Ubuntu
ubuntu-release-upgrader package

DRU with FIPS enabled causes updates to fail in some cases

Bug #2052736 reported by Roman Kolodziejczyk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-release-upgrader (Ubuntu)
New
Undecided
Unassigned

Bug Description

In an earlier bug fix[0] a diversion is added to libgcrypt20 and libgcrypt20-hmac that isn't cleaned up after the upgrade.

With this diversion in place, apt can get confused as to what to do when changing package streams. For example if you enable FIPS on Bionic then upgrade to Focal and then switch to fips-updates, apt will fail to work.

The specific error is;
Preparing to unpack .../libgcrypt20-hmac_1.8.5-5ubuntu1.fips.1.7_amd64.deb ...
Unpacking libgcrypt20-hmac:amd64 (1.8.5-5ubuntu1.fips.1.7) over (1.8.5-5ubuntu1.fips.1.4) ...
dpkg: error processing archive /var/cache/apt/archives/libgcrypt20-hmac_1.8.5-5ubuntu1.fips.1.7_amd64.deb (--unpack):
trying to overwrite '/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac', which is the diverted version of '/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac'
update-initramfs: deferring update (trigger activated)
Errors were encountered while processing:
/var/cache/apt/archives/libgcrypt20-hmac_1.8.5-5ubuntu1.fips.1.7_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Let me know if you need any additional information,
--Roman K.

[0]https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1982534

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.