Ubuntu
wsl-setup package

Merge ~cnihelton/ubuntu/+source/wsl-setup:lp-2122047-new-upstream-version into ubuntu/+source/wsl-setup:ubuntu/devel

Proposed by Carlos Nihelton on 2025-12-17

Status:

Merged

Merged at revision:

ecf8d011e9cc2e09421859238d286dfd329650a2

Proposed branch:

~cnihelton/ubuntu/+source/wsl-setup:lp-2122047-new-upstream-version

Merge into:

ubuntu/+source/wsl-setup:ubuntu/devel

Diff against target:

1517 lines (+1226/-100)

20 files modified

.github/actions/get-wsl-image/action.yaml (+118/-0)
.github/actions/validate-wsl/action.yaml (+113/-0)
.github/dependabot.yaml (+18/-0)
.github/workflows/integration.yaml (+328/-0)
.github/workflows/shellcheck.yaml (+27/-0)
.shellcheckrc (+1/-0)
CONTRIBUTING.md (+102/-0)
SECURITY.md (+53/-0)
debian/changelog (+12/-0)
debian/control (+1/-0)
debian/install (+2/-1)
debian/rules (+0/-1)
dev/null (+0/-7)
test/basic-assertions.sh (+30/-0)
test/e2e/setup.expect (+113/-0)
test/systemd-assertions.sh (+33/-0)
test/ubuntu-insights-assertions.sh (+33/-0)
ubuntu-insights.sh (+143/-0)
wait-for-cloud-init (+2/-2)
wsl-setup (+97/-89)

High

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Nick Rosbrook (community)	2025-12-17	Approve on 2026-01-12
git-ubuntu import	2025-12-17	Pending
Review via email: mp+497725@code.launchpad.net

Commit message

wsl-setup (0.6.1) resolute; urgency=medium

  [ Kat Kuo]
  * Added ubuntu-insights integration
  * Added integration tests in upstream CI

  [Carlos Nihelton]
  * Case-fold the Windows username before sanitization (LP: #2122047)
  * Remove the systemd-timesyncd.service override that would enable it in WSL

Description of the change

This imports the new upstream version of the wsl-setup package to Resolute Racoon, fixing the bug LP #2122047 and improving the package quality by fixing some lintian warnings.
A considerable size in the diff is due new CI workflows being added for enhanced automated testing of this package in the upstream repository CI (GitHub). Those tests are run in upstream CI at pull requests, but not during package building time because most of them needs to run on Windows.

Given the fact this is a native package, uploading this branch would be equivalent in terms of contents to just checking out the repository at the tag 0.6.0, creating the source package and uploading it. The commit IDs wouldn't match though because this branch is created by turning the diff between ubuntu/devel and upstream/tags/0.6.1 into patches applied with `git am`, thus shown as new and linear commits.

Revision history for this message

Nick Rosbrook (enr0n) wrote on 2026-01-12:

This is a bit awkward of a PR, because it wsl-setup is native, and in it's actual git repo this is already merged... so there is not much to "review" at this point.

If you just want the git-ubuntu history to be aligned with upstream, fair enough. Otherwise, there's not too much reason to make git-ubuntu PRs for this package in the future.

In any case, sponsoring.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Carlos Nihelton

