diff -Nru user-setup-1.23ubuntu1/debian/changelog user-setup-1.23ubuntu2/debian/changelog --- user-setup-1.23ubuntu1/debian/changelog 2008-11-27 10:33:24.000000000 -0800 +++ user-setup-1.23ubuntu2/debian/changelog 2008-12-06 10:51:08.000000000 -0800 @@ -1,3 +1,16 @@ +user-setup (1.23ubuntu2) jaunty; urgency=low + + Changes for LP: #302870 + * user-setup-apply: Add support for adduser --encrypt-home; remove + deprecated encrypted-private (replaced in the installer by + encrypted home support) + * debian/user-setup-udeb.templates: Add encrypt-home debconf question; + remove deprecated encrypted-private + * user-setup-ask: prompt for encrypt-home; remove the more complicated + encrypted-private dialogs + + -- Dustin Kirkland Sat, 06 Dec 2008 10:50:31 -0800 + user-setup (1.23ubuntu1) jaunty; urgency=low [ Evan Dandrea ] diff -Nru user-setup-1.23ubuntu1/debian/user-setup-udeb.templates user-setup-1.23ubuntu2/debian/user-setup-udeb.templates --- user-setup-1.23ubuntu1/debian/user-setup-udeb.templates 2008-11-27 10:28:40.000000000 -0800 +++ user-setup-1.23ubuntu2/debian/user-setup-udeb.templates 2008-12-06 10:47:24.000000000 -0800 @@ -150,60 +150,16 @@ that can only be read by special programs. The use of shadow passwords is strongly recommended, except in a few cases such as NIS environments. -Template: user-setup/encrypted-private +Template: user-setup/encrypt-home Type: boolean Default: false # :sl2: -_Description: Set up an encrypted private directory? - The contents of your home directory will normally be visible to all - users on the system, to make it easier to share files among users. You - can change this for individual files or directories by changing their - permissions. +_Description: Encrypt your home directory? + You may configure your home directory for encryption, such that any files + stored there remain private even if your computer is stolen. . - In addition to the standard permissions system, it may be useful to set - up an encrypted private directory so that those files remain private - even if your computer is stolen. If you choose to do this, the - directory will be called "Private". - -Template: user-setup/encrypted-private-passphrase -Type: password -# :sl2: -_Description: Encryption passphrase: - You may choose a passphrase to encrypt your private directory. If you - leave this blank, a passphrase will be randomly generated for you. You - will not normally need to use this passphrase, but it may be useful in - case something goes wrong and you need to recover your encrypted data. - . - The overall strength of the encryption depends strongly on this - passphrase, so you should take care to choose a passphrase that is - not easy to guess. It should not be a word or sentence found in - dictionaries, or a phrase that could be easily associated with you. - . - A good passphrase will contain a mixture of letters, numbers and - punctuation. Passphrases are recommended to have a length of 20 or - more characters. - . - There is no way to recover this passphrase if you lose it. To avoid - losing data, you should normally write down the passphrase and keep it - in a safe place separate from this computer. - -Template: user-setup/encrypted-private-passphrase-again -Type: password -# :sl2: -_Description: Re-enter passphrase to verify: - Please enter the same passphrase again to verify that you have typed it - correctly. - -Template: user-setup/encrypted-private-passphrase-display -Type: text -# :sl2: -#flag:translate!:3 -_Description: Keep this passphrase in a safe place! - Your new encryption passphrase is as follows: - . - ${PASSPHRASE} - . - Please write this down and store it separately from this computer. + The system will seamlessly mount your encrypted home directory each time + you login and automatically unmount when you log out of all active sessions. Template: debian-installer/user-setup-udeb/title Type: title diff -Nru user-setup-1.23ubuntu1/user-setup-apply user-setup-1.23ubuntu2/user-setup-apply --- user-setup-1.23ubuntu1/user-setup-apply 2008-11-27 09:58:51.000000000 -0800 +++ user-setup-1.23ubuntu2/user-setup-apply 