[Bug 882314] Re: preseeded installation fails to create .ecryptfs/wrapped-passphrase

Dustin Kirkland dustin.kirkland at gmail.com
Fri Oct 28 21:10:52 UTC 2011 

Reopening the ecryptfs-utils bug.  Adding user-setup task.

This bug is actually quite a bit more complicated than I first realized.

Fundamentally, we have two preseed options which are incompatible:
  d-i passwd/user-password-crypted password $6$.1eHH0iY$ArGz...
and
  d-i user-setup/encrypt-home boolean true

We cannot encrypt the home directory without having access to the
cleartext password.  I'm reverting the "fix" that I had committed to
ecryptfs-utils, which persisted that cleartext password across the first
boot by storing it in /var/tmp, which was not a good idea, as this leaks
the file to disk.  There's no secure way of persisting this sort of data
across a reboot, sorry.

I'm attaching a patch/branch here that adjusts the logic in the user-
setup state machine in d-i which should ensure that *if* you've
requested an encrypted home, and we only have a crypted password, then
we should throw you back into the critical dialogs to choose a password.

** Also affects: user-setup (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: ecryptfs-utils (Ubuntu)
       Status: Fix Released => In Progress

** Changed in: user-setup (Ubuntu)
       Status: New => In Progress

** Changed in: user-setup (Ubuntu)
   Importance: Undecided => Medium

** Patch added: "882314.patch"
   https://bugs.launchpad.net/ubuntu/+source/user-setup/+bug/882314/+attachment/2577114/+files/882314.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to user-setup in Ubuntu.
https://bugs.launchpad.net/bugs/882314

Title:
  preseeded installation fails to create .ecryptfs/wrapped-passphrase

Status in “ecryptfs-utils” package in Ubuntu:
  In Progress
Status in “user-setup” package in Ubuntu:
  In Progress

Bug description:
  Tried to look through ecrypt-setup-private, but couldn't find out
  where it goes wrong.. will attach the sanitized syslog.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/882314/+subscriptions

More information about the foundations-bugs mailing list