Bug 238571

Summary: net/hostapd: hostapd_program not used by system rc.d scripts on 12.0
Product: Base System Reporter: rozhuk.im
Component: confAssignee: Cy Schubert <cy>
Status: Closed FIXED    
Severity: Affects Some People CC: dewayne, rozhuk.im
Priority: --- Flags: bugzilla: maintainer-feedback? (cy)
cy: mfc-stable12?
cy: mfc-stable11?
Version: CURRENT   
Hardware: Any   
OS: Any   
Description Flags
Fix for PR 238571
Fix for PR 238571
Patch to install wpa_supplicant and hostapd rc files when none exist in /etc/rc.d. none

Description rozhuk.im 2019-06-15 02:03:26 UTC
On FreeBSD 12.0 "hostapd_program" not used in rc.d scripts
grep -R "hostapd_program" /etc/ - show nothing.
Comment 1 Cy Schubert freebsd_committer 2019-06-15 03:49:01 UTC
This is an rc.d issue in base. Will look at it.
Comment 2 Cy Schubert freebsd_committer 2019-06-15 03:50:03 UTC
Can you provide uname -a output please.
Comment 3 rozhuk.im 2019-06-15 03:54:18 UTC
FreeBSD rimwks 12.0-STABLE FreeBSD 12.0-STABLE #0 r346795M: Sun Apr 28 01:43:38 MSK 2019     root@rimwks:/usr/obj/usr/src/amd64.amd64/sys/RIM_WKS  amd64
Comment 4 Cy Schubert freebsd_committer 2019-06-15 15:52:24 UTC
Created attachment 205079 [details]
Fix for PR 238571

To apply this do,

cd /usr/src
patch -C -p1 < PR238571.diff && patch -p1 < PR238571.diff

reboot or service hostapd restart
Comment 5 Cy Schubert freebsd_committer 2019-06-15 20:01:20 UTC
Created attachment 205082 [details]
Fix for PR 238571

Use this instead.
Comment 6 rozhuk.im 2019-06-15 22:05:02 UTC
(In reply to Cy Schubert from comment #5)


Another missconfiguration thing is:

if set in src.conf
# Set to not build programs used for 802.11 wireless networks;
# especially wpa_supplicant(8) and hostapd(8). When set, it also
# enforces the following options: WITHOUT_WIRELESS_SUPPORT
# Set to build libraries, programs, and kernel modules without 802.11
# wireless support.
# Build wpa_supplicant(8) without support for the IEEE 802.1X protocol and
# without support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS protocols
# (usable only via 802.1X).

it will remove rc.d script for hostapd and wpa_supplicant, regdomain.xml too.
So I cant keep only one hostapd and wpa_supplicant from ports, like I do with openssh.
Comment 7 Cy Schubert freebsd_committer 2019-06-15 22:33:59 UTC
In this case adding an optional script would address this.

I make sure to MFC hostapd and wpa_supplicant to stable/12 & 11, addressing any latent security bugs. Why are you using the port instead of hostapd in base? Both are the same.
Comment 8 rozhuk.im 2019-06-15 22:42:50 UTC
(In reply to Cy Schubert from comment #7)

I prefer ports because it is easy and faster to update, and easy install only on hosts where it used.
Comment 9 Cy Schubert freebsd_committer 2019-06-15 23:44:41 UTC
I'll cobble something up tonight or over the next couple of days. Generally it will check for /etc/rc.d/hostapd. If it doesn't exist it will install a copy of the one in base. I'll do the same for wpa_supplicant. This will affect the port only. The binary package people install using pkg install will not be affected.
Comment 10 rozhuk.im 2019-06-15 23:52:21 UTC
Probably better and easy add option to install rc.d script?
Comment 11 Cy Schubert freebsd_committer 2019-06-16 00:21:09 UTC
No. I'm already doing this in the ports patches in my git repo in response to making Heimdal private in base, in my base git repo. User involvement in decision making is usually less desirable than automatically installing what is needed.

Making it an option risks having both base and ports versions of the rc script installed, causing both to run. In that case the ports script would need new variables and users would need to be educated to turn off one when using the other. This requires writing of documentation. Many people either forget or don't read the doc. This leads to more PRs and time spent resolving them. It's best to make this automatic.
Comment 12 Cy Schubert freebsd_committer 2019-06-17 03:15:07 UTC
Created attachment 205158 [details]
Patch to install wpa_supplicant and hostapd rc files when none exist in /etc/rc.d.

This ports-side patch will add rc scripts if no scripts by the same name exist in /etc/rc.d.
Comment 13 commit-hook freebsd_committer 2019-06-17 21:02:10 UTC
A commit references this bug:

Author: cy
Date: Mon Jun 17 20:11:03 UTC 2019
New revision: 349153
URL: https://svnweb.freebsd.org/changeset/base/349153

  Allow the hostapd program to be specified. This allows users to use
  hostapd from ports instead of the one in base. The default is the hostapd
  in base.

  PR:		238571
  MFC after:	1 week

Comment 14 commit-hook freebsd_committer 2019-06-17 21:02:13 UTC
A commit references this bug:

Author: cy
Date: Mon Jun 17 20:15:41 UTC 2019
New revision: 504433
URL: https://svnweb.freebsd.org/changeset/ports/504433

  For users who build and install FreeBSD using WITHOUT_WIRELESS
  simply altering /etc/rc.conf isn't enough to make use of the ports
  versions of hostapd and wpa_supplicant. This is because the rc.d
  scripts are not installed when WITHOUT_WIRELESS is specified as a
  build option. This patch checks for the rc scripts existence and
  if they do not exist, installs the ports versions of the same
  scripts, which are added by this revision.

  This patch does not change the package in any way and there is no way
  to enable this outside of removal of hostapd or wpa_supplicant
  (depending on the port). Users who build their own world using the
  WITHOUT_WIRELESS flag will almost always not use binary packages. Hence
  the automatic detection and install of the rc scripts. Making this an
  option would IMO increase the number of bug reports due to people
  inadvertently setting or not setting an option.

  To enable this a person must:

  1. buildworld and installworld -DWITHOUT_WIRELESS
  2. Build and install the desired wpa_supplicant and/or hostapd port
     on servers one wishes to install them on.

  PR:		238571

Comment 15 Cy Schubert freebsd_committer 2019-06-18 00:11:35 UTC
Comment 16 rozhuk.im 2019-06-18 21:24:05 UTC
Comment 17 dewayne 2019-06-23 11:41:12 UTC
(In reply to commit-hook from comment #14)
Good decision, sound reasoning, thanks.
Comment 18 commit-hook freebsd_committer 2019-07-03 16:44:22 UTC
A commit references this bug:

Author: cy
Date: Wed Jul  3 16:43:41 UTC 2019
New revision: 349651
URL: https://svnweb.freebsd.org/changeset/base/349651

  MFC r349153:

  Allow the hostapd program to be specified. This allows users to use
  hostapd from ports instead of the one in base. The default is the hostapd
  in base.

  PR:		238571

_U  stable/12/