我启用了 ubuntu FIPS,突然无法安装任何东西。这是一个错误输出示例。我尝试安装的任何软件包都会发生这种情况。
laptop@my-laptop:~$ sudo apt install -f gcc
Reading package lists... Done
Building dependency tree
Reading state information... Done
gcc is already the newest version (4:9.3.0-1ubuntu2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: deferring update (trigger activated)
Setting up linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
Processing triggers for initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: Generating /boot/initrd.img-5.4.0-91-generic
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-91-generic with 1.
dpkg: error processing package initramfs-tools (--configure):
installed initramfs-tools package post-installation script subprocess returned error exit status 1
Processing triggers for linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
/etc/kernel/postinst.d/dkms:
* dkms: running auto installation service for kernel 5.4.0-1007-fips
...done.
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.4.0-1007-fips
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-1007-fips with 1.
run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
dpkg: error processing package linux-image-5.4.0-1007-fips (--configure):
installed linux-image-5.4.0-1007-fips package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
initramfs-tools
linux-image-5.4.0-1007-fips
E: Sub-process /usr/bin/dpkg returned an error code (1)
我正在使用 Ubuntu 20.04 LTS,我升级了do release upgrade
laptop@my-laptop:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
laptop@my-laptop:~$ sudo apt update
Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:3 https://packages.microsoft.com/repos/edge stable InRelease
Hit:4 https://packages.microsoft.com/repos/ms-teams stable InRelease
Hit:5 https://deb.nodesource.com/node_15.x focal InRelease
Get:6 https://packages.microsoft.com/repos/code stable InRelease [10,4 kB]
Hit:7 https://packages.cloud.google.com/apt cloud-sdk InRelease
Hit:8 http://ppa.launchpad.net/git-core/ppa/ubuntu focal InRelease
Hit:9 http://ppa.launchpad.net/graphics-drivers/ppa/ubuntu focal InRelease
Hit:10 http://ppa.launchpad.net/linuxuprising/apps/ubuntu focal InRelease
Hit:11 https://repo.nordvpn.com/deb/nordvpn/debian stable InRelease
Hit:12 http://ppa.launchpad.net/shevchuk/dnscrypt-proxy/ubuntu focal InRelease
Hit:13 https://artifacts.elastic.co/packages/7.x/apt stable InRelease
Get:14 https://esm.ubuntu.com/cis/ubuntu focal InRelease [3138 B]
Get:15 https://esm.ubuntu.com/infra/ubuntu focal-infra-security InRelease [7426 B]
Hit:16 https://packages.cloud.google.com/apt kubernetes-xenial InRelease
Hit:17 https://download.sublimetext.com apt/stable/ InRelease
Get:18 https://packages.microsoft.com/repos/code stable/main amd64 Packages [64,0 kB]
Get:19 https://packages.microsoft.com/repos/code stable/main armhf Packages [64,9 kB]
Get:20 https://packages.microsoft.com/repos/code stable/main arm64 Packages [64,9 kB]
Hit:21 https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/focal pgadmin4 InRelease
Fetched 215 kB in 7s (30,1 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
laptop@my-laptop:~$ dpkg -L libgcrypt20 | grep .so.20.2.5
/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.2.5
laptop@my-laptop:~$
我尝试禁用 fips,但问题仍然存在
laptop@my-laptop:~$ ua status --all
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis yes enabled Center for Internet Security Audit Tools
esm-apps no — UA Apps: Extended Security Maintenance (ESM)
esm-infra yes enabled UA Infra: Extended Security Maintenance (ESM)
fips yes disabled NIST-certified core packages
fips-updates yes disabled NIST-certified core packages with priority security updates
livepatch yes enabled Canonical Livepatch service
ros no — Security Updates for the Robot Operating System
ros-updates no — All Updates for the Robot Operating System
Enable services with: ua enable <service>
根据@Someone 的要求添加更多信息
laptop@my-laptop:~$ sudo chmod +x /usr/share/initramfs-tools/hooks/fips-libgcrypt
laptop@my-laptop:~$ sudo apt -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: deferring update (trigger activated)
Setting up linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
Processing triggers for initramfs-tools (0.136ubuntu6.6) ...
update-initramfs: Generating /boot/initrd.img-5.4.0-91-generic
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-91-generic with 1.
dpkg: error processing package initramfs-tools (--configure):
installed initramfs-tools package post-installation script subprocess returned error exit status 1
Processing triggers for linux-image-5.4.0-1007-fips (5.4.0-1007.8) ...
/etc/kernel/postinst.d/dkms:
* dkms: running auto installation service for kernel 5.4.0-1007-fips
...done.
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.4.0-1007-fips
Failed to copy HMAC file "/usr/lib/x86_64-linux-gnu/.libgcrypt.so.20.hmac".
E: /usr/share/initramfs-tools/hooks/fips-libgcrypt failed with return 1.
update-initramfs: failed for /boot/initrd.img-5.4.0-1007-fips with 1.
run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
dpkg: error processing package linux-image-5.4.0-1007-fips (--configure):
installed linux-image-5.4.0-1007-fips package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
initramfs-tools
linux-image-5.4.0-1007-fips
E: Sub-process /usr/bin/dpkg returned an error code (1)
laptop@my-laptop:~$
这里是我的 Ubuntu 上的 libgcrypt 版本:
laptop@my-laptop:~$ ls -a /usr/lib/x86_64-linux-gnu/ | grep libgcrypt
libgcrypt.so.20
libgcrypt.so.20.2.5
laptop@my-laptop:~$
我不确定我在这里做错了什么。提前感谢您的帮助。
答案1
最后,我终于让它工作了,不幸的是,需要一些手动步骤。首先,我删除了 ubuntu fips 内核(为此使用了 UKUU),然后我删除了 FIPS 内容
FIPS_KERNELS=`dpkg-query -W -f='${Package}\n'| egrep linux-.*-fips`
sudo apt-get remove $FIPS_KERNELS
sudo reboot
之后我删除了所有我没有使用的内核条目:
/boot
最后删除了所有 fips 条目
sudo su
cd /usr/share/initramfs-tools/hooks/
rm -rf fips*
我不确定是否需要所有步骤,但它对我来说有效。