Hi, Pascal Hambourg <pascal@plouf.fr.eu.org> (2025-05-24): > systemd-cryptsetup is included in netinst images but d-i does not > install it. I guess Recommends: are ignored by debootstrap. kibi@tokyo:~/debian-installer/packages/debootstrap (master =)$ git grep Recommends debian/changelog: * rules,control: adjust Recommends/Suggests to be appropriate on each debian/changelog: * upgrade wget from Recommends to Depends, closes: #126799 debian/control:Recommends: sopv | sqv | gpgv, mount, ${debootstrap:Recommends} debian/rules: dh_gencontrol -- -Vdebootstrap:Recommends='$(RECOMMENDS)' -Vdebootstrap:Suggests='$(SUGGESTS)' > > The LUKS volume containing the root filesystem is decrypted by the > > initramfs which does not need systemd-cryptsetup. > > systemd-cryptsetup is required to open encrypted volumes other than those > which are already opened by the initramfs (/, /usr, hibernation swap). I > believe this bug should be fixed before Trixie release so added it to the > wiki wishlist. Looking around, it seems we have many places using cryptsetup, very likely via cryptsetup-udeb that's pulled by various packages: Reverse Depends: partman-crypto-dm,cryptsetup-udeb cryptsetup-udeb:arm64,cryptsetup-udeb rescue-mode,cryptsetup-udeb And I'm only spotting one place where cryptsetup makes its way into /target, via partman-crypto's finish.d/crypto_aptinstall: if grep -q " device-mapper$" /proc/misc; then # We can't check the root node directly because root could be # on an LVM LV on top of an encrypted device if type dmsetup >/dev/null 2>&1 && \ dmsetup table | cut -d' ' -f4 | grep -q "crypt" 2>/dev/null; then apt-install cryptsetup-initramfs || true fi fi If we were to pull systemd-cryptsetup in the mix, should there by any restrictions/checks before deciding to do so? How are things between systemd-cryptsetup and cryptsetup itself? Is that a peaceful cohabitation/cooperation, or is that going to look like some competition, with race conditions and the like? Looping in both maintainers for input. Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature