work. It presents an error that the packages are already installed and the latest versions. apt-get install --download-only ubuntu-fips A workaround was provided for the time being, but a built in option to configure FIPS without installing the packages would be a more ideal solution. I know that this will take time and discussion around implementation between product and engineering teams, and also about how the messaging will be worded for the UA client (fips enabled, fips configured, fips repo-only, etc.). Nevertheless, I am putting in this RFE, so there can be discussion around this in the proper forum. ----- The workaround, which is very much appreciated was given as using an overlay.json file to reconfigure the additional packages configuration for FIPS in the UA client configuration. -- /etc/ubuntu-advantage/uaclient.conf -- contract_url: https://contracts.canonical.com data_dir: /var/lib/ubuntu-advantage log_file: /var/log/ubuntu-advantage.log log_level: debug security_url: https://ubuntu.com/security features: machine_token_overlay: /root/disable-fips-pkgs.json -- /root/disable-fips-pkgs.json -- { "machineTokenInfo": { "contractInfo": { "resourceEntitlements": [ { "type": "fips", "series": { "xenial": { "directives": { "additionalPackages": [] } }, "bionic": { "directives": { "additionalPackages": [] } }, "focal": { "directives": { "additionalPackages": [] } } } } ] } } } ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New ** Tags: feature-request -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940128 Title: RFE: ua enable fips skip additional packages, ease download of fips packages for offline use To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1940128/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
