WiFi dialog: add scripts for enabling/disabling WiFi connection #1804
Conversation
|
Thanks, @jotaen4tinypilot! I've read through this change and the linked issues. The general approach seems reasonable, with just a few potential concerns I've outlined below. Bookworm CompatibilityUsing Multiple Network SupportHaving a single TinyPilot-managed connection makes things simple for us, but it is very limiting and somewhat unusual. It's plausible users availing themselves of the Wi-Fi feature would expect to be able to move their TinyPilot devices around and have them work with multiple remembered networks. Network SecurityThis implementation will only work with WPA networks using pre-shared keys. It will not work with open networks, WEP-protected networks, or networks with enterprise-grade security. WEP is broken and best avoided, so omitting support for it is arguably for the best. Enterprise-grade security feels like something we could add in a future iteration. However, we should mention these limitations in the interface and script documentation. We should consider supporting open networks despite their obvious security risks. Most requests for Wi-Fi support that we've received have come from users trying to connect to Wi-Fi in places like hotels, which often use open networks. Omitting support for open networks would rule out this use case. Applying SettingsUsing I can see that this approach worked during your tests, but it's something to be aware of and might warrant further investigation. That said, the Bullseye version of raspi-configWe use |
|
@cghague thanks for your thorough reply, that’s very helpful!
We can’t trivially use NetworkManager on Bullseye, though, correct? I’d otherwise think that the footprint of us using
I actually haven’t considered this aspect yet, and I think this is a fair point. I think it’s also a bit of a product-related question whether we want to support configuring multiple WiFi connections right from the start, or whether it would be okay for us to push this down the road and only offer the ability to configure a single WiFi connection in the beginning. @shalver-tp thoughts? From a technical perspective, if we’d push multi-WiFi down the road, I think we shouldn’t lose much of the initial work (as in: we probably can keep many parts of the single-WiFi implementation, so we wouldn’t have to throw away and redo everything). I’d estimate that most complexity would be in the frontend, because we’d have to add UI so that users can review and manage a list of WiFi connections, as opposed to a single one. We probably need an additional dialog “screen” (state) for that, similar to how we do it for managing multiple users in the “Security” dialog.
Ah, good point – I think it’s probably easiest then if we make the password optional. |
@shalver-tp just a gentle nudge about the above topic (just in case you e.g. happened to miss this): I thought it would be best to consider and decide on this question before continuing to invest more work into the current (single-network) approach, especially before starting to work on the UI bit. |
|
@jotaen4tinypilot Sorry, I missed this one when I was out last week; I apologize. I think it would be nice to be able to "save" multiple wi-fi networks, but I think this is still a functional enhancement if we limit to one network at a time. In the end, this decision to only support single wifi puts a bit more burden on the user to change/update the wi-fi credentials when they change environments, but still brings enhanced network functionality. Omit multiple wi-fi networks for now. The other discussion on network security, et al all looks good to me. Thanks! |
|
Awesome, thanks for the feedback. I agree that storing multiple connections would be useful in certain scenarios, but I think we already add value if we ship single-WiFi in the first iteration. I’ve created a separate issue for tracking the multi-WiFi idea. |
Automated comment from CodeApprove ➜⏳ @jdeanwallace please review this Pull Request |
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
⏳ Approval Pending (5 unresolved comments)
Approval will be granted automatically when all comments are resolved
Nice, these are some good looking scripts. Works well on device too.
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
> Line 10
Usage: ${0##*/} [--help] [--country COUNTRY] [--ssid SSID] [--psk PSK]
Seeing as --ssid and --country are required fields, can we remove the square brackets from around thier usage template?
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
> Line 16
it must be 8-63 characters in length.
While testing I noticed that this script will still exit successfully even if the wifi connection failed to connect to the network. I'm sure this is intentional, but perhaps we can add a note about how this script doesn't verify connection status?
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
> Line 65
if [[ -z "${WIFI_COUNTRY}" ]]; then
(optional) Can we validate that the country code has a length of 2 characters?
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
> Line 126
} | sudo tee --append "${CONFIG_FILE}" > /dev/null
Is sudo necessary seeing as this script is already privileged?
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
> Line 126
} | sudo tee --append "${CONFIG_FILE}" > /dev/null
Seeing as we're piping stdout to /dev/null, could we avoid using tee and append the output directly to the config file? Something like
{
...
