** Description changed: - Upgrade from 20.04 to 22.04 failed with "Fatal: unexpected error from - getentropy: Invalid argument". We have fips-updates enabled thru Ubuntu - pro subscription. Tried to upgrade from 18.04 to 22.04. Upgrade from - 18.04 to 204 is successful but upgrade from 20.04 to 22.04 failed. Apt - or do-release-upgrade commands no longer working after the upgrade - failed so we have to restore the host to the Ubuntu 20.04 snapshots. + SRU Justification + + [Impact] + Focal systems with fips-updates enabled cannot be upgraded to Jammy. During + the upgrade, there is a point where the userspace packages are upgraded to + their Jammy version, but are run on a Focal FIPS kernel. Specifically, the + Jammy version of libgcrypt relies on the getrandom syscall with the GRND_RESEED + flag set. This flag, however, is only implemented on the Jammy FIPS kernel. So, + when the Jammy version of libgcrypt is run alongside a Focal FIPS kernel, + a fatal error occurs. + + [Fix] + Have getrandom not reject the GRND_RESEED flag. For Focal systems, this flag + should only be used during the upgrade process from Focal to Jammy, as the + Jammy userspace packages running on the Focal kernel will rely on it. + + [Test] + Summary: In a FIPS enabled machine using the fips-updates channel, test the + upgrade from Focal to Jammy. + + [Where things could go wrong] + This touches the getrandom syscall, so we have many places where things could + go wrong. However, we are just adding another possible flag for it, and not + really adding/removing/altering any other functionality, so the regression + potential is low. + + -------------------------------- Original Report ------------------------------- + Upgrade from 20.04 to 22.04 failed with "Fatal: unexpected error from getentropy: Invalid argument". We have fips-updates enabled thru Ubuntu pro subscription. Tried to upgrade from 18.04 to 22.04. Upgrade from 18.04 to 204 is successful but upgrade from 20.04 to 22.04 failed. Apt or do-release-upgrade commands no longer working after the upgrade failed so we have to restore the host to the Ubuntu 20.04 snapshots. # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.6 LTS Release: 20.04 Codename: focal Upgrade log: Processing triggers for libc-bin (2.35-0ubuntu3.6) ... Errors were encountered while processing: - systemd - ntfs-3g - dbus - libpam-systemd:amd64 - systemd-sysv - libnss-systemd:amd64 - friendly-recovery - samba-common-bin - samba - update-notifier-common + systemd + ntfs-3g + dbus + libpam-systemd:amd64 + systemd-sysv + libnss-systemd:amd64 + friendly-recovery + samba-common-bin + samba + update-notifier-common Fatal: unexpected error from getentropy: Invalid argument fatal error in libgcrypt, file ../../src/misc.c, line 146, function _gcry_logv: internal error (fatal or bug)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
