Initial setup
-------------

The first time a new system is booted is a special situation. There is
no user account yet, and a few basic setup steps need to be performed
before it can be considered fully usable. The initial-setup mode is an
attempt to solve these problems.

When in initial-setup mode, gdm does not bring up the regular greeter
for the login screen, but instead starts the gdm-initial-setup application
in a special session. gdm-initial-setup offers a series of steps to

1. Connect to the network
2. Create a new user account
3. Set the right location/timezone
4. Set up online accounts

In terms of the user experience, we want the initial setup to seamlessly
switch to the regular user session. In particular, we don't want to
make the user enter his credentials again on the login screen.

We can't run the gdm-initial-setup application with the correct user,
since the user account does not exist yet at that time. Therefore, gdm
creates a temporary gdm-initial-setup user, and runs gdm-initial-setup
as that user. When gdm-inital-setup is done, it then initiates an autologin
for the newly created user account to switch to the 'real' session.
gdm removes the temporary gdm-initial-setup user before switching to
the real session.

Due to this arrangement, we need to copy all the settings that have been
changed during the initial setup session from the gdm-initial-setup
user to the real user.

Mechanics
---------

To enable the initial-setup functionality in gdm, set

InitialSetupEnable=True

in the [daemon] section of /etc/gdm/custom.conf. To actually
trigger the initial-setup, gdm additionally looks for the file
/etc/gdm/run-initial-setup. gdm removes this file after the
initial setup has been performed.

The session that gdm starts for the initial-setup session is
defined by the file /usr/share/gnome-session/sessions/gdm-setup.session.
Like the regular greeter session, it uses the desktop files in
/usr/share/gdm/greeter/applications/

Before starting the initial-setup session, gdm copies the file
/usr/share/gdm/20-gdm-initial-setup.pkla into the PolicyKit
configuration to provide suitable permissions for the gdm-initial-setup
user. The pkla file is removed again together with the gdm-initial-setup
user account.

TODO
----

- Network login is not implemented

- Automatic detection of location/timezone is not implemented

- gnome-shell needs a somewhat slimmed down mode that is more suitable
  to the setup scenario. It should be similar to gdm-mode in that it
  will not show activitites or the user menu or the calendar. But it
  should (obviously) not present a user list and act as a greeter.

- The summary screen should offer a 'tour' of the desktop.

- Figure out how to unlock the copied keyring after the autologin
  into the newly created session.

- Split the setup/teardown for the temporary account into a
  helper binary, to make selinux happy.

- Use /var/lib/gdm/run-initial-setup instead of /etc/gdm/run-initial-setup.
