fips-updates: upgrade from 20.04 to 22.04 fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Focal |
New
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
In Progress
|
Medium
|
Magali Lemes do Sacramento | ||
Focal |
In Progress
|
Medium
|
Magali Lemes do Sacramento |
Bug Description
SRU Justification
[Impact]
Focal systems with fips-updates enabled cannot be upgraded to Jammy. During
the upgrade, there is a point where the userspace packages are upgraded to
their Jammy version, but are run on a Focal FIPS kernel. Specifically, the
Jammy version of libgcrypt relies on the getrandom syscall with the GRND_RESEED
flag set. This flag, however, is only implemented on the Jammy FIPS kernel. So,
when the Jammy version of libgcrypt is run alongside a Focal FIPS kernel,
a fatal error occurs.
[Fix]
Have getrandom not reject the GRND_RESEED flag. For Focal systems, this flag
should only be used during the upgrade process from Focal to Jammy, as the
Jammy userspace packages running on the Focal kernel will rely on it.
[Test]
Summary: In a FIPS enabled machine using the fips-updates channel, test the
upgrade from Focal to Jammy.
[Where things could go wrong]
This touches the getrandom syscall, so we have many places where things could
go wrong. However, we are just adding another possible flag for it, and not
really adding/
potential is low.
-------
Upgrade from 20.04 to 22.04 failed with "Fatal: unexpected error from getentropy: Invalid argument". We have fips-updates enabled thru Ubuntu pro subscription. Tried to upgrade from 18.04 to 22.04. Upgrade from 18.04 to 204 is successful but upgrade from 20.04 to 22.04 failed. Apt or do-release-upgrade commands no longer working after the upgrade failed so we have to restore the host to the Ubuntu 20.04 snapshots.
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.6 LTS
Release: 20.04
Codename: focal
Upgrade log:
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
Errors were encountered while processing:
systemd
ntfs-3g
dbus
libpam-
systemd-sysv
libnss-
friendly-recovery
samba-common-bin
samba
update-
Fatal: unexpected error from getentropy: Invalid argument
fatal error in libgcrypt, file ../../src/misc.c, line 146, function _gcry_logv: internal error (fatal or bug)
summary: |
- Upgrade from 20.04 to 22.04 failed with "Fatal: unexpected error from - getentropy: Invalid argument" + fips: upgrade from 20.04 to 22.04 fails |
Changed in linux (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
summary: |
- fips: upgrade from 20.04 to 22.04 fails + fips-updates: upgrade from 20.04 to 22.04 fails |
description: | updated |
Changed in linux (Ubuntu Focal): | |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
importance: | Undecided → Medium |
status: | New → In Progress |
do-release-upgrade log