Project

General

Profile

Actions

coordination #9536

closed

Test all DMs for working encrypted home support

Added by scarabeus_iv about 9 years ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
QA - future
Start date:
2020-05-05
Due date:
% Done:

100%

Estimated time:
(Total: 16.00 h)

Description

We are currently testing only "encrypt all" scenario. But seems few people are encrypting home partition only.

We need to tweak install phase to allow disk layout change for the encryption of home only
Then we need to have test for each DM (xdm/kdm/sddm/whatever) to see they still can log to the machine just fine.

This is spin-off bnc#954419.

Suggestions

  • Cover three most common display managers: sddm, gdm, xdm
  • Add test suite that encrypt home for a user and then logs in to those three DM's
  • Talk to Yast team to sync work.

Files

j.log (6.03 KB) j.log dheidler, 2016-04-06 11:54

Subtasks 2 (0 open2 closed)

action #65172: [functional][y] Enable scenario with gnome installation with /home partition encryptedResolvedybonatakis2020-05-05

Actions
action #66862: [functional][y] Test interactive installation with encrypted /home partitionResolvedsyrianidou_sofia2020-05-14

Actions

Related issues 1 (0 open1 closed)

Related to openQA Tests - action #29986: [functional][u][opensuse][hard]test fails in multi_users_dmResolveddheidler2018-01-042018-04-24

Actions
Actions #1

Updated by RBrownSUSE about 9 years ago

  • Category set to New test
  • Priority changed from Normal to Low
  • Target version set to 154
Actions #2

Updated by scarabeus_iv about 9 years ago

Copy from the bug:

To create the encrypted home, I just opened YAST, User and Group management, selected the user, Edit, and select to encrypt home, give a size, password is asked, and that's all.
One thing that never happens is that the user's files are moved. They are copied but remain in the home folder.

Actions #3

Updated by scarabeus_iv almost 9 years ago

To create the encrypted home, I just opened YAST, User and Group management, selected the user, Edit, and select to encrypt home, give a size, password is asked, and that's all.
One thing that never happens is that the user's files are moved. They are copied but remain in the home folder.

This morning I added a comment but it is gone, so here again.

I fixed the problem by changing /etc/pa.d/sddm to

auth optional pam_mount.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session optional pam_cryptpass.so
session optional pam_mount.so

The first line and last two lines were added, and since then I was able to log in.

What still is an issue is that the encrypted home is not properly dismounted after log out, which could result in corrupted files, as I discovered in earlier opensuse versions.

Actions #4

Updated by RBrownSUSE almost 9 years ago

  • Checklist item changed from to [ ] TW, [ ] SLE, [ ] Leap
  • Target version deleted (154)
Actions #5

Updated by RBrownSUSE over 8 years ago

  • Assignee set to dheidler
  • Priority changed from Low to Normal
Actions #6

Updated by dheidler over 8 years ago

  • File j.log j.log added
  • Subject changed from Test all DMs for working encrypted home support to [BLOCKED] Test all DMs for working encrypted home support

Blocked on bnc#954419.
Also I tried it with tumbleweed:

  • I created a user 'tux'
  • I changed its home to encrypted using yast
  • I rebooted
  • I cannot login using gdm (It asks me for 2 passwords: pam and keyfile and then behaves as described in bnc#954419)
  • I can login to tty but I seem to get the old unencrypted version of the home directory (with the files I created before setting the home to encrypted). Also I get error messages (see attached log).
Actions #7

Updated by okurz about 8 years ago

bump

Actions #8

Updated by okurz over 7 years ago

so the bug is still open and looks like will never be fixed. @dheidler, what do you propose?

Actions #9

Updated by dheidler over 7 years ago

If the bug won't get fixed, we can't do anything but drop the feature.

Actions #10

Updated by scarabeus_iv over 7 years ago

dheidler wrote:

If the bug won't get fixed, we can't do anything but drop the feature.

As the bug still talks about gdm only why didn't you put the information it fails on gdm too there?
Also maybe it could be reassigned to pam people...

Actions #11

Updated by scarabeus_iv over 7 years ago

I mean the bug now describes the issue only on sddm.

Actions #12

Updated by okurz over 6 years ago

  • Related to action #29986: [functional][u][opensuse][hard]test fails in multi_users_dm added
Actions #13

Updated by okurz over 6 years ago

  • Subject changed from [BLOCKED] Test all DMs for working encrypted home support to [functional][u] Test all DMs for working encrypted home support
  • Target version set to future

Let's put it on the QSF backlog

Actions #14

Updated by dheidler over 6 years ago

  • Assignee deleted (dheidler)
Actions #15

Updated by okurz over 5 years ago

  • Checklist item changed from [ ] TW, [ ] SLE, [ ] Leap to
  • Priority changed from Normal to Low

let's focus more on improving our current tests and workflows first. Putting to "holding tank" :)

Actions #16

Updated by szarate over 4 years ago

  • Priority changed from Low to High
  • Target version changed from future to Milestone 30

Let's look at this for the next grooming session perhaps? ask the y team about possible scenarios already implemented

Actions #17

Updated by szarate over 4 years ago

Spoke to Rodion, they don't have said scenarios, so we could simply create them, but he's also proposing to automate them with autoyast (which is a great idea)

A quick idea:

  • gnome + separate home encrypted on btrfs with snapshots
  • minimal x + lvm with encrypted separate home + xfs

Having HDD with these on the functional job group we could spin up other tests that touch the x11 applications mostly, and maybe things like evolution (although SLED might have more interest?)

