[Pkg-utopia-maintainers] Bug#818759: network-manager-gnome: Unencrypted private Keys are insecure

[Andrei Audzei]

Sorry, bit of info about versions


network-manager/stable,now 1.6.2-3 amd64 [installed]
network-manager-gnome/stable,now 1.4.4-1 amd64 [installed]


On Mon, 5 Mar 2018 01:19:56 -0500 Andrei Audzei 
wrote:
> I have the same message when I try to use encrypted user key for wifi
> connection (TLS, WPA & WPA2 Enterprise).
>
> I found a mention about fresh same issue on
>
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1339607?comments=all
,
> and one point of last (#16) comment can be a  root of trouble.
>
> On my laptop I use full disk encryption LVM. So, I moved my protected key
> to mounted USB flash - and wifi connection works fine! I think, that
> problem in disk encryption. Can you approve this and fix it?
___
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-utopia-maintainers

[Pkg-utopia-maintainers] Bug#818759: network-manager-gnome: Unencrypted private Keys are insecure

[Andrei Audzei]

I have the same message when I try to use encrypted user key for wifi
connection (TLS, WPA & WPA2 Enterprise).

I found a mention about fresh same issue on
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1339607?comments=all,
and one point of last (#16) comment can be a  root of trouble.

On my laptop I use full disk encryption LVM. So, I moved my protected key
to mounted USB flash - and wifi connection works fine! I think, that
problem in disk encryption. Can you approve this and fix it?
___
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-utopia-maintainers

Re: [Pkg-utopia-maintainers] dbus-broker Debian packaging

[Daniele Nicolodi]

Hi David,

On 04/03/2018 05:08, David Herrmann wrote:
> *) The dbus-broker project uses submodules to link some code
> statically. The easiest way to build dbus-broker is using our .tar.xz
> tarballs provided with each release [1]. These include *all* source
> files, including the right submodule versions. If you want to build
> from -git directly, though, I recommend the strategy used by the
> arch-linux -git package [2]. They check out all required repositories
> and then use git to check out the correct revisions. This is
> definitely more flexible than the tarball based approach, but also
> needs slightly more maintenance, as you need to stay up-to-date with
> the submodules.

Debian tooling handles the submodules fine, I just compared the released
tarball for v11 with the one generated by the Debian tooling from the
git repository and they are substantially identical.

However, I noticed that not all the submodules have the same license as
dbus-broker, I need to complete the debian/copyright file. Also, I
noticed that Red Hat is listed as the copyright holder. Is that true for
all contributions?

> *) The dbus-broker binary itself is definitely intended to be useful
> on its own. However, no such users are known, and so far we have *not*
> stabilized its API, yet. Hence, I would not split it apart now, but
> leave it for a future extension. That is, something like a
> `dbus-broker-core` package, which just contains the broker, but not
> the launcher.

I think that having `dbus-broker` and `dbus-broker-launcher` packages
would be more logical, but I don't see reasons why the split cannot
happen when the need will emerge, or when the API will be stable.

> *) We are reworking the Fedora package at the moment. I cannot say how
> the ultimate solution will look like, but the plan right now is this:
> dbus-daemon is split into multiple packages. One packages
> (dbus-daemon-utils) provides all the utilities (dbus-send,
> dbus-monitor, ...).

I would call this `dbus-utils`, but.. bikeshedding.

> Another package (dbus-daemon) provides the daemon
> binary and its related tools (dbus-daemon, dbus-launch, ...), as well
> as a renamed service file `dbus-daemon.service`.
> For dbus-broker we provide one package that ships the broker+launcher,
> as well as the dbus-broker.service unit file.
> Lastly, we intend to recreate the `dbus` package as a simple package
> that both dbus-daemon and dbus-broker depend on, and it provides the
> daemon-xml files (config and policy).

If there is interest for dbus-broker in Debian and the dbus maintainers
agree, I can work on patches to do the same for the Debian's dbus package.

> Depending on what the default setup for your system should be, you
> should run `systemctl enable dbus-{daemon,broker}.service`. They will
> then create the dbus.service symlink. Fedora intends to use the
> systemd-presets for this.

That would need to be done differently on Debian, I guess.  I will need
to do some reading about what the correct solution would be there.

> I hope this information is of help to you!

Thank you for the detailed reply, it surely helps.

Cheers,
Dan

___
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-utopia-maintainers

Re: [Pkg-utopia-maintainers] dbus-broker Debian packaging

[David Herrmann]

Hi Daniele

On Sun, Mar 4, 2018 at 3:00 AM, Daniele Nicolodi  wrote:
> Hello Debian dbus maintainers and dbus-broker authors,
>
> I'm working on packaging dbus-broker for Debian [0].
>
> In the packaging, I'm not sure in how many binary packages the project
> should be split.  I thought asking the authors and the dbus maintainers
> could be valuable.
>
> dbus-broker provides dbus-broker-launcher and systemd unit files that
> provide configuration files compatibility with the D-Bus reference
> implementation, however dbus-broker can be useful in itself to implement
> private buses.
>
> Should dbus-broker and the launcher (and the systemd unit files) be part
> of two separate binary packages?  Is the interface between the broker
> and the launcher stable?
>
> Should be the system D-Bus be replaced when dbus-broker is install?
> What about the user bus?
>
> Is the Debian Utopia team interested in team maintenance of the
> dbus-broker package?  I would also need a sponsor to upload the package.

Thank you for reaching out to us! I will just provide a short list of
things you might find useful. I hope this answers most of the
questions regarding the upstream package.

*) The dbus-broker project uses submodules to link some code
statically. The easiest way to build dbus-broker is using our .tar.xz
tarballs provided with each release [1]. These include *all* source
files, including the right submodule versions. If you want to build
from -git directly, though, I recommend the strategy used by the
arch-linux -git package [2]. They check out all required repositories
and then use git to check out the correct revisions. This is
definitely more flexible than the tarball based approach, but also
needs slightly more maintenance, as you need to stay up-to-date with
the submodules.
Both ways are supported by us upstream.

*) The dbus-broker binary itself is definitely intended to be useful
on its own. However, no such users are known, and so far we have *not*
stabilized its API, yet. Hence, I would not split it apart now, but
leave it for a future extension. That is, something like a
`dbus-broker-core` package, which just contains the broker, but not
the launcher.

*) We are reworking the Fedora package at the moment. I cannot say how
the ultimate solution will look like, but the plan right now is this:
dbus-daemon is split into multiple packages. One packages
(dbus-daemon-utils) provides all the utilities (dbus-send,
dbus-monitor, ...). Another package (dbus-daemon) provides the daemon
binary and its related tools (dbus-daemon, dbus-launch, ...), as well
as a renamed service file `dbus-daemon.service`.
For dbus-broker we provide one package that ships the broker+launcher,
as well as the dbus-broker.service unit file.
Lastly, we intend to recreate the `dbus` package as a simple package
that both dbus-daemon and dbus-broker depend on, and it provides the
daemon-xml files (config and policy).
Depending on what the default setup for your system should be, you
should run `systemctl enable dbus-{daemon,broker}.service`. They will
then create the dbus.service symlink. Fedora intends to use the
systemd-presets for this.

*) There is currently a proposal to make dbus-broker the default with
F29 onwards. This has not been approved, yet, though.

I hope this information is of help to you!
David

[1] https://github.com/bus1/dbus-broker/releases
[2] https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=dbus-broker-git

___
Pkg-utopia-maintainers mailing list
Pkg-utopia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-utopia-maintainers