On Mon, 2022-03-07 at 12:54 +0100, Fernando F. Mancera via
networkmanager-list wrote:
> Hello everyone!
> The proposed experimental solutions are:
> 1. 'nmcli c show --keyfile $UUID' to output the profile keyfile in
> stdout.
> 2. 'nmcli c add ... --keyfile' to output the generated keyfile in
> stdout 
> instead of adding it to the NetworkManager configuration so the 
> NetworkManager daemon is not required..

re:2.: this `nmcli c add --keyfile` does not actually add the profile
in NM (via D-Bus). That's a bit odd, but ok(?).

what you also need is:

3. I think in this set, it would also make sense to have a `nmcli c
modify "$PROFILE" --keyfile $OPTIONS`, which reads $PROFILE from D-Bus,
modifies it in-memory and prints the result to stdout.

4. none of the above commands allow to add a profile from stdin. That
is necessary to tie it all together. This could be for example `nmcli
connection modify keyfile $OPTIONS`. Here, "keyfile" means to read a
keyfile from stdin. The result would be then added via D-Bus -- which
is a bid odd, that `nmcli connection modify` creates a new profile in
NM. On the other hand, it really does take a profile (from stdin),
modify it, and add it somewhere.

5. finally, `nmcli connection modify keyfile --keyfile $OPTIONS` would
read the profile from stdin, modify it, and output again to stdout.

then you can do:

   nmcli connection modify $PROFILE --keyfile | \
   nmcli connection modify keyfile \
        connection.uuid $(uuidgen) \
        autoconnect no \
        --keyfile | \
   nmcli connection modify keyfile

of course, that's just an example to show all pieces. Above could be
written shorter as:

   nmcli connection modify $PROFILE --keyfile | \
   nmcli connection modify keyfile \
        connection.uuid $(uuidgen) \
        autoconnect no

these are the basic operations. I don't have a strong opinion about the
actual command line options (though, I find it odd that `nmcli-c-
modify` adds a profile).


also, when editing/outputting keyfile format, eventually you want to
write it to a file. With above, the user could do:

   nmcli connection show $PROFILE --keyfile > 

the problem with this is that umask is likely wrong, so you'd need to do `chmod 
600` (and `nmcli connection load $FILENAME`).
Maybe --keyfile could accept a filename, like 

   nmcli connection show $PROFILE 

so that nmcli gets the permissions right and (opt-in or opt-out) load
the file in NM.

Also, keyfiles can only be in 3 well-known locations:
 A) /var/lib/NetworkManager/system-connections/
 B) /etc/NetworkManager/system-connections/
 C) /run/NetworkManager/system-connections/
these are the default paths, but they depend on the $PREFIX during
compilation. Also, B) can be configured in NetworkManager.conf as

Anyway. With this, maybe it would make sense to have shortcuts:

   nmcli connection show $PROFILE --keyfile=etc:myfile.nmconnection


networkmanager-list mailing list

Reply via email to