2023-10-19 13:46:41 |
Danilo Egea Gondolfo |
bug |
|
|
added bug |
2023-10-19 16:29:09 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~danilogondolfo/netplan/+git/netplan/+merge/454061 |
|
2023-10-23 09:19:37 |
Danilo Egea Gondolfo |
description |
This is causing problems with Netplan everywhere as it ends up generating invalid Network Manager configuration (that will not be accepted by it) and lead to a failure.
This problem is partially addresses by this patch https://github.com/canonical/netplan/pull/415
A more complete solution is being worked here https://github.com/canonical/netplan/pull/416. As it might cause changes in behavior and/or libnetplan ABI breakages, we are working on it separately.
This problem is related to this LP bug https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2038811 |
[ Impact ]
This SRU addresses two issues that are leading to Network Manager crashes:
Issue 1) Wireguard connections with empty peer endpoints
Creating a Wireguard tunnel using the GUI allows the user to omit the peer endpoint.
The configuration created by NetworkManager will still include the Endpoint= key with an empty string ("")
as its value. This configuration will then be imported into a Netplan state using libnetplan and the
resulting YAML file will include the empty string as the endpoint value. When libnetplan loads and parses
the resulting YAML, the validation process will not accept the empty string as the endpoint value and fail.
An endpoint that's an empty string should just be ignored, so this SRU includes a patch that does that.
Issue 2) Connections with unsupported EAP methods
When a Network Manager connection that uses EAP for authentication is created, libnetplan's keyfile parser
(the code that loads Network Manager's keyfile into Netplan state), will end up generating a broken
configuration when the EAP method is not supported. Unsupported EAP methods will be handled as if EAP were not
used by the connection. When libnetplan emits the final keyfile, the [802-1x] section (where the EAP configuration
is supposed to be added) will be missing and Network Manager will error out.
This SRU includes a patch that implements support for two additional EAP methods so
the connection will be properly generated when they are used.
This SRU is important for Ubuntu Mantic due to the new integration between Network Manager and libnetplan.
Users that hit the conditions aforementioned are experiencing crashes in the Network Manager daemon.
[ Test Plan ]
How to reproduce the issues.
Issue 1) Wireguard with empty endpoint
1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)
$ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c limits.memory=2GiB --console=vga
2) Open the "Advanced Network Configuration" application
3) Add a new connection of type WireGuard
a) Set the interface name to wg0
b) Set the private key to 4GgaQCy68nzNsUE5aJ9fuLzHhB65tAlwbmA72MWnOm8=
c) In the "peers" section, click on Add
d) Set the "Public key" to M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=
e) Leave the other settings empty and click on Apply then Save
4) You will get an error message and will find the errors below in the Network Manager's journal:
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: /etc/netplan/90-NM-47e8e1b7-61c7-4568-8418-14b134382fcd.yaml:11:19: Error in network definition: invalid endpoint address or hostname ''
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: - endpoint: ""
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: ^
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: <error> [1697796067.1011] BUG: the profile cannot be stored in keyfile format without becoming unusable: cannot access file: No such file or directory
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: **
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.
Issue 2) Unsupported EAP methods
1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)
$ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c limits.memory=2GiB --console=vga
2) Open the "Advanced Network Configuration" application
3) Add a new connection of type "Wifi"
4) In the Wi-Fi tab, set an SSID and a fake Device
5) In the Wi-Fi Security tab
a) Set Security to WPA/WPA3 Enterprise
b) Set Authentication to LEAP
c) Set random Identity and Password values and click on Save
6) You will get an error message and will find the errors below in the Network Manager's journal:
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: <error> [1697799165.1861] BUG: the profile cannot be stored in keyfile format without becoming unusable: invalid connection: 802-1x: 'wpa-eap' security requires '802-1x' setting presence
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: **
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.
Testing the fixes
1) Add the PPA repository with the updated package and upgrade netplan
$ sudo add-apt-repository ppa:danilogondolfo/netplan-sru
$ sudo apt update && sudo apt upgrade -y
3) Restart Network Manager
$ sudo systemctl restart NetworkManager
4) Run the tests described above again and check they will not cause any crashes
[ Where problems could occur ]
As we are only relaxing the validation of Wireguard endpoints to ignore empty strings
and adding two new EAP methods to the methods list we are not expecting any regressions caused
by these changes. There are no intended changes in behavior introduced by these changes.
All the autopkgtests from netplan.io and network-manager are still passing with these patches.
[ Other Info ]
There are still some (less common we believe) situations that can lead to crashes. They involve the use
of both PSK and EAP identity keys simultaneously. This is a small design issue in Netplan where it was
assumed that both keys wouldn't be used at the same time. The attempts to address this issue for this SRU
resulted in small changes in behavior so we decided to not include it. We are planning to add this fix as part
of netplan.io 0.107.1 early when the new ubuntu-devel is available. More details about this issue can
be found here https://github.com/canonical/netplan/pull/416
--- Original description ---
This is causing problems with Netplan everywhere as it ends up generating invalid Network Manager configuration (that will not be accepted by it) and lead to a failure.
This problem is partially addresses by this patch https://github.com/canonical/netplan/pull/415
A more complete solution is being worked here https://github.com/canonical/netplan/pull/416. As it might cause changes in behavior and/or libnetplan ABI breakages, we are working on it separately.
This problem is related to this LP bug https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2038811 |
|
2023-10-26 07:51:16 |
Lukas Märdian |
nominated for series |
|
Ubuntu Mantic |
|
2023-10-26 07:51:16 |
Lukas Märdian |
bug task added |
|
netplan.io (Ubuntu Mantic) |
|
2023-10-26 08:50:46 |
Danilo Egea Gondolfo |
description |
[ Impact ]
This SRU addresses two issues that are leading to Network Manager crashes:
Issue 1) Wireguard connections with empty peer endpoints
Creating a Wireguard tunnel using the GUI allows the user to omit the peer endpoint.
The configuration created by NetworkManager will still include the Endpoint= key with an empty string ("")
as its value. This configuration will then be imported into a Netplan state using libnetplan and the
resulting YAML file will include the empty string as the endpoint value. When libnetplan loads and parses
the resulting YAML, the validation process will not accept the empty string as the endpoint value and fail.
An endpoint that's an empty string should just be ignored, so this SRU includes a patch that does that.
Issue 2) Connections with unsupported EAP methods
When a Network Manager connection that uses EAP for authentication is created, libnetplan's keyfile parser
(the code that loads Network Manager's keyfile into Netplan state), will end up generating a broken
configuration when the EAP method is not supported. Unsupported EAP methods will be handled as if EAP were not
used by the connection. When libnetplan emits the final keyfile, the [802-1x] section (where the EAP configuration
is supposed to be added) will be missing and Network Manager will error out.
This SRU includes a patch that implements support for two additional EAP methods so
the connection will be properly generated when they are used.
This SRU is important for Ubuntu Mantic due to the new integration between Network Manager and libnetplan.
Users that hit the conditions aforementioned are experiencing crashes in the Network Manager daemon.
[ Test Plan ]
How to reproduce the issues.
Issue 1) Wireguard with empty endpoint
1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)
$ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c limits.memory=2GiB --console=vga
2) Open the "Advanced Network Configuration" application
3) Add a new connection of type WireGuard
a) Set the interface name to wg0
b) Set the private key to 4GgaQCy68nzNsUE5aJ9fuLzHhB65tAlwbmA72MWnOm8=
c) In the "peers" section, click on Add
d) Set the "Public key" to M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=
e) Leave the other settings empty and click on Apply then Save
4) You will get an error message and will find the errors below in the Network Manager's journal:
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: /etc/netplan/90-NM-47e8e1b7-61c7-4568-8418-14b134382fcd.yaml:11:19: Error in network definition: invalid endpoint address or hostname ''
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: - endpoint: ""
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: ^
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: <error> [1697796067.1011] BUG: the profile cannot be stored in keyfile format without becoming unusable: cannot access file: No such file or directory
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: **
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.
Issue 2) Unsupported EAP methods
1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)
$ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c limits.memory=2GiB --console=vga
2) Open the "Advanced Network Configuration" application
3) Add a new connection of type "Wifi"
4) In the Wi-Fi tab, set an SSID and a fake Device
5) In the Wi-Fi Security tab
a) Set Security to WPA/WPA3 Enterprise
b) Set Authentication to LEAP
c) Set random Identity and Password values and click on Save
6) You will get an error message and will find the errors below in the Network Manager's journal:
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: <error> [1697799165.1861] BUG: the profile cannot be stored in keyfile format without becoming unusable: invalid connection: 802-1x: 'wpa-eap' security requires '802-1x' setting presence
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: **
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.
Testing the fixes
1) Add the PPA repository with the updated package and upgrade netplan
$ sudo add-apt-repository ppa:danilogondolfo/netplan-sru
$ sudo apt update && sudo apt upgrade -y
3) Restart Network Manager
$ sudo systemctl restart NetworkManager
4) Run the tests described above again and check they will not cause any crashes
[ Where problems could occur ]
As we are only relaxing the validation of Wireguard endpoints to ignore empty strings
and adding two new EAP methods to the methods list we are not expecting any regressions caused
by these changes. There are no intended changes in behavior introduced by these changes.
All the autopkgtests from netplan.io and network-manager are still passing with these patches.
[ Other Info ]
There are still some (less common we believe) situations that can lead to crashes. They involve the use
of both PSK and EAP identity keys simultaneously. This is a small design issue in Netplan where it was
assumed that both keys wouldn't be used at the same time. The attempts to address this issue for this SRU
resulted in small changes in behavior so we decided to not include it. We are planning to add this fix as part
of netplan.io 0.107.1 early when the new ubuntu-devel is available. More details about this issue can
be found here https://github.com/canonical/netplan/pull/416
--- Original description ---
This is causing problems with Netplan everywhere as it ends up generating invalid Network Manager configuration (that will not be accepted by it) and lead to a failure.
This problem is partially addresses by this patch https://github.com/canonical/netplan/pull/415
A more complete solution is being worked here https://github.com/canonical/netplan/pull/416. As it might cause changes in behavior and/or libnetplan ABI breakages, we are working on it separately.
This problem is related to this LP bug https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2038811 |
[ Impact ]
When a Network Manager connection that uses EAP for authentication is created, libnetplan's keyfile parser
(the code that loads Network Manager's keyfile into Netplan state), will end up generating a broken
configuration when the EAP method is not supported. Unsupported EAP methods will be handled as if EAP were not
used by the connection. When libnetplan emits the final keyfile, the [802-1x] section (where the EAP configuration
is supposed to be added) will be missing and Network Manager will error out.
This SRU includes a patch that implements support for two additional EAP methods so
the connection will be properly generated when they are used.
This SRU is important for Ubuntu Mantic due to the new integration between Network Manager and libnetplan.
Users that hit the conditions aforementioned are experiencing crashes in the Network Manager daemon.
[ Test Plan ]
How to reproduce the issues.
1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)
$ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c limits.memory=2GiB --console=vga
2) Open the "Advanced Network Configuration" application
3) Add a new connection of type "Wifi"
4) In the Wi-Fi tab, set an SSID and a fake Device
5) In the Wi-Fi Security tab
a) Set Security to WPA/WPA3 Enterprise
b) Set Authentication to LEAP
c) Set random Identity and Password values and click on Save
6) You will get an error message and will find the errors below in the Network Manager's journal:
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: <error> [1697799165.1861] BUG: the profile cannot be stored in keyfile format without becoming unusable: invalid connection: 802-1x: 'wpa-eap' security requires '802-1x' setting presence
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: **
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop NetworkManager[2715]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 10:52:45 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.
Testing the fixes
1) Add the PPA repository with the updated package and upgrade netplan
$ sudo add-apt-repository ppa:danilogondolfo/netplan-sru
$ sudo apt update && sudo apt upgrade -y
3) Restart Network Manager
$ sudo systemctl restart NetworkManager
4) Run the test described above again and check they will not cause any crashes
[ Where problems could occur ]
As we are only adding two new EAP methods to the methods list we are not expecting any regressions caused
by these changes. There are no intended changes in behavior introduced by these changes.
All the autopkgtests from netplan.io and network-manager are still passing with this patch.
[ Other Info ]
There are still some (less common we believe) situations that can lead to crashes. They involve the use
of both PSK and EAP identity keys simultaneously. This is a small design issue in Netplan where it was
assumed that both keys wouldn't be used at the same time. The attempts to address this issue for this SRU
resulted in small changes in behavior so we decided to not include it. We are planning to add this fix as part
of netplan.io 0.107.1 early when the new ubuntu-devel is available. More details about this issue can
be found here https://github.com/canonical/netplan/pull/416
--- Original description ---
This is causing problems with Netplan everywhere as it ends up generating invalid Network Manager configuration (that will not be accepted by it) and lead to a failure.
This problem is partially addresses by this patch https://github.com/canonical/netplan/pull/415
A more complete solution is being worked here https://github.com/canonical/netplan/pull/416. As it might cause changes in behavior and/or libnetplan ABI breakages, we are working on it separately.
This problem is related to this LP bug https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2038811 |
|
2023-10-26 09:37:11 |
Lukas Märdian |
netplan.io (Ubuntu): status |
New |
In Progress |
|
2023-10-26 09:37:13 |
Lukas Märdian |
netplan.io (Ubuntu Mantic): status |
New |
In Progress |
|
2023-10-26 09:37:20 |
Lukas Märdian |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2023-10-26 09:43:49 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Lukas Märdian |
2023-10-31 06:10:05 |
Launchpad Janitor |
netplan.io (Ubuntu): status |
In Progress |
Fix Released |
|
2023-11-05 01:35:27 |
Steve Langasek |
netplan.io (Ubuntu Mantic): status |
In Progress |
Fix Committed |
|
2023-11-05 01:35:30 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
2023-11-05 01:35:32 |
Steve Langasek |
tags |
|
verification-needed verification-needed-mantic |
|
2023-11-14 14:58:51 |
Danilo Egea Gondolfo |
tags |
verification-needed verification-needed-mantic |
verification-done-mantic verification-needed |
|
2023-11-20 13:43:59 |
Launchpad Janitor |
netplan.io (Ubuntu Mantic): status |
Fix Committed |
Fix Released |
|
2023-11-20 13:44:07 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|