Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-aws (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I'm testing the fips-review packages on AWS for Jammy. That fails with:
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o Dpkg::Options:
Steps to reproduce:
1) aws ec2 run-instances --image-id resolve:
2) ssh into the instance
3) ua attach $MY_UA_TOKEN
4) ua enable fips-preview # (answer with yes)
The result is:
# ua enable fips-preview
One moment, checking your subscription first
FIPS Preview cannot be enabled with Livepatch.
Disable Livepatch and proceed to enable FIPS Preview? (y/N) y
Disabling incompatible service: Livepatch
This will install crypto packages that have been submitted to NIST for review
but do not have FIPS certification yet. Use this for early access to the FIPS
modules.
Please note that the Livepatch service will be unavailable after
this operation.
Warning: This action can take some time and cannot be undone.
Are you sure? (y/N) y
Updating FIPS Preview package lists
Installing FIPS Preview packages
Updating standard Ubuntu package lists
Could not enable FIPS Preview.
Updating package lists
Unexpected APT error.
Failed running command 'apt-get install --assume-yes --allow-downgrades -o Dpkg::Options:
See /var/log/
From that log:
["2023-
sage: E: Unable to correct problems, you have held broken packages.\n", {}]
["2023-
ould not be installed. This may mean that you have\nrequested an impossible situation or if you are using the unstable\
to resolve the situation:\n\nThe following packages have unmet dependencies:\n ubuntu-aws-fips : Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable\n", {}]
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: ubuntu-
ProcVersionSign
Uname: Linux 6.2.0-1016-aws x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckR
CloudArchitecture: x86_64
CloudID: aws
CloudName: aws
CloudPlatform: ec2
CloudRegion: eu-central-1
CloudSubPlatform: metadata (http://
Date: Mon Nov 27 09:59:57 2023
Ec2AMI: ami-097610d2a71
Ec2AMIManifest: (unknown)
Ec2Architecture: x86_64
Ec2Availability
Ec2Imageid: ami-097610d2a71
Ec2InstanceType: m6a.large
Ec2Instancetype: m6a.large
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
Ec2Region: eu-central-1
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: ubuntu-
UpgradeStatus: No upgrade log present (probably fresh install)
cloud-id.txt: aws
livepatch-
Failed running command '/snap/
token obtained from https:/
pro-journal.txt:
Nov 27 09:57:07.273351 ip-172-31-20-161 systemd[1]: Condition check resulted in Ubuntu Pro reboot cmds being skipped.
Nov 27 09:57:13.549831 ip-172-31-20-161 systemd[1]: Condition check resulted in Ubuntu Pro Background Auto Attach being skipped.
uaclient.conf:
contract_url: https:/
log_level: debug
Note: there is no hold package:
# apt-mark showhold
root@ip-
information type: | Private → Public |
affects: | ubuntu-advantage-tools (Ubuntu) → linux-aws (Ubuntu) |
summary: |
- Enabling fips-preview on Jammy AWS fails with: Unexpected APT error + Enabling fips-preview on Jammy AWS fails with: Depends: linux-aws-fips + (>= 5.15.0.1042.43) but it is not installable |
tags: | removed: need-amd64-retrace |
Hello, Thomas
this seems to be something wrong with the metapackage itself. I believe u-a-t is doing what it should, but the dependency chain for ubuntu-aws-fips is broken, based on the logs:
> The following packages have unmet dependencies:\n ubuntu-aws-fips : Depends: linux-aws-fips (>= 5.15.0.1042.43) but it is not installable\n
FIPS people may know better how to deal with this.