2008-12-06 10:31:10.000000000 -0800 @@ -92,6 +92,18 @@ UIDOPT= fi + ENCRYPT_HOME_OPT= + db_get user-setup/encrypt-home + if [ "$RET" = true ]; then + ENCRYPT_HOME_OPT="--encrypt-home" + if ! $chroot $ROOT which ecryptfs-setup-private >/dev/null 2>&1; then + # try to work in d-i and out; it's better to + # use apt-install in d-i + apt-install ecryptfs-utils 2>/dev/null || $log $chroot $ROOT apt-get -q -y install ecryptfs-utils || true + fi + fi + + # Add the user to the database, using adduser in noninteractive # mode. db_get passwd/username @@ -104,7 +116,7 @@ fi if [ -x $ROOT/usr/sbin/adduser ]; then - $log $chroot $ROOT adduser --disabled-password --gecos "$RET" $UIDOPT "$USER" >/dev/null || true + $log $chroot $ROOT adduser --disabled-password --gecos "$RET" $UIDOPT $ENCRYPT_HOME_OPT "$USER" >/dev/null || true else $log $chroot $ROOT useradd -c "$RET" -m "$USER" $UIDOPT >/dev/null || true fi @@ -202,32 +214,12 @@ fi fi - db_get user-setup/encrypted-private - if [ "$RET" = true ]; then - if ! $chroot $ROOT which ecryptfs-setup-private >/dev/null 2>&1; then - # try to work in d-i and out; it's better to - # use apt-install in d-i - apt-install ecryptfs-utils 2>/dev/null || $log $chroot $ROOT apt-get -q -y install ecryptfs-utils || true - fi - db_get user-setup/encrypted-private-passphrase - ENCRYPTED_PW="$RET" - USER="$USER" LOGINPASS="$USER_PW" MOUNTPASS="$ENCRYPTED_PW" \ - $log $chroot $ROOT \ - su -p "$USER" -c ecryptfs-setup-private - # Clear the mount passphrase from the database. - db_set user-setup/encrypted-private-passphrase '' - db_set user-setup/encrypted-private-passphrase-again '' - fi else # Just in case, clear any preseeded user password from the database # anyway. db_set passwd/user-password-crypted '' db_set passwd/user-password '' db_set passwd/user-password-again '' - # Do the same for the mount passphrase, if any. - db_set user-setup/encrypted-private-passphrase '' - db_set user-setup/encrypted-private-passphrase-again '' - db_subst user-setup/encrypted-private-passphrase-display PASSPHRASE '' fi exit 0 diff -Nru user-setup-1.23ubuntu1/user-setup-ask user-setup-1.23ubuntu2/user-setup-ask --- user-setup-1.23ubuntu1/user-setup-ask 2008-11-27 09:58:51.000000000 -0800 +++ user-setup-1.23ubuntu2/user-setup-ask 2008-12-06 10:50:26.000000000 -0800 @@ -202,61 +202,9 @@ 8) db_get passwd/make-user if [ "$RET" = true ]; then - db_input high user-setup/encrypted-private || true + db_input high user-setup/encrypt-home || true fi ;; - 9) - db_get passwd/make-user - if [ "$RET" = true ]; then - db_get user-setup/encrypted-private - if [ "$RET" = true ]; then - db_input critical user-setup/encrypted-private-passphrase || true - fi - fi - ;; - 10) - db_get passwd/make-user - if [ "$RET" = true ]; then - db_get user-setup/encrypted-private - if [ "$RET" = true ]; then - db_get user-setup/encrypted-private-passphrase - if [ "$RET" ]; then - db_input critical user-setup/encrypted-private-passphrase-again || true - fi - fi - fi - ;; - 11) - db_get passwd/make-user - if [ "$RET" = true ]; then - db_get user-setup/encrypted-private - if [ "$RET" = true ]; then - db_get user-setup/encrypted-private-passphrase - ENCRYPTION_PW="$RET" - if [ "$ENCRYPTION_PW" ]; then - db_get user-setup/encrypted-private-passphrase-again - if [ "$ENCRYPTION_PW" != "$RET" ]; then - db_set user-setup/encrypted-private-passphrase "" - db_set user-setup/encrypted-private-passphrase-again "" - db_fset user-setup/password-mismatch seen false - db_input critical user-setup/password-mismatch - db_fset user-setup/encrypted-private-passphrase seen false - db_fset user-setup/encrypted-private-passphrase seen false - STATE=9 - continue - fi - else - ENCRYPTION_PW="$(head -c 16 /dev/urandom | od -x | head -n 1 | sed 's/^0000000//' | sed 's/\s*//g')" - db_set user-setup/encrypted-private-passphrase "$ENCRYPTION_PW" - db_subst user-setup/encrypted-private-passphrase-display PASSPHRASE "$ENCRYPTION_PW" - db_input critical user-setup/encrypted-private-passphrase-display - fi - fi - fi - ;; - 12) - db_subst user-setup/encrypted-private-passphrase-display PASSPHRASE '' - ;; *) break ;;