[Bug 1921358] Re: [FFe] Master recovery key

Ɓukasz Zemczak 1921358 at bugs.launchpad.net
Thu Mar 25 10:25:31 UTC 2021 

Ok, this is really close, but since we're still before Beta Freeze then
I think it's safe to land. Proceed, do as much testing of the new
ubiquity with dailies as possible and watch for regressions. Also, did
you inform the documentation and translation teams about the new UI and
layout? If not, please do. FFe approved.

** Changed in: ubiquity (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1921358

Title:
  [FFe] Master recovery key

Status in ubiquity package in Ubuntu:
  Triaged

Bug description:
  [Description]
  This new feature of the installer adds a recovery key to the password page when the user selects an encrypted installation.
  The recovery key contains digits only and is generated automatically. The user can write it down or save it to a file that can then be used as input to unlock an encrypted volume.

  This patch modifies the crypto page of the installer, the debconf
  templates (which introduces new strings) and the related python code.

  [Rationale]
  This is a request from corporate users to recover machines where the primary key has been lost (forgotten, user left the company, ...)

  [Risks]
  * Errors in python or UI code, either the installer won't load at all or the security page will trigger a crash. These are both highly visible crashes. The logs are in /var/log/syslog and /var/log/installer/
  * Errors in the debconf templates: Some strings won't be translated on non-english installations
  * When the file browser opens verify that it opens in the right home directory. If it fails it would be a minor issue, the user can still browse to a writable location.

  [Build]
  Builds and tested successfully locally in live session and ubiquity-dm

  [Other info] 
  Code reviewed, approved and already merged in main.

  [Test Plan]
  1. Start latest Focal iso, and install the deb package ubiquity, ubiquity-frontend-gtk and ubiquity-ubuntu-artwork.
  2. Proceed with the installation until the partitioning page.
  3. Select "Advanced features"
  4. In the new dialog, select LVM and check the box to enable encryption.
  5. Close the dialog and continue installation
  6. The page to enter a passphrase will be displayed.
  7. Enter a passphrase.
  8. In the "recovery key" section of the page, make the field visible to reveal the automatically generated password. Verify that it contains only digits.
  9. Click on the refresh button next to the field and verify that the password is refreshed and contains only digits.
  10. Write the password down.
  11. Click on the file browser icon, and verify that the file browser opens in the home directory of the user.
  12. Create a new folder to write the key too and close the file browser window
  13. Continue with installation to the end but do not reboot yet.
  14. Open Nautilus or a terminal and verify that the key is saved to the location you entered previously.
  15. Verify that the content of the key matches the password that you wrote down in step 10.
  16. Reboot the machine.
  17. At the password prompt of plymouth, enter the passphrase you entered at step 7, press enter, and verify that the volume is unlocked and the machine boots as expected.
  18. Reboot the machine
  19. At the password prompt of plymouth, enter the password you wrote down at step 10, press enter, and verify that the volume is unlocked and the machine boots as expected.
  20. Repeat the test from ubiquity-dm (boot with systemd.unit=rescue.target, in recovery mode systemctl start network-online.target, copy the debs with scp and install them)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1921358/+subscriptions

More information about the foundations-bugs mailing list