network manager comes with a few config snippits intended to go in a conf.d directory to fix various defaults to be more sane. I'll argue for each one individually: 31-mac-addr-change.conf: This fixes breakage, plain and simple. Many wifi drivers are garbage, and don't support changing the wifi mac address. This is a problem as modern wpa_supplicant expects to use a random mac address to scan, and this breaks scanning with these drivers. One change should be made to this file, ",driver:wl" should be added as that closed source driver has the bug and a lot of people use it. 30-anon.conf: this config file sets *per network connection* random mac addresses. that means that each time you connect to an ssid it will use the same mac address, just not the one burned into the wifi card. While random mac address for probing is already a forced default (to prevent tracking) the burned in mac is used for connections. maintaining privacy makes a lot of sense, there are a lot of companies out there doing mac address based tracking and this is the least we can do to help users maintain some level of privacy. using full randomization (randomize every time you reconnect) causes headache for network administration and confuses users, as such, this does *NOT* do that. the same mac is used each time a user connects to the same network. Reproducible: Always
wpa_supplicant > 2.6 uses a random mac address for scanning by default and causes bugs like : https://bugs.gentoo.org/692846
Related debian bugs, which appear to be unsolved still: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835822 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835553 Related ubuntu bug, which appear to be unsolved still: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1681513 Related upstream bugs which appears to be ignored for years: https://bugzilla.gnome.org/show_bug.cgi?id=771966 Bug from upstream recommending distros install the fix I'm asking for: https://bugzilla.gnome.org/show_bug.cgi?id=777523
I added 'examples' USE flag that installs these files as: /usr/share/doc/networkmanager-1.20.6-r1/examples/nm-conf.d /usr/share/doc/networkmanager-1.20.6-r1/examples/nm-conf.d/30-anon.conf.bz2 /usr/share/doc/networkmanager-1.20.6-r1/examples/nm-conf.d/31-mac-addr-change.conf.bz2 They are present in the 1.18.4 tarball as well, would this be sufficient for you Rick?
No, it's really not. Tons of users have these broken drivers and it hurts nothing to install the examples where they will be read by default. At *minimum* 31-mac-addr-change.conf is a bug fix for all users with those drivers *and* we need to add the wl driver to that file to include those poor souls. I would strongly recommend additionally installing 30-anon.conf as mac address tracking is such a real threat that Apple, Android, and even Windows 10, all randomize their mac addresses by default now. Not sure why Linux should be left out of the party. If you want to get into serious tin foil hat stuff you can find me on irc.
Basically this is what I'm thinking: --- networkmanager-1.18.4-r1.ebuild 2019-12-11 12:23:06.939655587 -0500 +++ networkmanager-1.18.4-r2.ebuild 2019-12-11 15:38:12.437266004 -0500 @@ -264,6 +264,8 @@ if multilib_is_native_abi; then # Install completions at proper place, bug #465100 gnome2_src_install completiondir="$(get_bashcompdir)" + insinto /usr/lib/NetworkManager/conf.d + doins "${S}"/examples/nm-conf.d/{30-anon,31-mac-addr-change}.conf else local targets=( install-libLTLIBRARIES I have tested it and it works as expected. Also of note, per lddtree: /usr/sbin/NetworkManager directly links to /usr/lib64/libnspr4.so Probably should add that as a DEP/RDEP
Since this was questioned on IRC, the location I'm installing the files to here *IS* read by network manager by default and this affects the default operation of network manager. Obviously I assert that it changes defaults for the better, but the point that I am changing the default behavior is important to note.
nspr4 comes from nss.pc pkg-config file; nss is properly depended on already, rest is recursive RDEPEND and usual pkg-config-ery
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2587f0225c6aaa23fcef6a09f4e92c3b2fda3769 commit 2587f0225c6aaa23fcef6a09f4e92c3b2fda3769 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2020-01-19 19:25:51 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2020-01-19 19:28:18 +0000 net-misc/networkmanager: improve privacy, iwd1 compat, USE=polkit honor Closes: https://bugs.gentoo.org/702476 Closes: https://bugs.gentoo.org/702900 Closes: https://bugs.gentoo.org/704810 Package-Manager: Portage-2.3.79, Repoman-2.3.12 Signed-off-by: Mart Raudsepp <leio@gentoo.org> .../networkmanager/files/1.18.4-iwd1-compat.patch | 81 +++++ .../networkmanager/networkmanager-1.18.4-r2.ebuild | 349 +++++++++++++++++++++ 2 files changed, 430 insertions(+)
well privacy is one thing good thing, but it is a bit unfair to "destroy" static ip configuration within a home network, by random macs without a silent hint why suddenly the machines or not accessable anymore? why not install those file to /etc/NetworkManager/conf.d/01-gentoo-default.conf that the user aware of this and can override it or handle it via dispatch-conf? at least an einfo "Mac addresses are random by default" would be helpful
