ubiquity

Merge lp:~cyphermox/ubiquity/disable-verification into lp:ubiquity

  1. disable-verification
  2. Merge into trunk
Proposed by Mathieu Trudel-Lapierre
Status: Merged
Merged at revision: 6356
Proposed branch: lp:~cyphermox/ubiquity/disable-verification
Merge into: lp:ubiquity
Diff against target: 806 lines (+506/-52)
10 files modified
d-i/manifest (+10/-10)
debian/changelog (+11/-0)
debian/control (+1/-1)
debian/ubiquity.install-any (+0/-1)
debian/ubiquity.templates (+27/-0)
gui/gtk/stepPrepare.ui (+339/-25)
scripts/simple-plugins (+7/-0)
tests/test_gtkui.py (+1/-0)
ubiquity/install_misc.py (+11/-0)
ubiquity/plugins/ubi-prepare.py (+99/-15)
To merge this branch: bzr merge lp:~cyphermox/ubiquity/disable-verification
Reviewer Review Type Date Requested Status
Dimitri John Ledkov Needs Fixing
Ubuntu Installer Team Pending
Review via email: mp+278668@code.launchpad.net

Description of the change

WIP: allow disabling kernel signature verification via mokutil (which will need to be promoted to main, and seeded)

To post a comment you must log in.
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

The code looks sane.

I need to boot it, and take screenshots, as these changes seem to not have been run past mpt.

Updating the d-i components, results in FTBFS -

cp debian/ubiquity.install-any debian/ubiquity.install
cat debian/ubiquity.install-amd64 >> debian/ubiquity.install
dh_install
cp: cannot stat 'debian/tmp/d-i/source/apt-setup/generators/93partner': No such file or directory
dh_install: cp --reflink=auto -a debian/tmp/d-i/source/apt-setup/generators/93partner debian/ubiquity/usr/lib/ubiquity/apt-setup/generator

lp:~cyphermox/ubiquity/disable-verification updated
6354. By Mathieu Trudel-Lapierre

Fix typo in parameter name for mokutil

6355. By Mathieu Trudel-Lapierre

Do more updates of d-i components, including dropping 93partner for apt-setup.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

secureboot signatures seem to be wrong on the xenial proposed images, or my new laptop has broken firmware.

posted the dialogs and text for mpt to look at, in the bug report https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1524833
maybe he can improve design or text.

Text in the learn more button, probably lacks the styles and/or attributed to actually parse the html-y tags -> cause it says literarly <span forground.... instead of making Warning red.

The info loop seems to be wrong.

It starts with both password fields empty, the second one has green tick box already (should be blank) and continue button is active.

The strength indicators work correctly.

Passwords do not match indicator is wrong:
both empty -> green mark & continue button active;
both filled and matching -> "passwords do not match" and continue button inactive

mokutil in in universe, should be installed on x86-64 desktop live image and thus should have a MIR filed and be in main.

so i can't run this all the way with disabling the secureboot with current xenial images. I'm happy for this to be merged once the password prompts / continue state machine logic is fixed. And then will retest again once the mokutil is promoted to main and is on the images.

review: Needs Fixing
lp:~cyphermox/ubiquity/disable-verification updated
6356. By Mathieu Trudel-Lapierre

