enabling fips should only add repos for valid credentials

Bug #1730361 reported by Christian Ehrhardt  on 2017-11-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
ubuntu-advantage-tools (Ubuntu)

Bug Description

while testing for an SRU in ua I found this which I think is less of a nice experience than it should be.

If you try FIPS via ua you might have no credentials, but want to try.
What happens is:

sudo ubuntu-advantage enable-fips xxx:xxx
Running apt-get update... ERROR
W: The repository 'https://private-ppa.launchpad.net/ubuntu-advantage/fips/ubuntu xenial Release' does not have a Release file.
E: Failed to fetch https://private-ppa.launchpad.net/ubuntu-advantage/fips/ubuntu/dists/xenial/main/binary-amd64/Packages 401 Unauthorized
E: Some index files failed to download. They have been ignored, or old ones used instead.

Fine, I get why xxx:xxx isn't working.
But then it leaves my system in a bad state.

# apt update
Err:7 https://private-ppa.launchpad.net/ubuntu-advantage/fips/ubuntu xenial Release
  401 Unauthorized
Reading package lists... Done
E: The repository 'https://private-ppa.launchpad.net/ubuntu-advantage/fips/ubuntu xenial Release' does not have a Release file.

I'd ask you to check the credentials somehow and only add the repo IF those are good.
An alternative would be that if "on enablement" the fail is at the step "Running apt-get update... ERROR" then remove the repo you configured (the one in /etc/apt/sources.list.d/ubuntu-fips-xenial.list).

So it could look either like:
sudo ubuntu-advantage enable-fips xxx:xxx
Checking Credentials... ERROR
(no add repo happening)

$ sudo ubuntu-advantage enable-fips xxx:xxx
Running apt-get update... ERROR
Rolling back repository... Ok

Changed in ubuntu-advantage-tools (Ubuntu):
status: New → Triaged
importance: Undecided → High
Changed in ubuntu-advantage-script:
status: Unknown → New
Andreas Hasenack (ahasenack) wrote :

This was fixed upstream.

Changed in ubuntu-advantage-script:
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-advantage-tools - 14

ubuntu-advantage-tools (14) bionic; urgency=medium

  * New upstream release:
    - repositories are only added after credentials are verified
      (LP: #1730361)
    - Livepatch MOTD script (LP: #1710976)
    - better "status" command output formatting (LP: #1719034)
    - sources.list.d files no longer contain credentials. The "auth.conf"
      facility is used instead. (LP: #1700611)
    - enabled Livepatch support for Bionic 18.04 LTS

 -- Andreas Hasenack <email address hidden> Tue, 06 Feb 2018 09:58:03 -0200

Changed in ubuntu-advantage-tools (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.