Closed jotaen4tinypilot closed 1 hour ago
Thanks, @jotaen4tinypilot! I've read through this change and the linked issues. The general approach seems reasonable, with just a few potential concerns I've outlined below.
Using wpa_supplicant.conf
likely won't work with Bookworm as it uses NetworkManager instead, and that directly controls an isolated instance of the wpa_supplicant
daemon. However, some of our other features also won't be compatible with Bookworm, so this may be something that we've already implicitly accepted.
Having a single TinyPilot-managed connection makes things simple for us, but it is very limiting and somewhat unusual. It's plausible users availing themselves of the Wi-Fi feature would expect to be able to move their TinyPilot devices around and have them work with multiple remembered networks.
This implementation will only work with WPA networks using pre-shared keys. It will not work with open networks, WEP-protected networks, or networks with enterprise-grade security.
WEP is broken and best avoided, so omitting support for it is arguably for the best. Enterprise-grade security feels like something we could add in a future iteration. However, we should mention these limitations in the interface and script documentation.
We should consider supporting open networks despite their obvious security risks. Most requests for Wi-Fi support that we've received have come from users trying to connect to Wi-Fi in places like hotels, which often use open networks. Omitting support for open networks would rule out this use case.
Using rfkill
to toggle Wi-Fi should be fine, but I remember some complications related to using the wpa_cli -i wlan0 reconfigure
command. I can't check the specifics right now, as I'm away from my devices, but I believe the issue is that dhcpcd
hooks into wpa_supplicant
directly, and that can cause unexpected behavior when using the wpa_cli
command.
I can see that this approach worked during your tests, but it's something to be aware of and might warrant further investigation. That said, the Bullseye version of raspi-config
uses the same command, so it's most likely okay!
We use raspi-config
in many of our tutorials, but I don't think we call it programmatically anywhere, so that could be an interesting discussion. In this case, using it would abstract away the lower-level logic and make the process compatible with both Bullseye and Bookworm, but it would also remove some of the control we might want. Given our goals, I suggest avoiding relying on a third-party script.
@cghague thanks for your thorough reply, that’s very helpful!
Bookworm Compatibility
We can’t trivially use NetworkManager on Bullseye, though, correct? I’d otherwise think that the footprint of us using wpa_supplicant.conf
directly (as proposed here) doesn’t seem overly extensive to me. But we’d still have to migrate once we want to start supporting Bookworm.
Multiple Network Support
I actually haven’t considered this aspect yet, and I think this is a fair point. I think it’s also a bit of a product-related question whether we want to support configuring multiple WiFi connections right from the start, or whether it would be okay for us to push this down the road and only offer the ability to configure a single WiFi connection in the beginning. @shalver-tp thoughts?
From a technical perspective, if we’d push multi-WiFi down the road, I think we shouldn’t lose much of the initial work (as in: we probably can keep many parts of the single-WiFi implementation, so we wouldn’t have to throw away and redo everything). I’d estimate that most complexity would be in the frontend, because we’d have to add UI so that users can review and manage a list of WiFi connections, as opposed to a single one. We probably need an additional dialog “screen” (state) for that, similar to how we do it for managing multiple users in the “Security” dialog.
Network Security
Ah, good point – I think it’s probably easiest then if we make the password optional.
Multiple Network Support
I actually haven’t considered this aspect yet, and I think this is a fair point. I think it’s also a bit of a product-related question whether we want to support configuring multiple WiFi connections right from the start, or whether it would be okay for us to push this down the road and only offer the ability to configure a single WiFi connection in the beginning. @shalver-tp thoughts?
@shalver-tp just a gentle nudge about the above topic (just in case you e.g. happened to miss this): I thought it would be best to consider and decide on this question before continuing to invest more work into the current (single-network) approach, especially before starting to work on the UI bit.
@jotaen4tinypilot Sorry, I missed this one when I was out last week; I apologize.
I think it would be nice to be able to "save" multiple wi-fi networks, but I think this is still a functional enhancement if we limit to one network at a time. In the end, this decision to only support single wifi puts a bit more burden on the user to change/update the wi-fi credentials when they change environments, but still brings enhanced network functionality.
Omit multiple wi-fi networks for now.
The other discussion on network security, et al all looks good to me. Thanks!
Awesome, thanks for the feedback. I agree that storing multiple connections would be useful in certain scenarios, but I think we already add value if we ship single-WiFi in the first iteration.
I’ve created a separate issue for tracking the multi-WiFi idea.
⏳ @jdeanwallace please review this Pull Request
Related https://github.com/tiny-pilot/tinypilot/issues/131, parts (a) and (b).
This PR adds two scripts for enabling and disabling the WiFi network interface on the device, so that you can also access TinyPilot through a wireless network connection.
I already discussed the basic approach last week with Charles (see comment and discussion below), because of his familiarity with networking/WiFi. Since then, I did more testing in various scenarios, and also already opened two subsequent draft PRs for the backend and frontend. They are WIP still, but they may give a rough impression of how the WiFi feature will look in its entirety. Overall, it seems to be looking good, so I thought it might make sense to already start the review process.
A few notes on the implementation:
wpa_supplicants.conf
file directly to configure the WiFi connection, and we use the marker-section mechanism to manage the TinyPilot-specific part of the configuration. Depending on whether the WiFi network is password-protected or not, we either use thewpa_passphrase
command, or we generate the config section manually.--country
input value in theenable-wifi
script: I’d plan to do validation in the backend later on, and the network service seems to behave graceful against invalid country codes. For the--psk
flag, we have to do a basic length validation, because otherwise thewpa_passphrase
command would fail.ifconfig
command to check whether thewlan
network interface is up and active. (I.e., whetherifconfig
outputs awlan
block, and whether that has ainet
/inet6
address assigned to it.)Original draft PR comment (2024-06-13)
This PR is a draft for now, because I wanted to evaluate the technical approach of the underlying WiFi-related logic first, before investing time into the implementation of the application logic (i.e., the Python part and the UI).
I saw that you @cghague have been involved into our WiFi FAQ document, so I was hoping that you are maybe familiar with the technical domain. Could you look over the privileged scripts of this PR and give me some initial, high-level feedback about whether the proposed approach seems sensible to you? At this point, I’d mainly like to avoid going into a wrong direction, or to miss any potential caveats or other issues I may have forgotten to consider.
A few notes on the implementation:
enable-wifi
script obviously would have to parse CLI arguments to parametrize the SSID, PSK, and country code. Thedisable-wifi
script wouldn’t take any arguments.rfkill unblock wifi
andwpa_cli -i wlan0 reconfigure
, it seems to be possible to effectuate the changes and activate WiFi without having to reboot the device. This would make things easier for us in the UI, but it would also be more convenient and snappier for the end-user.raspi-config
tool in the scripts, because that seems to be too limited. For example, we don’t want to just keep adding new WiFi configs to thewpa_supplicant.conf
file, but we basically want to maintain one “TinyPilot-owned” custom WiFi config, which we then also can delete or modify in a targeted way. For this, it seemed more sensible to me to write into thewpa_supplicant.conf
file directly, using the marker-section technique that we already employ elsewhere. The downside is that this requires more low-levelled logic on our side.If you’d generally agree with the proposed approach and underlying reasoning, I’d proceed to wrap up this PR and to build the surrounding application logic.![Review on CodeApprove](https://codeapprove.com/external/github-tag-allbg.png)