Properly apply markup to Secure Boot info dialog.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'd-i/manifest'
2--- d-i/manifest 2015-11-02 03:21:25 +0000
3+++ d-i/manifest 2015-12-16 15:44:02 +0000
4@@ -1,15 +1,15 @@
5-apt-setup 1:0.80ubuntu8
6+apt-setup 1:0.104ubuntu1
7 base-installer 1.144ubuntu2
8 bterm-unifont 1.3
9 choose-mirror 2.65ubuntu1
10 clock-setup 0.121ubuntu1
11 console-setup 1.108ubuntu9
12 debian-installer-utils 1.109ubuntu1
13-flash-kernel 3.0~rc.4ubuntu55
14+flash-kernel 3.0~rc.4ubuntu57
15 grub-installer 1.78ubuntu30
16-hw-detect 1.95ubuntu7
17+hw-detect 1.114ubuntu1
18 localechooser 2.65ubuntu3
19-netcfg 1.127ubuntu1
20+netcfg 1.135ubuntu1
21 partconf 1.48
22 partman-auto 125ubuntu2
23 partman-auto-crypto 22ubuntu1
24@@ -18,18 +18,18 @@
25 partman-base 187ubuntu1
26 partman-basicfilesystems 109ubuntu1
27 partman-basicmethods 60
28-partman-btrfs 14ubuntu2
29+partman-btrfs 18ubuntu1
30 partman-crypto 78ubuntu1
31-partman-efi 62ubuntu2
32-partman-ext3 84ubuntu1
33+partman-efi 62ubuntu3
34+partman-ext3 84ubuntu2
35 partman-jfs 46
36 partman-lvm 111
37 partman-newworld 33
38 partman-partitioning 106ubuntu1
39 partman-target 92ubuntu1
40 partman-uboot 5
41-partman-xfs 56
42-preseed 1.64ubuntu3
43+partman-xfs 57
44+preseed 1.68ubuntu1
45 tzsetup 1:0.66ubuntu2
46-user-setup 1.48ubuntu7
47+user-setup 1.63ubuntu1
48 yaboot-installer 1.1.33ubuntu1
49
50=== modified file 'debian/changelog'
51--- debian/changelog 2015-11-02 03:21:38 +0000
52+++ debian/changelog 2015-12-16 15:44:02 +0000
53@@ -1,3 +1,14 @@
54+ubiquity (2.21.39) UNRELEASED; urgency=medium
55+
56+ * Automatic update of included source packages: partman-efi 62ubuntu3,
57+ partman-ext3 84ubuntu2, partman-xfs 57, preseed 1.64ubuntu4, apt-setup
58+ 1:0.104ubuntu1, flash-kernel 3.0~rc.4ubuntu57, hw-detect 1.114ubuntu1,
59+ netcfg 1.135ubuntu1, partman-btrfs 18ubuntu1, preseed 1.68ubuntu1,
60+ user-setup 1.63ubuntu1.
61+ * Add support for disabling Secure Boot in prepare screen.
62+
63+ -- Mathieu Trudel-Lapierre <mathieu-tl@ubuntu.com> Tue, 24 Nov 2015 15:43:16 -0500
64+
65 ubiquity (2.21.38) xenial; urgency=medium
66
67 * d-i/sources.list: switch to xenial.
68
69=== modified file 'debian/control'
70--- debian/control 2015-01-29 17:46:16 +0000
71+++ debian/control 2015-12-16 15:44:02 +0000
72@@ -3,7 +3,7 @@
73 Priority: optional
74 Maintainer: Ubuntu Installer Team <ubuntu-installer@lists.ubuntu.com>
75 Uploaders: Colin Watson <cjwatson@ubuntu.com>, Evan Dandrea <ev@ubuntu.com>
76-Build-Depends: adwaita-icon-theme, apt, autopoint, bf-utf-source, check, dctrl-tools, debconf (>= 1.5.43), debconf-utils, debhelper (>= 9), devio, dh-autoreconf, dh-di (>= 3), dh-systemd, dpkg-dev (>= 1.15.7), gir1.2-soup-2.4, gir1.2-timezonemap-1.0, gir1.2-webkit-3.0, gir1.2-xkl-1.0, gobject-introspection, imagemagick, intltool (>= 0.40.0), intltool-debian (>= 0.30+20040212), iso-codes, isoquery, keymapper (>= 0.5.3-7), libbogl-dev, libcairo2-dev, libdebconfclient0-dev (>= 0.68), libdebian-installer4-dev (>= 0.76), libgirepository1.0-dev, libglib2.0-dev, libgtk-3-dev, libido3-0.1-dev, libindicator3-dev, libiw-dev (>= 27+28pre9), liblocale-gettext-perl, libparted-dev (>= 2.2), librsvg2-bin, locales, pep8, pkg-config, po-debconf (>= 1.0), pyflakes (>= 0.7.2), python-gi-dev, python-scour, python3-all (>= 3.1), python3-apt (>= 0.7.100.3~), python3-cairo, python3-dbus, python3-gi, python3-gi-cairo, python3-icu (>= 1.0), python3-mock (>= 0.7.0), python3-pam, tzdata, ubuntu-artwork, udev, wget, xkb-data (>= 0.9), xkb-data-i18n, xvfb
77+Build-Depends: adwaita-icon-theme, apt, autopoint, bf-utf-source, check, dctrl-tools, debconf (>= 1.5.43), debconf-utils, debhelper (>= 9), devio, dh-autoreconf, dh-di (>= 3), dh-systemd, dpkg-dev (>= 1.15.7), gir1.2-soup-2.4, gir1.2-timezonemap-1.0, gir1.2-webkit-3.0, gir1.2-xkl-1.0, gobject-introspection, imagemagick, intltool (>= 0.40.0), intltool-debian (>= 0.30+20040212), iso-codes, isoquery, keymapper (>= 0.5.3-7), libbogl-dev, libcairo2-dev, libdebconfclient0-dev (>= 0.68), libdebian-installer4-dev (>= 0.76), libgirepository1.0-dev, libglib2.0-dev, libgtk-3-dev, libido3-0.1-dev, libindicator3-dev, libiw-dev (>= 27+28pre9), liblocale-gettext-perl, libparted-dev (>= 2.2), librsvg2-bin, libsubunit-dev, locales, pep8, pkg-config, po-debconf (>= 1.0), pyflakes (>= 0.7.2), python-gi-dev, python-scour, python3-all (>= 3.1), python3-apt (>= 0.7.100.3~), python3-cairo, python3-dbus, python3-gi, python3-gi-cairo, python3-icu (>= 1.0), python3-mock (>= 0.7.0), python3-pam, tzdata, ubuntu-artwork, udev, wget, xkb-data (>= 0.9), xkb-data-i18n, xvfb
