cryptsetup removed from initrd.img on upgrade to 13.10

/var/log/dist-upgrade/main.log

From term.log:
update-initramfs: Generating /boot/initrd.img-3.11.0-11-generic
cryptsetup: WARNING: invalid line in /etc/crypttab for red-dwarf -
cryptsetup: WARNING: invalid line in /etc/crypttab for red-dwarf -

Can you please paste your /etc/crypttab? Mine looks like this:
sda5_crypt UUID=<UUID_VALUE> none luks

The contents of /etc/crypttab is:
lvm_crypt UUID=0c3f710d-9844-4145-a8f8-465c6d6be4f8 none luks

What's red-dwarf then? Does generating initramfs now, include cryptsetup it in? Are you booted off mounted cryptpartitions?

"red-dwarf" is a previous LVM PV name. It looks like I have some cruft left over from a previous installation in the file: /etc/initramfs-tools/conf.d/cryptroot. I just deleted it.

I am booted into a backup installation (12.04) on a different hard disk. I am unable / don't_know_how to boot into the updated installation.

I manually mounted the 13.10 (previously 13.04) installation. To generate a new initramfs, i did the following.

I mounted the 13.10 installation at /media/new_root. Then

# for i in /dev /dev/pts /proc /sys /run; do mount -B $i /media/new_root$i; done
# chroot /media/new_root

I added CRYPTSETUP='y' to /etc/initramfs-tools/initramfs.conf

# update-initramfs -u -k 3.11.0-11-generic
update-initramfs: Generating /boot/initrd.img-3.11.0-11-generic
cryptsetup: WARNING: invalid line in /etc/crypttab for XYZ -
cryptsetup: WARNING: invalid line in /etc/crypttab for XYZ -
ln: failed to create symbolic link ‘/tmp/mkinitramfs_162yAK/bin/sleep’: File exists

The errors: "cryptsetup: ..." have been there for years, and have not prevented successful update of initramfs. Last I researched this issue I found no solution. The last error "ln: failed..." is new.

# lsinitramfs /boot/initrd.img-3.11.0-11-generic | grep cryptsetup
yields no results.
# update-initramfs -c -k 3.11.0-11-generic # -c vs -u
fails likewise

Problem solved.

To install Ubuntu on encrypted partitions, the usual steps are: 1) boot liveDVD and "try" Ubuntu. 2) manually mount encrypted partitions with a cryptsetup command. 3) Launch the installer.

I've always typed something like this:
cryptsetup luksOpen $my_partition WHATEVER

It turns out that the "WHATEVER" needs to match what is in /etc/crypttab -- "lvm_crypt" in mine. I've not done this in the past (because I didn't understand), and have been able to install new Ubuntu versions anyway. Now it is necessary to get it right.

I think matching those words is all that is needed. Adding 'CRYPTSETUP=y' was not needed.

Ok, marking as invalid then. Thanks!

Just upgraded from 13.04 to 13.10.

Exactly the same problem with "linux-image-3.11.0-19-generic"

# lsinitramfs /boot/initrd.img-3.11.0-19-generic | grep cryptsetup

gives no results

However, I can boot with the older images:

# lsinitramfs /boot/initrd.img-3.8.0-35-generic | grep cryptsetup
lib/libcryptsetup.so.4
lib/cryptsetup
lib/cryptsetup/askpass
sbin/cryptsetup

Regenrating the initrd.img doesn't help:

# update-initramfs -c -k 3.11.0-19-generic
update-initramfs: Generating /boot/initrd.img-3.11.0-19-generic
cryptsetup: WARNING: invalid line in /etc/crypttab for pomeron -
/usr/share/initramfs-tools/hooks/intel_microcode: 136: /usr/share/initramfs-tools/hooks/intel_microcode: prepend_earlyinitramfs: not found
E: intel-microcode: failed to prepend early firmware to initramfs
W: intel-microcode: will try to use late initramfs update mode...

OK, I've been able to solve this manually.

I had to add a new line in /etc/crypttab for the LUKS encrypted partition that had my root system. I have another LUKS encrypted partition for my SWAP and /tmp that was already present in /etc/crypttab

In my case, to get the UUID

root@pomeron:~# blkid /dev/sda6
/dev/sda6: UUID="b44fed8d-2a58-4d70-ba19-eaf76c5f1b11" TYPE="crypto_LUKS"

root@pomeron:~# nano -w /etc/crypttab
# <target name> <source device> <key file> <options>
pomeron UUID=b44fed8d-2a58-4d70-ba19-eaf76c5f1b11 none luks
...

root@pomeron:~# update-initramfs -c -k 3.11.0-19-generic
update-initramfs: Generating /boot/initrd.img-3.11.0-19-generic
/usr/share/initramfs-tools/hooks/intel_microcode: 136: /usr/share/initramfs-tools/hooks/intel_microcode: prepend_earlyinitramfs: not found
E: intel-microcode: failed to prepend early firmware to initramfs
W: intel-microcode: will try to use late initramfs update mode...

root@pomeron:~# lsinitramfs /boot/initrd.img-3.11.0-19-generic | grep cryptsetup
lib/libcryptsetup.so.4
lib/cryptsetup
lib/cryptsetup/askpass
sbin/cryptsetup

This was NOT needed before and it seems that the only way of solving this is manually, which is pretty bad :(

If your /etc/crypttab did not include a line for the device that your root filesystem is on, then this is a local configuration error, not a bug in Ubuntu.

It actually is a bug in Ubuntu because:

1. The /etc/crypttab was autogenerated during the installation. I never touched it before. The warning was always there.
2. A WARNING, in a file that actually has 1 valid cryptsetup line shouldn't lead to NOT including the cryptsetup tool in the initrd image. It is a WARNING, not an ERROR. That WARNING was not preventing the installation of cryptsetup in the initrd image until I upgrade from 13.04 to 13.10.

On Sun, Mar 16, 2014 at 11:52:11PM -0000, Andres Gomez wrote:
> It actually is a bug in Ubuntu because:

> 1. The /etc/crypttab was autogenerated during the installation. I never
> touched it before. The warning was always there.

In that case, it would be a bug in whatever method you used to install
Ubuntu, yes. Please provide us details on how you installed Ubuntu, so we
can reproduce this error.

> 2. A WARNING, in a file that actually has 1 valid cryptsetup line
> shouldn't lead to NOT including the cryptsetup tool in the initrd image.

Yes, it should. It was a bug that we were unconditionally installing
cryptsetup to the initramfs before for all users that had cryptsetup
installed, bloating the initramfs and slowing down their boot. This bug has
now been *fixed*, and in the process it has exposed a problem with your
system. That may, as you say, also be a bug in the Ubuntu installer; but
that is NOT grounds for restoring the previous buggy behavior.

I too ran in to a problem after upgrading a luks full disk encrypted 12.04.5 system to 14.04.1. After successfully upgrading, upon reboot I was asked for the luks password for the root system. After entering the password, I see sever errors including "/sbin/cryptsetup not found".

After doing research I came across bug https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1256730. After booting from a rescue cd, creating the file in comment #4 and updating the initrd, the cryptsetup could be found in the initrd.

Another reboot and all was good.

How can I get the name that was automatically assigned to the volume (as in 'sda5_crypt') ?
I've lost my cryptsetup.