git-ubuntu import

 diff --git a/.github/actions/get-wsl-image/action.yaml b/.github/actions/get-wsl-image/action.yaml
 new file mode 100644
 index 0000000..b93fd29
 --- /dev/null
 +++ b/.github/actions/get-wsl-image/action.yaml
@@ -0,0 +1,118 @@
++# This action gets the latest WSL image, leveraging both the persistent behavior of our runners, and the GitHub cache
++name: Get WSL Image
++description: Get the latest WSL image, leveraging both the persistent behavior of our runners, and the GitHub cache
++
++inputs:
++  base_url:
++    description: "The base URL to download the WSL image from"
++    required: false
++    default: "https://cdimages.ubuntu.com/ubuntu-wsl/daily-live/current/"
++  arch:
++    description: "The architecture of the WSL image to download (amd64 or arm64)"
++    required: false
++    default: "amd64"
++  output_path:
++    description: "The path to save the downloaded WSL image to"
++    required: false
++    default: "daily-image.wsl"
++outputs:
++  cache-key:
++    description: "The cache key for the WSL image"
++    value: ${{ steps.compute-cache-key.outputs.cache-key }}
++  image-name:
++    description: "The name of the image we found"
++    value: ${{ steps.compute-cache-key.outputs.image-name }}
++
++runs:
++  using: "composite"
++  steps:
++    - name: Compute image cache key
++      id: compute-cache-key
++      shell: bash
++      run: |
++        set -euo pipefail
++
++        shafile="${{ runner.temp }}/SHA256SUMS"
++        uri="${{ inputs.base_url }}/SHA256SUMS"
++        if ! curl --fail -o "$shafile" "${uri}"; then
++            echo "::error:: Failed to download the checksum file from $uri."
++            exit 1
++        fi
++
++        # Look for a line matching the pattern: <sha> *<name>-wsl-<arch>.wsl
++        arch="${{ inputs.arch }}"
++        line=$(grep -E "^[a-f0-9]+[[:space:]]+\*.*-wsl-${arch}\.wsl$" "$shafile")
++        if [ -z "$line" ]; then
++          echo "::error:: No WSL image found for architecture '$arch' in the $shafile file."
++          exit 2
++        fi
++
++        # Extract the SHA (first field) and image name (second field without the *)
++        sha=$(echo "$line" | awk '{print $1}')
++        image_name=$(echo "$line" | awk '{print $2}' | sed 's/^\*//')
++
++        echo "cache-key=$sha" >> "$GITHUB_OUTPUT"
++        echo "image-name=$image_name" >> "$GITHUB_OUTPUT"
++
++    - name: Validate image
++      id: check-locally
++      shell: bash
++      run: |
++        set -euo pipefail
++
++        expected_sha="${{ steps.compute-cache-key.outputs.cache-key }}"
++        output_path="${{ inputs.output_path }}"
++
++        if [ -r "$output_path" ]; then
++          echo "Found local image at $output_path"
++
++          # Compare the SHAs
++          if (echo "$expected_sha  $output_path" | sha256sum -c); then
++            echo "✅ Local image matches expected SHA. Using local file."
++            echo "is-valid=true" >> "$GITHUB_OUTPUT"
++          else
++            echo "❌ Local image SHA does not match expected SHA. Will need to download."
++            rm "$output_path"
++            echo "is-valid=false" >> "$GITHUB_OUTPUT"
++          fi
++        else
++          echo "No local image found at $output_path"
++          echo "is-valid=false" >> "$GITHUB_OUTPUT"
++        fi
++
++    - name: Restore image cache
++      id: restore-cache
++      if: ${{ steps.check-locally.outputs.is-valid != 'true' }}
++      uses: actions/cache/restore@v4
++      with:
++        path: ${{ inputs.output_path }}
++        key: ${{ steps.compute-cache-key.outputs.cache-key }}
++        enableCrossOsArchive: true
++
++    - name: Download image
++      if: ${{ steps.check-locally.outputs.is-valid != 'true' && steps.restore-cache.outputs.cache-hit != 'true' }}
++      shell: bash
++      run: |
++        set -euo pipefail
++
++        expected_sha="${{ steps.compute-cache-key.outputs.cache-key }}"
++        output_path="${{ inputs.output_path }}"
++
++        uri="${{ inputs.base_url }}/${{ steps.compute-cache-key.outputs.image-name }}"
++        if ! curl --fail -o "$output_path" "$uri"; then
++            echo "::error:: Failed to download the WSL image from $uri"
++            exit 1
++        fi
++
++        if ! (echo "$expected_sha  $output_path" | sha256sum -c); then
++            echo "::error:: Downloaded WSL image SHA does not match expected SHA."
++            exit 2
++        fi
++
++    - name: Save image to cache
++      if: ${{ steps.restore-cache.outputs.cache-hit != 'true' }}
++      uses: actions/cache/save@v4
++      with:
++        path: ${{ inputs.output_path }}
++        key: ${{ steps.restore-cache.outputs.cache-primary-key }}
++        enableCrossOsArchive: true
 diff --git a/.github/actions/validate-wsl/action.yaml b/.github/actions/validate-wsl/action.yaml
 new file mode 100644
 index 0000000..ac24cb8
 --- /dev/null
 +++ b/.github/actions/validate-wsl/action.yaml
@@ -0,0 +1,113 @@
++# This action validates a newly set up WSL instance by running a set of basic assertions. Interop must be enabled.
++name: Validate WSL Setup
++description: Validate a newly set up WSL instance by running a set of basic assertions.
++
++inputs:
++  instance:
++    description: "The name of the WSL instance to validate"
++    required: true
++  working-dir:
++    description: "The working directory to checkout scripts to inside the WSL instance"
++    required: true
++  expected-user:
++    description: "The expected default user in the WSL instance"
++    required: true
++  expected-internal-consent-state:
++    description: "The expected default Ubuntu Insights internal consent state (true, false)"
++    required: true
++  expected-registry-consent-state:
++    description: "The expected Ubuntu Insights registry consent state. If skip, asserts that the registry key doesn't exist."
++    required: false
++    default: "skip"
++  skip-systemd-assertions:
++    description: "Whether to skip systemd specific tests"
++    required: false
++    default: "false"
++  skip-font-assertions:
++    description: "Whether to skip the font installation test"
++    required: false
++    default: "false"
++
++runs:
++  using: "composite"
++  steps:
++    - name: Terminate WSL instance
++      shell: powershell
++      run: |
++        wsl --terminate ${{ inputs.instance }}
++
++    - name: Checkout scripts into WSL
++      uses: ubuntu/WSL/.github/actions/wsl-checkout@main
++      with:
++        distro: ${{ inputs.instance }}
++        working-dir: ${{ inputs.working-dir }}
++
++    - name: Run basic assertions
++      uses: ubuntu/WSL/.github/actions/wsl-bash@main
++      with:
++        distro: ${{ inputs.instance }}
++        working-dir: ${{ inputs.working-dir }}
++        exec: |
++          source test/basic-assertions.sh "${{ inputs.expected-user }}"
++
++    - name: Run font installation assertions
++      if: ${{ inputs.skip-font-assertions == 'false' }}
++      shell: powershell
++      run: |
++        if (!(Test-Path -Path "${env:LocalAppData}\Microsoft\Windows\Fonts\Ubuntu*.ttf")) {
++          Write-Error "Ubuntu font was not installed as expected"
++          Exit 1
++        }
++        if (!(Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Fonts\" -Name "Ubuntu*" )) {
++          Write-Error "Ubuntu font was not registered"
++          Exit 2
++        }
++
++    - name: Run systemd assertions
++      if: ${{ inputs.skip-systemd-assertions == 'false' }}
++      uses: ubuntu/WSL/.github/actions/wsl-bash@main
++      with:
++        distro: ${{ inputs.instance }}
++        working-dir: ${{ inputs.working-dir }}
++        exec: |
++          source test/systemd-assertions.sh
++
++    - name: Run internal insights consent assertions
++      uses: ubuntu/WSL/.github/actions/wsl-bash@main
++      with:
++        distro: ${{ inputs.instance }}
++        working-dir: ${{ inputs.working-dir }}
++        exec: |
++          source test/ubuntu-insights-assertions.sh "${{ inputs.expected-internal-consent-state }}"
++
++    - name: Run registry insights consent assertions
++      shell: powershell
++      run: |
++        $registry_key_path = "HKCU:\Software\Canonical\Ubuntu\"
++        $registry_value_name = "UbuntuInsightsConsent"
++