78 Standards-Version: 3.9.4
79 X-Python3-Version: >= 3.1
80 XS-Testsuite: autopkgtest
81
82=== modified file 'debian/ubiquity.install-any'
83--- debian/ubiquity.install-any 2015-02-18 01:55:50 +0000
84+++ debian/ubiquity.install-any 2015-12-16 15:44:02 +0000
85@@ -28,7 +28,6 @@
86 d-i/source/apt-setup/generators/60local usr/lib/ubiquity/apt-setup/generators
87 d-i/source/apt-setup/generators/90services-select usr/lib/ubiquity/apt-setup/generators
88 d-i/source/apt-setup/generators/91security usr/lib/ubiquity/apt-setup/generators
89-d-i/source/apt-setup/generators/93partner usr/lib/ubiquity/apt-setup/generators
90 d-i/source/apt-setup/release-files/archive.ubuntu.com usr/share/apt-setup/release-files
91 d-i/source/apt-setup/release-files/security.ubuntu.com usr/share/apt-setup/release-files
92 d-i/source/apt-setup/release-files/archive.canonical.com usr/share/apt-setup/release-files
93
94=== modified file 'debian/ubiquity.templates'
95--- debian/ubiquity.templates 2015-04-14 19:32:33 +0000
96+++ debian/ubiquity.templates 2015-12-16 15:44:02 +0000
97@@ -1467,3 +1467,30 @@
98 Type: text
99 _Description:
100 Encryption options...
101+
102+Template: ubiquity/text/efi_secureboot
103+Type: text
104+_Description:
105+ UEFI Secure Boot
106+
107+Template: ubiquity/text/efi_secureboot_info
108+Type: text
109+_Description:
110+ You have chosen to enable third-party software as part of your install,
111+ which for this system includes hardware drivers for graphics and/or wi-fi
112+ hardware. Your system also has UEFI Secure Boot enabled. UEFI Secure Boot
113+ is not compatible with the use of these third-party drivers.
114+ .
115+ After installation completes, Ubuntu will assist you in disabling UEFI
116+ Secure Boot. To ensure that this change is being made by you as an authorized
117+ user, and not by an attacker, you must choose a password now and then use
118+ the same password after reboot to confirm the change.
119+ .
120+ <span foreground="darkred">Warning</span>: If you choose not to install
121+ these drivers, or if you proceed but do not confirm the password upon reboot,
122+ Ubuntu will still be able to boot on your system but these third-party
123+ drivers will not be available for your hardware.
124+
125+Template: ubiquity/secureboot_key
126+Type: password
127+_Description: SecureBoot key for MokPW
128
129=== modified file 'gui/gtk/stepPrepare.ui'
130--- gui/gtk/stepPrepare.ui 2013-12-18 14:01:53 +0000
131+++ gui/gtk/stepPrepare.ui 2015-12-16 15:44:02 +0000
132@@ -1,8 +1,7 @@
133 <?xml version="1.0" encoding="UTF-8"?>
134+<!-- Generated with glade 3.18.3 -->
135 <interface>
136- <requires lib="gtk+" version="2.16"/>
137- <!-- interface-requires gtkwidgets 0.0 -->
138- <!-- interface-naming-policy toplevel-contextual -->
139+ <requires lib="gtk+" version="3.0"/>
140 <object class="GtkAlignment" id="stepPrepare">
141 <property name="visible">True</property>
142 <property name="can_focus">False</property>
143@@ -23,8 +22,8 @@
144 <object class="GtkLabel" id="prepare_best_results">
145 <property name="visible">True</property>
146 <property name="can_focus">False</property>
147+ <property name="label" translatable="yes">For best results, please ensure:</property>
148 <property name="xalign">0</property>
149- <property name="label" translatable="yes">For best results, please ensure:</property>
150 <attributes>
151 <attribute name="weight" value="bold"/>
152 </attributes>
153@@ -55,6 +54,7 @@
154 </object>
155 <packing>
156 <property name="expand">True</property>
157+ <property name="fill">True</property>
158 <property name="position">0</property>
159 </packing>
160 </child>
161@@ -65,6 +65,7 @@
162 </object>
163 <packing>
164 <property name="expand">True</property>
165+ <property name="fill">True</property>
166 <property name="position">1</property>
167 </packing>
168 </child>
169@@ -75,6 +76,7 @@
170 </object>
171 <packing>
172 <property name="expand">True</property>
173+ <property name="fill">True</property>
174 <property name="position">2</property>
175 </packing>
176 </child>
177@@ -96,10 +98,11 @@
178 <child>
179 <object class="GtkCheckButton" id="prepare_download_updates">
180 <property name="label" translatable="yes">Download updates while installing</property>
181+ <property name="use_action_appearance">False</property>
182 <property name="visible">True</property>
183 <property name="can_focus">True</property>
184 <property name="receives_default">False</property>
