Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 702476

Summary: net-misc/networkmanager should install conf.d examples
Product: Gentoo Linux Reporter: Rick Farina (Zero_Chaos) <zerochaos>
Component: Current packagesAssignee: Gentoo Linux Gnome Desktop Team <gnome>
Status: RESOLVED FIXED    
Severity: normal CC: juippis
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/nm-conf.d/31-mac-addr-change.conf
See Also: https://github.com/gentoo/gentoo/pull/14365
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 692846    

Description Rick Farina (Zero_Chaos) gentoo-dev 2019-12-10 16:47:50 UTC
network manager comes with a few config snippits intended to go in a conf.d directory to fix various defaults to be more sane.  I'll argue for each one individually:

31-mac-addr-change.conf:  This fixes breakage, plain and simple.  Many wifi drivers are garbage, and don't support changing the wifi mac address.  This is a problem as modern wpa_supplicant expects to use a random mac address to scan, and this breaks scanning with these drivers. One change should be made to this file, ",driver:wl" should be added as that closed source driver has the bug and a lot of people use it.

30-anon.conf: this config file sets *per network connection* random mac addresses.  that means that each time you connect to an ssid it will use the same mac address, just not the one burned into the wifi card.  While random mac address for probing is already a forced default (to prevent tracking) the burned in mac is used for connections.  maintaining privacy makes a lot of sense, there are a lot of companies out there doing mac address based tracking and this is the least we can do to help users maintain some level of privacy.  using full randomization (randomize every time you reconnect) causes headache for network administration and confuses users, as such, this does *NOT* do that.  the same mac is used each time a user connects to the same network.

Reproducible: Always
Comment 1 Rick Farina (Zero_Chaos) gentoo-dev 2019-12-10 16:51:56 UTC
wpa_supplicant > 2.6 uses a random mac address for scanning by default and causes bugs like : https://bugs.gentoo.org/692846
Comment 2 Rick Farina (Zero_Chaos) gentoo-dev 2019-12-10 18:16:30 UTC
Related debian bugs, which appear to be unsolved still:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835822
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835553

Related ubuntu bug, which appear to be unsolved still:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1681513

Related upstream bugs which appears to be ignored for years:
https://bugzilla.gnome.org/show_bug.cgi?id=771966

Bug from upstream recommending distros install the fix I'm asking for:
https://bugzilla.gnome.org/show_bug.cgi?id=777523
Comment 3 Joonas Niilola gentoo-dev 2019-12-11 13:17:06 UTC
I added 'examples' USE flag that installs these files as: 
  /usr/share/doc/networkmanager-1.20.6-r1/examples/nm-conf.d
  /usr/share/doc/networkmanager-1.20.6-r1/examples/nm-conf.d/30-anon.conf.bz2
  /usr/share/doc/networkmanager-1.20.6-r1/examples/nm-conf.d/31-mac-addr-change.conf.bz2

They are present in the 1.18.4 tarball as well, would this be sufficient for you Rick?
Comment 4 Rick Farina (Zero_Chaos) gentoo-dev 2019-12-11 18:02:39 UTC
No, it's really not.  Tons of users have these broken drivers and it hurts nothing to install the examples where they will be read by default.

At *minimum* 31-mac-addr-change.conf is a bug fix for all users with those drivers *and* we need to add the wl driver to that file to include those poor souls.

I would strongly recommend additionally installing 30-anon.conf as mac address tracking is such a real threat that Apple, Android, and even Windows 10, all randomize their mac addresses by default now.  Not sure why Linux should be left out of the party.

If you want to get into serious tin foil hat stuff you can find me on irc.
Comment 5 Rick Farina (Zero_Chaos) gentoo-dev 2019-12-11 20:39:36 UTC
Basically this is what I'm thinking:

--- networkmanager-1.18.4-r1.ebuild	2019-12-11 12:23:06.939655587 -0500
+++ networkmanager-1.18.4-r2.ebuild	2019-12-11 15:38:12.437266004 -0500
@@ -264,6 +264,8 @@
 	if multilib_is_native_abi; then
 		# Install completions at proper place, bug #465100
 		gnome2_src_install completiondir="$(get_bashcompdir)"
+		insinto /usr/lib/NetworkManager/conf.d
+		doins "${S}"/examples/nm-conf.d/{30-anon,31-mac-addr-change}.conf
 	else
 		local targets=(
 			install-libLTLIBRARIES


I have tested it and it works as expected.

Also of note, per lddtree:
/usr/sbin/NetworkManager directly links to /usr/lib64/libnspr4.so

Probably should add that as a DEP/RDEP
Comment 6 Rick Farina (Zero_Chaos) gentoo-dev 2019-12-12 16:58:02 UTC
Since this was questioned on IRC, the location I'm installing the files to here *IS* read by network manager by default and this affects the default operation of network manager.  Obviously I assert that it changes defaults for the better, but the point that I am changing the default behavior is important to note.
Comment 7 Mart Raudsepp gentoo-dev 2020-01-19 19:28:07 UTC
nspr4 comes from nss.pc pkg-config file; nss is properly depended on already, rest is recursive RDEPEND and usual pkg-config-ery
Comment 8 Larry the Git Cow gentoo-dev 2020-01-19 19:29:07 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2587f0225c6aaa23fcef6a09f4e92c3b2fda3769

commit 2587f0225c6aaa23fcef6a09f4e92c3b2fda3769
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2020-01-19 19:25:51 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2020-01-19 19:28:18 +0000

    net-misc/networkmanager: improve privacy, iwd1 compat, USE=polkit honor
    
    Closes: https://bugs.gentoo.org/702476
    Closes: https://bugs.gentoo.org/702900
    Closes: https://bugs.gentoo.org/704810
    Package-Manager: Portage-2.3.79, Repoman-2.3.12
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 .../networkmanager/files/1.18.4-iwd1-compat.patch  |  81 +++++
 .../networkmanager/networkmanager-1.18.4-r2.ebuild | 349 +++++++++++++++++++++
 2 files changed, 430 insertions(+)
Comment 9 Felix Neumärker 2020-01-21 17:25:13 UTC
well privacy is one thing good thing,
but it is a bit unfair to "destroy" static ip configuration within a home network, by random macs without a silent hint why suddenly the machines or not accessable anymore?

why not install those file to /etc/NetworkManager/conf.d/01-gentoo-default.conf
that the user aware of this and can override it or handle it via dispatch-conf?

at least an einfo "Mac addresses are random by default" would be helpful