++        if ("${{ inputs.expected-registry-consent-state }}" -eq "skip") {
++          # Expect the registry key to not exist
++          try {
++            $reg = Get-ItemProperty -Path $registry_key_path -Name $registry_value_name -ErrorAction Stop
++            Write-Error "Ubuntu Insights registry key was found but was not expected"
++            Exit 1
++          } catch {
++            # Key does not exist as expected
++            Exit 0
++          }
++        }
++
++        try {
++          $reg = Get-ItemProperty -Path $registry_key_path -Name $registry_value_name -ErrorAction Stop
++        } catch {
++          Write-Error "Ubuntu Insights registry key not found"
++          Exit 1
++        }
++
++        $actual = $reg.UbuntuInsightsConsent
++        $expected = "${{ inputs.expected-registry-consent-state }}"
++        if (-not ("$actual".Trim() -ieq "$expected".Trim())) {
++          Write-Error "Ubuntu Insights registry value mismatch. Expected '$expected' but found '$actual'"
++          Exit 2
++        }
 diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
 new file mode 100644
 index 0000000..1ee0310
 --- /dev/null
 +++ b/.github/dependabot.yaml
@@ -0,0 +1,18 @@
++version: 2
++updates:
++  # Infrastructure
++  ## GitHub Actions
++  - package-ecosystem: "github-actions"
++    # Workflow files stored in the
++    # default location of `.github/workflows`
++    directory: "/"
++    schedule:
++      interval: "weekly"
++      day: "thursday"
++      time: "09:00"
++    groups:
++      gh-actions:
++        #applies-to: version-updates
++        patterns: ["*"]
++    commit-message:
++      prefix: "deps(ci)"
 diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml
 new file mode 100644
 index 0000000..9bfd6c3
 --- /dev/null
 +++ b/.github/workflows/integration.yaml
@@ -0,0 +1,328 @@
++name: Integration tests
++on:
++  pull_request:
++  workflow_dispatch:
++  schedule:
++    - cron: "4 3 * * 2" # Tuesdays 03:04 am.
++  push:
++    branches: ["main"]
++env:
++  instance: Ubuntu-${{ github.run_id }}
++  profile_script: /etc/profile.d/99-quit-wsl.sh
++  instance_working_dir: ~/wsl-setup-${{ github.run_id }}
++  insights_registry_key_path: "HKCU:\\Software\\Canonical\\Ubuntu"
++  insights_registry_value_name: "UbuntuInsightsConsent"
++
++jobs:
++  build-deb:
++    name: Build wsl-setup debian package
++    runs-on: ubuntu-latest
++    steps:
++      - name: Check out repository
++        uses: actions/checkout@v6
++      - name: Build deb
++        uses: canonical/desktop-engineering/gh-actions/common/build-debian@main
++        with:
++          token: ${{ secrets.GITHUB_TOKEN }}
++          docker-image: ubuntu:devel
++
++  cache-img:
++    name: Cache the daily-live image
++    runs-on: ubuntu-latest
++    steps:
++      - name: Check out repository
++        uses: actions/checkout@v6
++      - name: Get WSL Image
++        uses: ./.github/actions/get-wsl-image
++        with:
++          output_path: images.wsl
++
++  cloud-init-test:
++    needs: [build-deb, cache-img]
++    name: "Cloud-init tests"
++    runs-on: windows-2025 # WSL and winget are preinstalled and working
++    strategy:
++      fail-fast: false
++      matrix:
++        ubuntu-insights-flag: ["0", "1", "12", "skip"] # False, True, Invalid, Not set
++        ubuntu-insights-state: ["false", "true", "null", "skip"]
++        exclude:
++          # Skip combinations that would result in an interactive prompt
++          - ubuntu-insights-flag: "skip"
++            ubuntu-insights-state: "null"
++          - ubuntu-insights-flag: "12"
++            ubuntu-insights-state: "null"
++          - ubuntu-insights-flag: "skip"
++            ubuntu-insights-state: "skip"
++          - ubuntu-insights-flag: "12"
++            ubuntu-insights-state: "skip"
++
++    steps:
++      - name: Check out repository
++        uses: actions/checkout@v6
++
++      - name: Download artifacts
++        uses: actions/download-artifact@v7
++        with:
++          path: ci-artifacts
++          # name: is left blank so that all artifacts are downloaded, thus we don't couple on
++          # whatever name was chosen in the build-debian action.
++
++      - name: Get WSL image
++        uses: ./.github/actions/get-wsl-image
++        with:
++          output_path: images.wsl
++
++      - name: Prepare Ubuntu Insights consent registry key
++        if: matrix.ubuntu-insights-flag != 'skip'
++        shell: powershell
++        run: |
++          New-Item -Path "${{ env.insights_registry_key_path }}" -Force
++          New-ItemProperty -Path "${{ env.insights_registry_key_path }}" -Name "${{ env.insights_registry_value_name }}" -Value "${{ matrix.ubuntu-insights-flag }}" -PropertyType DWord -Force
++
++      - name: Prepare WSL instance and cloud-init
++        shell: powershell
++        env:
++          WSL_UTF8: "1" # Recommended otherwise it's hard to read wsl output on Github
++          # Just to skip the interactive session
++          cloudinit: |
++            #cloud-config
++            users:
++            - name: u
++              gecos: Ubuntu User
++              groups: [adm,dialout,cdrom,floppy,sudo,audio,dip,video,plugdev,netdev]
++              sudo: ALL=(ALL) NOPASSWD:ALL
++              shell: /bin/bash
++            packages: [hello]
++            write_files:
++            - path: /etc/wsl.conf
++              append: true
++              content: |
++                [user]
++                default=u
++        run: |
++          if ("${{ matrix.ubuntu-insights-state }}" -ne "skip") {
++            $env:cloudinit += "`- path: /home/u/.config/ubuntu-insights/wsl_setup-consent.toml`n  owner: u:u`n  permissions: '0755'`n  defer: true`n  content: |`n    consent_state = ${{ matrix.ubuntu-insights-state }}"
++          }
++
++          # No launch so we can install the deb before running the OOBE
++          wsl --install --no-launch --from-file "images.wsl" --name "${{ env.instance }}"
++          wsl -d "${{ env.instance }}" -u root -- ls -l "./ci-artifacts/wsl-setup_*/"
++          wsl -d "${{ env.instance }}" -u root -- dpkg -i "./ci-artifacts/wsl-setup_*/wsl-setup_*.deb"
++
++          # In case cloud-init fails we don't get stuck on endless prompting.
++          wsl -d "${{ env.instance }}" -u root -- adduser --quiet --gecos '' --disabled-password ubuntu
++          wsl -d "${{ env.instance }}" -u root -- usermod ubuntu -aG "adm,cdrom,sudo,dip,plugdev"
++          wsl -d "${{ env.instance }}" -u root -- cloud-init status --wait
++          wsl -d "${{ env.instance }}" -u root -- bash -ec "rm /etc/cloud/cloud-init.disabled || true"
++          wsl -d "${{ env.instance }}" -u root -- bash -ec "echo -e '#!/bin/bash\necho Exiting because the profile says so\nexit 0' > ${{ env.profile_script }}"
++          wsl -d "${{ env.instance }}" -u root -- chmod '0777' ${{ env.profile_script }}
++          wsl -d "${{ env.instance }}" -u root -- cloud-init clean --logs
++          wsl --shutdown
++
++          # Write the cloud-init user-data contents.
++          $cloudinitdir = New-Item -ItemType "Directory" -Path "${env:UserProfile}\.cloud-init\" -Force
++          # TODO: Investigate why UTF-8 BOM seems to break cloud-init.
++          $filePath="${cloudinitdir}\${{ env.instance }}.user-data"
++          $utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False
++          [System.IO.File]::WriteAllLines($filePath, $env:cloudinit, $utf8NoBomEncoding)
++          Write-Output "Testing wsl-setup with cloud-init user data at ${cloudinitdir} :"
++          Get-Content "${cloudinitdir}\${{ env.instance }}.user-data"
++
++      - name: Test initial setup
++        timeout-minutes: 10
++        shell: powershell
++        run: |
++          wsl -d "${{ env.instance }}" # Will run the wsl-setup script.
++
++          wsl -d "${{ env.instance }}" -u root -- bash -ec "rm ${{ env.profile_script }} || true"
++          wsl -d "${{ env.instance }}" -u root -- bash -ec "cat /var/log/cloud-init.log || true"
++          wsl --terminate ${{ env.instance }}
++
++      - name: Determine expected consent state
++        id: expected-consent
++        shell: powershell
++        run: |
++          $state = "${{ matrix.ubuntu-insights-state }}"
++          $flag  = "${{ matrix.ubuntu-insights-flag }}"