185- <property name="use_action_appearance">False</property>
186+ <property name="xalign">0.5</property>
187 <property name="draw_indicator">True</property>
188 </object>
189 <packing>
190@@ -118,10 +121,10 @@
191 <object class="GtkLabel" id="prepare_foss_disclaimer">
192 <property name="visible">True</property>
193 <property name="can_focus">False</property>
194- <property name="xalign">0</property>
195 <property name="label" translatable="yes">${RELEASE} uses third-party software to play Flash, MP3 and other media, and to work with some graphics and wi-fi hardware. Some of this software is proprietary. The software is subject to license terms included with its documentation.</property>
196 <property name="wrap">True</property>
197- <property name="max-width-chars">50</property>
198+ <property name="max_width_chars">50</property>
199+ <property name="xalign">0</property>
200 </object>
201 <packing>
202 <property name="expand">True</property>
203@@ -134,21 +137,7 @@
204 <property name="visible">True</property>
205 <property name="can_focus">False</property>
206 <property name="orientation">vertical</property>
207- <child>
208- <object class="GtkCheckButton" id="prepare_nonfree_software">
209- <property name="label" translatable="yes">Install this third-party software</property>
210- <property name="visible">True</property>
211- <property name="can_focus">True</property>
212- <property name="receives_default">False</property>
213- <property name="use_action_appearance">False</property>
214- <property name="draw_indicator">True</property>
215- </object>
216- <packing>
217- <property name="expand">True</property>
218- <property name="fill">True</property>
219- <property name="position">0</property>
220- </packing>
221- </child>
222+ <property name="spacing">6</property>
223 <child>
224 <object class="GtkAlignment" id="alignment2">
225 <property name="visible">True</property>
226@@ -158,12 +147,12 @@
227 <object class="GtkLabel" id="prepare_foss_disclaimer_extra_label">
228 <property name="visible">True</property>
229 <property name="can_focus">False</property>
230+ <property name="label" translatable="yes">Fluendo MP3 plugin includes MPEG Layer-3 audio decoding technology licensed from Fraunhofer IIS and Technicolor SA.</property>
231+ <property name="wrap">True</property>
232 <property name="xalign">0</property>
233 <property name="yalign">0</property>
234- <property name="label" translatable="yes">Fluendo MP3 plugin includes MPEG Layer-3 audio decoding technology licensed from Fraunhofer IIS and Technicolor SA.</property>
235- <property name="wrap">True</property>
236 <attributes>
237- <attribute name="scale" value="0.83333333333333333"/>
238+ <attribute name="scale" value="0.83333333333333337"/>
239 </attributes>
240 </object>
241 </child>
242@@ -171,6 +160,23 @@
243 <packing>
244 <property name="expand">True</property>
245 <property name="fill">True</property>
246+ <property name="position">0</property>
247+ </packing>
248+ </child>
249+ <child>
250+ <object class="GtkCheckButton" id="prepare_nonfree_software">
251+ <property name="label" translatable="yes">Install this third-party software</property>
252+ <property name="use_action_appearance">False</property>
253+ <property name="visible">True</property>
254+ <property name="can_focus">True</property>
255+ <property name="receives_default">False</property>
256+ <property name="xalign">0.5</property>
257+ <property name="draw_indicator">True</property>
258+ <signal name="toggled" handler="on_nonfree_toggled" swapped="no"/>
259+ </object>
260+ <packing>
261+ <property name="expand">True</property>
262+ <property name="fill">True</property>
263 <property name="position">1</property>
264 </packing>
265 </child>
266@@ -181,6 +187,314 @@
267 <property name="position">1</property>
268 </packing>
269 </child>
270+ <child>
271+ <object class="GtkBox" id="secureboot_box">
272+ <property name="visible">False</property>
273+ <property name="can_focus">False</property>
274+ <property name="orientation">vertical</property>
275+ <property name="spacing">6</property>
276+ <child>
277+ <object class="GtkBox" id="box5">
278+ <property name="visible">True</property>
279+ <property name="can_focus">False</property>
280+ <property name="halign">start</property>
281+ <property name="spacing">6</property>
282+ <child>
283+ <object class="GtkLabel" id="secureboot_label">
284+ <property name="visible">True</property>
285+ <property name="can_focus">False</property>
286+ <property name="halign">start</property>
