[pkg-wpa-devel] wpasupplicant from ifupdown?

Reinhard Tartler siretart at tauware.de
Wed Mar 8 12:00:48 UTC 2006 

On Tue, Mar 07, 2006 at 09:13:45PM +0100, Joachim Breitner wrote:
> > > I can see the benefit of having all configuration in /e/n/i. Maybe
> > > wpasupplicant could read /e/n/i as an alternative configuration file
> > > (as, e.g., guessnet already does in a way)?
> > 
> > I don't understand this point. Perhaps it helps you to understand how
> > this works by looking at our (well, Kel wrote it in fact) pre-up script:
> > 
> > http://svn.debian.org/wsvn/pkg-wpa/branches/wpasupplicant-0.5/debian/pre-up?op=file&rev=0&sc=0
> 
> My point is that we have two different things to decide: Whan do we want
> wpasupplicant to run (my ifupdown or on startup, as a daemon), and where
> do we want to save the config (in /e/n/i or in wpasupplicant.conf).
> Although not strictly necessary, these two choices could be made
> indepenantly. What I propose as an nice-to-have thing, is a mode 3a,
> which is technically like mode 3, but wpasupplicant is getting the
> configuration from /e/n/i, and does not need per-network-config in
> wpasupplicant.conf any more. These configuration entries should then be
> ignored by ifupdown.
> 
> I hope that was at least a bit clearer. 

Ok, I think I begin to understand. I think you want an non roaming
mode3 for easy setups. Can you try to draw an use case for this mode 3a?

It seems to me that you want to be able have some scanning daemon in the
background, triggering ifplugd causing dhclient to search for an ip. I
hope that I understood you correctly. This would indeed warrant an
mode4. The initscript would have need to parse /e/n/i, which I'd like to
avoid. Perhaps we could run this from /etc/network/if-preup.d, and just
don't kill it on shutdown?

Ah no, this propably won't work for you, because you want to ifup the
interface only if there has been an association, which won't happen
unless the interface is in fact up. Hm, I see.

In the end, we won't get away without parsing /e/n/i in the init script.
This isn't really trivial, if you have a system with more than one
(wireless) device, which should be handled via wpasupplicant.

> > > But please consider that when credentials appear in /e/n/i, it must be
> > > root-read-only, which is not really nice to regular users - it's handy
> > > to have a look at the network configuration.
> > 
> > This is http://bugs.debian.org/295581. I agree with Guus in this point.
> 
> Not sure this is exactly the same. Guus basically says that he won't add
> functionality that is not in upstream. Arguable, but ok for now. But the
> ifupdown script are created by us, right? So it _is_ up to us to make
> them work as sensible as possible. 

Wouldn't something like this work:

iface wifi0 inet dhcp
	wpa-conf managed
	wpa-driver `cat /etc/wpasupplicant/driver`
	wpa-psk	`cat /etc/wpasupplicant/psk.key`

Otherwise we could perhaps invent this statement:

iface wifi0 inet dhcp
	wpa-conf managed
	wpa-driver-file /etc/wpasupplicant/driver
	wpa-psk-file /etc/wpasupplicant/psk.key

> My suggestion is that some stancas like wpa-psk can take a filename as a
> parameter. This file would then contain the key, and be root-read-only.

Or user read only. the script runs as root, and root can read user
files. So you won't need to be root to change your psk.

Gruesse,
	Reinhard

More information about the Pkg-wpa-devel mailing list