| View previous topic :: View next topic |
| Author |
Message |
equaeghe
l33t
Joined: 22 Feb 2005
Posts: 644
|
 Posted: Sun Sep 06, 2015 8:59 pm Post subject: [solved] networkmanager unclear ebuild msg re: psk-flags=1 |
 |
|
I updated my system today and in a triggered rebuild of networkmanager, I got
| Code: | * Messages for package net-misc/networkmanager-1.0.2-r1:
* You have psk-flags=1 setting in above files, you will need to
* either reconfigure affected networks or, at least, set the flag
* value to '0'. |
Given that there are no ‘above files’ mentioned, I have no clear idea what I should do. Can anybody give me a pointer?
Last edited by equaeghe on Mon Sep 14, 2015 10:42 am; edited 1 time in total |
|
| Back to top |
|
 |
Fitzcarraldo
Advocate
Joined: 30 Aug 2008
Posts: 2049
Location: United Kingdom
|
| Posted: Mon Sep 14, 2015 12:06 am Post subject: |
|
|
It is referring to the files in the directory /etc/NetworkManager/system-connections/
Excerpts from man nm-settings:
| Code: | | Table 26. 802-11-wireless-security setting |
| Code: | ├────────────────────┼───────────────────────┼──────────────────────────┼─────────────────────────────┤
│psk-flags │ NMSettingSecretFlags │ │ Flags indicating how to │
│ │ (uint32) │ │ handle the "psk" property. │
│ │ │ │ (see the section called │
│ │ │ │ “Secret flag types:” for │
│ │ │ │ flag values) │
├────────────────────┼───────────────────────┼──────────────────────────┼─────────────────────────────┤ |
| Code: | Secret flag types:
Each secret property in a setting has an associated flags property that describes how to handle that secret. The flags property is
a bitfield that contains zero or more of the following values logically OR-ed together.
· 0x0 (none) - the system is responsible for providing and storing this secret.
· 0x1 (agent-owned) - a user-session secret agent is responsible for providing and storing this secret; when it is required,
agents will be asked to provide it.
· 0x2 (not-saved) - this secret should not be saved but should be requested from the user each time it is required. This flag
should be used for One-Time-Pad secrets, PIN codes from hardware tokens, or if the user simply does not want to save the
secret.
· 0x4 (not-required) - in some situations it cannot be automatically determined that a secret is required or not. This flag
hints that the secret is not required and should not be requested from the user. |
Excerpt from the blog post http://lauri.võsandi.com/cfgmgmt/network-manager-system-connections.html
| Lauri Võsandi wrote: | | There is also psk-flags=1 which means that NetworkManager won't store the secret (WPA2 pre-shared key) for this wireless network. Instead that task is delegated to the nm-applet which in turn uses GNOME keyring daemon to fetch the secrets from user's wallet. This way the secrets are stored in the user's home directory in an encrypted fashion assuming the uses sets the passphrase for his wallet properly. To store the secret in the NetworkManager configuration you need to add psk=secret to the configuration AND remove the psk-flags=1 line. |
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog |
|
| Back to top |
|
|
equaeghe
l33t
Joined: 22 Feb 2005
Posts: 644
|
| Posted: Mon Sep 14, 2015 8:30 am Post subject: |
|
|
| Fitzcarraldo wrote: | Excerpt from the blog post http://lauri.võsandi.com/cfgmgmt/network-manager-system-connections.html
| Lauri Võsandi wrote: | | There is also psk-flags=1 which means that NetworkManager won't store the secret (WPA2 pre-shared key) for this wireless network. Instead that task is delegated to the nm-applet which in turn uses GNOME keyring daemon to fetch the secrets from user's wallet. This way the secrets are stored in the user's home directory in an encrypted fashion assuming the uses sets the passphrase for his wallet properly. To store the secret in the NetworkManager configuration you need to add psk=secret to the configuration AND remove the psk-flags=1 line. |
|
But I want the functionality provided by psk=1. So why does the ebuild message instruct me to reconfigure the connection? |
|
| Back to top |
|
|
Fitzcarraldo
Advocate
Joined: 30 Aug 2008
Posts: 2049
Location: United Kingdom
|
| Posted: Mon Sep 14, 2015 10:11 am Post subject: |
|
|
Well, according to the ebuild contents:
| Code: | # NM shows lots of errors making nmcli neither unusable, bug #528748 upstream bug #690457
if grep -r "psk-flags=1" "${EROOT}"/etc/NetworkManager/; then
ewarn "You have psk-flags=1 setting in above files, you will need to"
ewarn "either reconfigure affected networks or, at least, set the flag"
ewarn "value to '0'."
fi |
If you look at the Gentoo bug report referred to in the ebuild, and the GNOME bug report (especially Comments 8, 9 and 10) referred to in the ebuild, 'psk-flags=1' should be replaced by 'psk=<password>' so that the 'nmcli' command works properly. That's all I know.
