[Bug 2084251] Re: LUKS not detected or prompted for on boot

Haw Loeung 2084251 at bugs.launchpad.net
Fri Oct 18 19:34:55 UTC 2024 

Oh, changing `Pin-Priority` to 500 did it:

| [hloeung at dharkan etc]$ sudo apt install systemd/oracular-proposed systemd-sysv/oracular-proposed
| Selected version '256.5-2ubuntu3.1' (Ubuntu:24.10/oracular-proposed [amd64]) for 'systemd'
| Selected version '256.5-2ubuntu3.1' (Ubuntu:24.10/oracular-proposed [amd64]) for 'systemd-sysv'
| Upgrading:
|   libpam-systemd  libsystemd-shared  libsystemd0  libudev1  systemd  systemd-sysv  udev
|
| Installing dependencies:
|   systemd-cryptsetup
|
| Summary:
|   Upgrading: 7, Installing: 1, Removing: 0, Not Upgrading: 24
|   Download size: 8,613 kB
|   Space needed: 550 kB / 257 GB available
|
| Continue? [Y/n] ^C

| [hloeung at dharkan etc]$ sudo apt-get install systemd/oracular-proposed systemd-sysv/oracular-proposed
| Reading package lists... Done
| Building dependency tree... Done
| Reading state information... Done
| Selected version '256.5-2ubuntu3.1' (Ubuntu:24.10/oracular-proposed [amd64]) for 'systemd'
| Selected version '256.5-2ubuntu3.1' (Ubuntu:24.10/oracular-proposed [amd64]) for 'systemd-sysv'
| The following additional packages will be installed:
|   libpam-systemd libsystemd-shared libsystemd0 libudev1 systemd-cryptsetup udev
| The following NEW packages will be installed:
|   systemd-cryptsetup
| The following packages will be upgraded:
|   libpam-systemd libsystemd-shared libsystemd0 libudev1 systemd systemd-sysv udev
| 7 upgraded, 1 newly installed, 0 to remove and 24 not upgraded.
| Need to get 8,613 kB of archives.
| After this operation, 550 kB of additional disk space will be used.
| Do you want to continue? [Y/n] n
| Abort.

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2084251

Title:
  LUKS not detected or prompted for on boot

Status in cryptsetup package in Ubuntu:
  Invalid
Status in systemd package in Ubuntu:
  In Progress
Status in cryptsetup source package in Oracular:
  Invalid
Status in systemd source package in Oracular:
  Fix Committed

Bug description:
  [Impact]

  Upgrades from Noble to Oracular do not pull systemd-cryptsetup in by
  default. Users that rely on e.g. cryptswap, or something else in
  /etc/crypttab that was previously handled by systemd-cryptsetup, they
  will face regressions on upgrades.

  Users that install 24.10 as ZFS + encryption also see issues due to
  missing systemd-cryptsetup. Note that this patch for systemd does not
  itself fix the installation issue.

  [Test Plan]

  1. The systemd-cryptsetup package should be installed on upgrades from
  Noble to Oracular:

  $ lxc launch ubuntu:noble noble
  $ lxc exec noble bash

  Then, in the container:

  $ cat > /etc/apt/sources.list.d/proposed.sources << EOF
  Types: deb
  URIs: http://us.archive.ubuntu.com/ubuntu/
  Suites: noble-proposed
  Components: main restricted universe multiverse
  Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
  EOF
  cat <<EOF >/etc/apt/preferences.d/proposed-updates
  # Make sure that after we re-write sources, the correct version is pulled in.
  Package: *
  Pin: release a=oracular-proposed
  Pin-Priority: 500
  EOF
  $ do-release-upgrade
  ...
  $ apt policy systemd-cryptsetup

  Without the fix, systemd-cryptsetup would not be installed
  automatically during the upgrade.

  ### Edit: The deboostrap test is not applicable, because I wrongly
  assumed we would adjust the priorities in SRU, but after consulting an
  AA, it is not worth doing for oracular.

  2. The systemd-cryptsetup package should be installed when
  bootstrapping oracular:

  $ debootstrap --extra-suites=oracular-proposed oracular oracular
  ...
  $ systemd-nspawn -D oracular

  Then, in the container:

  $ apt policy systemd-cryptsetup

  Without the fix, systemd-cryptsetup would not be installed during the
  bootstrap.

  [Where problems could occur]

  The patch is to change the Priority to important for systemd-
  cryptsetup, and to add Recommends: systemd-cryptsetup back to systemd.
  Hence, issues would be related to installing systemd, or maybe
  bootstrapping.

  We should make sure there are no typos in the patch :)

  [Original Description]

  Hi,

  I just upgraded from Noble to Oracular. It seems post-upgrade, only a
  single LUKS device is decrypted on boot.

  My `/etc/crypttab` is as follows:

  | nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard
  | nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard

  `lsblk -o +UUID` showing UUIDs:

  | ├─nvme0n1p3         259:3    0   384G  0 part                               c82c8c6c-e363-473f-a655-a325d4e6cf3b
  | │ └─nvme0n1p3_crypt 252:0    0   384G  0 crypt /                            f48e2583-013f-474c-9f57-5deabef8d833
  | └─nvme0n1p4         259:4    0 546.8G  0 part                               3de219b7-3e0c-437b-a0eb-d3cb8087d74e
  |   └─nvme0n1p4_crypt 252:1    0 546.7G  0 crypt /home                        dfea2d4c-f43e-4ef9-8938-3255f7987dfa

  I can confirm that the `crypttab` entry is correct because I can run
  `cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it
  decrypts it.

  I haven't yet tried downgrading `cryptsetup`, will give that a try
  tomorrow.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2084251/+subscriptions

More information about the foundations-bugs mailing list