[pkg-wpa-devel] wpasupplicant from ifupdown?

Joachim Breitner nomeata at debian.org
Tue Mar 7 20:13:45 UTC 2006


Hi,

Am Dienstag, den 07.03.2006, 17:10 +0100 schrieb Reinhard Tartler:
> I have started to write some documentation about the planned modes of
> operation of wpasupplicant. I assume that you would use mode 3 as
> outlined here:
> 
> http://svn.debian.org/wsvn/pkg-wpa/branches/wpasupplicant-0.5/debian/README.modes?op=file&rev=0&sc=0
> 
> Please comment on them if this helps you.

Yes, mode 3 is pretty much what I need. Thanks for considering!

> > I can see the benefit of having all configuration in /e/n/i. Maybe
> > wpasupplicant could read /e/n/i as an alternative configuration file
> > (as, e.g., guessnet already does in a way)?
> 
> I don't understand this point. Perhaps it helps you to understand how
> this works by looking at our (well, Kel wrote it in fact) pre-up script:
> 
> http://svn.debian.org/wsvn/pkg-wpa/branches/wpasupplicant-0.5/debian/pre-up?op=file&rev=0&sc=0

My point is that we have two different things to decide: Whan do we want
wpasupplicant to run (my ifupdown or on startup, as a daemon), and where
do we want to save the config (in /e/n/i or in wpasupplicant.conf).
Although not strictly necessary, these two choices could be made
indepenantly. What I propose as an nice-to-have thing, is a mode 3a,
which is technically like mode 3, but wpasupplicant is getting the
configuration from /e/n/i, and does not need per-network-config in
wpasupplicant.conf any more. These configuration entries should then be
ignored by ifupdown.

I hope that was at least a bit clearer. 

> > But please consider that when credentials appear in /e/n/i, it must be
> > root-read-only, which is not really nice to regular users - it's handy
> > to have a look at the network configuration.
> 
> This is http://bugs.debian.org/295581. I agree with Guus in this point.

Not sure this is exactly the same. Guus basically says that he won't add
functionality that is not in upstream. Arguable, but ok for now. But the
ifupdown script are created by us, right? So it _is_ up to us to make
them work as sensible as possible. 

My suggestion is that some stancas like wpa-psk can take a filename as a
parameter. This file would then contain the key, and be root-read-only.

Thanks!

Joachim
-- 
Joachim "nomeata" Breitner
Debian Developer
  nomeata at debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: joachimbreitner at amessage.de | http://people.debian.org/~nomeata




More information about the Pkg-wpa-devel mailing list