[Bug] 802.11x broken wpa_supplicant is missing.

[ghost]

Hello

802.11X is a username password authentication mechanism commonly used on WPA entreprise BUT many forget that wired connection can have this settings enabled in too.

It's my case (my switch require this log to allow wired device to connect (and prevent someone to simply plug his computer to my network)).

The problem is that since it's the same mechanism as WPA it use wpa_supplicant package I thing unbreack 802.11X for wired connection is in the scope of this project

to fix it you need to add wpa_supplicant in image.

I've opened this here since in found this in secure blue, here the issue from there who redirect me here : https://github.com/secureblue/secureblue/issues/267

[bsherman]

I appreciate the report, but what image and version are you running?

wpa_supplicant should be installed since merging #140 on April 9, 2024.

Here's some example from a test system showing it's present:

root@orcrist:~# rpm-ostree status -b
State: idle
AutomaticUpdates: stage; rpm-ostreed-automatic.timer: inactive
BootedDeployment:
● ostree-image-signed:docker://ghcr.io/ublue-os/ucore-hci:stable-zfs
                   Digest: sha256:1f1ec422401a9b2645863f7d4c924d6e0d320a46728b6d372a47cadebbcc0ae6
                  Version: 39.20240407.3.0 (2024-04-26T20:16:39Z)
root@orcrist:~# rpm -q wpa_supplicant
wpa_supplicant-2.10-9.fc39.x86_64
root@orcrist:~# which wpa_supplicant
/usr/sbin/wpa_supplicant

[ghost]

I use ucore-minimal:stable, and also secure blue that is plugged on it suffer the same problem (and they do not remove it (I checked their config)).

[ghost]

secure blue do not remove it and there is the answer (I don't have (again) rebase I miss time to do it today but the problem is the same on minimal, I guess it was not included on minimal since many people forget that wpa_supplicant is not used only with wifi but also 802.11x

birdinfire@localhost:~$ sudo rpm-ostree status -q [sudo] password for birdinfire: State: idle AutomaticUpdates: apply; rpm-ostreed-automatic.timer: no runs since boot Deployments:

• ostree-image-signed:docker://ghcr.io/secureblue/server-main-userns-hardened:latest Digest: sha256:2266b162f42e24e784d6c16d018ec255177dd8bb3c48a9b82b2db81cc3a5fa1e Version: 39.20240407.3.0 (2024-04-28T18:38:28Z)

  ostree-image-signed:docker://ghcr.io/secureblue/server-main-userns-hardened:latest Digest: sha256:2266b162f42e24e784d6c16d018ec255177dd8bb3c48a9b82b2db81cc3a5fa1e Version: 39.20240407.3.0 (2024-04-28T18:38:28Z) LayeredPackages: wpa_supplicant

birdinfire@localhost:~$ rpm -q wpa_supplicant package wpa_supplicant is not installed

Once I go on the same image with supplicant layered it work

[ghost]

@bsherman I checked the merge and it's integrated in the ucore and not the ucore minimal in this file : https://github.com/ublue-os/ucore/blob/main/ucore/packages.json with : NetworkManager-wifi into ucore, ucore minimal don't have wpa_supplicant leading to a breakage of 802.11x in minimal

Edit : I would recommend to only add wpa_supplicant into ucore-minimal to unbreak 802.11X without actually installing all the wifi stack in minimum

[bsherman]

@BirdInFire first, I want to clarify. I don't see this as a bug, it's a package request.

A bug would exist if a feature (either in Fedora CoreOS or a feature exclusively developed for uCore) does not work as expected.

This is not a bug. This is a package which was intentionally not included in Fedora CoreOS or the ucore-minimal image.

As you noted, the package is in ucore and ucore-hci.

So there's a couple workarounds here:

1. as you are using a custom image, the custom image can add wpa_supplicant
2. upgrade to ucore
3. continue layering.

Regarding the package request. I'll consider it, but please retitle the issue as a package request.

[ghost]

@BirdInFire first, I want to clarify. I don't see this as a bug, it's a package request.

A bug would exist if a feature (either in Fedora CoreOS or a feature exclusively developed for uCore) does not work as expected.

This is not a bug. This is a package which was intentionally not included in Fedora CoreOS or the ucore-minimal image.

As you noted, the package is in ucore and ucore-hci.

So there's a couple workarounds here:

1. as you are using a custom image, the custom image can add wpa_supplicant
2. upgrade to ucore
3. continue layering.

Regarding the package request. I'll consider it, but please retitle the issue as a package request.

ok I thinked it was a package forget (since as I said it's very very often forgotten that WPA supplicant is also used for 802.11X.

Also I have seen it was missing AFTER inspecting your repo AFTER your answer so I could not know at the time of opening it was not a bug.

If it was intended you could simply say it and not be this passive/agressive in the answer. I close bye.

[bsherman]

If it was intended you could simply say it and not be this passive/agressive in the answer. I close bye.

Apologies that my response seemed rude to you. I realize that I was editing the message and accidently left both "this is not a bug. this is a package request" statements, but I only meant to have one.

Regardless, I did offer you workarounds and I told you I'd consider adding the package.

For the moment, I will leave the package list as is.