I have confirmed the fix using systemd/systemd-cryptsetup 256.5-2ubuntu3.1 from oracular-proposed. I used a LXD container to test an upgrade from noble to oracular:
nr@six:~$ lxc launch ubuntu:noble noble Launching noble ^R nr@six:~$ lxc exec noble bash root@noble:~# cat > /etc/apt/sources.list.d/proposed.sources << EOF Types: deb URIs: http://us.archive.ubuntu.com/ubuntu/ Suites: noble-proposed Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg EOF root@noble:~# cat <<EOF >/etc/apt/preferences.d/proposed-updates # Make sure that after we re-write sources, the correct version is pulled in. Package: * Pin: release a=oracular-proposed Pin-Priority: 500 EOF root@noble:~# sed -i 's/Prompt=lts/Prompts=normal/g' /etc/update-manager/release-upgrades root@noble:~# do-release-upgrade -f DistUpgradeViewNonInteractive Checking for a new Ubuntu release Get:1 Upgrade tool signature [833 B] Get:2 Upgrade tool [1055 kB] [...SNIP...] Setting up ubuntu-server (1.543) ... packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended (Reading database ... 38337 files and directories currently installed.) Removing libargon2-1:amd64 (0~20190702+dfsg-4build1) ... Removing libatm1t64:amd64 (1:2.5.1-5.1build1) ... Removing libssh-4:amd64 (0.10.6-3ubuntu1) ... Removing systemd-dev (256.5-2ubuntu3.1) ... Processing triggers for libc-bin (2.40-1ubuntu3) ... packages have been installed but needrestart is suspended packages have been installed but needrestart is suspended root@noble:~# root@noble:~# apt policy systemd-cryptsetup systemd-cryptsetup: Installed: 256.5-2ubuntu3.1 Candidate: 256.5-2ubuntu3.1 Version table: *** 256.5-2ubuntu3.1 500 500 http://us.archive.ubuntu.com/ubuntu oracular-proposed/main amd64 Packages 100 /var/lib/dpkg/status 256.5-2ubuntu3 500 500 http://archive.ubuntu.com/ubuntu oracular/main amd64 Packages Please also see my edit in the test plan regarding the debootstrap test. This is not actually applicable for the SRU. ** Description changed: [Impact] Upgrades from Noble to Oracular do not pull systemd-cryptsetup in by default. Users that rely on e.g. cryptswap, or something else in /etc/crypttab that was previously handled by systemd-cryptsetup, they will face regressions on upgrades. Users that install 24.10 as ZFS + encryption also see issues due to missing systemd-cryptsetup. Note that this patch for systemd does not itself fix the installation issue. [Test Plan] 1. The systemd-cryptsetup package should be installed on upgrades from Noble to Oracular: $ lxc launch ubuntu:noble noble $ lxc exec noble bash Then, in the container: $ cat > /etc/apt/sources.list.d/proposed.sources << EOF Types: deb URIs: http://us.archive.ubuntu.com/ubuntu/ Suites: noble-proposed Components: main restricted universe multiverse Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg EOF cat <<EOF >/etc/apt/preferences.d/proposed-updates # Make sure that after we re-write sources, the correct version is pulled in. Package: * Pin: release a=oracular-proposed Pin-Priority: 500 EOF $ do-release-upgrade ... $ apt policy systemd-cryptsetup Without the fix, systemd-cryptsetup would not be installed automatically during the upgrade. + + ### Edit: The deboostrap test is not applicable, because I wrongly + assumed we would adjust the priorities in SRU, but after consulting an + AA, it is not worth doing for oracular. 2. The systemd-cryptsetup package should be installed when bootstrapping oracular: $ debootstrap --extra-suites=oracular-proposed oracular oracular ... $ systemd-nspawn -D oracular Then, in the container: $ apt policy systemd-cryptsetup Without the fix, systemd-cryptsetup would not be installed during the bootstrap. [Where problems could occur] The patch is to change the Priority to important for systemd-cryptsetup, and to add Recommends: systemd-cryptsetup back to systemd. Hence, issues would be related to installing systemd, or maybe bootstrapping. We should make sure there are no typos in the patch :) [Original Description] Hi, I just upgraded from Noble to Oracular. It seems post-upgrade, only a single LUKS device is decrypted on boot. My `/etc/crypttab` is as follows: | nvme0n1p3_crypt UUID=c82c8c6c-e363-473f-a655-a325d4e6cf3b none luks,discard | nvme0n1p4_crypt UUID=3de219b7-3e0c-437b-a0eb-d3cb8087d74e none luks,discard `lsblk -o +UUID` showing UUIDs: | ├─nvme0n1p3 259:3 0 384G 0 part c82c8c6c-e363-473f-a655-a325d4e6cf3b | │ └─nvme0n1p3_crypt 252:0 0 384G 0 crypt / f48e2583-013f-474c-9f57-5deabef8d833 | └─nvme0n1p4 259:4 0 546.8G 0 part 3de219b7-3e0c-437b-a0eb-d3cb8087d74e | └─nvme0n1p4_crypt 252:1 0 546.7G 0 crypt /home dfea2d4c-f43e-4ef9-8938-3255f7987dfa I can confirm that the `crypttab` entry is correct because I can run `cryptdisks_start nvme0n1p4_crypt` on the recovery prompt and it decrypts it. I haven't yet tried downgrading `cryptsetup`, will give that a try tomorrow. ** Tags removed: verification-needed verification-needed-oracular ** Tags added: verification-done verification-done-oracular -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2084251 Title: LUKS not detected or prompted for on boot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2084251/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
