enabling fips should only add repos for valid credentials
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-advantage-script |
Fix Released
|
Unknown
|
|||
ubuntu-advantage-tools (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Hi,
while testing for an SRU in ua I found this which I think is less of a nice experience than it should be.
If you try FIPS via ua you might have no credentials, but want to try.
What happens is:
sudo ubuntu-advantage enable-fips xxx:xxx
Running apt-get update... ERROR
[...]
W: The repository 'https:/
E: Failed to fetch https:/
E: Some index files failed to download. They have been ignored, or old ones used instead.
Fine, I get why xxx:xxx isn't working.
But then it leaves my system in a bad state.
# apt update
[...]
Err:7 https:/
401 Unauthorized
Reading package lists... Done
E: The repository 'https:/
I'd ask you to check the credentials somehow and only add the repo IF those are good.
An alternative would be that if "on enablement" the fail is at the step "Running apt-get update... ERROR" then remove the repo you configured (the one in /etc/apt/
So it could look either like:
sudo ubuntu-advantage enable-fips xxx:xxx
Checking Credentials... ERROR
(no add repo happening)
or:
$ sudo ubuntu-advantage enable-fips xxx:xxx
Running apt-get update... ERROR
Rolling back repository... Ok
Changed in ubuntu-advantage-tools (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in ubuntu-advantage-script: | |
status: | Unknown → New |
Changed in ubuntu-advantage-script: | |
status: | New → Fix Released |
This was fixed upstream.