The verification of the Stable Release Update for partman-crypto has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
-- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1898129 Title: Cannot configure 'cryptsetup luksFormat' at install time Status in partman-crypto package in Ubuntu: Invalid Status in ubiquity package in Ubuntu: Fix Released Status in partman-crypto source package in Focal: Fix Committed Status in ubiquity source package in Focal: Fix Committed Status in partman-crypto source package in Groovy: Invalid Status in ubiquity source package in Groovy: Won't Fix Status in partman-crypto source package in Hirsute: Invalid Status in ubiquity source package in Hirsute: Fix Released Status in partman-crypto package in Debian: Unknown Bug description: [Impact] * Users cannot specify options for 'cryptsetup luksFormat' that is used by the installer. * Some deployments need the installed disks in LUKS1 format for backward compatibility with older releases that don't support LUKS2, for backup/audit/management purposes. * However, on Focal and later, cryptsetup defaults to LUKS2, which broke that functionality. * Currently it's not possible to request the LUKS format in the installer, so this patch allows for that w/ a preseed option ('partman-crypto/luksformat_options') for the user. [Test Case] * Default behavior: LUKS2 - Install Ubuntu (Focal/later); check LUKS header version: $ sudo cryptsetup luksDump /dev/vda4 LUKS header information Version: 2 ... * Opt-in behavior: LUKS1 (for example; can use other options) - Install Ubuntu (Focal/later) with preseed file/option: ubiquity partman-crypto/luksformat_options string \ --type luks1 - Check LUKS header version: $ sudo cryptsetup luksDump /dev/vda4 LUKS header information for /dev/vda4 Version: 1 ... - Check install logs for confirmation: $ grep luksFormat /var/log/partman /usr/bin/autopartition-crypto: Additional options for luksFormat: '--type luks1' [Where problems could occur] * The changes are contained within the partman-crypto functionality, so only install with encrypted disks should be affected by issues. * Any additional options specified to 'cryptsetup luksFormat' are opt-in _and_ specified by the user via the preseed option, thus errors are probably tied to particular options (mis) used. * If the preseed option is not specified, original behavior remains. [Other Info] * This patch is applied in Hirsute. * This patch is not needed in Groovy (rationale in comment #15.) * This patch is targeted at Focal (cryptsetup defaulted to LUKS2.) * This patch is not needed in Bionic/earlier (^defaults to LUKS1.) [Original Description] Most users should be fine with the options to 'cryptsetup luksFormat' used by the installer. However, some users may have reasons to use other options, and that is not possible now. Let's provide a new preseed option for that: 'partman-crypto/luksformat_options' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/1898129/+subscriptions -- Mailing list: https://launchpad.net/~sts-sponsors Post to : sts-sponsors@lists.launchpad.net Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