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog |
|
| Back to top |
|
|
equaeghe
l33t
Joined: 22 Feb 2005
Posts: 644
|
| Posted: Mon Sep 14, 2015 10:40 am Post subject: |
|
|
| Thanks, Fitzcarraldo. I've added some info to Bug 528748 that may be useful. |
|
| Back to top |
|
|
Fitzcarraldo
Advocate
Joined: 30 Aug 2008
Posts: 2049
Location: United Kingdom
|
| Posted: Mon Sep 14, 2015 11:19 am Post subject: |
|
|
If you don't like the password to be stored in plain text in the files in /etc/NetworkManager/system-connections/ (and I don't blame you), the Arch Linux Wiki article for NetworkManager has the following:
https://wiki.archlinux.org/index.php/NetworkManager#Encrypted_Wi-Fi_passwords
| Quote: | Encrypted Wi-Fi passwords
By default, NetworkManager stores passwords in clear text in the connection files at /etc/NetworkManager/system-connections/. To print the stored passwords, use the following command:
| Code: | | # grep -H '^psk=' /etc/NetworkManager/system-connections/* |
The passwords are accessible to the root user in the filesystem and to users with access to settings via the GUI (e.g. nm-applet).
If it is preferable to save the passwords in encrypted form instead of clear text, this can be achieved by storing them in a keyring which NetworkManager then queries for the passwords. A suggested keyring daemon is GNOME Keyring or (for KDE specifically) KDE Wallet. The keyring daemon has to be started and the keyring needs to be unlocked for the following to work.
Furthermore, NetworkManager needs to be configured not to store the password for all users. Using GNOME nm-applet, run nm-connection-editor from a terminal, select a network connection, click Edit, select the Wifi-Security tab and click on the right icon of password and check Store the password for this user. Using KDE's kdeplasma-applets-plasma-nm, click the applet, click on the top right Settings icon, double click on a network connection, in the General settings tab, untick all users may connect to this network. If the option is ticked, the passwords will still be stored in clear text, even if a keyring daemon is running.
If the option was selected previously and you un-tick it, you may have to use the reset option first to make the password disappear from the file. Alternatively, delete the connection first and set it up again.
The downside of using the keyring is that the connections have to be set up for each user. |
In my case I had configured my laptop's various Wi-Fi connections in KDE using the plasma-nm widget, and I did have 'psk-flags=1' without 'psk=<password>' in most of my Wi-Fi system-connections files but found 'psk=<password>' and no 'psk-flags=' in a connection I created recently. I don't have 'All users may connect to this network' ticked for any of them (but that's because I unticked it for each connection, if I recall correctly). Anyway, I don't normally use nmcli and I wonder whether it actually works properly these days with 'psk-flags=1' in the Wi-Fi system-connections files (the Gentoo and GNOME bug reports were issued regarding 0.9.x versions of NetworkManager). In other words, I wonder whether the warning about 'psk-flags=1' when one installs/upgrades NetworkManager is actually no longer valid.
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog |
|
| Back to top |
|
|
equaeghe
l33t
Joined: 22 Feb 2005
Posts: 644
|
|
| Back to top |
|
|
Fitzcarraldo
Advocate
Joined: 30 Aug 2008
Posts: 2049
Location: United Kingdom
|
| Posted: Mon Sep 14, 2015 1:17 pm Post subject: |
|
|
No, you're not wrong.
That's what I'm saying: I wonder if the bug [with the nmcli part of the networkmanager package] has been fixed since networkmanager-0.9.x and if, actually, that warning message about 'psk-flags=1' displayed by the later ebuilds is no longer valid.
man nmcli shows that nmcli has a lot of functionality. I don't normally use nmcli, but if I try a few of the nmcli commands I don't see any problems with its output even if I have 'psk-flags=1' in the Wi-Fi system-connections files. Hence my speculation that the ebuild ewarn message is no longer valid. I would be tempted to file a bug report against the networkmanager-1.0.2-r1 ebuild and later versions (I'm using 1.0.6 now) to tell the Gentoo developers to remove the 'psk-flags=1' ewarn message from the ebuild. However, as I do not use the nmcli command, I don't know if all the problems with it in 0.9.x have been resolved in the later releases. I will therefore leave it to a nmcli user to file such a bug report.
Anyway, the bottom line as far as I'm concerned is that I will leave the 'psk-flags=1' line in my Wi-Fi system-connections files, continue to use the KDE Wallet to store the passwords, and ignore the ewarn message about 'psk-flags=1' displayed by the networkmanager-1.0.2-r1 and networkmanager-1.0.6 ebuilds (I have not tried using networkmanager-1.0.4-r1).
| Code: | $ eix -I networkmanager
[I] net-misc/networkmanager
Available versions: 1.0.2-r1 ~1.0.4-r1 1.0.6 {bluetooth connection-sharing consolekit +dhclient dhcpcd gnutls +introspection +modemmanager ncurses +nss +ppp resolvconf selinux systemd teamd test vala +wext +wifi zeroconf ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" ABI_X86="32 64 x32" KERNEL="linux"}
Installed versions: 1.0.6(02:47:13 14/09/15)(bluetooth consolekit dhclient introspection modemmanager ncurses nss ppp wext wifi zeroconf -connection-sharing -dhcpcd -gnutls -resolvconf -selinux -systemd -teamd -test -vala ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32" KERNEL="linux")
Homepage: https://wiki.gnome.org/Projects/NetworkManager
Description: Universal network configuration daemon for laptops, desktops, servers and virtualization hosts |
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Portage & Programming
