Ubuntu
update-manager package

ubuntu-support-status does mark FIPS packages as unsupported on 18.04

Bug #1937303 reported by Nikos Mavrogiannopoulos
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
New
Undecided
Unassigned

Bug Description

In ubuntu 18.04 with FIPS (via fips or fips-updates stream), ubuntu-support-status marks the FIPS packages as unsupported. As these packages are used by customers that require support, this message is confusing for existing as well as prospectives that test our product.

```
$ sudo ua status
...
fips yes n/a NIST-certified core packages
fips-updates yes enabled NIST-certified core packages with priority security updates
```

```
$ sudo ubuntu-support-status
[sudo] password for nmav:
Support status summary of 'ubuntu1804':

You have 1604 packages (97.8%) supported until dubna 2023 (Canonical - 5y)

You have 5 packages (0.3%) that can not/no-longer be downloaded
You have 31 packages (1.9%) that are unsupported

Your Hardware Enablement Stack (HWE) is supported until dubna 2023.

Run with --show-unsupported, --show-supported or --show-all to see more details
```

The following command shows the FIPS-installed packages as unsupported:

```
$ sudo ubuntu-support-status --show-unsupported
Support status summary of 'ubuntu1804':

You have 1604 packages (97.8%) supported until dubna 2023 (Canonical - 5y)

You have 5 packages (0.3%) that can not/no-longer be downloaded
You have 31 packages (1.9%) that are unsupported

Your Hardware Enablement Stack (HWE) is supported until dubna 2023.

No longer downloadable:
krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0

Unsupported:
fips-initramfs geany geany-common gnutls-bin gstreamer1.0-gtk3 joe
kcapi-tools libbrotli1 libgcrypt20 libgcrypt20-dev libgcrypt20-hmac
libkcapi-dev libkcapi1 libopts25 libssl-dev libssl1.1 libssl1.1-hmac
libwoff1 linux-fips linux-fips-headers-4.15.0-1060
linux-headers-4.15.0-1060-fips linux-headers-fips
linux-image-4.15.0-1060-fips linux-image-fips
linux-image-hmac-4.15.0-1060-fips linux-modules-4.15.0-1060-fips
linux-modules-extra-4.15.0-1060-fips openssh-client
openssh-client-hmac openssl ubuntu-fips
```

All of the packages above are supported via the fips and fips-updates ppas.

See original description
Nikos Mavrogiannopoulos (nmavrogiannopoulos)
description: updated
Nikos Mavrogiannopoulos (nmavrogiannopoulos)
information type: Public → Private
information type: Private → Public
Matthieu Clemenceau (mclemenceau)
tags: added: rls-ii-incomings
Matthieu Clemenceau (mclemenceau)
tags: added: rls-ff-incoming
removed: rls-ii-incomings
Matthieu Clemenceau (mclemenceau)
tags: added: fr-1535
Revision history for this message
Brian Murray (brian-murray) wrote :

The way ubuntu-support-status is currently written it has no knowledge of official third party packages so anything that is not from archive.ubuntu.com, or a mirror of it, is considered unsupported. This is why ubuntu-security-status was written and intended to replace ubuntu-support-status.

tags: removed: fr-1535 rls-ff-incoming
Revision history for this message
Nikos Mavrogiannopoulos (nmavrogiannopoulos) wrote (last edit ):

How can we address the customer problem?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.