sts-sponsors team mailing list archive

Thread
Date
[Bug 1898129] Please test proposed package

To: sts-sponsors@xxxxxxxxxxxxxxxxxxx
From: Łukasz Zemczak <1898129@xxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Jan 2021 11:40:31 -0000
Reply-to: Bug 1898129 <1898129@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hello Mauricio, or anyone else affected,

Accepted ubiquity into focal-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ubiquity/20.04.15.3 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of STS
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1898129

Title:
  Cannot configure 'cryptsetup luksFormat' at install time

Status in partman-crypto package in Ubuntu:
  Invalid
Status in ubiquity package in Ubuntu:
  Fix Released
Status in partman-crypto source package in Focal:
  Fix Committed
Status in ubiquity source package in Focal:
  Fix Committed
Status in partman-crypto source package in Groovy:
  Invalid
Status in ubiquity source package in Groovy:
  Won't Fix
Status in partman-crypto source package in Hirsute:
  Invalid
Status in ubiquity source package in Hirsute:
  Fix Released
Status in partman-crypto package in Debian:
  Unknown

Bug description:
  [Impact]

   * Users cannot specify options for 'cryptsetup luksFormat'
     that is used by the installer.

   * Some deployments need the installed disks in LUKS1 format
     for backward compatibility with older releases that don't
     support LUKS2, for backup/audit/management purposes.

   * However, on Focal and later, cryptsetup defaults to LUKS2,
     which broke that functionality.
     
   * Currently it's not possible to request the LUKS format in
     the installer, so this patch allows for that w/ a preseed
     option ('partman-crypto/luksformat_options') for the user.

  [Test Case]

   * Default behavior: LUKS2
   
     - Install Ubuntu (Focal/later); check LUKS header version:
     
       $ sudo cryptsetup luksDump /dev/vda4
       LUKS header information
       Version: 2
       ...
       
   * Opt-in behavior: LUKS1 (for example; can use other options)
   
     - Install Ubuntu (Focal/later) with preseed file/option:

       ubiquity partman-crypto/luksformat_options string \
         --type luks1

     - Check LUKS header version:
     
       $ sudo cryptsetup luksDump /dev/vda4
       LUKS header information for /dev/vda4
       Version: 1
       ...

     - Check install logs for confirmation:
     
       $ grep luksFormat /var/log/partman
       /usr/bin/autopartition-crypto: Additional options for luksFormat: '--type luks1'
     
  [Where problems could occur]

   * The changes are contained within the partman-crypto functionality,
     so only install with encrypted disks should be affected by issues.

   * Any additional options specified to 'cryptsetup luksFormat' are
     opt-in _and_ specified by the user via the preseed option, thus
     errors are probably tied to particular options (mis) used.

   * If the preseed option is not specified, original behavior remains.

  [Other Info]
   
   * This patch is applied in Hirsute.
   * This patch is not needed in Groovy (rationale in comment #15.)
   * This patch is targeted at Focal (cryptsetup defaulted to LUKS2.)
   * This patch is not needed in Bionic/earlier (^defaults to LUKS1.)

  [Original Description]
  Most users should be fine with the options to
  'cryptsetup luksFormat' used by the installer.

  However, some users may have reasons to use
  other options, and that is not possible now.

  Let's provide a new preseed option for that:
  'partman-crypto/luksformat_options'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/1898129/+subscriptions