resolved nmcli version

Author: ehsan6sha

Dockerfile

@@ -17,11 +17,15 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o /app ./cmd/blox && \
     CGO_ENABLED=0 GOOS=linux go build -o /initipfscluster ./modules/initipfscluster
 
 # Final stage
-FROM alpine:3.17
+FROM alpine:3.20
 
-# Install necessary packages
+# Install packages from stable repos (NM 1.46.6 — compatible with host NM 1.46.0)
+# IMPORTANT: Do NOT use edge/testing for networkmanager packages — a newer nmcli
+# than the host's NM daemon causes "unknown property" errors (e.g. mac-address-denylist)
 RUN apk update && \
-    apk add --no-cache hostapd iw wireless-tools networkmanager-wifi networkmanager-cli dhcp iptables curl mergerfs --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing
+    apk add --no-cache hostapd iw wireless-tools networkmanager-wifi networkmanager-cli \
+        networkmanager-dnsmasq dhcpcd iptables curl && \
+    apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing mergerfs
 
 WORKDIR /
 

wap/pkg/wifi/hotspot.go

@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"context"
 	"fmt"
+	"os"
 	"runtime"
 	"strings"
 	"time"
@@ -99,14 +100,7 @@ func CheckHotspotSupported(ctx context.Context) (supported bool, err error) {
 func StartHotspot(ctx context.Context, forceReload bool) error {
 	var commands []string
 	var err error
-	// supported, err := CheckHotspotSupported(ctx)
-	// if err != nil {
-	// 	log.Errorw("failed to check hotspot support", "err", err)
-	// 	return err
-	// } else if !supported {
-	// 	log.Errorw("hotspot not supported")
-	// 	return fmt.Errorf("hotspot not supported")
-	// }
+
 	switch runtime.GOOS {
 	case "windows":
 		commands = []string{"netsh wlan start hostednetwork"}
@@ -128,17 +122,71 @@ func StartHotspot(ctx context.Context, forceReload bool) error {
 	case "darwin":
 		commands = []string{"/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/createbssid -n FxBlox"}
 	default:
-		commands = []string{"nmcli connection delete FxBlox", "nmcli connection add type wifi con-name FxBlox autoconnect no wifi.mode ap wifi.ssid FxBlox ipv4.method shared ipv6.method shared", "nmcli connection up FxBlox"}
+		return startHotspotLinux(ctx)
 	}
+
 	for _, command := range commands {
-		_, _, err = runCommand(ctx, command)
+		_, stderr, errCmd := runCommand(ctx, command)
 		time.Sleep(2 * time.Second)
-		if err != nil {
-			log.Errorw("failed to stop wifi hotspot", "command", command, "err", err)
+		if errCmd != nil {
+			err = errCmd
+			log.Errorw("failed to start wifi hotspot", "command", command, "err", errCmd, "stderr", stderr)
+		}
+	}
