ubuntu-support-status does mark FIPS packages as unsupported on 18.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
update-manager (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
In ubuntu 18.04 with FIPS (via fips or fips-updates stream), ubuntu-
```
$ sudo ua status
...
fips yes n/a NIST-certified core packages
fips-updates yes enabled NIST-certified core packages with priority security updates
```
```
$ sudo ubuntu-
[sudo] password for nmav:
Support status summary of 'ubuntu1804':
You have 1604 packages (97.8%) supported until dubna 2023 (Canonical - 5y)
You have 5 packages (0.3%) that can not/no-longer be downloaded
You have 31 packages (1.9%) that are unsupported
Your Hardware Enablement Stack (HWE) is supported until dubna 2023.
Run with --show-unsupported, --show-supported or --show-all to see more details
```
The following command shows the FIPS-installed packages as unsupported:
```
$ sudo ubuntu-
Support status summary of 'ubuntu1804':
You have 1604 packages (97.8%) supported until dubna 2023 (Canonical - 5y)
You have 5 packages (0.3%) that can not/no-longer be downloaded
You have 31 packages (1.9%) that are unsupported
Your Hardware Enablement Stack (HWE) is supported until dubna 2023.
No longer downloadable:
krb5-locales libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0
Unsupported:
fips-initramfs geany geany-common gnutls-bin gstreamer1.0-gtk3 joe
kcapi-tools libbrotli1 libgcrypt20 libgcrypt20-dev libgcrypt20-hmac
libkcapi-dev libkcapi1 libopts25 libssl-dev libssl1.1 libssl1.1-hmac
libwoff1 linux-fips linux-fips-
linux-headers-
linux-image-
linux-image-
linux-modules-
openssh-client-hmac openssl ubuntu-fips
```
All of the packages above are supported via the fips and fips-updates ppas.
description: | updated |
information type: | Public → Private |
information type: | Private → Public |
tags: | added: rls-ii-incomings |
tags: |
added: rls-ff-incoming removed: rls-ii-incomings |
tags: | added: fr-1535 |
The way ubuntu- support- status is currently written it has no knowledge of official third party packages so anything that is not from archive.ubuntu.com, or a mirror of it, is considered unsupported. This is why ubuntu- security- status was written and intended to replace ubuntu- support- status.