Ubuntu
netplan.io package

Ignore empty wireguard endpoints

Bug #2039821 reported by Danilo Egea Gondolfo
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
netplan.io (Ubuntu)
Fix Released
Undecided
Unassigned
Mantic
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

Creating a Wireguard tunnel using the GUI allows the user to omit the peer endpoint.
The configuration created by NetworkManager will still include the Endpoint= key with an empty string ("")
as its value. This configuration will then be imported into a Netplan state using libnetplan and the
resulting YAML file will include the empty string as the endpoint value. When libnetplan loads and parses
the resulting YAML, the validation process will not accept the empty string as the endpoint value and fail.

An endpoint that's an empty string should just be ignored.

[ Test Plan ]

How to reproduce the issues.

1) Launch a Mantic desktop instance on LXD (or any Mantic desktop installation)

$ lxc launch images:ubuntu/mantic/desktop mantic-desktop --vm -c limits.memory=2GiB --console=vga

2) Open the "Advanced Network Configuration" application

3) Add a new connection of type WireGuard
  a) Set the interface name to wg0
  b) Set the private key to 4GgaQCy68nzNsUE5aJ9fuLzHhB65tAlwbmA72MWnOm8=
  c) In the "peers" section, click on Add
  d) Set the "Public key" to M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=
  e) Leave the other settings empty and click on Apply then Save

4) You will get an error message and will find the errors below in the Network Manager's journal:

Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: /etc/netplan/90-NM-47e8e1b7-61c7-4568-8418-14b134382fcd.yaml:11:19: Error in network definition: invalid endpoint address or hostname ''
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: - endpoint: ""
Oct 20 10:01:07 mantic-desktop NetworkManager[3130]: ^
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: <error> [1697796067.1011] BUG: the profile cannot be stored in keyfile format without becoming unusable: cannot access file: No such file or directory
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: **
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:01:07 mantic-desktop NetworkManager[2775]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:<unknown-fcn>: assertion failed: (<dropped>)
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT
Oct 20 10:01:07 mantic-desktop systemd[1]: NetworkManager.service: Failed with result 'core-dump'.

Testing the fixes

1) Add the PPA repository with the updated package and upgrade netplan

$ sudo add-apt-repository ppa:danilogondolfo/netplan-sru
$ sudo apt update && sudo apt upgrade -y

3) Restart Network Manager

$ sudo systemctl restart NetworkManager

4) Run the test described above again and check they will not cause any crashes

[ Where problems could occur ]

As we are only relaxing the validation of Wireguard endpoints to ignore empty strings
we are not expecting any regressions caused
by these changes. There are no intended changes in behavior introduced by these changes.

All the autopkgtests from netplan.io and network-manager are still passing with these patches.

--- Original description ---

The Network Manager's GUI in gnome will emit a wireguard endpoint with an empty string ("") when it's omitted by the user. As Netplan is rejecting this configuration, NM will fail to create the connection.

This is addressed by this patch https://github.com/canonical/netplan/pull/414. Netplan will ignore endpoints that are empty strings.

This problem is related to this LP bug https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2038811

See original description

Related branches

~danilogondolfo/netplan:lp2038811_1
Lukas Märdian: Approve
Ubuntu Core Development Team: Pending requested
Diff: 544 lines (+506/-1)
5 files modified
debian/changelog (+14/-0)
debian/control (+2/-1)
debian/patches/lp2039821/0008-wireguard-ignore-empty-endpoints.patch (+117/-0)
debian/patches/lp2039825/0009-auth-add-support-for-LEAP-and-EAP-PWD.patch (+371/-0)
debian/patches/series (+2/-0)
Danilo Egea Gondolfo (danilogondolfo)
description: updated
Danilo Egea Gondolfo (danilogondolfo)
description: updated
Revision history for this message
Lukas Märdian (slyon) wrote :

I staged the changes for Noble
- https://git.launchpad.net/~ubuntu-core-dev/netplan/+git/ubuntu/log/?h=ubuntu-noble

And sponsored the SRU into Mantic:
- https://launchpad.net/ubuntu/mantic/+queue?queue_state=1&queue_text=netplan
- https://git.launchpad.net/~ubuntu-core-dev/netplan/+git/ubuntu/log/?h=ubuntu-mantic

Changed in netplan.io (Ubuntu):
status: New → In Progress
Changed in netplan.io (Ubuntu Mantic):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package netplan.io - 0.107-5ubuntu1

---------------
netplan.io (0.107-5ubuntu1) noble; urgency=medium

  * d/p/lp2039821/0008-wireguard-ignore-empty-endpoints.patch (LP: #2039821)
    Network Manager GUIs might emit a Wireguard endpoint as an empty string
    when it's omitted. Netplan is rejecting the generated YAML. With this
    patch Netplan will just ignore empty endpoints.
  * d/p/lp2039825/0009-auth-add-support-for-LEAP-and-EAP-PWD.patch
    Netplan's keyfile parser will generate incorrect configuration when
    unsupported EAP method are used. It ends up generating invalid Network
    Manager configuration. This patch implements support for LEAP and PWD
    methods. (LP: #2039825)

 -- Danilo Egea Gondolfo <email address hidden> Thu, 26 Oct 2023 11:21:56 +0100

Changed in netplan.io (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Danilo, or anyone else affected,

Accepted netplan.io into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.107-5ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in netplan.io (Ubuntu Mantic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-mantic
Revision history for this message
Danilo Egea Gondolfo (danilogondolfo) wrote :

I can confirm the creation of wireguard connections with empty endpoints (as described above) is now working on Network Manager with netplan.io 0.107-5ubuntu0.1 on Mantic.

Danilo Egea Gondolfo (danilogondolfo)
tags: added: verification-done-mantic
removed: verification-needed-mantic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package netplan.io - 0.107-5ubuntu0.1

---------------
netplan.io (0.107-5ubuntu0.1) mantic; urgency=medium

  * d/p/lp2039821/0008-wireguard-ignore-empty-endpoints.patch (LP: #2039821)
    Network Manager GUIs might emit a Wireguard endpoint as an empty string
    when it's omitted. Netplan is rejecting the generated YAML. With this
    patch Netplan will just ignore empty endpoints.
  * d/p/lp2039825/0009-auth-add-support-for-LEAP-and-EAP-PWD.patch
    Netplan's keyfile parser will generate incorrect configuration when
    unsupported EAP method are used. It ends up generating invalid Network
    Manager configuration. This patch implements support for LEAP and PWD
    methods. (LP: #2039825)

 -- Danilo Egea Gondolfo <email address hidden> Thu, 19 Oct 2023 15:14:56 +0100

Changed in netplan.io (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for netplan.io has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.