From ea8dbd7a6d0f29a35f573f12630fbad46f520dc0 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 8 Mar 2023 08:48:03 +0100 Subject: [PATCH] contrib/rpm: add "22-wifi-mac-addr.conf" to F40+ Install a configuration snippet on Fedora 40+, that sets the default for "wifi.cloned-mac-address" to "stable-ssid" (otherwise, the built-in default is "preserve"). This will mean, that on Wi-Fi profiles that don't explicitly override the property "wifi.cloned-mac-address", a stable address is generated. The benefit is, that Fedora will randomize the MAC address by default. Note that this also affects all pre-existing Wi-Fi profiles, that don't explicitly configure the property in the profile. Depending on how you see it, this is desirable. Randomization should be done, unless the user opts-out (not the other way around). Note that setting "wifi.cloned-mac-address=stable-ssid" is similar to setting a stable ID "${NETWORK_SSID}" and "wifi.cloned-mac-address=stable". The difference is that the latter also affects other properties, like - "ipv6.addr-gen-mode=stable-privacy" - "{ethernet,wifi}.cloned-mac-address=stable" - "ipv4.dhcp-client-id=stable" - "ipv6.dhcp-duid=stable-{llt,ll,uuid}" - "{ipv4,ipv6}.iaid=stable" Especially with "ipv6.addr-gen-mode=stable", changing the stable ID would mean that also all IPv6 addresses change. We want to avoid that by only changing the cloned-mac-address to "stable-ssid". This means, after upgrade to F40, different MAC addresses will be used on most users' Wi-Fi. This means, DHCP might hand out different IP addresses, sessions might expire, and configuration that depended on the previous MAC address will be affected. https://pagure.io/fedora-workstation/issue/350 --- contrib/fedora/rpm/22-wifi-mac-addr.conf | 31 ++++++++++++++++++++++++ contrib/fedora/rpm/NetworkManager.spec | 20 ++++++++++----- contrib/fedora/rpm/build.sh | 2 ++ 3 files changed, 47 insertions(+), 6 deletions(-) create mode 100644 contrib/fedora/rpm/22-wifi-mac-addr.conf diff --git a/contrib/fedora/rpm/22-wifi-mac-addr.conf b/contrib/fedora/rpm/22-wifi-mac-addr.conf new file mode 100644 index 0000000000..2e329c8895 --- /dev/null +++ b/contrib/fedora/rpm/22-wifi-mac-addr.conf @@ -0,0 +1,31 @@ +# This sets defaults for Wi-Fi profiles to set a generated, stable MAC address. +# +# Do not modify this file. You can hide/overwrite this file by placing a file +# to "/etc/NetworkManager/conf.d/22-wifi-mac-addr.conf". You can also add +# configuration snippets with higher priority that override this setting (see +# `man 5 NetworkManager.conf`). Most importantly, this snippet only sets +# default values for the profile. You can explicitly set the value for each +# profile, so that this default value is not used. +# +# For example, on a particular profile/network set +# +# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address permanent +# +# to use the hardware MAC address. This prevents the default from this file +# to take effect. +# +# Or +# +# $ nmcli connection modify "$PROFILE" wifi.cloned-mac-address stable connection.stable-id '${NETWORK_SSID}/${BOOT}' +# +# to get a generated MAC address that changes on each boot. Note how setting +# "connection.stable-id" also affects other aspects of the profile. +# +# See `man 5 nm-settings` for "wifi.cloned-mac-address" and "connection.stable-id". + +[connection.22-wifi-mac-addr] +match-device=type:wifi +wifi.cloned-mac-address=stable-ssid + +[.config] +enable=nm-version-min:1.45 diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index db07a30ac7..65e64f3b73 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -209,9 +209,10 @@ Source1: NetworkManager.conf Source2: 00-server.conf Source4: 20-connectivity-fedora.conf Source5: 20-connectivity-redhat.conf -Source6: 70-nm-connectivity.conf -Source7: readme-ifcfg-rh.txt -Source8: readme-ifcfg-rh-migrated.txt +Source6: 22-wifi-mac-addr.conf +Source7: 