From 54a525c14fb1e7e25b7a2d16af02a39485bee296 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 2 Apr 2019 16:50:07 +0200 Subject: [PATCH 1/8] gitlab-ci: print information about test environment in tests It's just interesting to see in the logs. (cherry picked from commit 645b195f9c764a4641390af26f1a29f5a1d852f2) --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 207c992552..887ac2db44 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,6 +18,8 @@ stages: .fedora_script: &fedora_script stage: test script: + - date '+%Y%m%d-%H%M%S'; uname -a + - date '+%Y%m%d-%H%M%S'; dnf list --installed - date '+%Y%m%d-%H%M%S'; git clean -fdx ; CI=gitlab BUILD_TYPE=autotools CC=gcc WITH_DOCS=1 contrib/scripts/nm-ci-run.sh - date '+%Y%m%d-%H%M%S'; rm -rf /tmp/nm-docs-html; mv build/INST/share/gtk-doc/html /tmp/nm-docs-html - date '+%Y%m%d-%H%M%S'; git clean -fdx ; CI=gitlab BUILD_TYPE=meson CC=gcc WITH_DOCS=1 contrib/scripts/nm-ci-run.sh From ed39bf764085e73f2cb368ff4a6693ed581fa2c6 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 9 Apr 2019 17:48:35 +0200 Subject: [PATCH 2/8] gitlab-ci: add test on Fedora 30 image And no longer use "fedora:lastest". While "fedora:rawhide" names the very latest branch (and we want to test that), for all proper releases we want name them explicitly. (cherry picked from commit 2955d5e69a643caaa24dd7efc2237a0bdcc4fd32) --- .gitlab-ci.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 887ac2db44..8b96f910db 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -50,12 +50,17 @@ build_f28: paths: - docs-html -build_f_latest: +build_f29: <<: *fedora_install - image: fedora:latest + image: fedora:29 <<: *fedora_script -build_f_rawhide: +build_f30: + <<: *fedora_install + image: fedora:30 + <<: *fedora_script + +build_frawhide: <<: *fedora_install image: fedora:rawhide <<: *fedora_script From 114ce3cb81e89cbcb7d4abcb3ec4f2ed18419e4d Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Sun, 7 Apr 2019 12:19:02 +0200 Subject: [PATCH 3/8] gitlab-ci: run unit tests for n-acd with eBPF disabled Enabling eBPF causes src/devices/tests/test-acd to fail: strace: bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_HASH, key_size=4, value_size=1, max_entries=8, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0}, 112) = -1 EPERM (Operation not permitted) NetworkManager-Message: 10:07:04.404: [1554631624.4046] acd[0xa2b400,10]: couldn't init ACD for announcing addresses on interface 'nm-test-veth0': Operation not permitted Interestingly it does not always fail. Seems to depend on the kernel which is used in the containerized test environments of gitlab-ci. For now, just disable eBPF and use the fallback implementation. (cherry picked from commit a5869d1b354bb32c0718cbe7872cb2fe844bcf10) --- contrib/scripts/nm-ci-run.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/scripts/nm-ci-run.sh b/contrib/scripts/nm-ci-run.sh index 7072933677..0ecdaa0384 100755 --- a/contrib/scripts/nm-ci-run.sh +++ b/contrib/scripts/nm-ci-run.sh @@ -98,6 +98,8 @@ run_autotools() { --enable-tests=yes \ --with-crypto=$_WITH_CRYPTO \ \ + --with-ebpf=no \ + \ --with-libnm-glib=yes \ --with-iwd=yes \ --with-ofono=yes \ @@ -167,6 +169,8 @@ run_meson() { -D crypto=$_WITH_CRYPTO \ -D docs=$_WITH_DOCS \ \ + -D ebpf=false \ + \ -D libnm_glib=true \ -D iwd=true \ -D ofono=true \ From 38ee0c7834f5b3bfbd507f305a5c8d83546473eb Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 9 Apr 2019 17:24:59 +0200 Subject: [PATCH 4/8] build: disable eBPF by default We have random failures to build on gitlab-ci. Something is wrong, at least, eBPF is not working reliably. Disable it for now. (cherry picked from commit 52ea426b81e758819beb7850a590058f740706ab) --- configure.ac | 3 ++- meson.build | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 869bd1013f..78005d3dea 100644 --- a/configure.ac +++ b/configure.ac @@ -529,7 +529,8 @@ esac AC_ARG_WITH(ebpf, AS_HELP_STRING([--with-ebpf=yes|no|auto], [Build with eBPF support (default: auto)]), [], [with_ebpf=auto]) -if test "$with_ebpf" = "yes" -o "$with_ebpf" = "auto"; then +# 'auto' means 'false' because there are still some issues. +if test "$with_ebpf" = "yes" ; then