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// startHotspotLinux creates the FxBlox hotspot on Linux using nmcli,
+// with a file-based fallback if nmcli connection add fails (e.g. due to
+// nmcli/NM daemon version mismatch with mac-address-denylist property).
+func startHotspotLinux(ctx context.Context) error {
+	// Step 1: Delete existing FxBlox connection (cleanup, errors are non-fatal)
+	_, stderr, delErr := runCommand(ctx, "nmcli connection delete FxBlox")
+	if delErr != nil {
+		log.Infow("no existing FxBlox connection to delete (this is normal on first run)", "stderr", stderr)
+	}
+	time.Sleep(2 * time.Second)
+
+	// Step 2: Create FxBlox hotspot connection via nmcli
+	addCmd := "nmcli connection add type wifi con-name FxBlox autoconnect no wifi.mode ap wifi.ssid FxBlox ipv4.method shared ipv6.method shared"
+	_, stderr, err := runCommand(ctx, addCmd)
+	if err != nil {
+		log.Errorw("nmcli connection add failed, trying file-based fallback", "err", err, "stderr", stderr)
+
+		// Fallback: write .nmconnection file directly
+		if fallbackErr := writeHotspotConnectionFile(); fallbackErr != nil {
+			return fmt.Errorf("nmcli add failed (%w) and file fallback also failed (%v)", err, fallbackErr)
+		}
+		_, stderr, reloadErr := runCommand(ctx, "nmcli connection reload")
+		if reloadErr != nil {
+			log.Errorw("failed to reload connections after file fallback", "err", reloadErr, "stderr", stderr)
+			return fmt.Errorf("nmcli reload failed after file fallback: %w", reloadErr)
 		}
+		log.Infow("FxBlox connection created via file-based fallback")
 	}
+	time.Sleep(2 * time.Second)
+
+	// Step 3: Activate FxBlox connection
+	_, stderr, err = runCommand(ctx, "nmcli connection up FxBlox")
 	if err != nil {
-		log.Errorw("failed to start wifi hotspot", "command", commands, "err", err)
+		log.Errorw("failed to activate FxBlox hotspot", "err", err, "stderr", stderr)
+		return err
+	}
+
+	return nil
+}
+
+// writeHotspotConnectionFile writes a .nmconnection file for the FxBlox hotspot directly,
+// bypassing nmcli. This avoids version-mismatch issues where a newer nmcli sends
+// properties (like mac-address-denylist) that an older NM daemon doesn't recognize.
+func writeHotspotConnectionFile() error {
+	content := "[connection]\nid=FxBlox\ntype=wifi\nautoconnect=false\n\n[wifi]\nmode=ap\nssid=FxBlox\n\n[ipv4]\nmethod=shared\n\n[ipv6]\nmethod=shared\n"
+	path := "/etc/NetworkManager/system-connections/FxBlox.nmconnection"
+	if err := os.WriteFile(path, []byte(content), 0600); err != nil {
+		log.Errorw("failed to write fallback .nmconnection file", "path", path, "err", err)
 		return err
 	}
 	return nil
@@ -201,7 +249,6 @@ func CheckConnection(timeout time.Duration) error {
 
