[Bug 2084251] Re: LUKS not detected or prompted for on boot
Nick Rosbrook
2084251 at bugs.launchpad.net
Fri Oct 18 13:03:35 UTC 2024
Haw, do you have a configuration in place to prevent Recommends: being
installed by default?
This works fine for me:
root at oracular:~# apt policy systemd systemd-cryptsetup
systemd:
Installed: 256.5-2ubuntu3
Candidate: 256.5-2ubuntu3
Version table:
*** 256.5-2ubuntu3 500
500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
100 /var/lib/dpkg/status
systemd-cryptsetup:
Installed: (none)
Candidate: 256.5-2ubuntu3
Version table:
256.5-2ubuntu3 500
500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
root at oracular:~# cat > /etc/apt/sources.list.d/proposed.sources << EOF
Types: deb
URIs: http://us.archive.ubuntu.com/ubuntu/
Suites: oracular-proposed
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
EOF
root at oracular:~# cat <<EOF >/etc/apt/preferences.d/proposed-updates
Package: *
Pin: release a=oracular-proposed
Pin-Priority: 500
EOF
root at oracular:~# apt update
Hit:1 http://archive.ubuntu.com/ubuntu oracular InRelease
Hit:2 http://archive.ubuntu.com/ubuntu oracular-updates InRelease
Hit:3 http://archive.ubuntu.com/ubuntu oracular-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu oracular-security InRelease
Get:5 http://us.archive.ubuntu.com/ubuntu oracular-proposed InRelease [265 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages [54.0 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main Translation-en [16.4 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Components [212 B]
Get:9 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 c-n-f Metadata [780 B]
Get:10 http://us.archive.ubuntu.com/ubuntu oracular-proposed/restricted amd64 Packages [32.6 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu oracular-proposed/restricted Translation-en [8060 B]
Get:12 http://us.archive.ubuntu.com/ubuntu oracular-proposed/restricted amd64 Components [216 B]
Get:13 http://us.archive.ubuntu.com/ubuntu oracular-proposed/restricted amd64 c-n-f Metadata [120 B]
Get:14 http://us.archive.ubuntu.com/ubuntu oracular-proposed/universe amd64 Packages [107 kB]
Get:15 http://us.archive.ubuntu.com/ubuntu oracular-proposed/universe Translation-en [50.2 kB]
Get:16 http://us.archive.ubuntu.com/ubuntu oracular-proposed/universe amd64 Components [6512 B]
Get:17 http://us.archive.ubuntu.com/ubuntu oracular-proposed/universe amd64 c-n-f Metadata [4420 B]
Get:18 http://us.archive.ubuntu.com/ubuntu oracular-proposed/multiverse amd64 Components [216 B]
Get:19 http://us.archive.ubuntu.com/ubuntu oracular-proposed/multiverse amd64 c-n-f Metadata [120 B]
Fetched 546 kB in 4s (129 kB/s)
18 packages can be upgraded. Run 'apt list --upgradable' to see them.
root at oracular:~# apt policy systemd systemd-cryptsetup
systemd:
Installed: 256.5-2ubuntu3
Candidate: 256.5-2ubuntu3.1
Version table:
256.5-2ubuntu3.1 500
500 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages
*** 256.5-2ubuntu3 500
500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
100 /var/lib/dpkg/status
systemd-cryptsetup:
Installed: (none)
Candidate: 256.5-2ubuntu3.1
Version table:
256.5-2ubuntu3.1 500
500 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages
256.5-2ubuntu3 500
500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
root at oracular:~# apt install systemd
Upgrading:
libnss-systemd libsystemd-shared libudev1 systemd-resolved systemd-timesyncd
libpam-systemd libsystemd0 systemd systemd-sysv udev
Installing dependencies:
systemd-cryptsetup
Summary:
Upgrading: 10, Installing: 1, Removing: 0, Not Upgrading: 8
Download size: 9135 kB
Space needed: 550 kB / 63.7 GB available
Continue? [Y/n] Y
Get:1 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 systemd-timesyncd amd64 256.5-2ubuntu3.1 [40.2 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 systemd-resolved amd64 256.5-2ubuntu3.1 [316 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 libsystemd-shared amd64 256.5-2ubuntu3.1 [2204 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 libsystemd0 amd64 256.5-2ubuntu3.1 [449 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 systemd-sysv amd64 256.5-2ubuntu3.1 [11.9 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 libnss-systemd amd64 256.5-2ubuntu3.1 [165 kB]
Get:7 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 libpam-systemd amd64 256.5-2ubuntu3.1 [245 kB]
Get:8 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 systemd amd64 256.5-2ubuntu3.1 [3420 kB]
Get:9 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 udev amd64 256.5-2ubuntu3.1 [1969 kB]
Get:10 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 libudev1 amd64 256.5-2ubuntu3.1 [196 kB]
Get:11 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 systemd-cryptsetup amd64 256.5-2ubuntu3.1 [119 kB]
Fetched 9135 kB in 1s (14.6 MB/s)
(Reading database ... 38182 files and directories currently installed.)
