Re: [Tails-dev] next big features: status update

Nachricht löschen

Nachricht beantworten
Autor: sajolida
Datum:  
To: The Tails public development discussion list
Betreff: Re: [Tails-dev] next big features: status update
intrigeri:
> sajolida wrote (20 Mar 2012 17:40:59 GMT) :
>> Cool. Could something like this do the trick? There's one patch for
>> Tails greeter and another for the feature/tails-greeter branch.
>> I didn't test it though, and wanted your opinion first.
>
>>  # Check if password is actually set
>>  if [ -z "${TAILS_USER_PASSWORD}" ] ; then
>> -    rm -f "${POLKIT}" "${SUDOERS}"
>> +    rm -f "${POLKIT}" "${SUDOERS}" "${CUSTOM_LECTURE}"
>> +
>>      deluser "${LIVE_USERNAME}" sudo
>>      log_n_exit "Password variable not found."
>>  fi

>
> It seems to me the logics is backwards here:
> the custom lecture should be displayed iff. no password is set,
> rather than hidden iff. no password is set,
> isn't it?


Sure ;)
Here is another one, and this time I've tested it Tails greeter 0.6.

I have a doubt though: I removed the log_n_exit on line 96 because I
really think it prevents the following code from being executed when you
don't set a password, and it shouldn't. The patch works like this but
not otherwise, but maybe I missed something.

--
sajolida
From 0ce74ed231a840e625a39d08f355031076f55bc3 Mon Sep 17 00:00:00 2001
From: Tails developers <tails@???>
Date: Thu, 22 Mar 2012 09:31:05 +0100
Subject: [PATCH] Add a custom lecture when password is disabled.

---
 MANIFEST.in             |    1 +
 PostLogin.default       |    7 ++++++-
 no-password-lecture.txt |    8 ++++++++
 setup.py                |    2 +-
 4 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 no-password-lecture.txt


diff --git a/MANIFEST.in b/MANIFEST.in
index ae963f8..dedd7b2 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,6 +1,7 @@
include community-greeter.py
include tails-greeter.desktop
include tails-logging.conf
+include no-password-lecture.txt
include glade/*.glade
include pixmaps/*.svg
include pixmaps/lang/*.svg
diff --git a/PostLogin.default b/PostLogin.default
index fed7458..698f82a 100755
--- a/PostLogin.default
+++ b/PostLogin.default
@@ -18,6 +18,7 @@ export PATH="/usr/sbin:${PATH}"
LIVE_PASSWORD=live
POLKIT=/etc/polkit-1/localauthority.conf.d/52-tails-greeter.conf
SUDOERS=/etc/sudoers.d/tails-greeter
+NO_PASSWORD_LECTURE=/etc/sudoers.d/tails-greeter-no-password-lecture
KBDSET=/etc/default/keyboard
CONSET=/etc/default/console-setup
LOCALE_CFG=/etc/default/locale
@@ -93,7 +94,7 @@ fi
### Password

# Import password for superuser access
-. /var/lib/gdm3/tails.password || log_n_exit "Password file not found."
+. /var/lib/gdm3/tails.password

 # Remove password file
 rm --interactive=never -f /var/lib/gdm3/tails.password
@@ -102,6 +103,10 @@ rm --interactive=never -f /var/lib/gdm3/tails.password
 if [ -z "${TAILS_USER_PASSWORD}" ] ; then
     rm -f "${POLKIT}" "${SUDOERS}"
     deluser "${LIVE_USERNAME}" sudo
+    echo "Defaults:amnesia lecture=always" > "${NO_PASSWORD_LECTURE}"
+    echo "Defaults:amnesia lecture_file=/usr/share/tails-greeter/no-password-lecture.txt" >> "${NO_PASSWORD_LECTURE}"
+    echo "Defaults:amnesia badpass_message=\"The administration password is disabled.\"" >> "${NO_PASSWORD_LECTURE}"
+    chmod 0440 "${NO_PASSWORD_LECTURE}"
     log_n_exit "Password variable not found."
 fi


diff --git a/no-password-lecture.txt b/no-password-lecture.txt
new file mode 100644
index 0000000..dd6301d
--- /dev/null
+++ b/no-password-lecture.txt
@@ -0,0 +1,8 @@
+By default, the administration password is disabled for better security.
+
+In order to perform administration tasks, you need to setup an administration
+password when starting Tails.
+
+See the corresponding documentation:
+https://tails.boum.org/doc/first_steps/administration_password/.
+
diff --git a/setup.py b/setup.py
index 54bf31f..d04c785 100755
--- a/setup.py
+++ b/setup.py
@@ -66,7 +66,7 @@ setup(
             ( SDIR + 'pixmaps/auto', listfiles( 'pixmaps/auto', '*.*' ) ),
             ( 'share/gdm/autostart/LoginWindow/', [ 'tails-greeter.desktop' ] ),
             ( 'bin/', [ 'tails-lang-helper' ] ),
-            ( SDIR, [ 'tails-logging.conf' ] ),
+            ( SDIR, [ 'tails-logging.conf', 'no-password-lecture.txt' ] ),
         ],
         cmdclass={
                    'build'       : build_extra.build_extra,
-- 
1.7.9.1