Enable FIPS in ZorinOS 16

oddclank · 8 December 2021 08:03

How do I enable FIPS in ZorinOS 16 installation? I tried installing Ubuntu Advantage package but it fails on Zorin OS.

The log file /var/log/ubuntu-advantage:

2021-12-08 18:31:35,911 - cli.py:(1528) [DEBUG]: Executed with sys.argv: ['/usr/bin/ua', 'attach', '']
2021-12-08 18:31:35,911 - util.py:(429) [DEBUG]: Reading file: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,911 - config.py:(523) [DEBUG]: File does not exist: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,911 - util.py:(429) [DEBUG]: Reading file: /var/lib/ubuntu-advantage/notices.json
2021-12-08 18:31:35,911 - config.py:(523) [DEBUG]: File does not exist: /var/lib/ubuntu-advantage/notices.json
2021-12-08 18:31:35,911 - util.py:(700) [DEBUG]: Writing file: /var/lib/ubuntu-advantage/notices.json
2021-12-08 18:31:35,911 - util.py:(700) [DEBUG]: Writing file: /var/lib/ubuntu-advantage/private/lock
2021-12-08 18:31:35,911 - util.py:(429) [DEBUG]: Reading file: /var/lib/ubuntu-advantage/notices.json
2021-12-08 18:31:35,912 - util.py:(429) [DEBUG]: Reading file: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,912 - config.py:(523) [DEBUG]: File does not exist: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,912 - util.py:(429) [DEBUG]: Reading file: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,912 - config.py:(523) [DEBUG]: File does not exist: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,912 - util.py:(429) [DEBUG]: Reading file: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,912 - config.py:(523) [DEBUG]: File does not exist: /var/lib/ubuntu-advantage/private/machine-token.json
2021-12-08 18:31:35,912 - util.py:(429) [DEBUG]: Reading file: /etc/machine-id
2021-12-08 18:31:35,912 - util.py:(429) [DEBUG]: Reading file: /etc/os-release
2021-12-08 18:31:35,912 - util.py:(429) [DEBUG]: Reading file: /var/lib/ubuntu-advantage/notices.json
2021-12-08 18:31:35,912 - util.py:(710) [DEBUG]: Removing file: /var/lib/ubuntu-advantage/notices.json
2021-12-08 18:31:35,913 - cli.py:(1499) [ERROR]: Unhandled exception, please file a bug
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1458, in wrapper
return func(*args, **kwargs)
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1544, in main
return args.action(args, cfg=cfg)
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 203, in new_f
return f(args, cfg=cfg)
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 166, in new_f
return f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 147, in new_f
retval = f(*args, cfg=cfg, **kwargs)
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 1107, in action_attach
return _attach_with_token(
File "/usr/lib/python3/dist-packages/uaclient/cli.py", line 999, in _attach_with_token
contract.request_updated_contract(
File "/usr/lib/python3/dist-packages/uaclient/contract.py", line 443, in request_updated_contract
contract_client.request_contract_machine_attach(
File "/usr/lib/python3/dist-packages/uaclient/contract.py", line 76, in request_contract_machine_attach
data = self._get_platform_data(machine_id)
File "/usr/lib/python3/dist-packages/uaclient/contract.py", line 276, in _get_platform_data
platform = util.get_platform_info()
File "/usr/lib/python3/dist-packages/uaclient/util.py", line 339, in get_platform_info
raise RuntimeError(
RuntimeError: Could not parse /etc/os-release VERSION: 16 (modified to 16)

Aravisian · 8 December 2021 08:24

Ubuntu-advantage fails because in installation, it checks that the distro being installed on is Ubuntu and Ubuntu, only. Zorin OS is based on Ubuntu, but is not Ubuntu. It is Zorin OS.
Even if you (temporarily) modify the release file to claim it is Ubuntu, the rest of the installation will likely not work.

FIPS modules are available through Enterprise Ubuntu, per Ubuntu Pro or Ubuntu-Advantage Subscription.

Is there a specific need for FIPS or are you seeking to make Zorin OS more secure?

oddclank · 8 December 2021 09:02

Understood. I have zero interest in modifying the /etc/os-release file to force installation. I also understand UA and have confirmed this enrollment works in Unbuntu. There is a generous free Ubuntu Advantage subscription which allows 3 personal tokens before needing to upgrade. Other distro's have similar abilities.
It appears a shame the task isn't readily achievable on Zorin OS. Unfortunately it won't be a contender for agencies with SBU information.

Thanks anyway.

Aravisian · 8 December 2021 10:06

This is a valid point. Tagging this for @AZorin @zorink ZorinGroup to review, in case there is more information that could help or a possible change for the future.

system · 8 March 2022 10:07

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.