Preparing to unpack .../systemd-timesyncd_256.5-2ubuntu3.1_amd64.deb ...
Unpacking systemd-timesyncd (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../systemd-resolved_256.5-2ubuntu3.1_amd64.deb ...
Unpacking systemd-resolved (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../libsystemd-shared_256.5-2ubuntu3.1_amd64.deb ...
Unpacking libsystemd-shared:amd64 (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../libsystemd0_256.5-2ubuntu3.1_amd64.deb ...
Unpacking libsystemd0:amd64 (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Setting up libsystemd0:amd64 (256.5-2ubuntu3.1) ...
(Reading database ... 38182 files and directories currently installed.)
Preparing to unpack .../0-systemd-sysv_256.5-2ubuntu3.1_amd64.deb ...
Unpacking systemd-sysv (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../1-libnss-systemd_256.5-2ubuntu3.1_amd64.deb ...
Unpacking libnss-systemd:amd64 (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../2-libpam-systemd_256.5-2ubuntu3.1_amd64.deb ...
Unpacking libpam-systemd:amd64 (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../3-systemd_256.5-2ubuntu3.1_amd64.deb ...
Unpacking systemd (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../4-udev_256.5-2ubuntu3.1_amd64.deb ...
Unpacking udev (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Preparing to unpack .../5-libudev1_256.5-2ubuntu3.1_amd64.deb ...
Unpacking libudev1:amd64 (256.5-2ubuntu3.1) over (256.5-2ubuntu3) ...
Setting up libudev1:amd64 (256.5-2ubuntu3.1) ...
Selecting previously unselected package systemd-cryptsetup.
(Reading database ... 38182 files and directories currently installed.)
Preparing to unpack .../systemd-cryptsetup_256.5-2ubuntu3.1_amd64.deb ...
Unpacking systemd-cryptsetup (256.5-2ubuntu3.1) ...
Setting up libsystemd-shared:amd64 (256.5-2ubuntu3.1) ...
Setting up systemd (256.5-2ubuntu3.1) ...
/usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring.
/usr/lib/tmpfiles.d/legacy.conf:13: Duplicate line for path "/run/lock", ignoring.
Setting up systemd-cryptsetup (256.5-2ubuntu3.1) ...
Setting up systemd-timesyncd (256.5-2ubuntu3.1) ...
systemd-time-wait-sync.service is a disabled or a static unit not running, not starting it.
Setting up udev (256.5-2ubuntu3.1) ...
Setting up systemd-resolved (256.5-2ubuntu3.1) ...
Setting up systemd-sysv (256.5-2ubuntu3.1) ...
Setting up libnss-systemd:amd64 (256.5-2ubuntu3.1) ...
Setting up libpam-systemd:amd64 (256.5-2ubuntu3.1) ...
Processing triggers for libc-bin (2.40-1ubuntu3) ...
Processing triggers for man-db (2.12.1-3) ...
Processing triggers for dbus (1.14.10-4ubuntu5) ...
Processing triggers for shared-mime-info (2.4-5) ...