++
++          if ($state -eq "true" -or $state -eq "false") {
++              $expected = $state
++          } elseif ($flag -eq "1") {
++              $expected = "true"
++          } elseif ($flag -eq "0") {
++              $expected = "false"
++          } else {
++              Write-Error "Internal test setup error: invalid state='$state' and flag='$flag'. Expected state to be 'true' or 'false', or flag to be '0' or '1'."
++              Exit 1
++          }
++
++          Add-Content -Path $env:GITHUB_OUTPUT -Value "expected=$expected"
++
++      - name: Validate instance state
++        uses: ./.github/actions/validate-wsl
++        with:
++          instance: ${{ env.instance }}
++          working-dir: ${{ env.instance_working_dir }}
++          expected-user: u
++          expected-internal-consent-state: ${{ steps.expected-consent.outputs.expected }}
++          expected-registry-consent-state: ${{ matrix.ubuntu-insights-flag }}
++
++      - name: Run hello package
++        uses: ubuntu/WSL/.github/actions/wsl-bash@main
++        with:
++          distro: ${{ env.instance }}
++          working-dir: ${{ env.instance_working_dir }}
++          exec: |
++            if ! hello; then
++              echo "::error:: Failed to execute the hello program that should have been installed by cloud-init"
++              exit 1
++            fi
++
++      - name: Clean up # Probably not necessary since we're leveraging ephemeral GH's runners.
++        if: always()
++        shell: powershell
++        run: |
++          wsl --unregister ${{ env.instance }}
++
++  interactive-test:
++    needs: [build-deb, cache-img]
++    name: "Interactive Expect tests"
++    runs-on: windows-2025 # WSL is preinstalled and working
++    env:
++      username: test-ubuntu-user
++      password: TestPass123!
++    strategy:
++      fail-fast: false
++      matrix:
++        include:
++          # Basic interactive consent
++          - consent: "default"
++            consent-registry-flag: "skip"
++            config-state: "skip"
++            expected-internal: "true"
++            expected-registry: "1"
++          - consent: "yes"
++            consent-registry-flag: "skip"
++            config-state: "skip"
++            expected-internal: "true"
++            expected-registry: "1"
++          - consent: "no"
++            consent-registry-flag: "skip"
++            config-state: "skip"
++            expected-internal: "false"
++            expected-registry: "0"
++          # Handle null states
++          - consent: "yes"
++            consent-registry-flag: "123"
++            config-state: "null"
++            expected-internal: "true"
++            expected-registry: "1"
++          # Config state takes precedence over registry flag
++          - consent: "skip"
++            consent-registry-flag: "1"
++            config-state: "false"
++            expected-internal: "false"
++            expected-registry: "1"
++          - consent: "skip"
++            consent-registry-flag: "0"
++            config-state: "true"
++            expected-internal: "true"
++            expected-registry: "0"
++          # Registry flag takes precedence over interactive prompt
++          - consent: "skip"
++            consent-registry-flag: "1"
++            config-state: "skip"
++            expected-internal: "true"
++            expected-registry: "1"
++          - consent: "skip"
++            consent-registry-flag: "0"
++            config-state: "null"
++            expected-internal: "false"
++            expected-registry: "0"
++
++    steps:
++      - name: Check out repository
++        uses: actions/checkout@v6
++
++      - name: Download artifacts
++        uses: actions/download-artifact@v7
++        with:
++          path: ci-artifacts
++
++      - name: Get WSL image
++        uses: ./.github/actions/get-wsl-image
++        with:
++          output_path: images.wsl
++
++      - name: Prepare Ubuntu Insights consent registry key
++        if: matrix.consent-registry-flag != 'skip'
++        shell: powershell
++        run: |
++          New-Item -Path "${{ env.insights_registry_key_path }}" -Force
++          New-ItemProperty -Path "${{ env.insights_registry_key_path }}" -Name "${{ env.insights_registry_value_name }}" -Value "${{ matrix.consent-registry-flag }}" -PropertyType DWord -Force
++
++      - name: Install WSL instance
++        shell: powershell
++        env:
++          WSL_UTF8: "1"
++        run: |
++          wsl --install --no-launch --from-file "images.wsl" --name "${{ env.instance }}"
++
++      - name: Install wsl-setup and test dependencies
++        shell: powershell
++        env:
++          WSL_UTF8: "1"
++        run: |
++          # Install the deb package
++          wsl -d "${{ env.instance }}" -u root -- dpkg -i "./ci-artifacts/wsl-setup_*/wsl-setup_*.deb"
++          # Install expect
++          wsl -d "${{ env.instance }}" -u root -- apt-get update
++          wsl -d "${{ env.instance }}" -u root -- apt-get install -y expect
++
++      - name: Configure consent file
++        if: matrix.config-state != 'skip'
++        shell: powershell
++        env:
++          WSL_UTF8: "1"
++        run: |
++          $configContent = "consent_state = ${{ matrix.config-state }}"
++          wsl -d "${{ env.instance }}" -u root -- bash -c "mkdir -p /etc/skel/.config/ubuntu-insights"
++          wsl -d "${{ env.instance }}" -u root -- bash -c "echo '$configContent' > /etc/skel/.config/ubuntu-insights/wsl_setup-consent.toml"
++
++      - name: Reset WSL instance state
++        shell: powershell
++        env:
++          WSL_UTF8: "1"
++        run: |
++          wsl -d "${{ env.instance }}" -u root -- cloud-init status --wait
++          wsl -d "${{ env.instance }}" -u root -- bash -ec "rm /etc/cloud/cloud-init.disabled || true"
++          wsl -d "${{ env.instance }}" -u root -- cloud-init clean --logs
++          wsl --shutdown
++
++      - name: Run expect test
++        shell: powershell
++        env:
++          WSL_UTF8: "1"
++        timeout-minutes: 10
++        run: |
++          # Copy expect script to instance
++          wsl -d "${{ env.instance }}" -u root -- cp "test/e2e/setup.expect" "/tmp/setup.expect"
++
++          # Run the expect script
++          wsl -d "${{ env.instance }}" -u root -- expect /tmp/setup.expect "${{ env.username }}" "${{ env.password }}" "${{ matrix.consent }}"
++
++      - name: Validate instance state
++        uses: ./.github/actions/validate-wsl
++        with:
++          instance: ${{ env.instance }}
++          working-dir: ${{ env.instance_working_dir }}
++          expected-user: ${{ env.username }}
++          expected-internal-consent-state: ${{ matrix.expected-internal }}
++          expected-registry-consent-state: ${{ matrix.expected-registry }}
++
++      - name: Clean up # Probably not necessary since we're leveraging ephemeral GH's runners.
++        if: always()
++        shell: powershell
++        run: |
++          wsl --unregister ${{ env.instance }}
 diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml
 new file mode 100644
 index 0000000..77cf70a
 --- /dev/null
 +++ b/.github/workflows/shellcheck.yaml
@@ -0,0 +1,27 @@
++name: ShellCheck QA
++
++on:
++  push:
++    branches: [main]
++  pull_request:
++permissions: {}
++
++env:
++  EXTENSIONLESS_SCRIPTS: "wsl-setup wait-for-cloud-init ubuntu-insights"
++
++jobs:
++  shellcheck:
++    name: Run ShellCheck
++    runs-on: ubuntu-24.04
++    steps:
++      - name: Checkout repository
++        uses: actions/checkout@v6
++
++      - name: Find and Run ShellCheck
++        run: |
++          exec shellcheck -f gcc $(
++            find . \
++              \( -name '*.sh' -o -name '*.bash' -o -name '*.zsh' \
++              $(for f in $EXTENSIONLESS_SCRIPTS; do echo -o -name "$f"; done) \) \
++              -type f
++          )
 diff --git a/.shellcheckrc b/.shellcheckrc
 new file mode 100644
 index 0000000..8226afb
 --- /dev/null
 +++ b/.shellcheckrc
@@ -0,0 +1 @@
++external-sources=true
 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
 new file mode 100644
 index 0000000..67c33a0
 --- /dev/null
 +++ b/CONTRIBUTING.md
@@ -0,0 +1,102 @@
++# Contributing to `wsl-setup`
