:: Re: [DNG] How to test the backend o…
Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: aitor_czr
Ημερομηνία:  
Προς: dng
Καινούρια Θέματα: [DNG] Better late than never, Re: [DNG] How to test the backend of simple-netaid
Αντικείμενο: Re: [DNG] How to test the backend of simple-netaid
Hi,

El 08/09/18 a las 11:47, aitor_czr escribió:
>
> Hi again,
>
> El 07/09/18 a las 19:50, aitor_czr escribió:
>>
>> Hi,
>>
>> El 07/09/18 a las 19:37, aitor_czr escribió:
>>> This is the simple script used for the wireless connection attempts:
>>>
>>> ifdown <device_name>
>>> ip link set <device_name> up
>>> pkill wpa_supplicant
>>> wpa_passphrase <essid> <password> > <conf_file>
>>> wpa_supplicant -B -c<conf_file> -i<device_name>
>>> rm -f /run/network/ifstate.<device_name>
>>> ip link set <device_name> up
>>> sleep 1
>>> ifup <device_name>
>>>
>>> Maybe, the lines nº 6 and nº7 are superfluous. The line nº8 (that
>>> is, "sleep 1") is important, believe it.
>>> As sysadmins, what do you think about the use of "pkill wpa_supplicant"?
>>>
>>>   Aitor.
>>
>> This script needs granted permissions; so, it's included in a suid
>> binary. Once i talked about a security key for this binary.
>> The security key would be generated during the compilation of the
>> application in a way that only those binaries built *together* with
>> the suid binary will know it.
>> First of all, i have to deal with the add_custom_command() function
>> of CMake, in order to control the preference of the targets.
>> The first step should be to generate this key, before all the
>> executables.
>>
>> Cheers,
>>
>>  Aitor.
>
> The idea is very simple. The GUI and the suid binary will contain a
> non-existent header:
>
> #include "key.h"
>
> The key.h file will contain an unique line (the random definition of
> the KEY varible) edited by CMake during the compilation. For example:
>
> var1="#define KEY "
> var2=`tr -cd '[:alnum:]' < /dev/urandom | fold -w32 | head -n1`
> echo "${var1}\"${var2}\"" > key.h
>
> would generate something like this:
>
> #define KEY "X1AULvFge6Tgq1p9BZat4EEVqAwaCnsB"
>
> and then, the suid binary only will be able to be run from the GUI,
> built together with it.
>
> Cheers,
>
>   Aitor.


I had an issue packaging simple-netaid. The target of the shared library
"libnetaid.so" was being obj-x86-64-linux-gnu, and trying to use the
variable $(DEB_HOST_MULTIARCH)
in "libnetaid.install", this variable was not replaced by its value:
`x86-64-linux-gnu`. I've just found the following solution for that
doing the "libnetaid.install" executable:

#! /usr/bin/dh-exec

obj-*-linux-gnu/backend_src/libnetaid.so usr/lib/${DEB_HOST_MULTIARCH}

Cheers,

  Aitor.