287+ <property name="label" translatable="yes">To install these drivers, you must disable secure boot on this device.</property>
288+ <property name="use_markup">True</property>
289+ <property name="wrap">True</property>
290+ </object>
291+ <packing>
292+ <property name="expand">False</property>
293+ <property name="fill">True</property>
294+ <property name="position">0</property>
295+ </packing>
296+ </child>
297+ <child>
298+ <object class="GtkButton" id="secureboot_more_button">
299+ <property name="visible">True</property>
300+ <property name="can_focus">True</property>
301+ <property name="receives_default">True</property>
302+ <property name="relief">none</property>
303+ <signal name="clicked" handler="show_learn_more" swapped="no"/>
304+ <child>
305+ <object class="GtkLabel" id="label1">
306+ <property name="visible">True</property>
307+ <property name="can_focus">False</property>
308+ <property name="label" translatable="yes">&lt;u&gt;Learn more...&lt;/u&gt;</property>
309+ <property name="use_markup">True</property>
310+ </object>
311+ </child>
312+ </object>
313+ <packing>
314+ <property name="expand">False</property>
315+ <property name="fill">True</property>
316+ <property name="position">1</property>
317+ </packing>
318+ </child>
319+ </object>
320+ <packing>
321+ <property name="expand">False</property>
322+ <property name="fill">True</property>
323+ <property name="position">0</property>
324+ </packing>
325+ </child>
326+ <child>
327+ <object class="GtkLabel" id="warning_password_label">
328+ <property name="visible">True</property>
329+ <property name="can_focus">False</property>
330+ <property name="halign">start</property>
331+ <property name="label" translatable="yes">&lt;span foreground="darkred"&gt;Warning&lt;/span&gt;: This password will be required after reboot to confirm the disabling of Secure Boot</property>
332+ <property name="use_markup">True</property>
333+ </object>
334+ <packing>
335+ <property name="expand">False</property>
336+ <property name="fill">True</property>
337+ <property name="position">1</property>
338+ </packing>
339+ </child>
340+ <child>
341+ <object class="GtkGrid" id="password_grid">
342+ <property name="visible">True</property>
343+ <property name="can_focus">False</property>
344+ <property name="row_spacing">6</property>
345+ <property name="column_spacing">6</property>
346+ <property name="column_homogeneous">True</property>
347+ <child>
348+ <object class="GtkEntry" id="password">
349+ <property name="visible">True</property>
350+ <property name="can_focus">True</property>
351+ <property name="hexpand">True</property>
352+ <property name="visibility">False</property>
353+ <property name="invisible_char">●</property>
354+ <property name="activates_default">True</property>
355+ <property name="width_chars">20</property>
356+ <signal name="changed" handler="info_loop" swapped="no"/>
357+ </object>
358+ <packing>
359+ <property name="left_attach">1</property>
360+ <property name="top_attach">0</property>
361+ </packing>
362+ </child>
363+ <child>
364+ <object class="GtkEntry" id="verified_password">
365+ <property name="visible">True</property>
366+ <property name="can_focus">True</property>
367+ <property name="hexpand">True</property>
368+ <property name="visibility">False</property>
369+ <property name="invisible_char">●</property>
370+ <property name="activates_default">True</property>
371+ <property name="width_chars">20</property>
372+ <signal name="changed" handler="info_loop" swapped="no"/>
373+ </object>
374+ <packing>
375+ <property name="left_attach">1</property>
376+ <property name="top_attach">1</property>
377+ </packing>
378+ </child>
379+ <child>
380+ <object class="GtkNotebook" id="password_strength">
381+ <property name="visible">True</property>
382+ <property name="can_focus">False</property>
383+ <property name="show_tabs">False</property>
384+ <property name="show_border">False</property>
385+ <child>
386+ <object class="GtkFixed" id="empty">
387+ <property name="visible">True</property>
388+ <property name="can_focus">False</property>
389+ </object>
390+ </child>
391+ <child type="tab">
392+ <placeholder/>
393+ </child>
394+ <child>
395+ <object class="GtkLabel" id="password/too_short">
396+ <property name="visible">True</property>
397+ <property name="can_focus">False</property>
398+ <property name="label" translatable="yes">Short password</property>
399+ <property name="xalign">0</property>
400+ <attributes>
401+ <attribute name="scale" value="0.83333333333329995"/>
