|Summary:||net/hostapd: hostapd_program not used by system rc.d scripts on 12.0|
|Component:||conf||Assignee:||Cy Schubert <cy>|
|Severity:||Affects Some People||CC:||dewayne, rozhuk.im|
Description rozhuk.im 2019-06-15 02:03:26 UTC
On FreeBSD 12.0 "hostapd_program" not used in rc.d scripts grep -R "hostapd_program" /etc/ - show nothing.
Comment 1 Cy Schubert 2019-06-15 03:49:01 UTC
This is an rc.d issue in base. Will look at it.
Comment 2 Cy Schubert 2019-06-15 03:50:03 UTC
Can you provide uname -a output please.
Comment 3 rozhuk.im 2019-06-15 03:54:18 UTC
FreeBSD rimwks 12.0-STABLE FreeBSD 12.0-STABLE #0 r346795M: Sun Apr 28 01:43:38 MSK 2019 root@rimwks:/usr/obj/usr/src/amd64.amd64/sys/RIM_WKS amd64
Comment 4 Cy Schubert 2019-06-15 15:52:24 UTC
Created attachment 205079 [details] Fix for PR 238571 To apply this do, cd /usr/src patch -C -p1 < PR238571.diff && patch -p1 < PR238571.diff mergemaster reboot or service hostapd restart
Comment 5 Cy Schubert 2019-06-15 20:01:20 UTC
Created attachment 205082 [details] Fix for PR 238571 Use this instead.
Comment 6 rozhuk.im 2019-06-15 22:05:02 UTC
(In reply to Cy Schubert from comment #5) Thanks! Another missconfiguration thing is: if set in src.conf WITHOUT_WIRELESS= # Set to not build programs used for 802.11 wireless networks; # especially wpa_supplicant(8) and hostapd(8). When set, it also # enforces the following options: WITHOUT_WIRELESS_SUPPORT WITHOUT_WIRELESS_SUPPORT= # Set to build libraries, programs, and kernel modules without 802.11 # wireless support. WITHOUT_WPA_SUPPLICANT_EAPOL= # Build wpa_supplicant(8) without support for the IEEE 802.1X protocol and # without support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS protocols # (usable only via 802.1X). it will remove rc.d script for hostapd and wpa_supplicant, regdomain.xml too. So I cant keep only one hostapd and wpa_supplicant from ports, like I do with openssh.
Comment 7 Cy Schubert 2019-06-15 22:33:59 UTC
In this case adding an optional script would address this. I make sure to MFC hostapd and wpa_supplicant to stable/12 & 11, addressing any latent security bugs. Why are you using the port instead of hostapd in base? Both are the same.
Comment 8 rozhuk.im 2019-06-15 22:42:50 UTC
(In reply to Cy Schubert from comment #7) I prefer ports because it is easy and faster to update, and easy install only on hosts where it used.
Comment 9 Cy Schubert 2019-06-15 23:44:41 UTC
I'll cobble something up tonight or over the next couple of days. Generally it will check for /etc/rc.d/hostapd. If it doesn't exist it will install a copy of the one in base. I'll do the same for wpa_supplicant. This will affect the port only. The binary package people install using pkg install will not be affected.
Comment 10 rozhuk.im 2019-06-15 23:52:21 UTC
Probably better and easy add option to install rc.d script?
Comment 11 Cy Schubert 2019-06-16 00:21:09 UTC
No. I'm already doing this in the ports patches in my git repo in response to making Heimdal private in base, in my base git repo. User involvement in decision making is usually less desirable than automatically installing what is needed. Making it an option risks having both base and ports versions of the rc script installed, causing both to run. In that case the ports script would need new variables and users would need to be educated to turn off one when using the other. This requires writing of documentation. Many people either forget or don't read the doc. This leads to more PRs and time spent resolving them. It's best to make this automatic.
Comment 12 Cy Schubert 2019-06-17 03:15:07 UTC
Created attachment 205158 [details] Patch to install wpa_supplicant and hostapd rc files when none exist in /etc/rc.d. This ports-side patch will add rc scripts if no scripts by the same name exist in /etc/rc.d.
Comment 13 commit-hook 2019-06-17 21:02:10 UTC
A commit references this bug: Author: cy Date: Mon Jun 17 20:11:03 UTC 2019 New revision: 349153 URL: https://svnweb.freebsd.org/changeset/base/349153 Log: Allow the hostapd program to be specified. This allows users to use hostapd from ports instead of the one in base. The default is the hostapd in base. PR: 238571 MFC after: 1 week Changes: head/libexec/rc/rc.conf head/libexec/rc/rc.d/hostapd
Comment 14 commit-hook 2019-06-17 21:02:13 UTC
A commit references this bug: Author: cy Date: Mon Jun 17 20:15:41 UTC 2019 New revision: 504433 URL: https://svnweb.freebsd.org/changeset/ports/504433 Log: For users who build and install FreeBSD using WITHOUT_WIRELESS simply altering /etc/rc.conf isn't enough to make use of the ports versions of hostapd and wpa_supplicant. This is because the rc.d scripts are not installed when WITHOUT_WIRELESS is specified as a build option. This patch checks for the rc scripts existence and if they do not exist, installs the ports versions of the same scripts, which are added by this revision. This patch does not change the package in any way and there is no way to enable this outside of removal of hostapd or wpa_supplicant (depending on the port). Users who build their own world using the WITHOUT_WIRELESS flag will almost always not use binary packages. Hence the automatic detection and install of the rc scripts. Making this an option would IMO increase the number of bug reports due to people inadvertently setting or not setting an option. To enable this a person must: 1. buildworld and installworld -DWITHOUT_WIRELESS 2. Build and install the desired wpa_supplicant and/or hostapd port on servers one wishes to install them on. PR: 238571 Changes: head/net/hostapd/Makefile head/net/hostapd/files/hostapd.in head/security/wpa_supplicant/Makefile head/security/wpa_supplicant/files/wpa_supplicant.in
Comment 15 Cy Schubert 2019-06-18 00:11:35 UTC
Comment 16 rozhuk.im 2019-06-18 21:24:05 UTC
Comment 17 dewayne 2019-06-23 11:41:12 UTC
(In reply to commit-hook from comment #14) Good decision, sound reasoning, thanks.
Comment 18 commit-hook 2019-07-03 16:44:22 UTC
A commit references this bug: Author: cy Date: Wed Jul 3 16:43:41 UTC 2019 New revision: 349651 URL: https://svnweb.freebsd.org/changeset/base/349651 Log: MFC r349153: Allow the hostapd program to be specified. This allows users to use hostapd from ports instead of the one in base. The default is the hostapd in base. PR: 238571 Changes: _U stable/12/ stable/12/libexec/rc/rc.conf stable/12/libexec/rc/rc.d/hostapd