/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use /etc/NetworkManager/conf.d snippet instead of /etc/NetworkManager/NetworkManager.conf to avoid dpkg interactive conflict resolution dialog questions #1176

Open
adrelanos opened this Issue Sep 7, 2015 · 9 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.1
3 participants
@adrelanos @marmarek @andrewdavidwong
@adrelanos
Member

adrelanos commented Sep 7, 2015

Writing to /etc/NetworkManager/NetworkManager.conf directly is problematic:

  • causing a Qubes-Whonix build interactive question [could and probably has to be worked around in meanwhile],
  • as well causing dpkg interactive conflict resolution dialog questions

Related code, qubes-core-agent-linux/debian/qubes-core-agent.postinst:

Did you already try if dropping a snippet into /etc/NetworkManager/conf.d would do?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 7, 2015

Member

Not recently, some time ago (Fedora 18? earlier?) adding plugins from
there didn't worked.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Sep 7, 2015

Not recently, some time ago (Fedora 18? earlier?) adding plugins from
there didn't worked.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Sep 8, 2015

Member

How do I test if the keyfile plugin is functional? I cleared /etc/NetworkManager/system-connections/*, but the file in that folder is never regenerated for me even without config files changes.
Member

adrelanos commented Sep 8, 2015

How do I test if the keyfile plugin is functional? I cleared /etc/NetworkManager/system-connections/*, but the file in that folder is never regenerated for me even without config files changes.
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Sep 8, 2015

Member 
sudo journalctl -b | grep NetworkManager | grep plugin

Sep 07 17:44:16 sys-net NetworkManager[536]: Loaded plugin keyfile: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
Member

adrelanos commented Sep 8, 2015 

sudo journalctl -b | grep NetworkManager | grep plugin

Sep 07 17:44:16 sys-net NetworkManager[536]: Loaded plugin keyfile: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 8, 2015

Member

On Tue, Sep 08, 2015 at 05:53:01AM -0700, Patrick Schleizer wrote:

How do I test if the keyfile plugin is functional? I cleared /etc/NetworkManager/system-connections/*, but the file in that folder is never regenerated for me even without config files changes.

It should be generated (and used) if you enable network-manager service
(using qvm-service). It is generated in VMs with uplink in other VMs
(ProxyVM, AppVM).

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Sep 8, 2015

On Tue, Sep 08, 2015 at 05:53:01AM -0700, Patrick Schleizer wrote:

How do I test if the keyfile plugin is functional? I cleared /etc/NetworkManager/system-connections/*, but the file in that folder is never regenerated for me even without config files changes.

It should be generated (and used) if you enable network-manager service
(using qvm-service). It is generated in VMs with uplink in other VMs
(ProxyVM, AppVM).

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Sep 8, 2015

Member

For testing purposes, I have

  • copied the original /etc/NetworkManager/NetworkManager.conf to /etc/NetworkManager/conf.d/30-qubes.conf
  • cleared contents of /etc/NetworkManager/NetworkManager.conf (to ##) for testing purposes.

Toggling

[main]
plugins=keyfile

vs

#[main]
#plugins=keyfile

does influence whether the keyfile pluing gets load as per log or not.
Member

adrelanos commented Sep 8, 2015

For testing purposes, I have

  • copied the original /etc/NetworkManager/NetworkManager.conf to /etc/NetworkManager/conf.d/30-qubes.conf
  • cleared contents of /etc/NetworkManager/NetworkManager.conf (to ##) for testing purposes.

Toggling

[main]
plugins=keyfile

vs

#[main]
#plugins=keyfile

does influence whether the keyfile pluing gets load as per log or not.
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Sep 8, 2015

Member

A suggestion on how the implementation can be improved and this ticket can be fixed.

/etc/NetworkManager/NetworkManager.conf:

  • Don't touch, modifications by users only.

/etc/NetworkManager/conf.d/30-qubes-static.conf:

  • Managed by the package management.
  • Might in future receive changes if ever needed.
  • Contents:
## Please use "/etc/NetworkManager/conf.d/50-user.conf"
## for your custom configurations.
## When Qubes is updated, this file may be overwritten.

[main]
plugins=keyfile

/etc/NetworkManager/conf.d/31-qubes-autogenerated.conf:

  • Not managed by the package management.
    • Therefore unlikely to cause interactive questions during upgrade by the package manager.
  • Contents:
## Please use "/etc/NetworkManager/conf.d/50-user.conf"
## for your custom configurations.
## This file is auto generated by Qubes. Modifications may
## be overwritten.

[keyfile]
unmanaged-devices=mac:fe:ff:ff:ff:ff:ff

Alternatively there could also be just one auto generated file that contains it all, that is not managed by the package manager.

