search

RPi-Distro / raspi-config

Configuration tool for the Raspberry Pi
Other
565 stars 206 forks source link

raspi-config: Change the NetworkManager state file when NetworkManager is enabled but not active #242

Closed m-honda closed 5 months ago

m-honda commented 5 months ago

do_wifi_country() does not execute nmcli when systemd.run=/boot/firstrun.sh in cmdline.txt. In this case, NetworkManager is not active, regardless of whether it is enabled or not. If wifi is blocked by NetworkManager, it cannot be unblocked on boot. Therefore, change the NetworkManager state file for this case.

XECDesign commented 5 months ago

Just so I understand the issue this is addressing a bit better, when would a user actually stumble upon it? Or does this only apply to a third party image with an interesting configuration?

m-honda commented 5 months ago

I created a configured image of Raspberry Pi OS Lite and wrote it using Raspberry Pi Imager with "Configure wireless LAN". However, if a user clicks "Turn Off Wireless LAN" from the Wi-Fi menu on the taskbar in Raspberry Pi OS with desktop and creates an image, the issue will occur by writing it in the same way.

XECDesign commented 5 months ago

Hmm, that seems like it complicates things unnecessarily. The mechanism is there for standard Raspberry Pi OS images, where it works as expected. The mechanism relies on 'rfkill', not NM's "WirelessEnabled". If a user comes along and does something unexpected, there is no way of knowing what their intention was. Maybe the user disabled wifi intentionally and does not want it re-enabled?

I am leaning it towards leaving it as it is because I don't really understand why this would ever come up and because this path would never get tested.

m-honda commented 5 months ago

I understand. I created and distributed a customized image with "WirelessEnabled=false", because it seemed that wifi was not blocked by default in bookworm. I'll look into rfkill.

Thanks,

XECDesign commented 4 months ago

Thanks for understanding.

Also, please be careful when making images using that approach. There are certain things that get generated on first boot that would be bad to distribute. The main concern is SSH host keys, which would make that image vulnerable to MITM attacks. But also, it's things like systemd's machine-id, which should be unique.

m-honda commented 4 months ago

Thank you for the useful advice. I'll be careful about security.