[Bug 1921091] Re: [SRU] New feature: Encryption recovery key

Ɓukasz Zemczak 1921091 at bugs.launchpad.net
Fri Aug 6 13:34:11 UTC 2021 

Hello Jean-Baptiste, or anyone else affected,

Accepted ubiquity into focal-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ubiquity/20.04.15.17
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Tags removed: verification-failed verification-failed-focal
** Tags added: verification-needed verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1921091

Title:
  [SRU] New feature: Encryption recovery key

Status in ubiquity package in Ubuntu:
  Fix Released
Status in ubiquity source package in Focal:
  Fix Committed

Bug description:
  [Impact] 
  This new feature of the installer adds a recovery key to the password page when the user selects an encrypted installation. 
  The recovery key contains digits only and is generated automatically. The user can write it down or save it to a file that can then be used as input to unlock an encrypted volume.

  This is a request from corporate users of the LTS to recover machines
  where the primary key has been lost (forgotten, user left the company,
  ...)

  This patch modifies the crypto page of the installer, the debconf
  templates (which introduces new strings) and the related python code.

  [Test Plan]
  1. Start latest Focal iso, and install the deb package ubiquity, ubiquity-frontend-gtk and ubiquity-ubuntu-artwork.
  2. Proceed with the installation until the partitioning page. 
  3. Select "Advanced features"
  4. In the new dialog, select LVM and check the box to enable encryption.
  5. Close the dialog and continue installation
  6. The page to enter a passphrase will be displayed.
  7. Enter a passphrase.
  8. In the "recovery key" section of the page, make the field visible to reveal the automatically generated password. Verify that it contains only digits.
  9. Click on the refresh button next to the field and verify that the password is refreshed and contains only digits.
  10. Write the password down.
  11. Click on the file browser icon, and verify that the file browser opens in the home directory of the user.
  12. Create a new folder to write the key too and close the file browser window
  13. Continue with installation to the end but do not reboot yet.
  14. Open Nautilus or a terminal and verify that the key is saved to the location you entered previously.
  15. Verify that the content of the key matches the password that you wrote down in step 10.
  16. Reboot the machine.
  17. At the password prompt of plymouth, enter the passphrase you entered at step 7, press enter, and verify that the volume is unlocked and the machine boots as expected.
  18. Reboot the machine
  19. At the password prompt of plymouth, enter the password you wrote down at step 10, press enter, and verify that the volume is unlocked and the machine boots as expected.
  20. Repeat the test from ubiquity-dm (boot with systemd.unit=rescue.target, in recovery mode systemctl start network-online.target, copy the debs with scp and install them)

  [Where problem could occur]
  * Errors in python or UI code, either the installer won't load at all or the security page will trigger a crash. These are both highly visible crashes. The logs are in /var/log/syslog and /var/log/installer/
  * Errors in the debconf templates: Some strings won't be translated on non-english installations
  * When the file browser opens verify that it opens in the right home directory. If it fails it would be a minor issue, the user can still browse to a writable location.

  [Other info]
  The package builds on latest daily focal image (20210323)
  Tested in live session and ubiquity-dm mode.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1921091/+subscriptions

More information about the foundations-bugs mailing list