** Description changed: + [Test Plan] + + 1. The systemd-cryptsetup package should be installed on upgrades from + Noble to Oracular: + + $ lxc launch ubuntu:noble noble + $ lxc exec noble bash + + Then, in the container: + + $ cat > /etc/apt/sources.list.d/proposed.sources << EOF + Types: deb + URIs: http://us.archive.ubuntu.com/ubuntu/ + Suites: noble-proposed + Components: main restricted universe multiverse + Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg + EOF + $ do-release-upgrade + ... + $ apt policy systemd-cryptsetup + + Without the fix, systemd-cryptsetup would not be installed automatically + during the upgrade. + + 2. The systemd-cryptsetup package should be installed when bootstrapping + oracular: + + $ debootstrap --extra-suites=oracular-proposed oracular oracular + ... + $ systemd-nspawn -D oracular + + Then, in the container: + + $ apt policy systemd-cryptsetup + + Without the fix, systemd-cryptsetup would not be installed during the + bootstrap. + + [Original Description] + Hi, I just upgraded from Noble to Oracular. It seems post-upgrade, only a single LUKS device is decrypted on boot. My `/etc/crypttab` is as follows: | nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard | nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard `lsblk -o +UUID` showing UUIDs: | ├─nvme0n1p3 259:3 0 384G 0 part c82c8c6c-e363-473f-a655-a325d4e6cf3b | │ └─nvme0n1p3_crypt 252:0 0 384G 0 crypt / f48e2583-013f-474c-9f57-5deabef8d833 | └─nvme0n1p4 259:4 0 546.8G 0 part 3de219b7-3e0c-437b-a0eb-d3cb8087d74e | └─nvme0n1p4_crypt 252:1 0 546.7G 0 crypt /home dfea2d4c-f43e-4ef9-8938-3255f7987dfa I can confirm that the `crypttab` entry is correct because I can run `cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it decrypts it. I haven't yet tried downgrading `cryptsetup`, will give that a try tomorrow.
** Description changed: + [Impact] + + Upgrades from Noble to Oracular do not pull systemd-cryptsetup in by + default. Users that rely on e.g. cryptswap, or something else in + /etc/crypttab that was previously handled by systemd-cryptsetup, they + will face regressions on upgrades. + + Users that install 24.10 as ZFS + encryption also see issues due to + missing systemd-cryptsetup. Note that this patch for systemd does not + itself fix the installation issue. + [Test Plan] 1. The systemd-cryptsetup package should be installed on upgrades from Noble to Oracular: $ lxc launch ubuntu:noble noble $ lxc exec noble bash Then, in the container: $ cat > /etc/apt/sources.list.d/proposed.sources << EOF Types: deb URIs: http://us.archive.ubuntu.com/ubuntu/ Suites: noble-proposed Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg EOF $ do-release-upgrade ... $ apt policy systemd-cryptsetup Without the fix, systemd-cryptsetup would not be installed automatically during the upgrade. 2. The systemd-cryptsetup package should be installed when bootstrapping oracular: $ debootstrap --extra-suites=oracular-proposed oracular oracular ... $ systemd-nspawn -D oracular Then, in the container: $ apt policy systemd-cryptsetup Without the fix, systemd-cryptsetup would not be installed during the bootstrap. + [Where problems could occur] + + The patch is to change the Priority to important for systemd-cryptsetup, + and to add Recommends: systemd-cryptsetup back to systemd. Hence, issues + would be related to installing systemd, or maybe bootstrapping. + + We should make sure there are no typos in the patch :) + [Original Description] Hi, I just upgraded from Noble to Oracular. It seems post-upgrade, only a single LUKS device is decrypted on boot. My `/etc/crypttab` is as follows: | nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard | nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard `lsblk -o +UUID` showing UUIDs: | ├─nvme0n1p3 259:3 0 384G 0 part c82c8c6c-e363-473f-a655-a325d4e6cf3b | │ └─nvme0n1p3_crypt 252:0 0 384G 0 crypt / f48e2583-013f-474c-9f57-5deabef8d833 | └─nvme0n1p4 259:4 0 546.8G 0 part 3de219b7-3e0c-437b-a0eb-d3cb8087d74e | └─nvme0n1p4_crypt 252:1 0 546.7G 0 crypt /home dfea2d4c-f43e-4ef9-8938-3255f7987dfa I can confirm that the `crypttab` entry is correct because I can run `cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it decrypts it. I haven't yet tried downgrading `cryptsetup`, will give that a try tomorrow. ** Changed in: systemd (Ubuntu Oracular) Assignee: (unassigned) => Nick Rosbrook (enr0n) ** Changed in: systemd (Ubuntu Oracular) Importance: Undecided => High ** Description changed: [Impact] Upgrades from Noble to Oracular do not pull systemd-cryptsetup in by default. Users that rely on e.g. cryptswap, or something else in /etc/crypttab that was previously handled by systemd-cryptsetup, they will face regressions on upgrades. Users that install 24.10 as ZFS + encryption also see issues due to missing systemd-cryptsetup. Note that this patch for systemd does not itself fix the installation issue. [Test Plan] 1. The systemd-cryptsetup package should be installed on upgrades from Noble to Oracular: $ lxc launch ubuntu:noble noble $ lxc exec noble bash Then, in the container: $ cat > /etc/apt/sources.list.d/proposed.sources << EOF Types: deb URIs: http://us.archive.ubuntu.com/ubuntu/ Suites: noble-proposed Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg + EOF + cat <<EOF >/etc/apt/preferences.d/proposed-updates + # Make sure that after we re-write sources, the correct version is pulled in. + Package: * + Pin: release a=oracular-proposed + Pin-Priority: 500 EOF $ do-release-upgrade ... $ apt policy systemd-cryptsetup Without the fix, systemd-cryptsetup would not be installed automatically during the upgrade. 2. The systemd-cryptsetup package should be installed when bootstrapping oracular: $ debootstrap --extra-suites=oracular-proposed oracular oracular ... $ systemd-nspawn -D oracular Then, in the container: $ apt policy systemd-cryptsetup Without the fix, systemd-cryptsetup would not be installed during the bootstrap. [Where problems could occur] The patch is to change the Priority to important for systemd-cryptsetup, and to add Recommends: systemd-cryptsetup back to systemd. Hence, issues would be related to installing systemd, or maybe bootstrapping. We should make sure there are no typos in the patch :) [Original Description] Hi, I just upgraded from Noble to Oracular. It seems post-upgrade, only a single LUKS device is decrypted on boot. My `/etc/crypttab` is as follows: | nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard | nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard `lsblk -o +UUID` showing UUIDs: | ├─nvme0n1p3 259:3 0 384G 0 part c82c8c6c-e363-473f-a655-a325d4e6cf3b | │ └─nvme0n1p3_crypt 252:0 0 384G 0 crypt / f48e2583-013f-474c-9f57-5deabef8d833 | └─nvme0n1p4 259:4 0 546.8G 0 part 3de219b7-3e0c-437b-a0eb-d3cb8087d74e | └─nvme0n1p4_crypt 252:1 0 546.7G 0 crypt /home dfea2d4c-f43e-4ef9-8938-3255f7987dfa I can confirm that the `crypttab` entry is correct because I can run `cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it decrypts it. I haven't yet tried downgrading `cryptsetup`, will give that a try tomorrow. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084251 Title: Only single LUKS device unlocked on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2084251/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
