Package: apt Version: 2.5.1 Severity: normal "apt update" fails if the system runs in FIPS mode:
| # apt update | Hit:2 http://deb.debian.org/debian-debug sid InRelease | fatal error in libgcrypt, file ../../src/misc.c, line 92, function _gcry_fatal_error: requested algo not in md context | | Fatal error: requested algo not in md context | Aborted The backtrace is: | #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49 | #1 0x0000fffff78a630c in __GI_abort () at abort.c:79 | #2 0x0000fffff75ce110 in _gcry_fatal_error (rc=rc@entry=5, text=text@entry=0xfffff765cb80 "requested algo not in md context") at ../../src/misc.c:97 | #3 0x0000fffff75e65b0 in md_read (algo=<optimized out>, a=<optimized out>, a=<optimized out>) at ../../cipher/md.c:1095 | #4 0x0000fffff7e435ac in HexDigest (hd=<optimized out>, algo=<optimized out>) at ./apt-pkg/contrib/hashes.cc:429 | #5 0x0000fffff7e44a18 in Hashes::GetHashString (this=this@entry=0xffffffffe6d8, hash=hash@entry=Hashes::MD5SUM) at ./apt-pkg/contrib/hashes.cc:457 | #6 0x0000fffff7e5bfd4 in debListParser::Description_md5 (this=0xaaaaaad9cf10) at ./apt-pkg/deb/deblistparser.cc:295 | #7 0x0000fffff7ecc020 in pkgCacheGenerator::MergeListVersion (this=this@entry=0xaaaaaab31470, List=..., Pkg=..., Version=..., OutVer=@0xffffffffe8c8: 0x0) at ./apt-pkg/pkgcachegen.cc:490 | #8 0x0000fffff7ecdb0c in pkgCacheGenerator::MergeList (this=this@entry=0xaaaaaab31470, List=..., OutVer=<optimized out>, OutVer@entry=0x0) at ./apt-pkg/pkgcachegen.cc:286 | #9 0x0000fffff7eb030c in pkgDebianIndexFile::Merge (this=<optimized out>, Gen=..., Prog=<optimized out>) at ./apt-pkg/indexfile.cc:348 | #10 0x0000fffff7ec8ef4 in operator() (__closure=__closure@entry=0xffffffffebc0, I=0xaaaaaab0a340) at ./apt-pkg/pkgcachegen.cc:1557 | #11 0x0000fffff7ecedb4 in std::for_each<__gnu_cxx::__normal_iterator<pkgIndexFile**, std::vector<pkgIndexFile*> >, BuildCache(pkgCacheGenerator&, OpProgress*, map_filesize_t&, map_filesize_t, const pkgSourceList*, FileIterator, FileIterator)::<lambda(pkgIndexFile*)> > (__f=..., __last=0x0, __first=0xaaaaaab0a340) at /usr/include/c++/11/bits/stl_algo.h:3820 | #12 BuildCache (Gen=..., Progress=<optimized out>, Progress@entry=0xfffffffff280, CurrentSize=@0xffffffffecf0: 100043188, TotalSize=<optimized out>, TotalSize@entry=100043188, | List=List@entry=0x0, Start=..., End=...) at ./apt-pkg/pkgcachegen.cc:1586 | #13 0x0000fffff7ed0994 in pkgCacheGenerator::MakeStatusCache (List=..., Progress=Progress@entry=0xfffffffff280, OutMap=OutMap@entry=0xffffffffef18, OutCache=OutCache@entry=0xffffffffef20) | at /usr/include/c++/11/bits/stl_iterator.h:1026 | #14 0x0000fffff7e0b2dc in pkgCacheFile::BuildCaches (this=0xfffffffff0c0, Progress=0xfffffffff280, WithLock=<optimized out>) at ./apt-pkg/cachefile.cc:127 | #15 0x0000fffff7f9e6fc in DoUpdate(CommandLine&) () from /lib/aarch64-linux-gnu/libapt-private.so.0.0 | #16 0x0000fffff7e27d20 in CommandLine::DispatchArg (this=0xfffffffff448, Map=<optimized out>, NoMatch=true) at ./apt-pkg/contrib/cmndline.cc:369 | #17 0x0000fffff7f633f4 in DispatchCommandLine(CommandLine&, std::vector<CommandLine::Dispatch, std::allocator<CommandLine::Dispatch> > const&) () | from /lib/aarch64-linux-gnu/libapt-private.so.0.0 | #18 0x0000aaaaaaaa1898 in ?? () | #19 0x0000fffff78a6614 in __libc_start_main (main=0xaaaaaaaa17c0, argc=2, argv=0xfffffffff5d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, | stack_end=<optimized out>) at ../csu/libc-start.c:332 | #20 0x0000aaaaaaaa19b8 in ?? () In FIPS mode MD5 is not allowed, so every usage results in a fatal error. One workarounds would be: Check for FIPS mode with gcry_fips_mode_active and don't try to use it then. Bastian -- Package-specific info: -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.18.0-2-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) -- no debconf information