 func StopHotspot(ctx context.Context) error {
 	var commands []string
-	var err error
 	// supported, err := CheckHotspotSupported(ctx)
 	// if err != nil {
 	// 	log.Errorw("failed to check hotspot support", "err", err)
@@ -220,10 +267,10 @@ func StopHotspot(ctx context.Context) error {
 		commands = []string{"nmcli r wifi off", "nmcli r wifi on"}
 	}
 	for _, command := range commands {
-		_, _, err = runCommand(ctx, command)
-		if err != nil {
-			log.Errorw("failed to stop wifi hotspot", "command", command, "err", err)
-			return err
+		_, stderr, errCmd := runCommand(ctx, command)
+		if errCmd != nil {
+			log.Errorw("failed to stop wifi hotspot", "command", command, "err", errCmd, "stderr", stderr)
+			return errCmd
 		}
 	}
 	return nil

wap/pkg/wifi/wifi.go

@@ -2,6 +2,7 @@ package wifi
 
 import (
 	"bufio"
+	"bytes"
 	"context"
 	"errors"
 	"fmt"
@@ -357,21 +358,52 @@ func WifiRemoveall(ctx context.Context) WifiRemoveallResponse {
 }
 
 func createConnection(ctx context.Context, connectionName, ssid, password string) error {
-	// Create a connection
+	// Create a connection via nmcli
 	cmd1 := exec.CommandContext(ctx, "nmcli", "con", "add", "type", "wifi", "ifname", "*", "con-name", connectionName, "ssid", ssid)
-	if err := runCommandDirect(cmd1); err != nil {
-		return err
+	var stderr1 bytes.Buffer
+	cmd1.Stderr = &stderr1
+	if err := cmd1.Run(); err != nil {
+		log.Errorw("nmcli con add failed, trying file-based fallback", "err", err, "stderr", stderr1.String())
+
+		// Fallback: write .nmconnection file directly (avoids nmcli version mismatch issues)
+		if fallbackErr := writeWifiConnectionFile(connectionName, ssid, password); fallbackErr != nil {
+			return fmt.Errorf("nmcli add failed (%w) and file fallback also failed (%v)", err, fallbackErr)
+		}
+		_, reloadStderr, reloadErr := runCommand(ctx, "nmcli connection reload")
+		if reloadErr != nil {
+			log.Errorw("failed to reload connections after file fallback", "err", reloadErr, "stderr", reloadStderr)
+			return fmt.Errorf("nmcli reload failed after file fallback: %w", reloadErr)
+		}
+		log.Infow("WiFi connection created via file-based fallback", "connection", connectionName)
+		return nil
 	}
 
 	// Modify the connection with security settings
 	cmd2 := exec.CommandContext(ctx, "nmcli", "con", "modify", connectionName, "wifi-sec.key-mgmt", "wpa-psk", "wifi-sec.psk", password)
-	if err := runCommandDirect(cmd2); err != nil {
+	var stderr2 bytes.Buffer
+	cmd2.Stderr = &stderr2
+	if err := cmd2.Run(); err != nil {
+		log.Errorw("nmcli con modify failed", "err", err, "stderr", stderr2.String())
 		return err
 	}
 
 	return nil
 }
 
+// writeWifiConnectionFile writes a .nmconnection file for a WiFi client connection directly,
+// bypassing nmcli. This avoids version-mismatch issues where a newer nmcli sends
+// properties (like mac-address-denylist) that an older NM daemon doesn't recognize.
+func writeWifiConnectionFile(connectionName, ssid, password string) error {
+	content := fmt.Sprintf("[connection]\nid=%s\ntype=wifi\ninterface-name=*\n\n[wifi]\nssid=%s\n\n[wifi-security]\nkey-mgmt=wpa-psk\npsk=%s\n\n[ipv4]\nmethod=auto\n\n[ipv6]\nmethod=auto\n",
+		connectionName, ssid, password)
+	path := fmt.Sprintf("/etc/NetworkManager/system-connections/%s.nmconnection", connectionName)
+	if err := os.WriteFile(path, []byte(content), 0600); err != nil {
+		log.Errorw("failed to write fallback .nmconnection file", "path", path, "err", err)
+		return err
+	}
+	return nil
+}
+
 func getWifiConnections(ctx context.Context) ([]string, error) {
 	stdout, _, err := runCommand(ctx, "nmcli --terse --fields TYPE,NAME connection")
 	if err != nil {
@@ -607,16 +639,19 @@ func disconnectLinux(ctx context.Context) error {
 // This is used as a fallback when Wi-Fi connection fails
 func EnsureHotspotActive(ctx context.Context) error {
 	// Check if FxBlox connection exists and is active
-	stdout, _, err := runCommand(ctx, "nmcli -t -f NAME,STATE connection show --active")
+	stdout, stderr, err := runCommand(ctx, "nmcli -t -f NAME,STATE connection show --active")
 	if err == nil && strings.Contains(stdout, "FxBlox:activated") {
 		log.Info("FxBlox hotspot is already active")
 		return nil
 	}
+	if err != nil {
+		log.Warnf("Failed to check active connections: %v, stderr: %s", err, stderr)
+	}
 
 	// Try to activate existing FxBlox connection
-	_, _, err = runCommand(ctx, "nmcli connection up FxBlox")
+	_, stderr, err = runCommand(ctx, "nmcli connection up FxBlox")
 	if err != nil {
-		log.Warnf("Failed to activate existing FxBlox hotspot: %v", err)
+		log.Warnf("Failed to activate existing FxBlox hotspot: %v, stderr: %s", err, stderr)
 
 		// If activation fails, try to recreate the hotspot
 		return StartHotspot(ctx, true)