[Bug 2084251] Re: LUKS not detected or prompted for on boot
Andreas Hasenack
2084251 at bugs.launchpad.net
Thu Nov 7 13:06:55 UTC 2024
https://ubuntu-archive-team.ubuntu.com/proposed-
migration/oracular/update_excuses.html#systemd also shows a linux-
lowlatency test on arm64 running, I suppose for days. I didn't locate it
in the autopkgtest /running page, nor in the history of completed tests,
so I triggered a new run.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2084251
Title:
LUKS not detected or prompted for on boot
Status in cryptsetup package in Ubuntu:
Invalid
Status in systemd package in Ubuntu:
In Progress
Status in cryptsetup source package in Oracular:
Invalid
Status in systemd source package in Oracular:
Fix Committed
Bug description:
[Impact]
Upgrades from Noble to Oracular do not pull systemd-cryptsetup in by
default. Users that rely on e.g. cryptswap, or something else in
/etc/crypttab that was previously handled by systemd-cryptsetup, they
will face regressions on upgrades.
Users that install 24.10 as ZFS + encryption also see issues due to
missing systemd-cryptsetup. Note that this patch for systemd does not
itself fix the installation issue.
[Test Plan]
1. The systemd-cryptsetup package should be installed on upgrades from
Noble to Oracular:
$ lxc launch ubuntu:noble noble
$ lxc exec noble bash
Then, in the container:
$ cat > /etc/apt/sources.list.d/proposed.sources << EOF
Types: deb
URIs: http://us.archive.ubuntu.com/ubuntu/
Suites: noble-proposed
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
EOF
cat <<EOF >/etc/apt/preferences.d/proposed-updates
# Make sure that after we re-write sources, the correct version is pulled in.
Package: *
Pin: release a=oracular-proposed
Pin-Priority: 500
EOF
$ do-release-upgrade
...
$ apt policy systemd-cryptsetup
Without the fix, systemd-cryptsetup would not be installed
automatically during the upgrade.
### Edit: The deboostrap test is not applicable, because I wrongly
assumed we would adjust the priorities in SRU, but after consulting an
AA, it is not worth doing for oracular.
2. The systemd-cryptsetup package should be installed when
bootstrapping oracular:
$ debootstrap --extra-suites=oracular-proposed oracular oracular
...
$ systemd-nspawn -D oracular
Then, in the container:
$ apt policy systemd-cryptsetup
Without the fix, systemd-cryptsetup would not be installed during the
bootstrap.
[Where problems could occur]
The patch is to change the Priority to important for systemd-
cryptsetup, and to add Recommends: systemd-cryptsetup back to systemd.
Hence, issues would be related to installing systemd, or maybe
bootstrapping.
We should make sure there are no typos in the patch :)
[Original Description]
Hi,
I just upgraded from Noble to Oracular. It seems post-upgrade, only a
single LUKS device is decrypted on boot.
My `/etc/crypttab` is as follows:
| nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard
| nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard
`lsblk -o +UUID` showing UUIDs:
| ├─nvme0n1p3 259:3 0 384G 0 part c82c8c6c-e363-473f-a655-a325d4e6cf3b
| │ └─nvme0n1p3_crypt 252:0 0 384G 0 crypt / f48e2583-013f-474c-9f57-5deabef8d833
| └─nvme0n1p4 259:4 0 546.8G 0 part 3de219b7-3e0c-437b-a0eb-d3cb8087d74e
| └─nvme0n1p4_crypt 252:1 0 546.7G 0 crypt /home dfea2d4c-f43e-4ef9-8938-3255f7987dfa
I can confirm that the `crypttab` entry is correct because I can run
`cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it
decrypts it.
I haven't yet tried downgrading `cryptsetup`, will give that a try
tomorrow.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2084251/+subscriptions
More information about the foundations-bugs
mailing list