++
++A big welcome and thank you for considering contributing to `wsl-setup` and Ubuntu! It’s people like you that make it a reality for users in our community.
++
++Reading and following these guidelines will help us make the contribution process easy and effective for everyone involved. It also communicates that you agree to respect the time of the developers managing and developing this project. In return, we will reciprocate that respect by addressing your issue, assessing changes, and helping you finalize your pull requests.
++
++These are mostly guidelines, not rules. Use your best judgment, and feel free to propose changes to this document in a pull request.
++
++## Quick links
++
++* [Code of conduct](#code-of-conduct)
++* [Getting started](#getting-started)
++* [Issues](#issues)
++* [Pull requests](#pull-requests)
++* [Contributing to the code](#contributing-to-the-code)
++* [Contributor license agreement](#contributor-license-agreement)
++* [Getting help](#getting-help)
++
++## Code of conduct
++
++We take our community seriously and hold ourselves and other contributors to high standards of communication. By participating and contributing to this project, you agree to uphold our [Code of Conduct](https://ubuntu.com/community/code-of-conduct).
++
++## Getting started
++
++Contributions are made to this project via issues and pull requests (PRs). A few general guidelines that cover both:
++
++* To report security vulnerabilities, please use the advisories page of the repository and not a public bug report. Please use [GitHub security advisories](https://github.com/ubuntu/wsl-setup/security/advisories/new) [launchpad private bugs](https://bugs.launchpad.net/ubuntu/+source/wsl-setup/+filebug) which is monitored by our security team. On an Ubuntu machine, it’s best to use `ubuntu-bug wsl-setup` to collect relevant information.
++* Search for existing issues and PRs on this repository before creating your own.
++* We work hard to makes sure issues are handled in a timely manner but, depending on the impact, it could take a while to investigate the root cause. A friendly ping in the comment thread to the submitter or a contributor can help draw attention if your issue is blocking.
++* If you've never contributed before, see [this Ubuntu community page](https://ubuntu.com/community/docs/contribute) for resources and tips on how to get started.
++
++### Issues
++
++Issues should be used to report problems with the software, request a new feature, or to discuss potential changes before a PR is created. When you create a new issue, a template will be loaded that will guide you through collecting and providing the information we need to investigate.
++
++If you find an issue that addresses the problem you're having, please add your own reproduction information to the existing issue rather than creating a new one. Adding a [reaction](https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) can also help be indicating to our maintainers that a particular problem is affecting more than just the reporter.
++
++### Pull requests
++
++PRs to our project are always welcome and can be a quick way to get your fix or improvement slated for the next release. In general, PRs should:
++
++* Only fix/add the functionality in question **OR** address wide-spread whitespace/style issues, not both.
++* Add unit or integration tests for fixed or changed functionality.
++* Address a single concern in the least number of changed lines as possible.
++* Include documentation in the repo or on our [docs site](https://documentation.ubuntu.com/wsl).
++* Be accompanied by a complete pull request template (loaded automatically when a PR is created).
++
++For changes that address core functionality or would require breaking changes (e.g. a major release), it's best to open an issue to discuss your proposal first. This is not required but can save time creating and reviewing changes.
++
++In general, we follow the ["fork-and-pull" Git workflow](https://github.com/susam/gitpr)
++
++1. Fork the repository to your own GitHub account
++1. Clone the project to your machine
++1. Create a branch locally with a succinct but descriptive name
++1. Commit changes to the branch
++1. Following any formatting and testing guidelines specific to this repo
++1. Push changes to your fork
++1. Open a PR in our repository and follow the PR template so that we can efficiently review the changes.
++
++> PRs will trigger unit and integration tests with and without race detection, linting and formatting validations, static and security checks, freshness of generated files verification. All the tests must pass before merging in main branch.
++
++Once merged to the main branch, `po` files and any documentation change will be automatically updated. Those are thus not necessary in the pull request itself to minimize diff review.
++
++## Contributing to the code
++
++### Building and running
++
++This project is packaged as a Debian package.
++
++To build from source, run the following command from the root folder of the repository.
++
++```bash
++debuild
++```
++
++The output will be available in the parent directory.
++
++Please see the [Ubuntu Packaging Guide](https://canonical-ubuntu-packaging-guide.readthedocs-hosted.com) for more details.
++
++### About the test suite
++
++The project includes a comprehensive test suite made of unit and integration tests. All the tests must pass before the review is considered. If you have troubles with the test suite, feel free to mention it on your PR description.
++
++Some of our tests utilize [expect](https://linux.die.net/man/1/expect) and supplementary shell scripts. Please see `test/` as well as the workflows and actions present in `.github/`.
++
++The test suite must pass before merging the PR to our main branch. Any new feature, change or fix must be covered by corresponding tests.
++
++### Code style
++
++This project utilizes [ShellCheck](https://github.com/koalaman/shellcheck) for static analysis of shell scripts.
++
++## Contributor license agreement
++
++It is required to sign the [Contributor License Agreement](https://ubuntu.com/legal/contributors) in order to contribute to this project.
++
++An automated test is executed on PRs to check if it has been accepted.
++
++This project is covered by [GPL-3.0](LICENSE).
++
++## Getting help
++
++Join us in the [Ubuntu Community](https://discourse.ubuntu.com/c/project/wsl/27) and post your question there with a descriptive tag.
 diff --git a/SECURITY.md b/SECURITY.md
 new file mode 100644
 index 0000000..e54ba42
 --- /dev/null
 +++ b/SECURITY.md
@@ -0,0 +1,53 @@
++# Security policy
++
++## Supported versions
++
++`wsl-setup` is distributed via the Ubuntu archive as the [`wsl-setup` package](https://launchpad.net/ubuntu/+source/wsl-setup).
++
++Currently, we provide security updates for supported LTS releases of Ubuntu on WSL.
++
++If you are unsure of the Ubuntu version you are using, please run the following command in a
++WSL terminal running your Ubuntu distro:
++
++```bash
++lsb_release -a
++```
++
++## Reporting a vulnerability
++
++If you discover a security vulnerability within this repository, we encourage
++responsible disclosure. Please report any security issues to help us keep
++`wsl-setup` and Ubuntu on WSL secure for everyone.
++
++### Private vulnerability reporting
++
++The most straightforward way to report a security vulnerability is through
++[GitHub](https://github.com/ubuntu/wsl-setup/security/advisories/new). For detailed
++instructions, please review the
++[Privately reporting a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)
++documentation. This method enables you to communicate vulnerabilities directly
++and confidentially with the `wsl-setup` maintainers.
++
++The project's admins will be notified of the issue and will work with you to
++determine whether the issue qualifies as a security issue and, if so, in which
++component. We will then handle finding a fix, getting a CVE assigned and
++coordinating the release of the fix to the various Linux distributions.
++
++The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy)
++contains more information about what you can expect when you contact us, and what we expect from you.
