Sorina - Gabriela Sandu wrote: > For that matter, I would like to propose a patch to add support for > netcfg to write a Network Manager config file and modify the > finish-install script so that it copies to target either the nm-config > file or a full /e/n/i config, according to a reasonable default and > user's choice. This also contain a new question, > netcfg/target_network_config, which is asked with a medium priority in > finish-install I notice this links network-manager to libuuid. Which is an amazingly bloated 124k here. That's being added to the d-i boot image. AFAICS, the network-manager configuration saves the user from having to re-select the wireless network, and re-enter any passphrase that they already entered once in d-i. This seems a relatively minor improvement, after all users of mobile computers rather frequently have to pick wifi networks and enter passphrases. Even without the libuuid bloat (which I'm sure could be worked around somehow.. for example c32468fe-00d6-11e2-8510-97e4f3a3dcc1 is a perfectly fine uuid I just generated that d-i is free to reuse ;) .. I wonder if tying d-i so tightly to network-manager configuration file format is worth saving the user that step. Even with a spec, this desktop stuff is a pile of sand, it changes at upstream's whim; do we really want d-i tied to it? I also doubt that the medium priority debconf question adds much value to the installer. Especially since it also increases the size of the boot media. Who is going to pick something other than the default? Only users proficient enough to easily edit /etc/network/interfaces after the install, and who are apparently already planning to do some form of sysadmin work after the install. ---- As to the code, I haven't looked at it in detail, but this seems a needlessly roundabout way to get the network-manager config file's mode locked down: http://anonscm.debian.org/gitweb/?p=d-i/netcfg.git;a=commitdiff;h=093e22856d04d4d93c08ae402874ac5ef59d2fb3;hp=1d698b6eeb5a8ab6120adc7389a540dd04e6aa47 In particular, it fails open -- if the installer is turned off at just the wrong point, the system will boot up with a password in the file and the file mode 644. It would be much more sensible to create the file with mode 600 from the beginning. AFAICS, network-manager uses mode 600 for all connection files, even those without passwords. This makes me wonder if it has good reasons for doing so. Perhaps it considers other information in the files security sensative. Perhaps it sometimes modifies the files to add security sensative information, without changing their permissions. (I'm really happy to see this bug be addressed BTW, although it's a real shame it has to be addressed on the d-i side when it could just be fixed in network-manager..) -- see shy jo
Attachment:
signature.asc
Description: Digital signature