Encrypted home support

Attached find a proposed patch for this, allowing for two more patches to gnome-initial-setup and gnome-control-center that add encrypted home support when creating users. I have tested it on Ubuntu GNOME 17.04, and it works.

Attached you will find a patch for encrypted home support in gnome-initial-setup. This patch will add a switch for "Encrypted Home Folder", and send the correct value to CreateUser in accountsservice.

Attached you will find a patch for encrypted home support in gnome-control-center. This patch will add a switch for "Encrypted Home Folder", and send the correct value to CreateUser in accountsservice.

If you would like to test these patches in action, you can add this PPA and update:

https://launchpad.net/~system76/+archive/ubuntu/pop/

Status changed to 'Confirmed' because the bug affects multiple users.

Amazing, just last week I added this to my todo list, since I'd need it in gnome-initial-setup.
I can test the patches, but ideally these should go upstream in the end.

Thank you for your work on this!

The attachment "encrypted_home.patch (accountsservice)" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

ximion, I am working on a more compatible patch, one that does not break libaccountsservice API. As for going upstream, I would like to go into Ubuntu first, as --encrypt-home is not implemented in other distros right now.

Matthias, I don't think other distros offer encrypted home directories through ecryptfs. Probably the easiest to start with would be Tanglu or Debian?

By the way, tyhicks said he'd eventually like to switch Ubuntu's feature over to using native ext4 encryption. I think it would really be interesting to upstream and other distros then. If you're interested, talk to him about that.

Ok, here are new patches that do not break the current API.

It is a little bit messier in accountsservice due to this.

I made a mistake in the accountsservice patch. Here is an updated version.

Would anyone like to comment on my patches?

you might want to subscribe ubuntu sponsors so your patches get on the review list (https://wiki.ubuntu.com/SponsorshipProcess)

seb128: I subscribed ubuntu-sponsors. Is there anything else I can do?

Not really, it's just that sponsors are busy, you can always try to ask on IRC though...

Unfortunately it doesn't look like it made it in in time for Feature Freeze... a Feature Freeze Exception can be written, otherwise this will have to wait until next cycle.

Thanks!

Simon, it is critical for our efforts that the accountsservice patches make it upstream before 17.10. Can we focus only on those, leaving inotial setup and control center patches for 18.04?

In that case, just propose the patches upstream ;-) That will help everyone.
I can maybe help with that and do a proper review later.

ximion, as I already said here: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1699216/comments/11

Encrypted home cannot go upstream, as adduser --encrypt-home is only implemented on Ubuntu.

@Jeremy:

If you get a Feature Freeze Exception as defined here[1] or an ack from a member of the release team, I'll be happy to get it uploaded for you.

I want to upload your patches, I just don't want to break freeze and have to apologize to the release team... sorry. :/

[1] https://wiki.ubuntu.com/FreezeExceptionProcess

tsimonq2, I have subscribed ubuntu-release. We have modifications in our PPA that utilize this patch to accountsservice. If the patch to accountsservice is not merged in Ubuntu's version, our version will be overridden when there is another accountsservice release.

Since this is a feature that is desired in Ubuntu, I think it would be best to allow for the patch to accountsservice to be merged in for use by others, regardless of the patches to gnome-control-center or gnome-initial-setup. At the moment, we have a safely forked version of these packages that cannot be overridden.

The issue with accountservice, is that it cannot be forked, renamed, and then use a Provides Conflicts Replaces. This leaves us in a dangerous place where we may have to revert our changes to add encrypted home to gnome-control-center and gnome-initial-setup.

tsimonq2, here id a debdiff file

I have extra whitespace changes in there, I will resubmit with `-w`

Here is a better patch, ignoring whitespace changes.

Here is an updated version of the patch for accountsservice

This one updates the symbol names - they did not get updated with a debuild -S

IRC Log:

10:39 jackpot51 Can we talk about this patch again? https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1699216
···
10:39 ubot5 Ubuntu bug 1699216 in gnome-initial-setup (Ubuntu) "Encrypted home support" [Wishlist,Confirmed]
10:40 jackpot51 I just saw a new accountsservice show up, superseding my patches for encrypted home.
10:40 jackpot51 Here is a debdiff of the patch I want to keep in accountsservice, one that allows gnome-initial-setup and gnome-control-center to support Encrypted Home https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1699216/+attachment/4945507/+files/accountsservice_encrypt_home.debdiff
···
10:40 ubot5 Ubuntu bug 1699216 in gnome-initial-setup (Ubuntu) "Encrypted home support" [Wishlist,Confirmed]
10:41 jackpot51 GunnarHj and others would you mind taking a look?
10:44 seb128 jackpot51, sounds a bit late in this cycle for such changes
10:47 jackpot51 All I want is the accountsservice patch, so we don't have to hold a forked accountsservice
10:52 jbicha we never found anyone willing to review the accountsservice patch :(
10:53 jackpot51 Well, every time accountsservice gets updated in Ubuntu, I get fucked. Why? Because I cannot rename the package.
10:53 jackpot51 So I am probably going to have to drop the patches for encrypted home entirely
10:56 jbicha once Ubuntu 17.10 is released, any SRUs for accountsservice will have to age in -proposed for at least 7 days first. That gives you time to update your PPA.
10:56 jackpot51 Ok, that would be good
10:57 jackpot51 Many users are getting pop-gnome-initial-setup removed if they dist-upgrade
10:58 jackpot51 It doesn't break their systems, but it introduces a significant amount of maintenance work
11:54 GunnarHj Hi jackpot51, sorry if you felt ignored by my accountsservice upload. That was not my intention.
11:54 GunnarHj I have noticed your patches previously, but unfortunately they are too complex for me to review. The change I uploaded was a trivial one, and that's what I do - trivial stuff. :)
11:54 GunnarHj Hopefully some experienced developer will find the time in the beginning of next cycle.
11:57 jackpot51 I dropped all our patches. Users will have to wait until Ubuntu can merge the patch, it is too much maintenance work to have encrypted home in gnome-initial-setup and gnome-control-center
11:59 jackpot51 The only other alternative was to use an epoch, which would make it impossible to go back to the Ubuntu version if the patches are merged
12:00 dmj_s76 This patch represents a fairly important feature for us.

12:36 seb128 dmj_s76, right, we are likely to get it reviewed next cycle
12:37 seb128 it hasn't been high priority for us since we don't use gnome-inital-setup and don't plan to for next cycle either
12:37 seb128 but we should be able to review those changes anyways
12:51 jackpot51 seb128 what about for creating new users? It is not supported in gnome-control-center either
12:52 seb128 jackpot51, that would be a nice improvement to get
12:52 seb128 but for next cycle now

Here is a patch without symbol changes or whitespace changes

Hi Jememy. Nice work on the patches!

I've been working with the AccountsService upstream and I'd like to work out how we can get these patches in.

I think we can make this work with a couple of changes:
- Instead of making the CreateUserEncrypt() method you could make a new account type ACCOUNT_TYPE_ENCRYPTED (src/user.h). Since upstream can't currently support this though 'useradd' it should then fail the call when this account type is encrypted.
- We then can carry the change in Debian/Ubuntu by modifying debian/patches/0002-create-and-manage-groups-like-on-a-debian-system.patch (I'm working on merging in 0006-adduser_instead_of_useradd.patch which should be in the same patch).

Please open a bug on bugzilla.freedesktop.org with the patch and I will help review there.

I'm also working on how we can get our adduser changes upstream so we don't have to carry this patch either (https://bugs.freedesktop.org/show_bug.cgi?id=73838)

I've pinged upstream but I think everyone is on break now (and I will be for the next two weeks too) but will pick this up when I'm back.

Oh, there was one last point:
- You should add a "SupportsEncrypted" property (or similar name) to the AccountsService daemon. That way you can make the g-c-c patch DTRT and also make it more upstreamable.

Thanks for the feedback Robert. I will work on updating my patch.

That does sound like a much cleaner approach.

Jeremy, I apologize for the handling of this bug.

Ubuntu 18.04 no longer includes an encrypted home option in the installer and ecryptfs-utils is being demoted to universe. See LP: #1756840

Once ecryptfs-utils is in universe, packages in main (like accountsservice and gnome-control-center) can't depend on it.

My understanding is that Canonical Security would eventually like to offer ext4 based encryption for home directories, but that feature won't be implemented in time for Ubuntu 18.04 LTS. I also understand that Pop!_OS is switching to promoting full disk encryption in its 18.04 release.

Once again, I apologize that your patches weren't reviewed more promptly and helpfully. I hope that we Ubuntu developers will do better next time you propose patches. Feel free to discuss proposed desktop-related patches with the Ubuntu Desktop team.

There is no issue with that. We will be able to keep our patches in initial setup without any effort from Ubuntu and minimal effort from Pop. We are going to be encouraging full disk encryption, the same as Ubuntu.