AC_CHECK_HEADER(linux/bpf.h, [have_ebpf=yes], [have_ebpf=no]) else have_ebpf=no diff --git a/meson.build b/meson.build index f0e535c34c..b8e248c482 100644 --- a/meson.build +++ b/meson.build @@ -437,7 +437,8 @@ config_h.set10('HAVE_SELINUX', enable_selinux) # eBPF support ebpf_opt = get_option('ebpf') -if ebpf_opt == 'false' +# 'auto' means 'false', because there are still issues. +if ebpf_opt != 'true' enable_ebpf = false else enable_ebpf = true From 46dce6e6346f9921e88e573ac1939033cc090f3d Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 3 Apr 2019 14:52:24 +0200 Subject: [PATCH 5/8] contrib/rpm: disable NDEBUG for meson builds For better or worse, our release builds commonly do not disable assertions. That means, - NDEBUG is not set, and assert() is in effect - G_DISABLE_ASSERT is not set, and g_assert() is in effect - G_DISABLE_CHECKS is not set, and g_return*() is in effect. On the other hand, NM_MORE_ASSERTS is not enabled by default and nm_assert() is stripped away. That is the actual purpose of nm_assert(): it is commonly disabled on release builds, while all other assertions are enabled. Note that it is fully supported to build NetworkManager with all kind of assertions disabled. However, such a configuration is not much tested and I would not recommend it for that reason. %meson expands to $ /usr/bin/meson --buildtype=plain --prefix=/usr --libdir=/usr/lib64 --libexecdir=/usr/libexec --bindir=/usr/bin --sbindir=/usr/sbin --includedir=/usr/include --datadir=/usr/share --mandir=/usr/share/man --infodir=/usr/share/info --localedir=/usr/share/locale --sysconfdir=/etc --localstatedir=/var --sharedstatedir=/var/lib --wrap-mode=nodownload --auto-features=enabled -Db_ndebug=true . x86_64-redhat-linux-gnu $OTHER_ARGS thus passing -DNDEBUG to the meson build. Override that. (cherry picked from commit ef338667f82919dcd9fa014a590d04c02622074b) --- contrib/fedora/rpm/NetworkManager.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index e3293bb7c1..d68f08a89f 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -475,6 +475,7 @@ by nm-connection-editor and nm-applet in a non-graphical environment. %build %if %{with meson} %meson \ + -Db_ndebug=false \ --warnlevel 2 \ %if %{with test} --werror \ From 7bbb6a205f1bff247440e4363c103317585edcf9 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 9 Apr 2019 13:56:26 +0200 Subject: [PATCH 6/8] contrib/rpm: from Fedora 31 onwards use internal DHCP client by default In RHEL-8.0 we already switched the default DHCP plugin. It's past time that we do the same for Fedora. (cherry picked from commit b1f556bae238afdb4bcea9821e429df00ec9f2ae) --- contrib/fedora/rpm/NetworkManager.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index d68f08a89f..7994d9fb58 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -97,10 +97,10 @@ %global with_modem_manager_1 0 %endif -%if 0%{?fedora} || 0%{?rhel} <= 7 -%global dhcp_default dhclient -%else +%if 0%{?fedora} >= 31 || 0%{?rhel} >= 8 %global dhcp_default internal +%else +%global dhcp_default dhclient %endif ############################################################################### From 9fc91c23eeeae38223cbeb20405dd99983dba61b Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 9 Apr 2019 13:44:41 +0200 Subject: [PATCH 7/8] contrib/rpm: make spec file more similar to rhel-7's (cherry picked from commit b3997312bf19b702aa4a977ac84af97cb95e3264) --- contrib/fedora/rpm/NetworkManager.spec | 73 ++++++++++++++++++++++---- 1 file changed, 62 insertions(+), 11 deletions(-) diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index 7994d9fb58..dba5e66899 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -97,12 +97,34 @@ %global with_modem_manager_1 0 %endif -%if 0%{?fedora} >= 31 || 0%{?rhel} >= 8 +%if 0%{?fedora} >= 31 || 0%{?rhel} > 7 %global dhcp_default internal %else %global dhcp_default dhclient %endif +%if 0%{?fedora} || 0%{?rhel} > 7 +%global logging_backend_default journal +%global dns_rc_manager_default symlink +%else +%global logging_backend_default syslog +%global dns_rc_manager_default file +%endif + +%if 0%{?rhel} +%global config_plugins_default ifcfg-rh,ibft +%global ibft_enabled yes +%else +%global