diff -Nru -w accountsservice-0.6.42/debian/changelog accountsservice-0.6.42/debian/changelog --- accountsservice-0.6.42/debian/changelog 2017-10-09 15:08:00.000000000 -0600 +++ accountsservice-0.6.42/debian/changelog 2017-10-10 10:43:49.000000000 -0600 @@ -1,3 +1,9 @@ +accountsservice (0.6.42-0ubuntu3pop0) artful; urgency=critical + + * encrypt_home.patch: Enable encryption of home directory + + -- Jeremy Soller Tue, 10 Oct 2017 10:43:49 -0600 + accountsservice (0.6.42-0ubuntu3) artful; urgency=medium * debian/patches/0009-language-tools.patch: diff -Nru -w accountsservice-0.6.42/debian/control accountsservice-0.6.42/debian/control --- accountsservice-0.6.42/debian/control 2016-10-04 07:04:41.000000000 -0600 +++ accountsservice-0.6.42/debian/control 2017-10-10 10:43:08.000000000 -0600 @@ -27,6 +27,7 @@ Architecture: any Depends: dbus, + ecryptfs-utils, libaccountsservice0 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} diff -Nru -w accountsservice-0.6.42/debian/libaccountsservice0.symbols accountsservice-0.6.42/debian/libaccountsservice0.symbols --- accountsservice-0.6.42/debian/libaccountsservice0.symbols 2016-10-04 07:04:41.000000000 -0600 +++ accountsservice-0.6.42/debian/libaccountsservice0.symbols 2017-10-10 10:43:08.000000000 -0600 @@ -3,6 +3,9 @@ accounts_accounts_call_cache_user_finish@Base 0.6.24 accounts_accounts_call_cache_user_sync@Base 0.6.24 accounts_accounts_call_create_user@Base 0.6.18 + accounts_accounts_call_create_user_encrypt@Base 0.6.42-0ubuntu3~system76~5 + accounts_accounts_call_create_user_encrypt_finish@Base 0.6.42-0ubuntu3~system76~5 + accounts_accounts_call_create_user_encrypt_sync@Base 0.6.42-0ubuntu3~system76~5 accounts_accounts_call_create_user_finish@Base 0.6.18 accounts_accounts_call_create_user_sync@Base 0.6.18 accounts_accounts_call_delete_user@Base 0.6.18 @@ -22,6 +25,7 @@ accounts_accounts_call_uncache_user_sync@Base 0.6.24 accounts_accounts_complete_cache_user@Base 0.6.24 accounts_accounts_complete_create_user@Base 0.6.18 + accounts_accounts_complete_create_user_encrypt@Base 0.6.42-0ubuntu3~system76~5 accounts_accounts_complete_delete_user@Base 0.6.18 accounts_accounts_complete_find_user_by_id@Base 0.6.18 accounts_accounts_complete_find_user_by_name@Base 0.6.18 @@ -79,6 +83,9 @@ accounts_user_call_set_locked_sync@Base 0.6.18 accounts_user_call_set_password@Base 0.6.18 accounts_user_call_set_password_finish@Base 0.6.18 + accounts_user_call_set_password_hint@Base 0.6.42-0ubuntu3~system76~5 + accounts_user_call_set_password_hint_finish@Base 0.6.42-0ubuntu3~system76~5 + accounts_user_call_set_password_hint_sync@Base 0.6.42-0ubuntu3~system76~5 accounts_user_call_set_password_mode@Base 0.6.18 accounts_user_call_set_password_mode_finish@Base 0.6.18 accounts_user_call_set_password_mode_sync@Base 0.6.18 @@ -113,6 +120,7 @@ accounts_user_complete_set_location@Base 0.6.18 accounts_user_complete_set_locked@Base 0.6.18 accounts_user_complete_set_password@Base 0.6.18 + accounts_user_complete_set_password_hint@Base 0.6.42-0ubuntu3~system76~5 accounts_user_complete_set_password_mode@Base 0.6.18 accounts_user_complete_set_real_name@Base 0.6.18 accounts_user_complete_set_shell@Base 0.6.18 @@ -241,6 +249,8 @@ act_user_manager_can_switch@Base 0.6.8 act_user_manager_create_user@Base 0.6.12 act_user_manager_create_user_async@Base 0.6.29 + act_user_manager_create_user_encrypt_async@Base 0.6.42-0ubuntu3~system76~5 + act_user_manager_create_user_encrypt@Base 0.6.42-0ubuntu3~system76~5 act_user_manager_create_user_finish@Base 0.6.29 act_user_manager_delete_user@Base 0.6.13 act_user_manager_delete_user_async@Base 0.6.29 @@ -269,6 +279,7 @@ act_user_set_location@Base 0.6.8 act_user_set_locked@Base 0.6.8 act_user_set_password@Base 0.6.8 + act_user_set_password_hint@Base 0.6.42-0ubuntu3~system76~5 act_user_set_password_mode@Base 0.6.8 act_user_set_real_name@Base 0.6.8 act_user_set_user_name@Base 0.6.8 diff -Nru -w accountsservice-0.6.42/debian/patches/encrypt_home.patch accountsservice-0.6.42/debian/patches/encrypt_home.patch --- accountsservice-0.6.42/debian/patches/encrypt_home.patch 1969-12-31 17:00:00.000000000 -0700 +++ accountsservice-0.6.42/debian/patches/encrypt_home.patch 2017-10-10 10:43:08.000000000 -0600 @@ -0,0 +1,413 @@ +Description: Add encrypted home support +Author: Jeremy Soller +Index: accountsservice-0.6.42/src/daemon.c +=================================================================== +--- accountsservice-0.6.42.orig/src/daemon.c ++++ accountsservice-0.6.42/src/daemon.c +@@ -92,7 +92,7 @@ G_DEFINE_TYPE_WITH_CODE (Daemon, daemon, + #define DAEMON_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), TYPE_DAEMON, DaemonPrivate)) + + static const GDBusErrorEntry accounts_error_entries[] = +-{ ++{ + { ERROR_FAILED, "org.freedesktop.Accounts.Error.Failed" }, + { ERROR_USER_EXISTS, "org.freedesktop.Accounts.Error.UserExists" }, + { ERROR_USER_DOES_NOT_EXIST, "org.freedesktop.Accounts.Error.UserDoesNotExist" }, +@@ -640,7 +640,7 @@ register_accounts_daemon (Daemon *daemon + g_critical ("error exporting interface: %s", error->message); + g_error_free (error); + } +- goto error; ++ goto error; + } + + return TRUE; +@@ -904,6 +904,7 @@ typedef struct { + gchar *user_name; + gchar *real_name; + gint account_type; ++ gboolean encrypt_home; + } CreateUserData; + + static void +@@ -944,6 +945,11 @@ daemon_create_user_authorized_cb (Daemon + argv[5] = cd->user_name; + argv[6] = NULL; + ++ if (cd->encrypt_home) { ++ argv[6] = "--encrypt-home"; ++ argv[7] = NULL; ++ } ++ + error = NULL; + if (!spawn_with_login_uid (context, argv, &error)) { + throw_error (context, ERROR_FAILED, "running '%s' failed: %s", argv[0], error->message); +@@ -968,11 +974,12 @@ daemon_create_user_authorized_cb (Daemon + } + + static gboolean +-daemon_create_user (AccountsAccounts *accounts, +- GDBusMethodInvocation *context, +- const gchar *user_name, +- const gchar *real_name, +- gint account_type) ++daemon_create_user_encrypt (AccountsAccounts *accounts, ++ GDBusMethodInvocation *context, ++ const gchar *user_name, ++ const gchar *real_name, ++ gint account_type, ++ gboolean encrypt_home) + { + Daemon *daemon = (Daemon*)accounts; + CreateUserData *data; +@@ -981,6 +988,7 @@ daemon_create_user (AccountsAccounts + data->user_name = g_strdup (user_name); + data->real_name = g_strdup (real_name); + data->account_type = account_type; ++ data->encrypt_home = encrypt_home; + + daemon_local_check_auth (daemon, + NULL, +@@ -994,6 +1002,21 @@ daemon_create_user (AccountsAccounts + return TRUE; + } + ++static gboolean ++daemon_create_user (AccountsAccounts *accounts, ++ GDBusMethodInvocation *context, ++ const gchar *user_name, ++ const gchar *real_name, ++ gint account_type) ++{ ++ return daemon_create_user_encrypt(accounts, ++ context, ++ user_name, ++ real_name, ++ account_type, ++ FALSE); ++} ++ + static void + daemon_cache_user_authorized_cb (Daemon *daemon, + User *dummy, +@@ -1362,7 +1385,7 @@ load_autologin_lightdm (Daemon *dae + + *name = g_key_file_get_string (keyfile, "Seat:*", "autologin-user", error); + if (!*name) { +- g_clear_error (error); ++ g_clear_error (error); + *name = g_key_file_get_string (keyfile, "SeatDefaults", "autologin-user", error); + } + *enabled = (*error == NULL && (*name) && (*name)[0] != 0); +@@ -1384,7 +1407,7 @@ load_autologin (Daemon *daemon, + /* First, determine whether we should load GDM or LightDM values by + checking if GDM is running. */ + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL); +- reply = g_dbus_connection_call_sync (connection, ++ reply = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", + "/", + "org.freedesktop.DBus", +@@ -1595,6 +1618,7 @@ static void + daemon_accounts_accounts_iface_init (AccountsAccountsIface *iface) + { + iface->handle_create_user = daemon_create_user; ++ iface->handle_create_user_encrypt = daemon_create_user_encrypt; + iface->handle_delete_user = daemon_delete_user; + iface->handle_find_user_by_id = daemon_find_user_by_id; + iface->handle_find_user_by_name = daemon_find_user_by_name; +Index: accountsservice-0.6.42/src/libaccountsservice/act-user-manager.c +=================================================================== +--- accountsservice-0.6.42.orig/src/libaccountsservice/act-user-manager.c ++++ accountsservice-0.6.42/src/libaccountsservice/act-user-manager.c +@@ -3028,11 +3028,12 @@ act_user_manager_no_service (ActUserMana + } + + /** +- * act_user_manager_create_user: ++ * act_user_manager_create_user_encrypt: + * @manager: a #ActUserManager + * @username: a unix user name + * @fullname: a unix GECOS value + * @accounttype: a #ActUserAccountType ++ * @encrypthome: encrypt home directory + * @error: a #GError + * + * Creates a user account on the system. +@@ -3040,30 +3041,32 @@ act_user_manager_no_service (ActUserMana + * Returns: (transfer full): user object + */ + ActUser * +-act_user_manager_create_user (ActUserManager *manager, +- const char *username, +- const char *fullname, +- ActUserAccountType accounttype, +- GError **error) ++act_user_manager_create_user_encrypt (ActUserManager *manager, ++ const char *username, ++ const char *fullname, ++ ActUserAccountType accounttype, ++ gboolean encrypthome, ++ GError **error) + { + GError *local_error = NULL; + gboolean res; + gchar *path; + ActUser *user; + +- g_debug ("ActUserManager: Creating user '%s', '%s', %d", +- username, fullname, accounttype); ++ g_debug ("ActUserManager: Creating user '%s', '%s', %d, %d", ++ username, fullname, accounttype, (int)encrypthome); + + g_assert (manager->priv->accounts_proxy != NULL); + + local_error = NULL; +- res = accounts_accounts_call_create_user_sync (manager->priv->accounts_proxy, +- username, +- fullname, +- accounttype, +- &path, +- NULL, +- &local_error); ++ res = accounts_accounts_call_create_user_encrypt_sync (manager->priv->accounts_proxy, ++ username, ++ fullname, ++ accounttype, ++ encrypthome, ++ &path, ++ NULL, ++ &local_error); + if (! res) { + g_propagate_error (error, local_error); + return NULL; +@@ -3076,6 +3079,33 @@ act_user_manager_create_user (ActUserMan + return user; + } + ++/** ++ * act_user_manager_create_user: ++ * @manager: a #ActUserManager ++ * @username: a unix user name ++ * @fullname: a unix GECOS value ++ * @accounttype: a #ActUserAccountType ++ * @error: a #GError ++ * ++ * Creates a user account on the system. ++ * ++ * Returns: (transfer full): user object ++ */ ++ActUser * ++act_user_manager_create_user (ActUserManager *manager, ++ const char *username, ++ const char *fullname, ++ ActUserAccountType accounttype, ++ GError **error) ++{ ++ return act_user_manager_create_user_encrypt (manager, ++ username, ++ fullname, ++ accounttype, ++ FALSE, ++ error); ++} ++ + static void + act_user_manager_async_complete_handler (GObject *source, + GAsyncResult *result, +@@ -3089,11 +3119,12 @@ act_user_manager_async_complete_handler + } + + /** +- * act_user_manager_create_user_async: ++ * act_user_manager_create_user_encrypt_async: + * @manager: a #ActUserManager + * @username: a unix user name + * @fullname: a unix GECOS value + * @accounttype: a #ActUserAccountType ++ * @encrypthome: encrypt home folder + * @cancellable: (allow-none): optional #GCancellable object, + * %NULL to ignore + * @callback: (scope async): a #GAsyncReadyCallback to call +@@ -3108,21 +3139,22 @@ act_user_manager_async_complete_handler + * Since: 0.6.27 + */ + void +-act_user_manager_create_user_async (ActUserManager *manager, +- const char *username, +- const char *fullname, +- ActUserAccountType accounttype, +- GCancellable *cancellable, +- GAsyncReadyCallback callback, +- gpointer user_data) ++act_user_manager_create_user_encrypt_async (ActUserManager *manager, ++ const char *username, ++ const char *fullname, ++ ActUserAccountType accounttype, ++ gboolean encrypthome, ++ GCancellable *cancellable, ++ GAsyncReadyCallback callback, ++ gpointer user_data) + { + GSimpleAsyncResult *res; + + g_return_if_fail (ACT_IS_USER_MANAGER (manager)); + g_return_if_fail (manager->priv->accounts_proxy != NULL); + +- g_debug ("ActUserManager: Creating user (async) '%s', '%s', %d", +- username, fullname, accounttype); ++ g_debug ("ActUserManager: Creating user (async) '%s', '%s', %d, %d", ++ username, fullname, accounttype, (int)encrypthome); + + g_assert (manager->priv->accounts_proxy != NULL); + +@@ -3131,12 +3163,51 @@ act_user_manager_create_user_async (ActU + act_user_manager_create_user_async); + g_simple_async_result_set_check_cancellable (res, cancellable); + +- accounts_accounts_call_create_user (manager->priv->accounts_proxy, +- username, +- fullname, +- accounttype, +- cancellable, +- act_user_manager_async_complete_handler, res); ++ accounts_accounts_call_create_user_encrypt (manager->priv->accounts_proxy, ++ username, ++ fullname, ++ accounttype, ++ encrypthome, ++ cancellable, ++ act_user_manager_async_complete_handler, res); ++} ++ ++/** ++ * act_user_manager_create_user_async: ++ * @manager: a #ActUserManager ++ * @username: a unix user name ++ * @fullname: a unix GECOS value ++ * @accounttype: a #ActUserAccountType ++ * @cancellable: (allow-none): optional #GCancellable object, ++ * %NULL to ignore ++ * @callback: (scope async): a #GAsyncReadyCallback to call ++ * when the request is satisfied ++ * @user_data: (closure): the data to pass to @callback ++ * ++ * Asynchronously creates a user account on the system. ++ * ++ * For more details, see act_user_manager_create_user(), which ++ * is the synchronous version of this call. ++ * ++ * Since: 0.6.27 ++ */ ++void ++act_user_manager_create_user_async (ActUserManager *manager, ++ const char *username, ++ const char *fullname, ++ ActUserAccountType accounttype, ++ GCancellable *cancellable, ++ GAsyncReadyCallback callback, ++ gpointer user_data) ++{ ++ act_user_manager_create_user_encrypt_async (manager, ++ username, ++ fullname, ++ accounttype, ++ FALSE, ++ cancellable, ++ callback, ++ user_data); + } + + /** +Index: accountsservice-0.6.42/src/libaccountsservice/act-user-manager.h +=================================================================== +--- accountsservice-0.6.42.orig/src/libaccountsservice/act-user-manager.h ++++ accountsservice-0.6.42/src/libaccountsservice/act-user-manager.h +@@ -91,11 +91,25 @@ gboolean act_user_manager_can + + gboolean act_user_manager_goto_login_session (ActUserManager *manager); + ++ActUser * act_user_manager_create_user_encrypt (ActUserManager *manager, ++ const char *username, ++ const char *fullname, ++ ActUserAccountType accounttype, ++ gboolean encrypthome, ++ GError **error); + ActUser * act_user_manager_create_user (ActUserManager *manager, + const char *username, + const char *fullname, + ActUserAccountType accounttype, + GError **error); ++void act_user_manager_create_user_encrypt_async (ActUserManager *manager, ++ const gchar *username, ++ const gchar *fullname, ++ ActUserAccountType accounttype, ++ gboolean encrypthome, ++ GCancellable *cancellable, ++ GAsyncReadyCallback callback, ++ gpointer user_data); + void act_user_manager_create_user_async (ActUserManager *manager, + const gchar *username, + const gchar *fullname, +Index: accountsservice-0.6.42/data/org.freedesktop.Accounts.xml +=================================================================== +--- accountsservice-0.6.42.orig/data/org.freedesktop.Accounts.xml ++++ accountsservice-0.6.42/data/org.freedesktop.Accounts.xml +@@ -112,6 +112,57 @@ + + + ++ ++ ++ ++ The username for the new user ++ ++ ++ ++ The real name for the new user ++ ++ ++ Object path of the new user ++ ++ ++ ++ The account type, encoded as an integer ++ ++ ++ ++ ++ Encrypt the home directory, boolean ++ ++ ++ ++ ++ ++ Creates a new user account with optional encryption. ++ ++ ++ The accountType argument can take the following values: ++ ++ ++ ++ 0 ++ Standard user ++ ++ ++ 1 ++ Administrator ++ ++ ++ ++ ++ The caller needs the org.freedesktop.accounts.user-administration PolicyKit authorization. ++ ++ ++ if the caller lacks the appropriate PolicyKit authorization ++ if the operation failed ++ ++ ++ ++ + + + diff -Nru -w accountsservice-0.6.42/debian/patches/series accountsservice-0.6.42/debian/patches/series --- accountsservice-0.6.42/debian/patches/series 2016-10-04 07:04:41.000000000 -0600 +++ accountsservice-0.6.42/debian/patches/series 2017-10-10 10:43:08.000000000 -0600 @@ -16,3 +16,4 @@ 0021-support-extrausers.patch 1002-dont-override-standardoutput.patch 0018-wtmp-fix-logout-times.patch +encrypt_home.patch