402+ <attribute name="foreground" value="#8b8b00000000"/>
403+ </attributes>
404+ </object>
405+ <packing>
406+ <property name="position">1</property>
407+ </packing>
408+ </child>
409+ <child type="tab">
410+ <placeholder/>
411+ </child>
412+ <child>
413+ <object class="GtkLabel" id="password/weak">
414+ <property name="visible">True</property>
415+ <property name="can_focus">False</property>
416+ <property name="label" translatable="yes">Weak password</property>
417+ <property name="xalign">0</property>
418+ <attributes>
419+ <attribute name="scale" value="0.83333333333329995"/>
420+ <attribute name="foreground" value="#8b8b00000000"/>
421+ </attributes>
422+ </object>
423+ <packing>
424+ <property name="position">2</property>
425+ </packing>
426+ </child>
427+ <child type="tab">
428+ <placeholder/>
429+ </child>
430+ <child>
431+ <object class="GtkLabel" id="password/fair">
432+ <property name="visible">True</property>
433+ <property name="can_focus">False</property>
434+ <property name="label" translatable="yes">Fair password</property>
435+ <property name="xalign">0</property>
436+ <attributes>
437+ <attribute name="scale" value="0.83333333333329995"/>
438+ <attribute name="foreground" value="#ffff8c8c0000"/>
439+ </attributes>
440+ </object>
441+ <packing>
442+ <property name="position">3</property>
443+ </packing>
444+ </child>
445+ <child type="tab">
446+ <placeholder/>
447+ </child>
448+ <child>
449+ <object class="GtkLabel" id="password/good">
450+ <property name="visible">True</property>
451+ <property name="can_focus">False</property>
452+ <property name="label" translatable="yes">Good password</property>
453+ <property name="xalign">0</property>
454+ <attributes>
455+ <attribute name="scale" value="0.83333333333329995"/>
456+ <attribute name="foreground" value="#000064640000"/>
457+ </attributes>
458+ </object>
459+ <packing>
460+ <property name="position">4</property>
461+ </packing>
462+ </child>
463+ <child type="tab">
464+ <placeholder/>
465+ </child>
466+ <child>
467+ <object class="GtkLabel" id="password/strong">
468+ <property name="visible">True</property>
469+ <property name="can_focus">False</property>
470+ <property name="label" translatable="yes">Strong password</property>
471+ <property name="xalign">0</property>
472+ <attributes>
473+ <attribute name="scale" value="0.83333333333329995"/>
474+ <attribute name="foreground" value="#000064640000"/>
475+ </attributes>
476+ </object>
477+ <packing>
478+ <property name="position">5</property>
479+ </packing>
480+ </child>
481+ <child type="tab">
482+ <placeholder/>
483+ </child>
484+ </object>
485+ <packing>
486+ <property name="left_attach">2</property>
487+ <property name="top_attach">0</property>
488+ </packing>
489+ </child>
490+ <child>
491+ <object class="GtkNotebook" id="password_match">
492+ <property name="visible">True</property>
493+ <property name="can_focus">False</property>
494+ <property name="show_tabs">False</property>
495+ <property name="show_border">False</property>
496+ <child>
497+ <object class="GtkFixed" id="empty2">
498+ <property name="visible">True</property>
499+ <property name="can_focus">False</property>
500+ </object>
501+ </child>
502+ <child type="tab">
503+ <placeholder/>
504+ </child>
505+ <child>
506+ <object class="GtkLabel" id="password_mismatch">
507+ <property name="visible">True</property>
508+ <property name="can_focus">False</property>
509+ <property name="label" translatable="yes">Mismatch</property>
510+ <property name="xalign">0</property>
511+ <attributes>
512+ <attribute name="scale" value="0.83333333333329995"/>
513+ <attribute name="foreground" value="#8b8b00000000"/>
514+ </attributes>
515+ </object>
516+ <packing>
517+ <property name="position">1</property>
518+ </packing>
519+ </child>
520+ <child>
521+ <object class="GtkImage" id="password_ok">
522+ <property name="visible">True</property>
523+ <property name="can_focus">False</property>
524+ <property name="xalign">0</property>
525+ <property name="stock">gtk-apply</property>
526+ </object>
527+ <packing>
528+ <property name="position">2</property>
529+ </packing>
530+ </child>
531+ <child type="tab">
532+ <placeholder/>
533+ </child>
534+ </object>
535+ <packing>
536+ <property name="left_attach">2</property>
537+ <property name="top_attach">1</property>
538+ </packing>
539+ </child>
540+ <child>
541+ <object class="GtkLabel" id="password_label">
542+ <property name="visible">True</property>
543+ <property name="can_focus">False</property>
