action #9536

[functional][u] Test all DMs for working encrypted home support

Added by scarabeus_iv over 4 years ago. Updated 12 months ago.

Status:NewStart date:13/11/2015
Priority:LowDue date:
Assignee:-% Done:

0%

Category:New test
Target version:QA - future
Difficulty:
Duration:

Description

We are currently testing only "encrypt all" scenario. But seems few people are encrypting home partition only.

We need to tweak install phase to allow disk layout change for the encryption of home only
Then we need to have test for each DM (xdm/kdm/sddm/whatever) to see they still can log to the machine just fine.

This is spin-off bnc#954419.

j.log (6.03 KB) dheidler, 06/04/2016 11:54 am


Related issues

Related to openQA Tests - action #29986: [functional][u][opensuse][hard]test fails in multi_users_dm Resolved 04/01/2018 24/04/2018

History

#1 Updated by RBrownSUSE over 4 years ago

  • Category set to New test
  • Priority changed from Normal to Low
  • Target version set to 154

#2 Updated by scarabeus_iv over 4 years ago

Copy from the bug:

To create the encrypted home, I just opened YAST, User and Group management, selected the user, Edit, and select to encrypt home, give a size, password is asked, and that's all.
One thing that never happens is that the user's files are moved. They are copied but remain in the home folder.

#3 Updated by scarabeus_iv about 4 years ago

To create the encrypted home, I just opened YAST, User and Group management, selected the user, Edit, and select to encrypt home, give a size, password is asked, and that's all.
One thing that never happens is that the user's files are moved. They are copied but remain in the home folder.

This morning I added a comment but it is gone, so here again.

I fixed the problem by changing /etc/pa.d/sddm to

auth optional pam_mount.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session optional pam_cryptpass.so
session optional pam_mount.so

The first line and last two lines were added, and since then I was able to log in.

What still is an issue is that the encrypted home is not properly dismounted after log out, which could result in corrupted files, as I discovered in earlier opensuse versions.

#4 Updated by RBrownSUSE about 4 years ago

  • Checklist set to [ ] TW, [ ] SLE, [ ] Leap
  • Target version deleted (154)

#5 Updated by RBrownSUSE almost 4 years ago

  • Assignee set to dheidler
  • Priority changed from Low to Normal

#6 Updated by dheidler almost 4 years ago

  • File j.log added
  • Subject changed from Test all DMs for working encrypted home support to [BLOCKED] Test all DMs for working encrypted home support

Blocked on bnc#954419.
Also I tried it with tumbleweed:
* I created a user 'tux'
* I changed its home to encrypted using yast
* I rebooted
* I cannot login using gdm (It asks me for 2 passwords: pam and keyfile and then behaves as described in bnc#954419)
* I can login to tty but I seem to get the old unencrypted version of the home directory (with the files I created before setting the home to encrypted). Also I get error messages (see attached log).

#7 Updated by okurz over 3 years ago

bump

#8 Updated by okurz almost 3 years ago

so the bug is still open and looks like will never be fixed. @dheidler, what do you propose?

#9 Updated by dheidler almost 3 years ago

If the bug won't get fixed, we can't do anything but drop the feature.

#10 Updated by scarabeus_iv almost 3 years ago

dheidler wrote:

If the bug won't get fixed, we can't do anything but drop the feature.

As the bug still talks about gdm only why didn't you put the information it fails on gdm too there?
Also maybe it could be reassigned to pam people...

#11 Updated by scarabeus_iv almost 3 years ago

I mean the bug now describes the issue only on sddm.

#12 Updated by okurz almost 2 years ago

  • Related to action #29986: [functional][u][opensuse][hard]test fails in multi_users_dm added

#13 Updated by okurz over 1 year ago

  • Subject changed from [BLOCKED] Test all DMs for working encrypted home support to [functional][u] Test all DMs for working encrypted home support
  • Target version set to future

Let's put it on the QSF backlog

#14 Updated by dheidler over 1 year ago

  • Assignee deleted (dheidler)

#15 Updated by okurz 12 months ago

  • Checklist deleted ([ ] TW, [ ] SLE, [ ] Leap)
  • Priority changed from Normal to Low

let's focus more on improving our current tests and workflows first. Putting to "holding tank" :)

Also available in: Atom PDF