[RFC, (buggy) PATCH] Importing systemwide wireless configuration from wpa_supplicant.conf


This is an idea I had yesterday. It starts from a problem statement:
* Being able to use system-wide wireless keys is beneficial for several 
- able to connect before / without a GUI login
- no need to unlock the GNOME keyring all the time
- and other reasons as outlined at: 
and other places.
* However, at least the Fedora ifcfg infrastructure only supports basic (and 
highly insecure) WEP, no WPA nor 802.1X.

Faced with this, I thought of something: in fact, we already have a 
well-recognized format to specify WPA or 802.1X settings in: 
the /etc/wpa_supplicant/wpa_supplicant.conf config file. That file is 
normally ignored or overridden when wpa_supplicant is started through NM, but 
I can't think of any reason why we can't import its settings into NM and 
reuse them that way. The benefits from this approach:
- it's an existing format, not a new NM-specific format which would have to be 
- well-known format, documented in tutorials all over the Internet
- distro-independent, so we don't have to reinvent the wheel for each distro
- can represent WPA and 802.1X (and WEP and unencrypted WiFi too)
- settings can be tested rapidly without going through NM (just start 
wpa_supplicant directly with the config file)
- NM uses wpa_supplicant internally, so the format maps well to NM's view of 

So, as per the above, I got the idea for a nm-system-settings plugin using 
wpa_supplicant.conf. And in fact, I tried implementing it myself and ended up 
with this (buggy) patch (against the NM revision in current Fedora, revision 
Unfortunately, the patch does not work at all for me: sometimes I get 
the "System myssid" connection, but can't do anything useful with it (in 
particular, can't connect to it, nor does it connect automatically), 
sometimes not even that (i.e. I don't get the connection at all), and 
unfortunately my skills at debugging NM stop there. :-(

I also have this quick&dirty specfile to build the plugin as a separate Fedora 
package for testing:
Unfortunately, the file /etc/NetworkManager/nm-system-settings.conf which 
specifies the plugins to load is not marked %config(noreplace) in the Fedora 
NM package, so editing that file is a bit of a hack (and the package which my 
specfile builds doesn't try to do that automatically, it has to be done by 
hand - alternatively, my patch can be applied to the regular NM package and 
the config file just edited there, but that's not so nice for 

There are also other things in the patch which could use improvement:
- The inotify stuff is adapted from the fedora-ifcfg plugin in a quick&dirty 
way. I'm sure we could simplify it a lot here, as we only have one file to 
monitor, not an entire directory.
- 802.1X support is currently limited to LEAP. It is possible to parse all the 
advanced 802.1X stuff too, just not implemented yet because I think getting 
the rest (unencrypted, WEP, WPA and LEAP) to work first is more important. 
(And to be honest, also because WPA and LEAP are all I personally need at the 
moment. ;-) ) There's a FIXME for this, it's easy to spot because it's a 
function of its own which just returns NULL. ;-)
- In some places, wpa_supplicant.conf supports lists of possible settings, but 
NM only supports one single setting at a time, so I'm throwing the excess ones 
out for lack of a better solution. As far as I can tell, improvements to the 
NM core would be needed to fix this problem. There are FIXME comments next to 
the affected places.

        Kevin Kofler

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]