++
++#### Steps to report a vulnerability on GitHub
++
++1. Go to the [Security Advisories Page](https://github.com/ubuntu/wsl-setup/security/advisories) of the `wsl-setup` repository.
++2. Click "Report a Vulnerability"
++3. Provide detailed information about the vulnerability, including steps to reproduce, affected versions, and potential impact.
++
++## Security resources
++
++* [Canonical's Security Site](https://ubuntu.com/security)
++* [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy)
++* [Ubuntu Security Notices](https://ubuntu.com/security/notices)
++* [Ubuntu on WSL documentation](https://documentation.ubuntu.com/wsl/en/latest/)
++
++If you have any questions regarding security vulnerabilities, please reach out
++to the maintainers through the aforementioned channels.
 diff --git a/debian/changelog b/debian/changelog
 index 628d1d5..b807dd6 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,15 @@
++wsl-setup (0.6.1) resolute; urgency=medium
++
++  [ Kat Kuo]
++  * Added ubuntu-insights integration
++  * Added integration tests in upstream CI
++
++  [Carlos Nihelton]
++  * Case-fold the Windows username before sanitization (LP: #2122047)
++  * Remove the systemd-timesyncd.service override that would enable it in WSL
++
++ -- Kat Kuo <kat.kuo@canonical.com>  Tue, 25 Nov 2025 19:56:56 -0500
++
  wsl-setup (0.5.10) questing; urgency=medium
    * Fix Ubuntu on WSL install fails on non-ASCII usernames (LP: #2118617)
 diff --git a/debian/control b/debian/control
 index e20198d..d54931f 100644
 --- a/debian/control
 +++ b/debian/control
@@ -19,5 +19,6 @@ Depends: adduser,
           systemd,
           ${shlibs:Depends},
           ${misc:Depends},
++Recommends: ubuntu-insights,
  Description: ${source:Synopsis}
   ${source:Extended-Description}
 diff --git a/debian/install b/debian/install
 index 8490e53..d27180f 100644
 --- a/debian/install
 +++ b/debian/install
@@ -1,6 +1,7 @@
  cloud/ etc/
  update-motd.d/99-wsl etc/update-motd.d/
--systemd/ lib/
++systemd/ usr/lib/
++ubuntu-insights.sh usr/lib/wsl/
  wsl-setup usr/lib/wsl/
  wait-for-cloud-init usr/lib/wsl/
  wsl/ usr/share/
 diff --git a/debian/rules b/debian/rules
 index 80b3fe1..ed58acc 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -3,4 +3,3 @@
  %:
  	dh $@
--
 diff --git a/systemd/system/systemd-timesyncd.service.d/wsl.conf b/systemd/system/systemd-timesyncd.service.d/wsl.conf
 deleted file mode 100644
 index bcb2e53..0000000
 --- a/systemd/system/systemd-timesyncd.service.d/wsl.conf
 +++ /dev/null
@@ -1,7 +0,0 @@
--# Enable timesyncd on WSL machines
--# so WSL clock is synced on resume from suspend of the host.
--
--[Unit]
--ConditionVirtualization=
--ConditionVirtualization=|!container
--ConditionVirtualization=|wsl
 diff --git a/test/basic-assertions.sh b/test/basic-assertions.sh
 new file mode 100755
 index 0000000..69fc1cb
 --- /dev/null
 +++ b/test/basic-assertions.sh
@@ -0,0 +1,30 @@
++#!/bin/bash
++# This is a set of basic assertions to verify a WSL instance is correctly set up.
++# This should run inside a WSL instance or machine prepared for testing purposes.
++# It requires installing the wsl-setup Debian package to assert on its results.
++# The expected default user can be passed as the first argument.
++
++EXPECTED_USER=${1:-u}
++
++brandingdir="/usr/share/wsl"
++if [[ ! -r "${brandingdir}/ubuntu.ico" ]]; then
++	echo "::error:: Missing Ubuntu icon in the $brandingdir directory."
++	ls "${brandingdir}"
++	exit 1
++fi
++
++if [[ ! -r "${brandingdir}/terminal-profile.json" ]]; then
++	echo "::error:: Missing terminal profile fragment in the $brandingdir directory."
++	ls "${brandingdir}"
++	exit 2
++fi
++
++if [[ $(id -u) == 0 ]]; then
++	echo "::error:: Default user shouldn't be root"
++	exit 3
++fi
++
++if [[ $(whoami) != "$EXPECTED_USER" ]]; then
++	echo "::error:: Default user doesn't match expected user '$EXPECTED_USER'."
++	exit 4
++fi
 diff --git a/test/e2e/setup.expect b/test/e2e/setup.expect
 new file mode 100644
 index 0000000..76ff5cc
 --- /dev/null
 +++ b/test/e2e/setup.expect
@@ -0,0 +1,113 @@
++#!/usr/bin/expect -f
++
++set timeout 240
++
++set username [lindex $argv 0]
++set password [lindex $argv 1]
++set consent [lindex $argv 2]
++
++if {$username == ""} {
++    puts "Error: Username argument is required."
++    exit 1
++}
++
++if {$password == ""} {
++    puts "Error: Password argument is required."
++    exit 1
++}
++
++if {$consent == ""} {
++    puts "Error: Consent argument is required (yes, no, skip, default)."
++    exit 1
++}
++
++# Spawn the setup script
++spawn /usr/lib/wsl/wsl-setup
++
++# Handle Username
++expect {
++    "Create a default Unix user account:" {
++        # Send Ctrl-U to clear the pre-filled default username
++        send "\025"
++        send "$username\r"
++    }
++    timeout {
++        puts "Error: Timeout waiting for username prompt."
++        exit 1
++    }
++}
++
++# Handle Password
++expect {
++    "New password:" {
++        send "$password\r"
++    }
++    timeout {
++        puts "Error: Timeout waiting for password prompt."
++        exit 1
++    }
++}
++
++expect {
++    "Retype new password:" {
++        send "$password\r"
++    }
++    timeout {
++        puts "Error: Timeout waiting for retype password prompt."
++        exit 1
++    }
++}
++
++# Handle Consent
++if {$consent == "skip"} {
++    # If we expect to skip, we should NOT see the consent prompt.
++    expect {
++        "Would you like to opt-in to platform metrics collection (Y/n)? To see an example of the data collected, enter 'e'." {
++            puts "Error: Consent prompt appeared but should have been skipped."
++            exit 1
++        }
++        eof {
++            # Script finished successfully
++        }
++        timeout {
++             puts "Error: Timeout waiting for EOF (skip scenario)."
++             exit 1
++        }
++    }
++} else {
++    expect {
++        "\\\[Y/n/e\\\]: " {
++            if {$consent == "default"} {
++                send "\r"
++            } else {
++                # Send Ctrl-U to clear the pre-filled default consent value
++                send "\025"
++
++                if {$consent == "yes"} {
++                    send "y\r"
++                } elseif {$consent == "no"} {
++                    send "n\r"
++                } else {
++                    puts "Error: Invalid consent value '$consent'. Use yes, no, skip, or default."
++                    exit 1
++                }
++            }
++        }
++        timeout {
++            puts "Error: Timeout waiting for consent prompt."
++            exit 1
++        }
++        eof {
++            puts "Error: Unexpected EOF while waiting for consent prompt."
++            exit 1
++        }
++    }
++    expect eof
++}
++
++# Check exit status
++lassign [wait] pid spawnid os_error_flag value
++if {$value != 0} {
++    puts "Error: wsl-setup failed with exit code $value"
++    exit $value
++}
 diff --git a/test/systemd-assertions.sh b/test/systemd-assertions.sh
 new file mode 100755
 index 0000000..8827d27
 --- /dev/null
 +++ b/test/systemd-assertions.sh
@@ -0,0 +1,33 @@
++#!/bin/bash
++# This is a set of basic assertions to verify systemd specific conditions in a newly set up WSL instance.
++# This should run inside a WSL instance or machine prepared for testing purposes.
++# It requires installing the wsl-setup Debian package to assert on its results.
++
++if [[ $(LANG=C systemctl is-system-running) != "running" ]]; then
++	systemctl --failed
++	exit 1
++fi
++
++if [[ $(LANG=C systemctl is-active multipathd.service) != "inactive" ]]; then
++	echo "::error:: Unit multipathd.service should have been disabled by the multipathd.service.d/container.conf override"
++	systemctl status multipathd.service
++	exit 2
++fi
++
++# It's been a while since WSL kernel implemented a patch specifically for time sync with Hyper-V.
++# With that NTS clients inside WSL instances can cause more trouble if they don't sync with the same
++# source as Windows does. So we're no longer overriding this systemd unit, let be the defaults.
++# Let's not worry about chrony just yet.
++nts_unit="systemd-timesyncd.service"
++if systemctl is-enabled "${nts_unit}"; then
++	if [[ $(LANG=C systemctl is-active "${nts_unit}") != "inactive" ]]; then
++		echo "::error:: Unit ${nts_unit} should be disabled by default."
++		systemctl status ${nts_unit}
++		exit 3
++	fi
++fi
++
++if [[ ! -r "/etc/cloud/cloud-init.disabled" ]]; then
++	echo "::error:: Missing cloud-init.disabled marker file"
++	exit 4
++fi
 diff --git a/test/ubuntu-insights-assertions.sh b/test/ubuntu-insights-assertions.sh
 new file mode 100755
 index 0000000..f1c6bef
 --- /dev/null
 +++ b/test/ubuntu-insights-assertions.sh
@@ -0,0 +1,33 @@
++#!/bin/bash
++# This is a set of basic assertions partially validating Ubuntu Insights consent setup in WSL.
++# This should run inside a WSL instance or machine prepared for testing purposes.
++# It requires installing the wsl-setup Debian package to assert on its results.
++# The expected consent state can be passed as the first argument: true or false.
++
++EXPECTED_CONSENT=${1}
++
++if [[ "$EXPECTED_CONSENT" != "true" && "$EXPECTED_CONSENT" != "false" ]]; then
++	echo "::error:: Expected first argument to be 'true' or 'false', got '$EXPECTED_CONSENT'"
++	exit 1
++fi
++
++if ! ubuntu-insights consent wsl_setup | grep -q "wsl_setup: $EXPECTED_CONSENT"; then
++	echo "::error:: Ubuntu-Insights Consent state assertion: Expected 'wsl_setup: $EXPECTED_CONSENT'"
++	exit 1
++fi
++
++# Verify that a report was created for the wsl_setup source.
++# Use max int32 for period (2147483647) to ensure we cover the timestamp of the existing report.
++OUTPUT=$(ubuntu-insights collect --period 2147483647 --dry-run wsl_setup <(echo "{}") 2>&1 >/dev/null)
++EXIT_CODE=$?
++
++if [ $EXIT_CODE -eq 0 ]; then
++	echo "::error:: Expected non-zero exit code from ubuntu-insights collect, got 0."
++	exit 1
++fi
++
++if ! echo "$OUTPUT" | grep -q "report already exists for this period"; then
++	echo "::error:: Expected 'report already exists for this period' error from ubuntu-insights collect."
++	echo "Output was: $OUTPUT"
++	exit 1
++fi
 diff --git a/ubuntu-insights.sh b/ubuntu-insights.sh
 new file mode 100755
 index 0000000..0d1a5c8
 --- /dev/null
 +++ b/ubuntu-insights.sh
@@ -0,0 +1,143 @@
++#!/bin/bash
++# Manages Ubuntu Insights consent during WSL setup.
++# It prioritizes any existing local consent settings, then the Windows registry.
++# If no consent is found, it prompts the user for consent.
++set -euo pipefail
++
++sources=("linux" "wsl_setup" "ubuntu_release_upgrader")
++
++registry_key_path="HKCU:\Software\Canonical\Ubuntu"
++registry_value_name="UbuntuInsightsConsent"
++
++# List of regular users
++readarray -t users < <(getent passwd | grep -Ev '/nologin|/false|/sync' | awk -F: '$3 >= 1000 { print $1 }')
++
++function ask_question() {
++	# Only ask if we are in an interactive terminal
++	if [ ! -t 0 ]; then
++		return
++	fi
++
++	local choice_val=""
++	local view_choice=""
++	while true; do
++		echo "Would you like to opt-in to platform metrics collection (Y/n)? To see an example of the data collected, enter 'e'."
++		read -rep "[Y/n/e]: " -i "y" view_choice
++
++		if [[ $view_choice =~ ^[Ee]$ ]]; then
++			ubuntu-insights collect -df 2>/dev/null
++			continue
++		elif [[ $view_choice =~ ^[Yy]$ ]]; then
++			choice_val=1
++			break
++		elif [[ $view_choice =~ ^[Nn]$ ]]; then
++			choice_val=0
++			break
++		else
++			echo "Invalid input (Y/n/e)."
++		fi
++	done
++
++	apply_consent "$choice_val"
++	set_consent_registry "$choice_val" >/dev/null || true
++}
++
++function apply_consent() {
++	local consent="$1"
++
++	for user in "${users[@]}"; do
++		for source in "${sources[@]}"; do
++			# shellcheck disable=SC2016 # Intentional due to how we pass parameters to a su command
++			su "$user" -c 'ubuntu-insights consent "$0" -s="$1" > /dev/null' -- "$source" "$([[ $consent -eq 1 ]] && echo true || echo false)"
++		done
++	done
++}
++
++function read_consent_registry() {
++	local consent_value=""
++	consent_value=$(powershell.exe -NoProfile -Command "& {
++        param(\$Path, \$Name)
++        [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
++        try {
++            return (Get-ItemProperty -Path \$Path -Name \$Name -ErrorAction Stop).\$Name
++        }
++        catch {
++            return \"\"
++        }
++    }" -Path "${registry_key_path}" -Name "${registry_value_name}" 2>/dev/null) || true
++	# strip control chars like \r and \n
++	echo "${consent_value//[[:cntrl:]]/}"
++}
++
++function set_consent_registry() {
++	local consent="$1"
++	powershell.exe -NoProfile -Command "& {
++        param(\$Path, \$Name, \$Consent)
++        if (-not (Test-Path -Path \$Path)) {
++            New-Item -Path \$Path -Force | Out-Null
++        }
++        New-ItemProperty -Path \$Path -Name \$Name -Value \$Consent -PropertyType DWord -Force
++    }" -Path "${registry_key_path}" -Name "${registry_value_name}" -Consent "${consent}" 2>/dev/null || true
++}
++
++function check_local_consent() {
++	# If any of the users has the wsl_setup consent set, we consider that consent is set locally
++	for user in "${users[@]}"; do
++		# Check wsl_setup source, if exit code is 0, consent is set
++		if su "$user" -c 'ubuntu-insights consent wsl_setup' >/dev/null 2>&1; then
++			return 0
++		fi
++	done
++	return 1
++}
++
++function collect() {
++	# Collect insights and upload in background for all users
++	for user in "${users[@]}"; do
++		if su "$user" -c 'echo "{}" | ubuntu-insights collect wsl_setup /dev/stdin -f > /dev/null 2>&1'; then
++			su "$user" -c 'nohup ubuntu-insights upload wsl_setup -rf > /dev/null 2>&1 &'
++		fi
++	done
++}
++
++# Check if ubuntu-insights is installed
++if ! command -v ubuntu-insights >/dev/null 2>&1; then
++	# shellcheck disable=SC2317 # For when not run in a function
++	return 0 2>/dev/null || exit 0
++fi
++
++# Skip if no users found
++if [ "${#users[@]}" -eq 0 ]; then
++	# shellcheck disable=SC2317 # For when not run in a function
++	return 0 2>/dev/null || exit 0
++fi
++
++# Check if consent is already set locally
++if check_local_consent; then
++	collect
++	# shellcheck disable=SC2317 # For when not run in a function
++	return 0 2>/dev/null || exit 0
++fi
++
++# Check if we have a stored consent value in the Windows registry.
++consent_value=$(read_consent_registry)
++if [[ "$consent_value" =~ ^[01]$ ]]; then
++	apply_consent "$consent_value"
++	collect
++	# shellcheck disable=SC2317 # For when not run in a function
++	return 0 2>/dev/null || exit 0
++fi
++
++# Failed to read consent from the Windows registry, ask the user.
++echo "Help improve Ubuntu!
++
++You can share anonymous data with the Ubuntu development team so we can improve your experience.
++If you agree, we will collect and report anonymous hardware and system information.
++This information can't be used to identify a single machine.
++For legal details, please visit: https://ubuntu.com/legal/systems-information-notice
++
++We will save your answer to Windows and will only ask you once.
++"
++ask_question
++
++collect
 diff --git a/wait-for-cloud-init b/wait-for-cloud-init
 index 96f9821..1f3ee40 100644
 --- a/wait-for-cloud-init
 +++ b/wait-for-cloud-init
@@ -7,6 +7,6 @@
  set -euo pipefail
  if status=$(LANG=C systemctl is-system-running 2>/dev/null) || [ "${status}" != "offline" ] && systemctl is-enabled --quiet cloud-init-local.service 2>/dev/null; then
--  cloud-init status --wait > /dev/null 2>&1 || true
--  touch /etc/cloud/cloud-init.disabled || true
++	cloud-init status --wait >/dev/null 2>&1 || true
++	touch /etc/cloud/cloud-init.disabled || true
  fi
 diff --git a/wsl-setup b/wsl-setup
 index a8f698f..bdb712b 100755
 --- a/wsl-setup
 +++ b/wsl-setup
@@ -3,122 +3,127 @@ set -euo pipefail
  # command_not_found_handle is a noop function that prevents printing error messages if WSL interop is disabled.
  function command_not_found_handle() {
--  :
++	:
+ }
  # get_first_interactive_uid returns first interactive non system user uid with uid >=1000.
  function get_first_interactive_uid() {
--  getent passwd | egrep -v '/nologin|/false|/sync' | sort -t: -k3,3n | awk -F: '$3 >= 1000 { print $3; exit }'
++	getent passwd | grep -E -v '/nologin|/false|/sync' | sort -t: -k3,3n | awk -F: '$3 >= 1000 { print $3; exit }'
+ }
  # create_regular_user prompts user for a username and assign default WSL permissions.
  # First argument is the prefilled username.
  function create_regular_user() {
