gnu: wpa-supplicant: Add netdev group dbus policy.

The patch allows users in netdev group to control wpa-supplicant via D-Bus interface. * gnu/packages/admin.scm (wpa-supplicant)[source]: Add dbus policy patch. * gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch: New file. Signed-off-by: Andrew Tropin <andrew@trop.in>
2023-01-29 21:06:31 +01:00 · 2023-01-29 21:06:31 +01:00 · 8d8b9a4c0c
parent 5b1eab43f0
commit 8d8b9a4c0c
2 changed files with 27 additions and 0 deletions
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@ -2222,6 +2222,10 @@ (define-public wpa-supplicant
    (name "wpa-supplicant")
    (inputs (modify-inputs (package-inputs wpa-supplicant-minimal)
              (prepend dbus)))
+    (source (origin
+              (inherit (package-source wpa-supplicant-minimal))
+              (patches (search-patches
+                        "wpa-supplicant-dbus-group-policy.patch"))))
    (arguments
     (substitute-keyword-arguments (package-arguments wpa-supplicant-minimal)
       ((#:phases phases)
--- a/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch
+++ b/gnu/packages/patches/wpa-supplicant-dbus-group-policy.patch
@ -0,0 +1,23 @@
+Borrowed from debian, allows users in netdev group to control wpa-supplicant
+via D-Bus.
+
+Description: Debian does not use pam_console but uses group membership
+ to control access to D-Bus. Activating both options in the conf file
+ makes it work on Debian and Ubuntu.
+Author: Michael Biebl <biebl@debian.org>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=15;bug=412179
+---
+--- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf
+@@ -14,6 +14,11 @@
+                 <allow send_interface="fi.w1.wpa_supplicant1"/>
+                 <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+         </policy>
+        <policy group="netdev">
+                <allow send_destination="fi.w1.wpa_supplicant1"/>
+                <allow send_interface="fi.w1.wpa_supplicant1"/>
+                <allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
+        </policy>
+         <policy context="default">
+                 <deny own="fi.epitest.hostap.WPASupplicant"/>
+                 <deny send_destination="fi.epitest.hostap.WPASupplicant"/>