Показать статистику
0 голосов
от (2.7тыс. баллов)

Я включаю Ubuntu FIPS и вдруг не могу ничего установить. Вот пример вывода ошибок. Это происходит с любым пакетом, который я пытаюсь установить.

laptop@my-laptop:~$ sudo apt install -f gcc
Reading package lists... Done
Building dependency tree       
Reading state information... Done
gcc is already the newest version (4:9.3.0-1ubuntu2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: deferring update (trigger activated)
Setting up linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
Processing triggers for initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: Generating /boot/initrd.img-5.4.0-91-generic
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-91-generic with 1.
dpkg: error processing package initramfs-tools (--configure):
 installed initramfs-tools package post-installation script subprocess returned error exit status 1
Processing triggers for linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
/etc/kernel/postinst.d/dkms:
 * dkms: running auto installation service for kernel 5.4.0-1007-fips
   ...done.
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.4.0-1007-fips
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-1007-fips with 1.
run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
dpkg: error processing package linux-image-5.4.0-1007-fips (--configure):
 installed linux-image-5.4.0-1007-fips package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 initramfs-tools
 linux-image-5.4.0-1007-fips
E: Sub-process /usr/bin/dpkg returned an error code (1)

Я использую Ubuntu 20.04 LTS, я обновился с помощьюdo release upgrade

274 просмотров 1 ответов
от (2.7тыс. баллов)
0
laptop@my-laptop:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:    20.04
Codename:   focal
laptop@my-laptop:~$ sudo apt update 
Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease                                                                                                                               
Hit:3 https://packages.microsoft.com/repos/edge stable InRelease                                                                                                                                                  
Hit:4 https://packages.microsoft.com/repos/ms-teams stable InRelease                                                                                                                                              
Hit:5 https://deb.nodesource.com/node_15.x focal InRelease                                                                                                                                                        
Get:6 https://packages.microsoft.com/repos/code stable InRelease [10,4 kB]                                                                                                                                        
Hit:7 https://packages.cloud.google.com/apt cloud-sdk InRelease                                                                                                                                                   
Hit:8 http://ppa.launchpad.net/git-core/ppa/ubuntu focal InRelease                                                                                                                                                
Hit:9 http://ppa.launchpad.net/graphics-drivers/ppa/ubuntu focal InRelease                                                                                                                                        
Hit:10 http://ppa.launchpad.net/linuxuprising/apps/ubuntu focal InRelease                                                                                                                                         
Hit:11 https://repo.nordvpn.com/deb/nordvpn/debian stable InRelease                                                                                                                                               
Hit:12 http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu focal InRelease                                                                                                                                    
Hit:13 https://artifacts.elastic.co/packages/7.x/apt stable InRelease                                                                                                                                             
Get:14 https://esm.ubuntu.com/cis/ubuntu focal InRelease [3138 B]                                                                                                          
Get:15 https://esm.ubuntu.com/infra/ubuntu focal-infra-security InRelease [7426 B]                                                                                                 
Hit:16 https://packages.cloud.google.com/apt kubernetes-xenial InRelease                                                                             
Hit:17 https://download.sublimetext.com apt/stable/ InRelease                                
Get:18 https://packages.microsoft.com/repos/code stable/main amd64 Packages [64,0 kB]
Get:19 https://packages.microsoft.com/repos/code stable/main armhf Packages [64,9 kB]
Get:20 https://packages.microsoft.com/repos/code stable/main arm64 Packages [64,9 kB]          
Hit:21 https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/focal pgadmin4 InRelease                                                                                                                               
Fetched 215 kB in 7s (30,1 kB/s)                                                                                                                                                                                  
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
laptop@my-laptop:~$ dpkg -L libgcrypt20 | grep .so.20.2.5
/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.2.5
laptop@my-laptop:~$ 
от (2.7тыс. баллов)
0

Я попытался отключить fips, но проблема осталась прежней.

laptop@my-laptop:~$ ua status --all
SERVICE       ENTITLED  STATUS    DESCRIPTION
cc-eal        yes       n/a       Common Criteria EAL2 Provisioning Packages
cis           yes       enabled   Center for Internet Security Audit Tools
esm-apps      no        —         UA Apps: Extended Security Maintenance (ESM)
esm-infra     yes       enabled   UA Infra: Extended Security Maintenance (ESM)
fips          yes       disabled  NIST-certified core packages
fips-updates  yes       disabled  NIST-certified core packages with priority security updates
livepatch     yes       enabled   Canonical Livepatch service
ros           no        —         Security Updates for the Robot Operating System
ros-updates   no        —         All Updates for the Robot Operating System

Enable services with: ua enable <service>
от (2.7тыс. баллов)
0

Добавление дополнительной информации по запросу @Someone

laptop@my-laptop:~$ sudo chmod +x /usr/share/initramfs-tools/hooks/fips-libgcrypt
laptop@my-laptop:~$ sudo apt -f install
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: deferring update (trigger activated)
Setting up linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
Processing triggers for initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: Generating /boot/initrd.img-5.4.0-91-generic
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-91-generic with 1.
dpkg: error processing package initramfs-tools (--configure):
 installed initramfs-tools package post-installation script subprocess returned error exit status 1
Processing triggers for linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
/etc/kernel/postinst.d/dkms:
 * dkms: running auto installation service for kernel 5.4.0-1007-fips
   ...done.
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.4.0-1007-fips
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-1007-fips with 1.
run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
dpkg: error processing package linux-image-5.4.0-1007-fips (--configure):
 installed linux-image-5.4.0-1007-fips package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
 initramfs-tools
 linux-image-5.4.0-1007-fips
E: Sub-process /usr/bin/dpkg returned an error code (1)
laptop@my-laptop:~$ 

а вот версии libgcrypt на моем Ubuntu:

laptop@my-laptop:~$ ls -a /usr/lib/x86_64-linux-gnu/ | grep libgcrypt
libgcrypt.so.20
libgcrypt.so.20.2.5
laptop@my-laptop:~$ 

Я не уверен, что я делаю неправильно здесь. Заранее спасибо за вашу помощь.

1 Ответ

0 голосов
от (2.7тыс. баллов)

Наконец, я смог заставить его работать, к сожалению, потребовались некоторые ручные шаги. сначала я удалил ядро ubuntu fips (использовал для этого UKUU), затем я удалил материал FIPS

FIPS_KERNELS=`dpkg-query -W -f='${Package}\n'| egrep linux-.*-fips`
sudo apt-get remove $FIPS_KERNELS
sudo reboot

После этого я удалил все записи ядра, которые не использовал:

/boot

и, наконец, удалил все записи fips из

sudo su
cd /usr/share/initramfs-tools/hooks/
rm -rf fips*

Я не уверен, что все шаги были необходимы, но это сработало для меня.

...