[Bug 2027694] Re: Bionic to Focal upgrade fails with fips-updates enabled
Launchpad Bug Tracker
2027694 at bugs.launchpad.net
Thu Jul 13 14:41:26 UTC 2023
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ubuntu-release-upgrader (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/2027694
Title:
Bionic to Focal upgrade fails with fips-updates enabled
Status in ubuntu-release-upgrader package in Ubuntu:
Confirmed
Bug description:
On a bionic VM with fips-updates enabled, do-release-upgrade starts
cascading failures about FIPS at a certain point. This is NOT a
duplicate of #1982543 that I can tell as that version of ubuntu-
release-upgrader is already published to "-updates" and my bionic host
is fully up to date. You can see below that I am using a newer version
(1:20.04.41)
```
Get:1318 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 ubuntu-release-upgrader-gtk all 1:20.04.41 [9,364 B]
Get:1319 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 ubuntu-release-upgrader-core all 1:20.04.41 [24.3 kB]
...
Setting up netbase (6.1) ...
Installing new version of config file /etc/services ...
Setting up tzdata (2023c-0ubuntu0.20.04.2) ...
Current default time zone: 'America/New_York'
Local time is now: Wed Jul 12 17:14:19 EDT 2023.
Universal Time is now: Wed Jul 12 21:14:19 UTC 2023.
Run 'dpkg-reconfigure tzdata' if you wish to change it.
Setting up libbsd0:amd64 (0.10.0-1) ...
Setting up libedit2:amd64 (3.1-20191231-1) ...
Setting up libopts25:amd64 (1:5.18.16-3) ...
Setting up ntp (1:4.2.8p12+dfsg-3ubuntu4.20.04.1) ...
Configuration file '/etc/ntp.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** ntp.conf (Y/I/N/O/D/Z) [default=N] ? Y
Installing new version of config file /etc/ntp.conf ...
Warning from /etc/apparmor.d/usr.sbin.ntpd (/etc/apparmor.d/usr.sbin.ntpd line 19): apparmor_parser: File '/etc/apparmor.d/usr.sbin.ntpd' missing feature abi, falling back to default policy feature abi
ntp-systemd-netif.service is a disabled or a static unit not running, not starting it.
../crypto/fips/fips.c:151: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Job for ntp.service failed because the control process exited with error code.
See "systemctl status ntp.service" and "journalctl -xe" for details.
invoke-rc.d: initscript ntp, action "start" failed.
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2023-07-13 09:09:08 EDT; 70ms ago
Docs: man:ntpd(8)
Process: 112082 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=134)
Main PID: 2078 (code=exited, status=0/SUCCESS)
Jul 13 09:09:08 robby systemd[1]: Starting Network Time Service...
Jul 13 09:09:08 robby ntp-systemd-wrapper[112082]: ../crypto/fips/fips.c:151: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Jul 13 09:09:08 robby ntp-systemd-wrapper[112082]: Aborted
Jul 13 09:09:08 robby systemd[1]: ntp.service: Control process exited, code=exited status=134
Jul 13 09:09:08 robby systemd[1]: ntp.service: Failed with result 'exit-code'.
Jul 13 09:09:08 robby systemd[1]: Failed to start Network Time Service.
invoke-rc.d: release upgrade in progress, error is not fatal
Setting up mount (2.34-0.1ubuntu9.4) ...
Setting up systemd (245.4-4ubuntu3.22) ...
Installing new version of config file /etc/systemd/journald.conf ...
Installing new version of config file /etc/systemd/logind.conf ...
Configuration file '/etc/systemd/resolved.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** resolved.conf (Y/I/N/O/D/Z) [default=N] ?
Installing new version of config file /etc/systemd/system.conf ...
Installing new version of config file /etc/systemd/user.conf ...
Created symlink /etc/systemd/system/sysinit.target.wants/systemd-pstore.service → /lib/systemd/system/systemd-pstore.service.
../crypto/fips/fips.c:151: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Aborted
dpkg: error processing package systemd (--configure):
installed systemd package post-installation script subprocess returned error exit status 134
../crypto/fips/fips.c:151: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Exception during pm.DoInstall(): E:Sub-process /usr/bin/dpkg returned an error code (1)
../crypto/fips/fips.c:151: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Could not install the upgrades
The upgrade has aborted. Your system could be in an unusable state. A
recovery will run now (dpkg --configure -a).
Please report this bug in a browser at
http://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+filebug
and attach the files in /var/log/dist-upgrade/ to the bug report.
E:Sub-process /usr/bin/dpkg returned an error code (1)
Setting up libgme0:amd64 (0.6.2-1build1) ...
Setting up libbrlapi0.7:amd64 (6.0+dfsg-4ubuntu6) ...
Setting up libpwquality-common (1.4.2-1build1) ...
Configuration file '/etc/security/pwquality.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** pwquality.conf (Y/I/N/O/D/Z) [default=N] ?
Setting up libapt-pkg-perl (0.1.36build3) ...
Setting up libksba8:amd64 (1.3.5-2ubuntu0.20.04.2) ...
Setting up libexpat1:amd64 (2.2.9-1ubuntu0.6) ...
Setting up cpio (2.13+dfsg-2ubuntu0.3) ...
Setting up libgsf-1-common (1.14.46-1) ...
...
...<things proceed okay, and then stuff like this starts popping up>
...
Setting up e2fsprogs (1.45.5-2ubuntu1.1) ...
Installing new version of config file /etc/mke2fs.conf ...
update-initramfs: deferring update (trigger activated)
Created symlink /etc/systemd/system/timers.target.wants/e2scrub_all.timer → /lib/systemd/system/e2scrub_all.timer.
Created symlink /etc/systemd/system/default.target.wants/e2scrub_reap.service → /lib/systemd/system/e2scrub_reap.service.
e2scrub_all.service is a disabled or a static unit not running, not starting it.
../crypto/fips/fips.c:151: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Setting up libnpth0:amd64 (1.6-1) ...
Setting up systemd (245.4-4ubuntu3.22) ...
../crypto/fips/fips.c:151: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
Aborted
dpkg: error processing package systemd (--configure):
installed systemd package post-installation script subprocess returned error exit status 134
Setting up libpeas-common (1.26.0-2) ...
Setting up libxcb-shm0:amd64 (1.14-2) ...
```
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/2027694/+subscriptions
More information about the foundations-bugs
mailing list