Persistence preset: Greeter settings
We wanted to persist the region, keyboard and formats settings since more than 6 years (#5501).
I propose that we simply add a persistence preset which persists all the Greeter settings.The workflow for the user would then look like this:
- Boot and wait for the Greeter
- If they require a non-US keyboard layout to enter the password, configure that
- Enter the persistence password and unlock. Now the Greeter loads the persistent settings and updates its window accordingly.
- Change settings if required. These changes will be persisted.
- Start Tails
- For language, keyboard layout and region, it's clear that they are usually the same
- Regarding the network connection: For users who require a bridge to connect to Tor, it could actually be dangerous if they ever forget to configure that bridge. So for those users, being able to persist that setting would also increase security, not only UX.
- MAC address spoofing and admin password are settings which might only be set on occasion.
- In case that we allow enabling/disabling the Unsafe Browser in the Greeter (#17085), this would also be a setting that would be set to the same value during most boots.
Note that the Greeter already provides a good overview of the configured settings and a good UX to change those.
Implementation would be simple:
We already store the Greeter settings in files, in
/var/lib/gdm3/. We could move those to
/var/lib/gdm3/settings/ and add a persistence preset for that directory, i.e.
/live/persistence/TailsData_unlocked/greeter_settings/ would be bind-mounted to
/var/lib/gdm3/settings/ when persistence is unlocked.
Then the only thing we would still have to implement is reading the values from the settings files and updating the Greeter UI accordingly, which shouldn't be too hard (I know the Greeter code quite well now).
We should disable the automatic unlocking of the persistence via the "Start Tails" button, to prevent that user-configured settings get overwritten with persistent settings without any UI feedback.
I think the GNOME way to do this is to simply make the "Start Tails" button insensitive if a password was entered in the persistence entry but the persistence was not unlocked.