[Bug 1979159] Please test proposed package

[Łukasz Zemczak]

Hello fedorowp, or anyone else affected,

Accepted cryptsetup into jammy-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/cryptsetup/2:2.4.3-1ubuntu1.1 in a
few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
jammy to verification-done-jammy. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-jammy. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1979159

Title:
  Cannot unlock encrypted root after upgrading to 22.04

Status in cryptsetup package in Ubuntu:
  Fix Committed
Status in cryptsetup source package in Jammy:
  Fix Committed
Status in cryptsetup source package in Kinetic:
  Fix Committed

Bug description:
  [Impact]

  After upgrading to Ubuntu 22.04 with an encrypted root filesystem, the
  root drive can no longer be unlocked at the "Please unlock disk
  <diskname>" prompt on boot.

  The encrypted root disk can be unlocked fine from the liveCD, but not
  from the initramfs environment on boot.

  The issue is caused by support for various luks encryption protocols
  now being missing from the initramfs environment due to changes
  introduced in OpenSSL 3.0 and Ubuntu pre-release testing not including
  a test-case of upgrading older Ubuntu versions with an encrypted root
  to the new version.

  [Test Plan]

  Test a fresh installation:

  * Use Ubuntu 22.04 installer
  * Prepare encrypted disk layout (first partition /boot, second for /) and go one step back
  * Then change hash in terminal
  ```
  sudo cryptsetup close vda2_crypt
  sudo cryptsetup luksFormat --hash=whirlpool /dev/vda2
  sudo cryptsetup luksOpen /dev/vda2 vda2_crypt
  sudo mkfs.ext4 /dev/mapper/vda2_crypt
  ```
  * Continue and complete installation
  * Ensure that /target/etc/crypttab exists (if not, create it and run "update-initramfs -u" in "chroot /target")
  * Reboot
  * The system should ask for the password during boot and successfully boot into the desktop

  Test an upgrade:

  * Install Ubuntu 20.04 (similar to above)
  * Upgrade to Ubuntu 22.04
  * Reboot
  * The system should ask for the password during boot and successfully boot into the desktop

  [Workaround]
  The issue can be worked-around by:
  1.  Booting from the 22.04 liveCD.
  2.  chrooting into the target system's root.
         See https://help.ubuntu.com/community/ManualFullSystemEncryption/Troubleshooting
  3.  Creating a file /etc/initramfs-tools/hooks/custom-add-openssl-compat.conf containing:
  ---
  . /usr/share/initramfs-tools/hook-functions
  copy_exec /usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so /usr/lib/x86_64-linux-gnu/ossl-modules/
  ---
  4.  Mark the file as executable: chmod +x /etc/initramfs-tools/hooks/custom-add-openssl-compat.conf
  5.  Regenerating the initramfs.  ie. update-initramfs -k all -u

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1979159/+subscriptions