Processing triggers for initramfs-tools (0.142ubuntu34) ...
Scanning processes...
Scanning candidates...
Restarting services...
systemctl restart console-getty.service packagekit.service polkit.service rsyslog.service udisks2.service
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
root at oracular:~# apt policy systemd systemd-cryptsetup
systemd:
Installed: 256.5-2ubuntu3.1
Candidate: 256.5-2ubuntu3.1
Version table:
*** 256.5-2ubuntu3.1 500
500 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages
100 /var/lib/dpkg/status
256.5-2ubuntu3 500
500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
systemd-cryptsetup:
Installed: 256.5-2ubuntu3.1
Candidate: 256.5-2ubuntu3.1
Version table:
*** 256.5-2ubuntu3.1 500
500 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages
100 /var/lib/dpkg/status
256.5-2ubuntu3 500
500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2084251
Title:
LUKS not detected or prompted for on boot
Status in cryptsetup package in Ubuntu:
Invalid
Status in systemd package in Ubuntu:
In Progress
Status in cryptsetup source package in Oracular:
Invalid
Status in systemd source package in Oracular:
Fix Committed
Bug description:
[Impact]
Upgrades from Noble to Oracular do not pull systemd-cryptsetup in by
default. Users that rely on e.g. cryptswap, or something else in
/etc/crypttab that was previously handled by systemd-cryptsetup, they
will face regressions on upgrades.
Users that install 24.10 as ZFS + encryption also see issues due to
missing systemd-cryptsetup. Note that this patch for systemd does not
itself fix the installation issue.
[Test Plan]
1. The systemd-cryptsetup package should be installed on upgrades from
Noble to Oracular:
$ lxc launch ubuntu:noble noble
$ lxc exec noble bash
Then, in the container:
$ cat > /etc/apt/sources.list.d/proposed.sources << EOF
Types: deb
URIs: http://us.archive.ubuntu.com/ubuntu/
Suites: noble-proposed
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
EOF
cat <<EOF >/etc/apt/preferences.d/proposed-updates
# Make sure that after we re-write sources, the correct version is pulled in.
Package: *
Pin: release a=oracular-proposed
Pin-Priority: 500
EOF
$ do-release-upgrade
...
$ apt policy systemd-cryptsetup
Without the fix, systemd-cryptsetup would not be installed
automatically during the upgrade.
2. The systemd-cryptsetup package should be installed when
bootstrapping oracular:
$ debootstrap --extra-suites=oracular-proposed oracular oracular
...
$ systemd-nspawn -D oracular
Then, in the container:
$ apt policy systemd-cryptsetup
Without the fix, systemd-cryptsetup would not be installed during the
bootstrap.
[Where problems could occur]
The patch is to change the Priority to important for systemd-
cryptsetup, and to add Recommends: systemd-cryptsetup back to systemd.
Hence, issues would be related to installing systemd, or maybe
bootstrapping.
We should make sure there are no typos in the patch :)
[Original Description]
Hi,
I just upgraded from Noble to Oracular. It seems post-upgrade, only a
single LUKS device is decrypted on boot.
My `/etc/crypttab` is as follows:
| nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard
| nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard
`lsblk -o +UUID` showing UUIDs:
| ├─nvme0n1p3 259:3 0 384G 0 part c82c8c6c-e363-473f-a655-a325d4e6cf3b
| │ └─nvme0n1p3_crypt 252:0 0 384G 0 crypt / f48e2583-013f-474c-9f57-5deabef8d833
| └─nvme0n1p4 259:4 0 546.8G 0 part 3de219b7-3e0c-437b-a0eb-d3cb8087d74e
| └─nvme0n1p4_crypt 252:1 0 546.7G 0 crypt /home dfea2d4c-f43e-4ef9-8938-3255f7987dfa
I can confirm that the `crypttab` entry is correct because I can run
`cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it
decrypts it.
I haven't yet tried downgrading `cryptsetup`, will give that a try
tomorrow.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2084251/+subscriptions
More information about the foundations-bugs
mailing list