Comment 3 for bug 882314

Reopening the ecryptfs-utils bug. Adding user-setup task.

This bug is actually quite a bit more complicated than I first realized.

Fundamentally, we have two preseed options which are incompatible:
  d-i passwd/user-password-crypted password $6$.1eHH0iY$ArGz...
and
  d-i user-setup/encrypt-home boolean true

We cannot encrypt the home directory without having access to the cleartext password. I'm reverting the "fix" that I had committed to ecryptfs-utils, which persisted that cleartext password across the first boot by storing it in /var/tmp, which was not a good idea, as this leaks the file to disk. There's no secure way of persisting this sort of data across a reboot, sorry.

I'm attaching a patch/branch here that adjusts the logic in the user-setup state machine in d-i which should ensure that *if* you've requested an encrypted home, and we only have a crypted password, then we should throw you back into the critical dialogs to choose a password.