diff options
| author | Thomas Haller <thaller@redhat.com> | 2023-03-08 08:48:03 +0100 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2023-11-17 12:48:37 +0100 |
| commit | ea8dbd7a6d0f29a35f573f12630fbad46f520dc0 (patch) | |
| tree | 686f98717e61c6c89c930081637515dd795adf0e | |
| parent | d210923c0f4b53d2da28a3718ac9283980a1ff61 (diff) | |
contrib/rpm: add "22-wifi-mac-addr.conf" to F40+
Install a configuration snippet on Fedora 40+, that sets the default for
"wifi.cloned-mac-address" to "stable-ssid" (otherwise, the built-in default
is "preserve").
This will mean, that on Wi-Fi profiles that don't explicitly override
the property "wifi.cloned-mac-address", a stable address is generated.
The benefit is, that Fedora will randomize the MAC address by default.
Note that this also affects all pre-existing Wi-Fi profiles, that don't
explicitly configure the property in the profile. Depending on how you
see it, this is desirable. Randomization should be done, unless the user
opts-out (not the other way around).
Note that setting "wifi.cloned-mac-address=stable-ssid" is similar to
setting a stable ID "${NETWORK_SSID}" and "wifi.cloned-mac-address=stable".
The difference is that the latter also affects other properties, like
- "ipv6.addr-gen-mode=stable-privacy"
- "{ethernet,wifi}.cloned-mac-address=stable"
- "ipv4.dhcp-client-id=stable"
- "ipv6.dhcp-duid=stable-{llt,ll,uuid}"
- "{ipv4,ipv6}.iaid=stable"
Especially with "ipv6.addr-gen-mode=stable", changing the stable ID
would mean that also all IPv6 addresses change. We want to avoid that by
only changing the cloned-mac-address to "stable-ssid".
This means, after upgrade to F40, different MAC addresses will be used
on most users' Wi-Fi. This means, DHCP might hand out different IP
addresses, sessions might expire, and configuration that depended on the
previous MAC address will be affected.
https://pagure.io/fedora-workstation/issue/350
| -rw-r--r-- | contrib/fedora/rpm/22-wifi-mac-addr.conf | 31 | ||||
| -rw-r--r-- | contrib/fedora/rpm/NetworkManager.spec | 20 | ||||
| -rwxr-xr-x | contrib/fedora/rpm/build.sh | 2 |
3 files changed, 47 insertions, 6 deletions
diff --git a/contrib/fedora/rpm/22-wifi-mac-addr.conf b/contrib/fedora/rpm/22-wifi-mac-addr.conf new file mode 100644 index 0000000000..2e329c8895 --- /dev/null +++ b/contrib/fedora/rpm/22-wifi-mac-addr.conf @@ -0,0 +1,31 @@ +# This sets defaults for Wi-Fi profiles to set a generated, stable MAC address. +# +# Do not modify this file. You can hide/overwrite this file by placing a file +# to "/etc/NetworkManager/conf.d/22-wifi-mac-addr.conf". You can also add +# configuration snippets with higher priority that override this setting (see +# `man 5 NetworkManager.conf`). Most importantly, this snippet only sets +# default values for the profile. You can explicitly set the value for each +# profile, so that this default value is not used. +# +# For example, on a particular profile/network set +# +# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address permanent +# +# to use the hardware MAC address. This prevents the default from this file +# to take effect. +# +# Or +# +# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address stable connection.stable-id '${NETWORK_SSID}/${BOOT}' +# +# to get a generated MAC address that changes on each boot. Note how setting +# "connection.stable-id" also affects other aspects of the profile. +# +# See `man 5 nm-settings` for "wifi.cloned-mac-address" and "connection.stable-id". + +[connection.22-wifi-mac-addr] +match-device=type:wifi +wifi.cloned-mac-address=stable-ssid + +[.config] +enable=nm-version-min:1.45 diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index db07a30ac7..65e64f3b73 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -209,9 +209,10 @@ Source1: NetworkManager.conf Source2: 00-server.conf Source4: 20-connectivity-fedora.conf Source5: 20-connectivity-redhat.conf -Source6: 70-nm-connectivity.conf -Source7: readme-ifcfg-rh.txt -Source8: readme-ifcfg-rh-migrated.txt +Source6: 22-wifi-mac-addr.conf +Source7: 70-nm-connectivity.conf +Source8: readme-ifcfg-rh.txt +Source9: readme-ifcfg-rh-migrated.txt #Patch1: 0001-some.patch @@ -918,14 +919,18 @@ cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/ %if %{with connectivity_redhat} cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/ mkdir -p %{buildroot}%{_sysctldir} -cp %{SOURCE6} %{buildroot}%{_sysctldir} +cp %{SOURCE7} %{buildroot}%{_sysctldir} +%endif + +%if 0%{?fedora} >= 40 +cp %{SOURCE6} %{buildroot}%{nmlibdir}/conf.d/ %endif %if 0%{?ifcfg_warning} -cp %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts +cp %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts %endif %if 0%{?ifcfg_migrate} -cp %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt +cp %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt %endif cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/ @@ -1072,6 +1077,9 @@ fi %dir %{_sysconfdir}/%{name}/dnsmasq-shared.d %dir %{_sysconfdir}/%{name}/system-connections %config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf +%if 0%{?fedora} >= 40 +%{nmlibdir}/conf.d/22-wifi-mac-addr.conf.conf +%endif %ghost %{_sysconfdir}/%{name}/VPN %{_bindir}/nm-online %{_libexecdir}/nm-dhcp-helper diff --git a/contrib/fedora/rpm/build.sh b/contrib/fedora/rpm/build.sh index 838119ed48..8160b915e6 100755 --- a/contrib/fedora/rpm/build.sh +++ b/contrib/fedora/rpm/build.sh @@ -145,6 +145,7 @@ SOURCE_NETWORKMANAGER_CONF="$(abs_path "$SOURCE_NETWORKMANAGER_CONF" "$SCRIPTDIR SOURCE_CONFIG_SERVER="$(abs_path "$SOURCE_CONFIG_SERVER" "$SCRIPTDIR/00-server.conf")" || die "invalid \$SOURCE_CONFIG_SERVER argument" SOURCE_CONFIG_CONNECTIVITY_FEDORA="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$SCRIPTDIR/20-connectivity-fedora.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_FEDORA argument" SOURCE_CONFIG_CONNECTIVITY_REDHAT="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$SCRIPTDIR/20-connectivity-redhat.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_REDHAT argument" +SOURCE_CONFIG_WIFI_MAC_ADDR="$(abs_path "$SOURCE_CONFIG_WIFI_MAC_ADDR" "$SCRIPTDIR/22-wifi-mac-addr.conf")" || die "invalid \$SOURCE_CONFIG_WIFI_MAC_ADDR argument" SOURCE_SYSCTL_RP_FILTER_REDHAT="$(abs_path "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$SCRIPTDIR/70-nm-connectivity.conf")" || die "invalid \$SOURCE_SYSCTL_RP_FILTER_REDHAT argument" SOURCE_README_IFCFG_FILES="$(abs_path "$SOURCE_README_IFCFG_FILES" "$SCRIPTDIR/readme-ifcfg-rh.txt")" || die "invalid \$SOURCE_README_IFCFG_FILES argument" SOURCE_README_IFCFG_MIGRATED="$(abs_path "$SOURCE_README_IFCFG_MIGRATED" "$SCRIPTDIR/readme-ifcfg-rh-migrated.txt")" || die "invalid \$SOURCE_README_IFCFG_MIGRATED argument" @@ -203,6 +204,7 @@ cp "$SOURCE_NETWORKMANAGER_CONF" "$TEMP/SOURCES/NetworkManager.conf" || die "Cou cp "$SOURCE_CONFIG_SERVER" "$TEMP/SOURCES/00-server.conf" || die "Could not copy source $SOURCE_CONFIG_SERVER to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$TEMP/SOURCES/20-connectivity-fedora.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_FEDORA to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$TEMP/SOURCES/20-connectivity-redhat.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_REDHAT to $TEMP/SOURCES" +cp "$SOURCE_CONFIG_WIFI_MAC_ADDR" "$TEMP/SOURCES/22-wifi-mac-addr.conf" || die "Could not copy source $SOURCE_CONFIG_WIFI_MAC_ADDR to $TEMP/SOURCES" cp "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$TEMP/SOURCES/70-nm-connectivity.conf" || die "Could not copy source $SOURCE_SYSCTL_RP_FILTER_REDHAT to $TEMP/SOURCES" cp "$SOURCE_README_IFCFG_FILES" "$TEMP/SOURCES/readme-ifcfg-rh.txt" || die "Could not copy source $SOURCE_README_IFCFG_FILES to $TEMP/SOURCES" cp "$SOURCE_README_IFCFG_MIGRATED" "$TEMP/SOURCES/readme-ifcfg-rh-migrated.txt" || die "Could not copy source $SOURCE_README_IFCFG_MIGRATED to $TEMP/SOURCES" |