Actions #18

Updated by riafarov over 4 years ago

After discussion with Yifan, we will wait for the feedback to know if such scenario is supported and if so what are expectations and then act on this accordingly.

Actions #19

Updated by SLindoMansilla over 4 years ago

  • Description updated (diff)
  • Status changed from New to Workable
  • Estimated time set to 42.00 h
Actions #20

Updated by szarate over 4 years ago

  • Status changed from Workable to New
  • Estimated time deleted (42.00 h)

For now, we're waiting on Yfan's feedback. Kicking this back to the backlog

Actions #21

Updated by yfjiang over 4 years ago

Hi folks,

Checked with release and product side, and talked to people who had experiences with this. The encrypted home is indeed a supported use case for SLED, though the techniques of implementing it evolves.

Thank you for bringing it up, it is worthy of doing, and I think the implementation timeline is best scheduled by the agile team :-) Hope the information helps.

Actions #22

Updated by riafarov over 4 years ago

  • Target version changed from Milestone 30 to Milestone 33

yfjiang wrote:

Hi folks,

Checked with release and product side, and talked to people who had experiences with this. The encrypted home is indeed a supported use case for SLED, though the techniques of implementing it evolves.

Thank you for bringing it up, it is worthy of doing, and I think the implementation timeline is best scheduled by the agile team :-) Hope the information helps.

Hi Yifan! Thanks a lot for the confirmation! We can start with SLES+WE which will be easy to migrate to SLED afterwards.

Actions #23

Updated by szarate over 4 years ago

@Rodion, would you like to move forward with the autoyast approach? This sparked the idea to have an autoyast workshop for the QSFU team, and would then... be a perfect candidate, wdyt?

Actions #24

Updated by riafarov over 4 years ago

  • Subject changed from [functional][u] Test all DMs for working encrypted home support to [functional][epic][u][y] Test all DMs for working encrypted home support
  • Assignee set to riafarov
  • Target version changed from Milestone 33 to Milestone 35+

szarate wrote:

@Rodion, would you like to move forward with the autoyast approach? This sparked the idea to have an autoyast workshop for the QSFU team, and would then... be a perfect candidate, wdyt?

I will convert this one in epic and create subtasks for autoyast for now and we can proceed from there. I did some autoyast sessions before, so even have some slides. Will talk to Mazte to organize it, sounds like a good idea.

Actions #25

Updated by riafarov over 4 years ago

  • Due date changed from 2020-04-21 to 2020-05-05

due to changes in a related task

Actions #26

Updated by riafarov over 4 years ago

  • Due date changed from 2020-05-05 to 2020-05-19

due to changes in a related task: #65172

Actions #27

Updated by ybonatakis over 4 years ago

  • Due date changed from 2020-05-19 to 2020-05-05

due to changes in a related task: #65172

Actions #28

Updated by ybonatakis over 4 years ago

  • Due date changed from 2020-05-05 to 2020-05-19
  • Start date changed from 2020-04-02 to 2020-05-05

due to changes in a related task: #65172

Actions #29

Updated by riafarov over 4 years ago

  • Target version changed from Milestone 35+ to SLE 15 SP3
Actions #30

Updated by riafarov over 4 years ago

  • Due date changed from 2020-05-19 to 2020-09-08

due to changes in a related task: #66862

Actions #31

Updated by riafarov over 4 years ago

  • Due date changed from 2020-09-08 to 2020-09-22

due to changes in a related task: #66862

Actions #32

Updated by riafarov about 4 years ago

  • Project changed from openQA Tests to qe-yam
  • Category deleted (New test)
Actions #33

Updated by riafarov about 4 years ago

  • Project changed from qe-yam to openQA Tests
Actions #34

Updated by szarate about 4 years ago

  • Tracker changed from action to coordination
Actions #36

Updated by riafarov about 4 years ago

  • Project changed from openQA Tests to qe-yam
Actions #37

Updated by riafarov about 4 years ago

  • Subject changed from [functional][epic][u][y] Test all DMs for working encrypted home support to Test all DMs for working encrypted home support
  • Target version changed from SLE 15 SP3 to future

Gnome is covered, other DMs are low prio at the moment.

Actions #38

Updated by riafarov over 3 years ago

  • Assignee changed from riafarov to oorlov
Actions #39

Updated by oorlov almost 3 years ago

  • Assignee changed from oorlov to JERiveraMoya
Actions #40

Updated by JERiveraMoya 10 months ago

  • Status changed from New to Resolved
Actions

Also available in: Atom PDF