} >> "${CONFIG_FILE}"In: dev-scripts/mock-scripts/enable-wifi:
> Line 1
#!/bin/bash
In our other mock scripts we have a comment that references script on device that is being mocked. Can we do the same here?
Same for the other mock script.
👀 @jotaen4tinypilot it's your turn please take a look
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
In: Discussion
Thanks for the review! Just fyi, I’ll hold off on merging until the subsequent PRs have progressed.
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
Oh right, thanks!
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
Resolved
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
> Line 16
it must be 8-63 characters in length.
Yeah, that’s right – we cannot check really check the network status, as e.g. the user may enter the credentials in advance, or the WiFi is temporarily down or so.
I’ve added a note to the help text to clarify that the script only stores and activates the config.
In: debian-pkg/opt/tinypilot-privileged/scripts/enable-wifi:
> Line 71
if [[ -z "${WIFI_COUNTRY}" ]]; then
Resolved
In: dev-scripts/mock-scripts/enable-wifi:
> Line 1
#!/bin/bash
Resolved
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
Approved: I have approved this change on CodeApprove and all of my comments have been resolved.
Related #131, part (b). Stacked on #1804. I realized that we need to add another privileged script for reading files with marker sections, because we are unable to read those directly via the Python process in case those files are owned by the `root` user. Usage is demonstrated in [the subsequent backend PR](#1812); it’s basically … ```bash /opt/tinypilot-privileged/scripts/print-marker-sections /path/to/file.txt ``` … where the entire invocation has to be unblocked in the sudoers file. <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1811"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a> --------- Co-authored-by: Jan Heuermann <[email protected]>
Related #131, parts (a) and (b).
This PR adds two scripts for enabling and disabling the WiFi network interface on the device, so that you can also access TinyPilot through a wireless network connection.
I already discussed the basic approach last week with Charles (see comment and discussion below), because of his familiarity with networking/WiFi. Since then, I did more testing in various scenarios, and also already opened two subsequent draft PRs for the backend and frontend. They are WIP still, but they may give a rough impression of how the WiFi feature will look in its entirety. Overall, it seems to be looking good, so I thought it might make sense to already start the review process.
A few notes on the implementation:
wpa_supplicants.conffile directly to configure the WiFi connection, and we use the marker-section mechanism to manage the TinyPilot-specific part of the configuration. Depending on whether the WiFi network is password-protected or not, we either use thewpa_passphrasecommand, or we generate the config section manually.--countryinput value in theenable-wifiscript: I’d plan to do validation in the backend later on, and the network service seems to behave graceful against invalid country codes. For the--pskflag, we have to do a basic length validation, because otherwise thewpa_passphrasecommand would fail.ifconfigcommand to check whether thewlannetwork interface is up and active. (I.e., whetherifconfigoutputs awlanblock, and whether that has ainet/inet6address assigned to it.)Original draft PR comment (2024-06-13)
This PR is a draft for now, because I wanted to evaluate the technical approach of the underlying WiFi-related logic first, before investing time into the implementation of the application logic (i.e., the Python part and the UI).
I saw that you @cghague have been involved into our WiFi FAQ document, so I was hoping that you are maybe familiar with the technical domain. Could you look over the privileged scripts of this PR and give me some initial, high-level feedback about whether the proposed approach seems sensible to you? At this point, I’d mainly like to avoid going into a wrong direction, or to miss any potential caveats or other issues I may have forgotten to consider.
A few notes on the implementation:
enable-wifiscript obviously would have to parse CLI arguments to parametrize the SSID, PSK, and country code. Thedisable-wifiscript wouldn’t take any arguments.rfkill unblock wifiandwpa_cli -i wlan0 reconfigure, it seems to be possible to effectuate the changes and activate WiFi without having to reboot the device. This would make things easier for us in the UI, but it would also be more convenient and snappier for the end-user.raspi-configtool in the scripts, because that seems to be too limited. For example, we don’t want to just keep adding new WiFi configs to thewpa_supplicant.conffile, but we basically want to maintain one “TinyPilot-owned” custom WiFi config, which we then also can delete or modify in a targeted way. For this, it seemed more sensible to me to write into thewpa_supplicant.conffile directly, using the marker-section technique that we already employ elsewhere. The downside is that this requires more low-levelled logic on our side.If you’d generally agree with the proposed approach and underlying reasoning, I’d proceed to wrap up this PR and to build the surrounding application logic.