70-nm-connectivity.conf +Source8: readme-ifcfg-rh.txt +Source9: readme-ifcfg-rh-migrated.txt #Patch1: 0001-some.patch @@ -918,14 +919,18 @@ cp %{SOURCE4} %{buildroot}%{nmlibdir}/conf.d/ %if %{with connectivity_redhat} cp %{SOURCE5} %{buildroot}%{nmlibdir}/conf.d/ mkdir -p %{buildroot}%{_sysctldir} -cp %{SOURCE6} %{buildroot}%{_sysctldir} +cp %{SOURCE7} %{buildroot}%{_sysctldir} +%endif + +%if 0%{?fedora} >= 40 +cp %{SOURCE6} %{buildroot}%{nmlibdir}/conf.d/ %endif %if 0%{?ifcfg_warning} -cp %{SOURCE7} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts +cp %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts %endif %if 0%{?ifcfg_migrate} -cp %{SOURCE8} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt +cp %{SOURCE9} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/readme-ifcfg-rh.txt %endif cp examples/dispatcher/10-ifcfg-rh-routes.sh %{buildroot}%{nmlibdir}/dispatcher.d/ @@ -1072,6 +1077,9 @@ fi %dir %{_sysconfdir}/%{name}/dnsmasq-shared.d %dir %{_sysconfdir}/%{name}/system-connections %config(noreplace) %{_sysconfdir}/%{name}/NetworkManager.conf +%if 0%{?fedora} >= 40 +%{nmlibdir}/conf.d/22-wifi-mac-addr.conf.conf +%endif %ghost %{_sysconfdir}/%{name}/VPN %{_bindir}/nm-online %{_libexecdir}/nm-dhcp-helper diff --git a/contrib/fedora/rpm/build.sh b/contrib/fedora/rpm/build.sh index 838119ed48..8160b915e6 100755 --- a/contrib/fedora/rpm/build.sh +++ b/contrib/fedora/rpm/build.sh @@ -145,6 +145,7 @@ SOURCE_NETWORKMANAGER_CONF="$(abs_path "$SOURCE_NETWORKMANAGER_CONF" "$SCRIPTDIR SOURCE_CONFIG_SERVER="$(abs_path "$SOURCE_CONFIG_SERVER" "$SCRIPTDIR/00-server.conf")" || die "invalid \$SOURCE_CONFIG_SERVER argument" SOURCE_CONFIG_CONNECTIVITY_FEDORA="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$SCRIPTDIR/20-connectivity-fedora.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_FEDORA argument" SOURCE_CONFIG_CONNECTIVITY_REDHAT="$(abs_path "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$SCRIPTDIR/20-connectivity-redhat.conf")" || die "invalid \$SOURCE_CONFIG_CONNECTIVITY_REDHAT argument" +SOURCE_CONFIG_WIFI_MAC_ADDR="$(abs_path "$SOURCE_CONFIG_WIFI_MAC_ADDR" "$SCRIPTDIR/22-wifi-mac-addr.conf")" || die "invalid \$SOURCE_CONFIG_WIFI_MAC_ADDR argument" SOURCE_SYSCTL_RP_FILTER_REDHAT="$(abs_path "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$SCRIPTDIR/70-nm-connectivity.conf")" || die "invalid \$SOURCE_SYSCTL_RP_FILTER_REDHAT argument" SOURCE_README_IFCFG_FILES="$(abs_path "$SOURCE_README_IFCFG_FILES" "$SCRIPTDIR/readme-ifcfg-rh.txt")" || die "invalid \$SOURCE_README_IFCFG_FILES argument" SOURCE_README_IFCFG_MIGRATED="$(abs_path "$SOURCE_README_IFCFG_MIGRATED" "$SCRIPTDIR/readme-ifcfg-rh-migrated.txt")" || die "invalid \$SOURCE_README_IFCFG_MIGRATED argument" @@ -203,6 +204,7 @@ cp "$SOURCE_NETWORKMANAGER_CONF" "$TEMP/SOURCES/NetworkManager.conf" || die "Cou cp "$SOURCE_CONFIG_SERVER" "$TEMP/SOURCES/00-server.conf" || die "Could not copy source $SOURCE_CONFIG_SERVER to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_FEDORA" "$TEMP/SOURCES/20-connectivity-fedora.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_FEDORA to $TEMP/SOURCES" cp "$SOURCE_CONFIG_CONNECTIVITY_REDHAT" "$TEMP/SOURCES/20-connectivity-redhat.conf" || die "Could not copy source $SOURCE_CONFIG_CONNECTIVITY_REDHAT to $TEMP/SOURCES" +cp "$SOURCE_CONFIG_WIFI_MAC_ADDR" "$TEMP/SOURCES/22-wifi-mac-addr.conf" || die "Could not copy source $SOURCE_CONFIG_WIFI_MAC_ADDR to $TEMP/SOURCES" cp "$SOURCE_SYSCTL_RP_FILTER_REDHAT" "$TEMP/SOURCES/70-nm-connectivity.conf" || die "Could not copy source $SOURCE_SYSCTL_RP_FILTER_REDHAT to $TEMP/SOURCES" cp "$SOURCE_README_IFCFG_FILES" "$TEMP/SOURCES/readme-ifcfg-rh.txt" || die "Could not copy source $SOURCE_README_IFCFG_FILES to $TEMP/SOURCES" cp "$SOURCE_README_IFCFG_MIGRATED" "$TEMP/SOURCES/readme-ifcfg-rh-migrated.txt" || die "Could not copy source $SOURCE_README_IFCFG_MIGRATED to $TEMP/SOURCES"