Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev

2013-06-07 Thread Andrew Shadura 
Hello,

On 4 June 2013 18:06, Stefan Lippers-Hollmann s@gmx.de wrote:
 According to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708222#10
 you should have received it, at least it was sent.

Probably lost somewhere.

 I don't have or use wpa_supplicant.conf, I use wpa_supplicant together
 with ifupdown, and the hooks the package provides don't do that, while
 they obviously should.

 O.k., I'll look into it - although all non-trivial[1] configuration
 options require the additional syntax of wpa_supplicant.conf anyways…

 [1] I don't see us adding hooks for pairwise/ group or wpa enterprise
 options like key_mgmt, eap, phase2 or identity/ password/ ca_cert,

Not true. All of those options you mentioned actually are supported.

 at some point the additional options of using dedicated
 configuration files for wpa_supplicant simply becomes required.

That'd be horrible, as wpa_supplicant.conf is absolutely unusable
compared to /e/n/i. Also, in that case I'll have to fork the scripts
and take them over from your package.

 Personally I consider the user/ group setting to be in that
 general domain, but I can be convinced either way (changing the
 defaults and/or adding an ifupdown hook), given convincing
 arguments for it.

This setting is *not* a general domain. Being able to manage wpa
supplicant as the non-root netdev user is an important thing, and it
should be enabled by default unless explicitly disabled.

 Referring to your follow-up mail, yes, now that wheezy has been
 released, we can use /run/ instead of /var/run/ directly (without
 Breaks on initscripts ( 2.88dsf-13.3~), etc.).

I'm personally for declaring Breaks so the package can't break older
not-fully-updated systems by accident.

-- 
WBR, Andrew


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev

2013-06-04 Thread Andrew Shadura 
Hello,

Also, please stop using /var/run, please use /run directly.

-- 
WBR, Andrew


signature.asc
Description: PGP signature

Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev

2013-06-04 Thread Andrew Shadura 
Control: reopen -1

Hello,

On Tue, 04 Jun 2013 02:48:06 +
ow...@bugs.debian.org (Debian Bug Tracking System) wrote:

 You can configure this through your wpa_supplicant.conf.  

 Closing, as this behaviour can be configured and because I haven't 
 received any arguments to toggle the default setting so far.

What? I haven't received this email.

 wpa_supplicant.conf(5):

I don't have or use wpa_supplicant.conf, I use wpa_supplicant together
with ifupdown, and the hooks the package provides don't do that, while
they obviously should.

-- 
WBR, Andrew


signature.asc
Description: PGP signature

Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev

2013-06-04 Thread Stefan Lippers-Hollmann 
Hi

On Tuesday 04 June 2013, Andrew Shadura wrote:
 Control: reopen -1
 
 Hello,
 
 On Tue, 04 Jun 2013 02:48:06 +
 ow...@bugs.debian.org (Debian Bug Tracking System) wrote:
 
  You can configure this through your wpa_supplicant.conf.  
 
  Closing, as this behaviour can be configured and because I haven't 
  received any arguments to toggle the default setting so far.
 
 What? I haven't received this email.

According to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708222#10
you should have received it, at least it was sent.

  wpa_supplicant.conf(5):
 
 I don't have or use wpa_supplicant.conf, I use wpa_supplicant together
 with ifupdown, and the hooks the package provides don't do that, while
 they obviously should.

O.k., I'll look into it - although all non-trivial[1] configuration 
options require the additional syntax of wpa_supplicant.conf anyways…

Referring to your follow-up mail, yes, now that wheezy has been 
released, we can use /run/ instead of /var/run/ directly (without
Breaks on initscripts ( 2.88dsf-13.3~), etc.).

Regards
Stefan Lippers-Hollmann

[1] I don't see us adding hooks for pairwise/ group or wpa enterprise
options like key_mgmt, eap, phase2 or identity/ password/ ca_cert,
at some point the additional options of using dedicated 
configuration files for wpa_supplicant simply becomes required.
Personally I consider the user/ group setting to be in that 
general domain, but I can be convinced either way (changing the
defaults and/or adding an ifupdown hook), given convincing 
arguments for it.


signature.asc
Description: This is a digitally signed message part.

Bug#708222: [pkg-wpa-devel] Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev

2013-05-18 Thread Stefan Lippers-Hollmann 
Hi

On Tuesday 14 May 2013, Andrew Shadura wrote:
[…]
 Please create the control sockets and the directory holding them owned
 by netdev group, and group-accessible. Otherwise it's impossible to use
 wpa_cli as a non-root user.
[…]

You can configure this through your wpa_supplicant.conf.

wpa_supplicant.conf(5):
[…]
QUICK EXAMPLES
   1. WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as 
work network.

  # allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' 
group
  ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
[…]

/usr/share/doc/wpasupplicant/README.gz:
[…]
# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
[…]


e.g.:

/etc/network/interfaces:

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface home inet dhcp
iface work inet dhcp
iface default inet dhcp


/etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=netdev

network={
priority=30
ssid=my-essid
id_str=home
proto=WPA2
pairwise=CCMP
group=CCMP
psk=home-secret
}

network={
priority=25
ssid=work-essid
id_str=work
key_mgmt=IEEE8021X
eap=TTLS
phase2=auth=PAP
identity=u...@work.example.com
password=work-secret
ca_cert=/etc/wpa_supplicant/work.pem
}

network={
priority=1
ssid=
key_mgmt=NONE
}

With ctrl_interface_group=netdev, all members of netdev can use wpa_gui
or wpa_cli. Does that meet your needs?

Regards
Stefan Lippers-Hollmann


signature.asc
Description: This is a digitally signed message part.

Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev

2013-05-14 Thread Andrew Shadura 
Package: wpasupplicant
Version: 1.0-3+b1
Severity: normal

Please create the control sockets and the directory holding them owned
by netdev group, and group-accessible. Otherwise it's impossible to use
wpa_cli as a non-root user.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.6-trunk-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wpasupplicant depends on:
ii  adduser   3.112+nmu1
ii  initscripts   2.88dsf-27
ii  libc6 2.17-0experimental2
ii  libdbus-1-3   1.4.16-1
ii  libnl-3-200   3.2.7-4
ii  libnl-genl-3-200  3.2.7-4
ii  libpcsclite1  1.8.3-3
ii  libreadline6  6.2-8
ii  libssl1.0.0   1.0.1c-3
ii  lsb-base  4.1+Debian9


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org