--  local default_username="${1}"
--
--  local valid_username_regex='^[a-z_][a-z0-9_-]*$'
--  local DEFAULT_GROUPS='adm,cdrom,sudo,dip,plugdev'
--
--  # Filter the prefilled username to remove invalid characters.
--  default_username=$(echo "${default_username}" | sed 's/[^a-z0-9_-]//g')
--  # It should start with a character or _.
--  default_username=$(echo "${default_username}" | sed 's/^[^a-z_]//')
--
--  # Ensure a valid username
--  while true; do
--    # Prefill the prompt with the Windows username.
--    read -e -p "Create a default Unix user account: " -i "${default_username}" username
--
--    # Validate the username.
--    if [[ ! "${username}" =~ ${valid_username_regex} ]]; then
--      echo "Invalid username. A valid username must start with a lowercase letter or underscore, and can contain lowercase letters, digits, underscores, and dashes."
--      continue
--    fi
--
--    # Create the user and change its default groups.
--    if ! /usr/sbin/adduser --quiet --gecos '' "${username}"; then
--      echo "Failed to create user '${username}'. Please choose a different name."
--      continue
--    fi
--
--    if ! /usr/sbin/usermod "${username}" -aG "${DEFAULT_GROUPS}"; then
--      echo "Failed to add '${username}' to default groups. Attempting cleanup."
--      /usr/sbin/deluser --quiet "${username}"
--      continue
--    fi
--
--    break
--  done
++	local default_username="${1}"
++
++	local valid_username_regex='^[a-z_][a-z0-9_-]*$'
++	local DEFAULT_GROUPS='adm,cdrom,sudo,dip,plugdev'
++
++	# Filter the prefilled username to remove invalid characters.
++	# Remove all characters except a-z, 0-9, _ and -
++	default_username="${default_username//[^a-z0-9_-]/}"
++	# Remove leading character if not a-z or _
++	default_username="${default_username#[!a-z_]}"
++
++	# Ensure a valid username
++	while true; do
++		# Prefill the prompt with the Windows username.
++		read -er -p "Create a default Unix user account: " -i "${default_username}" username
++
++		# Validate the username.
++		if [[ ! "${username}" =~ ${valid_username_regex} ]]; then
++			echo "Invalid username. A valid username must start with a lowercase letter or underscore, and can contain lowercase letters, digits, underscores, and dashes."
++			continue
++		fi
++
++		# Create the user and change its default groups.
++		if ! /usr/sbin/adduser --quiet --gecos '' "${username}"; then
++			echo "Failed to create user '${username}'. Please choose a different name."
++			continue
++		fi
++
++		if ! /usr/sbin/usermod "${username}" -aG "${DEFAULT_GROUPS}"; then
++			echo "Failed to add '${username}' to default groups. Attempting cleanup."
++			/usr/sbin/deluser --quiet "${username}"
++			continue
++		fi
++
++		break
++	done
+ }
  # set_user_as_default sets the given username as the default user in the wsl.conf configuration.
  # It will only set it if there is no existing default under the [user] section.
  function set_user_as_default() {
--  local username="${1}"
++	local username="${1}"
--  local wsl_conf="/etc/wsl.conf"
--  touch "${wsl_conf}"
++	local wsl_conf="/etc/wsl.conf"
++	touch "${wsl_conf}"
--  # Append [user] section with default if they don't exist.
--  if ! grep -q "^\[user\]" "${wsl_conf}"; then
--      echo -e "\n[user]\ndefault=${username}" >> "${wsl_conf}"
--      return
--  fi
++	# Append [user] section with default if they don't exist.
++	if ! grep -q "^\[user\]" "${wsl_conf}"; then
++		echo -e "\n[user]\ndefault=${username}" >>"${wsl_conf}"
++		return
++	fi
--  # If default is missing from the user section, append it to it.
--  if ! sed -n '/^\[user\]/,/^\[/{/^\s*default\s*=/p}' "${wsl_conf}" | grep -q .; then
--    sed -i '/^\[user\]/a\default='"${username}" "${wsl_conf}"
--  fi
++	# If default is missing from the user section, append it to it.
++	if ! sed -n '/^\[user\]/,/^\[/{/^\s*default\s*=/p}' "${wsl_conf}" | grep -q .; then
++		sed -i '/^\[user\]/a\default='"${username}" "${wsl_conf}"
++	fi
+ }
  # powershell_env outputs the contents of PowerShell.exe environment variables $Env:<ARG>
  # encoded in UTF-8.
  function powershell_env() {
--  local var="$1"
--  if [ "$#" != 1 ]; then
--    echo "powershell_env: expected 1 argument, got $# ."
--    return 1
--  fi
--
--  local ret=$(powershell.exe -NoProfile -Command '& {
++	local var="$1"
++	if [ "$#" != 1 ]; then
++		echo "powershell_env: expected 1 argument, got $# ."
++		return 1
++	fi
++
++	local ret
++	# shellcheck disable=SC2016 # Intentional due to how we use powershell
++	ret=$(powershell.exe -NoProfile -Command '& {
                              [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
                              $Env:'"${var}"'}') 2>/dev/null || true
--  # strip control chars like \r and \n
--  ret="${ret%%[[:cntrl:]]}"
--  echo "$ret"
++	# strip control chars like \r and \n
++	ret="${ret%%[[:cntrl:]]}"
++	echo "$ret"
+ }
  # install_ubuntu_font copies the Ubuntu font into Windows filesystem and register it for the current Windows user.
  function install_ubuntu_font() {
--  local local_app_data=$(powershell_env "LocalAppData")
--  if [ -z "${local_app_data}" ]; then
--    return
--  fi
--
--  local_app_data=$(wslpath -au "${local_app_data}") 2>/dev/null || true
--  local fonts_dir="${local_app_data}/Microsoft/Windows/Fonts"
--  local font="UbuntuMono[wght].ttf"
--  mkdir -p "${fonts_dir}" 2>/dev/null
--  if [ -f "${fonts_dir}/${font}" ]; then
--    return
--  fi
--
--  cp "/usr/share/fonts/truetype/ubuntu/${font}" "${fonts_dir}" 2>/dev/null || true
--
--  # Register the font for the current user.
--  local dst=$(wslpath -aw "${fonts_dir}/${font}") 2>/dev/null || true
--  powershell.exe -NoProfile -Command '& {
++	local local_app_data
++	local_app_data=$(powershell_env "LocalAppData")
++	if [ -z "${local_app_data}" ]; then
++		return
++	fi
++
++	local_app_data=$(wslpath -au "${local_app_data}") 2>/dev/null || true
++	local fonts_dir="${local_app_data}/Microsoft/Windows/Fonts"
++	local font="UbuntuMono[wght].ttf"
++	mkdir -p "${fonts_dir}" 2>/dev/null
++	if [ -f "${fonts_dir}/${font}" ]; then
++		return
++	fi
++
++	cp "/usr/share/fonts/truetype/ubuntu/${font}" "${fonts_dir}" 2>/dev/null || true
++
++	# Register the font for the current user.
++	local dst
++	dst=$(wslpath -aw "${fonts_dir}/${font}") 2>/dev/null || true
++	# shellcheck disable=SC2016 # Intentional due to how we use powershell
++	powershell.exe -NoProfile -Command '& {
                $null = New-Item -Path "HKCU:\Software\Microsoft\Windows NT\CurrentVersion" -Name "Fonts" 2>$null;
                $null = New-ItemProperty -Name "Ubuntu Mono (TrueType)" -Path "HKCU:\Software\Microsoft\Windows NT\CurrentVersion\Fonts" -PropertyType string -Value "'"${dst}"'" 2>$null;
--  }' || true
++  }' >/dev/null || true
+ }
--
  echo "Provisioning the new WSL instance $WSL_DISTRO_NAME"
  echo "This might take a while..."
  # Read the Windows user name.
--win_username=$(powershell_env "UserName")
++win_username=$(powershell_env "UserName.ToLower()")
  # replace any potential whitespaces with underscores.
  win_username="${win_username// /_}"
@@ -126,23 +131,26 @@ install_ubuntu_font
  # Wait for cloud-init to finish if systemd and its service is enabled
  # by running the script located at the same dir as this one.
--this_dir=$(dirname "$(realpath $0)")
++this_dir=$(dirname "$(realpath "$0")")
  source "${this_dir}/wait-for-cloud-init"
  # Check if there is a pre-provisioned users (pre-baked on the rootfs or created by cloud-init).
  user_id=$(get_first_interactive_uid)
  # If we don’t have a non system user, let’s create it.
--if [ -z "${user_id}" ] ; then
--  create_regular_user "${win_username}"
--
--  user_id=$(get_first_interactive_uid)
--  if [ -z "${user_id}" ] ; then
--    echo 'Failed to create a regular user account'
--    exit 1
--  fi
++if [ -z "${user_id}" ]; then
++	create_regular_user "${win_username}"
++
++	user_id=$(get_first_interactive_uid)
++	if [ -z "${user_id}" ]; then
++		echo 'Failed to create a regular user account'
++		exit 1
++	fi
  fi
  # Set the newly created user as the WSL default.
  username=$(id -un "${user_id}")
  set_user_as_default "${username}"
++
++# Start Ubuntu Insights consent script
++"${this_dir}/ubuntu-insights.sh"

Ubuntuwsl-setup package