[PATCH] gnu: wpa-supplicant: Patch dbus policy.

  • Done
  • quality assurance status badge
Details
3 participants
  • Andrew Tropin
  • Christopher Baines
  • Sergey Trofimov
Owner
unassigned
Submitted by
Sergey Trofimov
Severity
normal

Debbugs page

Sergey Trofimov wrote 2 years ago
(address . guix-patches@gnu.org)(name . Sergey Trofimov)(address . sarg@sarg.org.ru)
20230129200631.13441-1-sarg@sarg.org.ru
This patch allows users in netdev group to control wpa-supplicant
via D-Bus interface.
---
gnu/packages/admin.scm | 3 +++
.../wpa-supplicant-dbus-group-policy.patch | 23 +++++++++++++++++++
2 files changed, 26 insertions(+)
create mode 100644 gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch

Toggle diff (45 lines)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 5cea17d562..b3383b4d86 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -2221,6 +2221,9 @@ (define-public wpa-supplicant
(name "wpa-supplicant")
(inputs (modify-inputs (package-inputs wpa-supplicant-minimal)
(prepend dbus)))
+ (source (origin
+ (inherit (package-source wpa-supplicant-minimal))
+ (patches (search-patches "wpa-supplicant-dbus-group-policy.patch"))))
(arguments
(substitute-keyword-arguments (package-arguments wpa-supplicant-minimal)
((#:phases phases)
diff --git a/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch b/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch
new file mode 100644
index 0000000000..95c18dac18
--- /dev/null
+++ b/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch
@@ -0,0 +1,23 @@
+Borrowed from debian, allows users in netdev group to control wpa-supplicant
+via D-Bus.
+
+Description: Debian does not use pam_console but uses group membership
+ to control access to D-Bus. Activating both options in the conf file
+ makes it work on Debian and Ubuntu.
+Author: Michael Biebl <biebl@debian.org>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179
+---
+--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
++++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+@@ -14,6 +14,11 @@
+ <allow send_interface="fi.w1.wpa_supplicant1"/>
+ <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+ </policy>
++ <policy group="netdev">
++ <allow send_destination="fi.w1.wpa_supplicant1"/>
++ <allow send_interface="fi.w1.wpa_supplicant1"/>
++ <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
++ </policy>
+ <policy context="default">
+ <deny own="fi.epitest.hostap.WPASupplicant"/>
+ <deny send_destination="fi.epitest.hostap.WPASupplicant"/>
--
2.39.1
Andrew Tropin wrote 2 years ago
(name . Sergey Trofimov)(address . sarg@sarg.org.ru)
874jrphglf.fsf@trop.in
On 2023-01-29 21:06, Sergey Trofimov wrote:

Toggle quote (52 lines)
> This patch allows users in netdev group to control wpa-supplicant
> via D-Bus interface.
> ---
> gnu/packages/admin.scm | 3 +++
> .../wpa-supplicant-dbus-group-policy.patch | 23 +++++++++++++++++++
> 2 files changed, 26 insertions(+)
> create mode 100644 gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch
>
> diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
> index 5cea17d562..b3383b4d86 100644
> --- a/gnu/packages/admin.scm
> +++ b/gnu/packages/admin.scm
> @@ -2221,6 +2221,9 @@ (define-public wpa-supplicant
> (name "wpa-supplicant")
> (inputs (modify-inputs (package-inputs wpa-supplicant-minimal)
> (prepend dbus)))
> + (source (origin
> + (inherit (package-source wpa-supplicant-minimal))
> + (patches (search-patches "wpa-supplicant-dbus-group-policy.patch"))))
> (arguments
> (substitute-keyword-arguments (package-arguments wpa-supplicant-minimal)
> ((#:phases phases)
> diff --git a/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch b/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch
> new file mode 100644
> index 0000000000..95c18dac18
> --- /dev/null
> +++ b/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch
> @@ -0,0 +1,23 @@
> +Borrowed from debian, allows users in netdev group to control wpa-supplicant
> +via D-Bus.
> +
> +Description: Debian does not use pam_console but uses group membership
> + to control access to D-Bus. Activating both options in the conf file
> + makes it work on Debian and Ubuntu.
> +Author: Michael Biebl <biebl@debian.org>
> +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179
> +---
> +--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
> ++++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
> +@@ -14,6 +14,11 @@
> + <allow send_interface="fi.w1.wpa_supplicant1"/>
> + <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
> + </policy>
> ++ <policy group="netdev">
> ++ <allow send_destination="fi.w1.wpa_supplicant1"/>
> ++ <allow send_interface="fi.w1.wpa_supplicant1"/>
> ++ <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
> ++ </policy>
> + <policy context="default">
> + <deny own="fi.epitest.hostap.WPASupplicant"/>
> + <deny send_destination="fi.epitest.hostap.WPASupplicant"/>

Thank you for the patch, applied, reformatted to fit 80 columns, updated
commit message, pushed as 8d8b9a4c0c6273ce1680233ae234294f511e81b6.