544+ <property name="halign">end</property>
545+ <property name="label" translatable="yes">Choose a Secure Boot security key:</property>
546+ </object>
547+ <packing>
548+ <property name="left_attach">0</property>
549+ <property name="top_attach">0</property>
550+ </packing>
551+ </child>
552+ <child>
553+ <object class="GtkLabel" id="verified_password_label">
554+ <property name="visible">True</property>
555+ <property name="can_focus">False</property>
556+ <property name="halign">end</property>
557+ <property name="label" translatable="yes">Confirm Secure Boot security key:</property>
558+ </object>
559+ <packing>
560+ <property name="left_attach">0</property>
561+ <property name="top_attach">1</property>
562+ </packing>
563+ </child>
564+ </object>
565+ <packing>
566+ <property name="expand">False</property>
567+ <property name="fill">True</property>
568+ <property name="position">2</property>
569+ </packing>
570+ </child>
571+ </object>
572+ <packing>
573+ <property name="expand">False</property>
574+ <property name="fill">True</property>
575+ <property name="position">2</property>
576+ </packing>
577+ </child>
578 </object>
579 <packing>
580 <property name="expand">False</property>
581
582=== modified file 'scripts/simple-plugins'
583--- scripts/simple-plugins 2013-04-28 13:46:10 +0000
584+++ scripts/simple-plugins 2015-12-16 15:44:02 +0000
585@@ -11,6 +11,13 @@
586 ubuntu-drivers autoinstall --package-list /run/ubuntu-drivers.autoinstall || \
587 logger -t ubiquity "ubuntu-drivers autoinstall failed with code: $?"
588 fi
589+ db_input high ubiquity/secureboot_key || true
590+ db_get ubiquity/secureboot_key
591+ if [ -n "$RET" ]; then
592+ echo "${RET}\n${RET}" | sudo mokutil --disable-validation
593+ fi
594+ # Always clear secureboot key.
595+ db_set ubiquity/secureboot_key ''
596 elif [ "$1" = "wireless" ]; then
597 db_get ubiquity/online
598 if [ "$RET" != true ]; then
599
600=== modified file 'tests/test_gtkui.py'
601--- tests/test_gtkui.py 2014-06-30 13:09:16 +0000
602+++ tests/test_gtkui.py 2015-12-16 15:44:02 +0000
603@@ -130,6 +130,7 @@
604 'ubi_question_dialog', 'question_label',
605 # Calculated error string
606 'label_global_error',
607+ 'warning_password_label', 'label1', 'secureboot_label',
608 ]
609 deb_host_arch = subprocess.Popen(
610 ['dpkg-architecture', '-qDEB_HOST_ARCH'],
611
612=== modified file 'ubiquity/install_misc.py'
613--- ubiquity/install_misc.py 2014-04-02 13:44:04 +0000
614+++ ubiquity/install_misc.py 2015-12-16 15:44:02 +0000
615@@ -475,6 +475,17 @@
616 return answer, ''
617
618
619+def is_secure_boot():
620+ secureboot_efivar = subprocess.Popen(
621+ ['od', '-An', '-t', 'u1',
622+ os.path.join('/sys/firmware/efi/efivars',
623+ 'SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c')],
624+ stdout=subprocess.PIPE, universal_newlines=True)
625+ answer = secureboot_efivar.communicate()[0].strip()
626+ secureboot = answer.split(' ')[-1]
627+ return (int(secureboot) == 1)
628+
629+
630 # TODO this can probably go away now.
631 def get_cache_pkg(cache, pkg):
632 # work around broken has_key in python-apt 0.6.16
633
634=== modified file 'ubiquity/plugins/ubi-prepare.py'
635--- ubiquity/plugins/ubi-prepare.py 2013-10-18 21:38:44 +0000
636+++ ubiquity/plugins/ubi-prepare.py 2015-12-16 15:44:02 +0000
637@@ -23,8 +23,8 @@
638 import subprocess
639 import sys
640
641-from ubiquity import i18n, misc, osextras, plugin, upower
642-
643+from ubiquity import i18n, misc, osextras, plugin, upower, validation
644+from ubiquity.install_misc import archdetect, is_secure_boot
645
646 NAME = 'prepare'
647 AFTER = 'wireless'
648@@ -40,6 +40,9 @@
649 class PreparePageBase(plugin.PluginUI):
650 plugin_title = 'ubiquity/text/prepare_heading_label'
651
652+ def __init__(self, *args, **kwargs):
653+ plugin.PluginUI.__init__(self)
654+
655 def plugin_set_online_state(self, state):
656 self.prepare_network_connection.set_state(state)
657 self.enable_download_updates(state)
658@@ -71,24 +74,34 @@
659 self.page = None
660 return
661 self.controller = controller
662- from gi.repository import Gtk
663- builder = Gtk.Builder()
664+ from ubiquity.gtkwidgets import Builder
665+ builder = Builder()
666 self.controller.add_builder(builder)
667 builder.add_from_file(os.path.join(
668 os.environ['UBIQUITY_GLADE'], 'stepPrepare.ui'))
669 builder.connect_signals(self)
670+
671 self.page = builder.get_object('stepPrepare')
672- self.prepare_download_updates = builder.get_object(
673- 'prepare_download_updates')
674- self.prepare_nonfree_software = builder.get_object(
675- 'prepare_nonfree_software')
676- self.prepare_sufficient_space = builder.get_object(
677- 'prepare_sufficient_space')
678- self.prepare_foss_disclaimer = builder.get_object(
679- 'prepare_foss_disclaimer')
680- self.prepare_foss_disclaimer_extra = builder.get_object(
681- 'prepare_foss_disclaimer_extra_label')
682- self.prepare_power_source = builder.get_object('prepare_power_source')
683+
684+ # Get all objects + add internal child(s)
685+ all_widgets = builder.get_object_ids()
686+ for wdg in all_widgets:
687+ setattr(self, wdg, builder.get_object(wdg))
688+
689+ self.password_strength_pages = {
690+ 'empty': 0,
691+ 'too_short': 1,
692+ 'weak': 2,
693+ 'fair': 3,
694+ 'good': 4,
695+ 'strong': 5,
696+ }
697+ self.password_match_pages = {
698+ 'empty': 0,
699+ 'mismatch': 1,
700+ 'ok': 2,
701+ }
702+
703 if upower.has_battery():
704 upower.setup_power_watch(self.prepare_power_source)
705 else:
706@@ -97,6 +110,14 @@
707 'prepare_network_connection')
708 self.plugin_widgets = self.page
709
710+ self.using_secureboot = False
711+ self.secureboot_title = 'UEFI Secure Boot'
712+ self.secureboot_msg = 'Secure Boot'
713+
714+ def set_using_secureboot(self, secureboot):
715+ self.using_secureboot = secureboot
716+ self.on_nonfree_toggled(None)
717+
718 def enable_download_updates(self, val):
719 self.prepare_download_updates.set_sensitive(val)
720
721@@ -132,6 +153,61 @@
722 text = text.replace('${RELEASE}', release.name)
723 widget.set_label(text)
724
725+ sb_title_template = 'ubiquity/text/efi_secureboot'
726+ sb_info_template = 'ubiquity/text/efi_secureboot_info'
727+ self.secureboot_title = self.controller.get_string(sb_title_template)
728+ self.secureboot_msg = self.controller.get_string(sb_info_template)
729+
730+ def on_nonfree_toggled(self, widget):
731+ if self.using_secureboot:
732+ enabled = self.get_use_nonfree()
733+ if enabled:
734+ self.secureboot_box.show()
735+ else:
736+ self.secureboot_box.hide()
737+ self.info_loop(None)
738+
739+ def info_loop(self, unused_widget):
740+ complete = True
741+ passw = self.password.get_text()
742+ vpassw = self.verified_password.get_text()
743+
744+ if passw != vpassw or (passw and len(passw) < 8):
745+ complete = False
746+ self.password_match.set_current_page(
747+ self.password_match_pages['empty'])
748+ if passw and (not passw.startswith(vpassw) or
749+ len(vpassw) / len(passw) > 0.8):
750+ self.password_match.set_current_page(
751+ self.password_match_pages['mismatch'])
752+ else:
753+ self.password_match.set_current_page(
754+ self.password_match_pages['ok'])
755+
756+ if passw:
757+ txt = validation.human_password_strength(passw)[0]
758+ self.password_strength.set_current_page(
759+ self.password_strength_pages[txt])
760+ else:
761+ self.password_strength.set_current_page(
762+ self.password_strength_pages['empty'])
763+
764+ self.controller.allow_go_forward(complete)
765+ return complete
766+
767+ def get_secureboot_key(self):
768+ return self.password.get_text()
769+
770+ def show_learn_more(self, unused):
771+ from gi.repository import Gtk
772+ dialog = Gtk.MessageDialog(
773+ self.page.get_toplevel(), Gtk.DialogFlags.MODAL,
774+ Gtk.MessageType.INFO, Gtk.ButtonsType.CLOSE, None)
775+ dialog.set_title(self.secureboot_title)
776+ dialog.set_markup(self.secureboot_msg)
777+ dialog.run()
778+ dialog.destroy()
779+
780
781 class PageKde(PreparePageBase):
782 plugin_breadcrumb = 'ubiquity/text/breadcrumb_prepare'
783@@ -227,6 +303,11 @@
784 use_nonfree = self.db.get('ubiquity/use_nonfree') == 'true'
785 self.ui.set_use_nonfree(use_nonfree)
786
787+ arch, subarch = archdetect()
788+ if 'efi' in subarch:
789+ if is_secure_boot():
790+ self.ui.set_using_secureboot(True)
791+
792 download_updates = self.db.get('ubiquity/download_updates') == 'true'
793 self.ui.set_download_updates(download_updates)
794 self.setup_sufficient_space()
795@@ -260,8 +341,11 @@
796 def ok_handler(self):
797 download_updates = self.ui.get_download_updates()
798 use_nonfree = self.ui.get_use_nonfree()
799+ secureboot_key = self.ui.get_secureboot_key()
800 self.preseed_bool('ubiquity/use_nonfree', use_nonfree)
801 self.preseed_bool('ubiquity/download_updates', download_updates)
802+ if self.ui.using_secureboot and secureboot_key:
803+ self.preseed('ubiquity/secureboot_key', secureboot_key, seen=True)
804 if use_nonfree:
805 with misc.raised_privileges():
806 # Install ubuntu-restricted-addons.

Subscribers

People subscribed via source and target branches

to status/vote changes: