Patch attached for user-setup. This patch adds support for adduser --encrypt-home, and the corresponding dialog. It also drastically simplifies the process by removing the more complicated encrypted- private support.
Note that the sponsor should run debconf-updatepo (or the like) to update the translations from the modified template. I'm requesting sponsorship of this package, but I should note that the ecryptfs.ko module will need to be added to the d-i kernel for this to work in the installer! :-Dustin ** Attachment added: "user-setup.debdiff" http://launchpadlibrarian.net/20271698/user-setup.debdiff -- add support for setting up encrypted home directory on user creation https://bugs.launchpad.net/bugs/302870 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: Fix Released Status in “adduser” source package in Ubuntu: Fix Released Status in “ecryptfs-utils” source package in Ubuntu: Fix Released Status in “gnome-system-tools” source package in Ubuntu: Triaged Status in “linux” source package in Ubuntu: Confirmed Status in “system-tools-backends” source package in Ubuntu: Invalid Status in “user-setup” source package in Ubuntu: In Progress Bug description: Binary package hint: adduser I'm currently adding support for bootstrapping an encrypted home directory to the ecryptfs-setup-private utility in the ecryptfs-utils package. This requires a simple patch to the adduser utility, to support an "--encrypt-home" option, which would call: # ecryptfs-setup-private -b -u $USER The call to ecryptfs-setup-private uses the existing code to setup an encrypted home directory. It will generate a mount passphrase from /dev/urandom, establish the user's ecryptfs configuration files, mount the home directory, and return 0. With the home directory mounted, adduser can proceed to copy the /etc/skel files into the mounted, encrypted mountpoint. The adduser utility then needs to unmount that home directory. The "passwd" call within adduser will trigger the password-change code within pam_ecryptfs.so, which will detect the cleartext, randomly generated mount passphrase written to file, and wrap (ie, encrypt) that file using the chosen passphrase. This patch also adds documentation to the manpage regarding the new --encrypt-home option. Finally, this patch modifies the control file to "Recommend" a version of ecryptfs-utils with the required new functionality. Note that Colin said he needs to think about the appropriate level (Recommends vs. Suggests). :-Dustin _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