--
Best regards,
Andrew Tropin
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmPqMrwACgkQIgjSCVjB
3rBr/A//ZPRkzpVNBJ+fVkzTOQsfHICVfHg0nmMy9adpmI/u2Vb/xHYIg5roCwB5
0Bx4UDxs0So6CnaM9YWk5T1HS7nkjs4TwZc8AOQ3A05+xtVZUc9Spy0zTD8Wwi5K
8uuB1kuMlo5cbrJpAn3qHAPecEyxRFjnp65dHwXizu/Ro7xLvDWlp5v9HghnbYsD
7lrlnQjiVWQoEuHLXkhfkIH8N9W6LnSHv7ka0/l78nLP1xkvjU9TMrKkvAcgfsgz
PtH5RXTQYbgCOhoCm7vCO5GwcaX8584fJiZT51uvEz5lWg2h//j4/4zpNggW9pOf
fJwMAL/ZGe7CRaqfpNuW02tHcbRh2srTFBSmmJO7S9mlIbvuYpedeujLwLzs1jz7
U+dDFOrNekSbZOOFoC1vmnoe1tOq5/4r0RGgpU+No4U4f3obbRo6Q1EbtiM+yTZl
g7tPcyVoPkz6UMV23kpxPlVYCZXZPjEW0oxkG/OIsLI47tE5qDUhEzrEgvZUqCLy
hAMmxtqiS1mwTqrwKM68z/EVEXYqecADCcqXcCv5JM3q1Q++7OZxMXiJ0Hh0Ls32
9/haNrc0BXPnSEJ/q8orzZoHvYtYO+IAi9rjyBKdq0T7f+DSqravNWbtysEK+FDP
1PjQTj36kFWh/vuCyQjrY3Cxi58TD4IV4Z23GAM2lvRT/8MSOTo=
=kVU2
-----END PGP SIGNATURE-----

Christopher Baines wrote 2 years ago
(address . 61154-done@debbugs.gnu.org)
87pm9syfmm.fsf@cbaines.net
Andrew Tropin <andrew@trop.in> writes:

Toggle quote (3 lines)
> Thank you for the patch, applied, reformatted to fit 80 columns, updated
> commit message, pushed as 8d8b9a4c0c6273ce1680233ae234294f511e81b6.

This does look to be merged, so marking as done.
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmP/HWFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XeU0Q//dTjC3bcLSSq6FgWHgTuqY7oUTluik268
4qr3zoWw5qOjjbCPW0RLhrUQ42CW5OMuyGiPEMd3/jdJOiHUfBbyLnUuN8ZTfWhg
zoszxfNjm0XUW8nxJFs0jeVME+lgeLVi52Gasadawiwakc5oPQjRwRX2pWVEcyOL
goii72Oc1V8wP+0F8V8/YKS6PX6TFdJks5yJrnxUw73E8Sg5rLym3S0pUPPrpo5E
8HesJZ5Iy7SLOoCUQc7h4+6ZFKeA3rt83AAI820QqI9mQtB65E8zhveS5N6Z6qRq
x4zBDzcFrmXvXnnNZrgqUQQFsuZxSE1M9UIk1o++mMLx4eP5QKrzSzIrjksznZQB
LM+3f0t2nQnD3N3R4cl6xyrXuXSNwXT7AIXspiN+zNPOqpsy8Le+KV1HkJMBEp/A
Wu75EtjnWG7FDVM2bpBLEUf9a+SNfIQcgFIeebP1metulTP0rV4ZWP42W29fR0o+
raJbQ2VNfDBtUE1nH0yuEChJvBWzrmiPXsI7MVXGlqNw6o6OD1h7LL7YZFCp5oEk
dIid21PEU5cl1gV8n33wrAab6VEFjV5zqcSk7Xy7s16f9yG4RUFBEzldH02cy9uf
x6RMt1gXQSxiYUeksHMlzeCPaWG2UyUr0M81KpPLlmqq/oHk4+cvE4od8hCFJ3pn
CWe6H8b7cjk=
=WqA+
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 61154@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 61154
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help