What do you think?
Member

adrelanos commented Sep 8, 2015

A suggestion on how the implementation can be improved and this ticket can be fixed.

/etc/NetworkManager/NetworkManager.conf:

  • Don't touch, modifications by users only.

/etc/NetworkManager/conf.d/30-qubes-static.conf:

  • Managed by the package management.
  • Might in future receive changes if ever needed.
  • Contents:
## Please use "/etc/NetworkManager/conf.d/50-user.conf"
## for your custom configurations.
## When Qubes is updated, this file may be overwritten.

[main]
plugins=keyfile

/etc/NetworkManager/conf.d/31-qubes-autogenerated.conf:

  • Not managed by the package management.
    • Therefore unlikely to cause interactive questions during upgrade by the package manager.
  • Contents:
## Please use "/etc/NetworkManager/conf.d/50-user.conf"
## for your custom configurations.
## This file is auto generated by Qubes. Modifications may
## be overwritten.

[keyfile]
unmanaged-devices=mac:fe:ff:ff:ff:ff:ff

Alternatively there could also be just one auto generated file that contains it all, that is not managed by the package manager.

What do you think?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 8, 2015

Member

Two files approach seems better. I wonder would happen if
unmanaged-devices would be specified in both NetworkManager.conf and
/etc/NetworkManager/conf.d/31-qubes-autogenerated.conf.

BTW it whould be plugins+=keyfile. I wonder if NetworkManager on
Debian is new enough to support this syntax...

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Sep 8, 2015

Two files approach seems better. I wonder would happen if
unmanaged-devices would be specified in both NetworkManager.conf and
/etc/NetworkManager/conf.d/31-qubes-autogenerated.conf.

BTW it whould be plugins+=keyfile. I wonder if NetworkManager on
Debian is new enough to support this syntax...

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

adrelanos added a commit to adrelanos/Whonix that referenced this issue Sep 9, 2015

@adrelanos
Avoid dpkg interactive conflict resultion dialog while building. Keep… 
… already existing /etc/NetworkManager/NetworkManager.conf by qubes-core-agent-linux.

workaround for Qubes issue: 'use /etc/NetworkManager/conf.d snippet instead of /etc/NetworkManager/NetworkManager.conf to avoid dpkg interactive conflict resolution dialog questions'
QubesOS/qubes-issues#1176
Verified
This commit was signed with a verified signature.
@adrelanos adrelanos Patrick Schleizer
GPG key ID: CB8D50BB77BB3C48 Learn about signing commits
20ed305
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 6, 2015

Member

Since we generate proper NM configuration for eth0 in VMs ('qubes-uplink-eth0'
connection), that generated part is no longer needed. Which simplifies things here :)
Member

marmarek commented Oct 6, 2015

Since we generate proper NM configuration for eth0 in VMs ('qubes-uplink-eth0'
connection), that generated part is no longer needed. Which simplifies things here :)

@marmarek marmarek closed this in marmarek/old-qubes-core-agent-linux@6c48313 Oct 6, 2015

@marmarek marmarek added enhancement C: core C: templates P: minor labels Oct 11, 2015

@marmarek marmarek added this to the Release 3.1 milestone Oct 11, 2015

@marmarek marmarek reopened this Nov 28, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 28, 2015

Member

Unfortunately it doesn't work. It looks like unmanaged devices list setting is ignored in /etc/NetworkManager/conf.d, but exactly the same line in main config file works. Needs further investigation. But for now I'm reverting the change.
Member

marmarek commented Nov 28, 2015

Unfortunately it doesn't work. It looks like unmanaged devices list setting is ignored in /etc/NetworkManager/conf.d, but exactly the same line in main config file works. Needs further investigation. But for now I'm reverting the change.

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Nov 28, 2015

@marmarek
Revert "network: use drop-ins for NetworkManager configuration (#1176)" 
Apparently unmanaged devices are loaded only from main
NetworkManager.conf. Exactly the same line pasted (not typed!) to main
NetworkManager.conf works, but in
/etc/NetworkManager/conf.d/30-qubes.conf it doesn't.
BTW There was a typo in option name ("unmanaged_devices" instead of
"unmanaged-devices", but it wasn't the cause).

This reverts commit 6c48313.

QubesOS/qubes-issues#1176
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
a11897a

@marmarek marmarek modified the milestones: Release 3.2, Release 3.1 Feb 8, 2016

@adrelanos adrelanos referenced this issue Feb 24, 2016

Closed

change default proxy-vm: sys-whonix -> system-tor #1777

@marmarek marmarek modified the milestones: Release 3.2, Release 4.0 Aug 5, 2016

@andrewdavidwong andrewdavidwong modified the milestones: Release 4.0, Release 4.1 Mar 31, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment