package ntp Jammy 1:4.2.8p15+dfsg-1ubuntu2 failed to install/upgrade: installed ntp package post-installation script subprocess returned error exit status 1

Bug #2054609 reported by Brian M T Warner
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

ntp postinstall attempts to perform a MD5 sum, which is a no-no with FIPS.
I have not encountered this bug on previous LTS versions of Ubuntu with FIPS.

Description: Ubuntu 22.04.4 LTS
Release: 22.04

ntp:
  Installed: 1:4.2.8p15+dfsg-1ubuntu2
  Candidate: 1:4.2.8p15+dfsg-1ubuntu2
  Version table:
 *** 1:4.2.8p15+dfsg-1ubuntu2 500
        500 file:/home...
        100 /var/libdpkg/status

[Actions performed]
I attempted to install ntp onto jammy 22.04.4 LTS with FIPS.
$ sudo pro attach key-goes-here
$ sudo pro enable fips-updates
$ reboot
--after reboot--
$ sudo apt update
$ sudo apt install ntp

[What you expected to happen]
ntp tool installs prior to personal configuration, does not report anything in red

[What happened instead]
Job for ntp.service failed because the control process exited with error code.
[...]
Feb 21 15:53:32 user ntpd[35638]: MD5 init failed
Feb 21 15:53:32 user ntpd[35632]: daemon child exited with code 1
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu82.3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
DistroRelease: Ubuntu 22.04
InstallationDate: Installed on 2024-02-25 (0 days ago)
InstallationMedia: Ubuntu 22.04.2 LTS "Jammy Jellyfish" - Release amd64+intel-iot (20230316.2)
NtpStatus: ntpq: read: Connection refused
Package: ntp 1:4.2.8p15+dfsg-1ubuntu2
PackageArchitecture: amd64
ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-5.15.0-97-fips root=UUID=f8b9334a-bf79-4a19-8e05-461a4c1a2e4c ro quiet splash fips=1 vt.handoff=7
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 5.15.0-97.107+fips1-fips 5.15.136
Tags: wayland-session jammy third-party-packages
Uname: Linux 5.15.0-97-fips x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True

Revision history for this message
Brian M T Warner (bmwarner) wrote : .etc.apparmor.d.usr.sbin.ntpd.txt

apport information

tags: added: apport-collected third-party-packages wayland-session
description: updated
Revision history for this message
Brian M T Warner (bmwarner) wrote : Dependencies.txt

apport information

Revision history for this message
Brian M T Warner (bmwarner) wrote : KernLog.txt

apport information

Revision history for this message
Brian M T Warner (bmwarner) wrote : ProcCpuinfoMinimal.txt

apport information

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ntp (Ubuntu):
status: New → Confirmed
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Checked and focal-fips and bionic-fips are not affected.

Jammy is, as reported here.

Revision history for this message
Tobias Heider (tobhe) wrote :

The reason for the crash is that ntp uses an outdated OpenSSL API to use MD5 despite it normally being blocked in FIPS mode. This particular API has been deprecated with OpenSSL 3 which we ship in Jammy.
This could be mitigated by switching to a newer OpenSSL API, but ntp also seems to be on life support, is only available via Universe and was removed for 24.04.

I would recommend switching to another ntp implementation such as chrony which is in main.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.