0

Getting this error sudo pro enable fips-updates:

Failed running command 'apt-get install --assume-yes --allow-downgrades -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" ubuntu-fips' [exit(100)]. 
Message: E: Unable to correct problems, you have held broken packages.

Logs:

["2024-01-18T02:36:14.000", "WARNING", "ubuntupro.system", "subp", 715, 
"Stderr: E: Unable to correct problems, you have held broken packages.\n\n
Stdout: Reading package lists...\n
Building dependency tree...\n
Reading state information...\n
Some packages could not be installed. This may mean that you have\n
requested an impossible situation or if you are using the unstable\n
distribution that some required packages have not yet been created\n
or been moved out of Incoming.\n
The following information may help to resolve the situation:\n\n
The following packages have unmet dependencies:\n 
libgcrypt20-hmac : Depends: libgcrypt20 (= 1.9.4-3ubuntu3+Fips1.2) but 1.9.4-3ubuntu3 is to be installed\n 
ubuntu-fips : Depends: libssl3 (= 3.0.2-0ubuntu1.12+Fips1) but 3.0.2-0ubuntu1.12 is to be installed\n
              Depends: libgcrypt20 (= 1.9.4-3ubuntu3+Fips1.2) but 1.9.4-3ubuntu3 is to be installed\n", {}]
Artur Meinild
  • 26,018
Adarsh S
  • 11
  • 1
  • 3
    Does this answer your question? Unable to correct problems, you have held broken packages – guiverc Jan 18 '24 at 11:42
  • No this didn't solve for me – Adarsh S Jan 18 '24 at 11:46
  • What is the command supposed to do? I mean, ubuntu-fips is to be installed, but what are the other options for? – Jos Jan 18 '24 at 11:50
  • command -> sudo pro enable fips-updates -> Result

    Updating FIPS Updates package lists Installing FIPS Updates packages Updating standard Ubuntu package lists Could not enable FIPS Updates. Updating package lists Unexpected APT error. Failed running command 'apt-get install --assume-yes --allow-downgrades -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" ubuntu-fips' [exit(100)]. Message: E: Unable to correct problems, you have held broken packages.

     – Adarsh S Jan 18 '24 at 11:51
  • 1
    Please edit your question - not the comments - to clarify exactly what the issue is. Include all relevant input and output; cut and paste it with proper formatting; no screenshots. – Organic Marble Jan 18 '24 at 12:02
  • rc linux-modules-extra-5.3.0-45-generic 5.3.0-45.37~18.04.1 amd64 Linux kernel extra modules for version 5.3.0 on 64 bit x86 SMP - [@rusty] – Adarsh S Jan 18 '24 at 12:14
  • No more than 50 its showing [@rusty] – Adarsh S Jan 18 '24 at 12:26
  • Modified question and added logs – Adarsh S Jan 18 '24 at 13:04
  • I meant the output of sudo dpkg -l | grep '^.[^i]' command. However, I've also generalized my answer, you can try it yourself, or if you update your post I may also have a look at it. – rusty Jan 18 '24 at 13:14
  • Also reported here - https://askubuntu.com/questions/1508208/ubuntu-pro-enable-fips-updates-fails. I think the problem is that fips is not supported on 22.04 Jammy - according to the docs at Ubuntu Pro - https://ubuntu.com/tutorials/using-the-ubuntu-pro-client-to-enable-fips#1-overview "An Ubuntu machine running Ubuntu server or desktop 16.04 LTS, 18.04 LTS, or 20.04 LTS". Here is my fail log: https://gist.github.com/KathyReid/394398d16715834aebe9971a88fc9575 – Kathy Reid Mar 31 '24 at 08:24

1 Answers1

1

As the result of sudo dpkg -l | grep '^.[^i]' results the following as you posted in your comment:

rc linux-modules-extra-5.3.0-45-generic 5.3.0-45.37~18.04.1 amd64

Here, the first character of status code is r, which is for Remove (marked for removal); the second character is c, which indicates Cfg-files – Configuration files are present.

(There is a description at: How to interpret the status of dpkg (–list))

I suppose the following should fix your problem:

sudo dpkg --remove --force-all linux-modules-extra-5.3.0-45-generic

You need to run sudo dpkg --remove --force-all package_name01 package_name02 ... for all the packages that have the status code other than ii e.g. rc and the rest. (It is a bit exercise, but you can't do much with a system that has held broken packages, either these fix have to work or you'll end up taking a backup of your data and reinstall the system. In case you decide to reinstall or managed to fix this problem, I suggest you always keep synaptic package manager installed in your system with sudo apt-get install synaptic.)

Then finally the remaining commands:

sudo apt-get clean
sudo apt-get update
sudo apt-get --fix-broken install
sudo apt-get autoremove
rusty
  • 16,327