config_plugins_default ifcfg-rh +%global ibft_enabled no +%endif + +%if 0%{?fedora} +%global ebpf_enabled yes +%else +%global ebpf_enabled no +%endif + ############################################################################### Name: NetworkManager @@ -137,6 +159,11 @@ Obsoletes: NetworkManager < %{obsoletes_device_plugins} Obsoletes: NetworkManager < %{obsoletes_ppp_plugin} Obsoletes: NetworkManager-wimax < 1.2 +%if 0%{?rhel} && 0%{?rhel} <= 7 +# Kept for RHEL to ensure that wired 802.1x works out of the box +Requires: wpa_supplicant >= 1:1.1 +%endif + Conflicts: NetworkManager-vpnc < 1:0.7.0.99-1 Conflicts: NetworkManager-openvpn < 1:0.7.0.99-1 Conflicts: NetworkManager-pptp < 1:0.7.0.99-1 @@ -256,7 +283,12 @@ Summary: Bluetooth device plugin for NetworkManager Group: System Environment/Base Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Requires: NetworkManager-wwan = %{epoch}:%{version}-%{release} +%if 0%{?rhel} && 0%{?rhel} <= 7 +# No Requires:bluez to prevent it being installed when updating +# to the split NM package +%else Requires: bluez >= 4.101-5 +%endif Obsoletes: NetworkManager < %{obsoletes_device_plugins} Obsoletes: NetworkManager-bt @@ -272,8 +304,12 @@ Group: System Environment/Base BuildRequires: teamd-devel Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} Obsoletes: NetworkManager < %{obsoletes_device_plugins} +%if 0%{?fedora} || 0%{?rhel} >= 8 # Team was split from main NM binary between 0.9.10 and 1.0 +# We need this Obsoletes in addition to the one above +# (git:3aede801521ef7bff039e6e3f1b3c7b566b4338d). Obsoletes: NetworkManager < 1.0.0 +%endif %description team This package contains NetworkManager support for team devices. @@ -307,7 +343,12 @@ This package contains NetworkManager support for Wifi and OLPC devices. Summary: Mobile broadband device plugin for NetworkManager Group: System Environment/Base Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} +%if 0%{?rhel} && 0%{?rhel} <= 7 +# No Requires:ModemManager to prevent it being installed when updating +# to the split NM package +%else Requires: ModemManager +%endif Obsoletes: NetworkManager < %{obsoletes_device_plugins} %description wwan @@ -546,10 +587,13 @@ by nm-connection-editor and nm-applet in a non-graphical environment. -Dconcheck=true \ %if 0%{?fedora} -Dlibpsl=true \ - -Debpf=true \ %else -Dlibpsl=false \ +%endif +%if %{ebpf_enabled} != yes -Debpf=false \ +%else + -Debpf=true \ %endif -Dsession_tracking=systemd \ -Dsuspend_resume=systemd \ @@ -559,14 +603,20 @@ by nm-connection-editor and nm-applet in a non-graphical environment. -Dtests=yes \ -Dvalgrind=no \ -Difcfg_rh=true \ +%if %{ibft_enabled} != yes + -Dibft=false \ +%else + -Dibft=true \ +%endif + -Difupdown=false \ %if %{with ppp} -Dpppd_plugin_dir=%{_libdir}/pppd/%{ppp_version} \ -Dppp=true \ %endif -Ddist_version=%{version}-%{release} \ - -Dconfig_plugins_default='ifcfg-rh' \ - -Dconfig_dns_rc_manager_default=symlink \ - -Dconfig_logging_backend_default=journal \ + -Dconfig_plugins_default=%{config_plugins_default} \ + -Dconfig_dns_rc_manager_default=%{dns_rc_manager_default} \ + -Dconfig_logging_backend_default=%{logging_backend_default} \ -Djson_validation=true \ %if %{with libnm_glib} -Dlibnm_glib=true @@ -662,11 +712,10 @@ intltoolize --automake --copy --force --enable-concheck \ %if 0%{?fedora} --with-libpsl \ - --with-ebpf \ %else --without-libpsl \ - --without-ebpf \ %endif + --with-ebpf=%{ebpf_enabled} \ --with-session-tracking=systemd \ --with-suspend-resume=systemd \ --with-systemdsystemunitdir=%{systemd_dir} \ @@ -680,14 +729,16 @@ intltoolize --automake --copy --force %endif --with-valgrind=no \ --enable-ifcfg-rh=yes \ + --enable-config-plugin-ibft=%{ibft_enabled} \ + --enable-ifupdown=no \ %if %{with ppp} --with-pppd-plugin-dir=%{_libdir}/pppd/%{ppp_version} \ --enable-ppp=yes \ %endif --with-dist-version=%{version}-%{release} \ - --with-config-plugins-default='ifcfg-rh' \ - --with-config-dns-rc-manager-default=symlink \ - --with-config-logging-backend-default=journal \ + --with-config-plugins-default=%{config_plugins_default} \ + --with-config-dns-rc-manager-default=%{dns_rc_manager_default} \ + --with-config-logging-backend-default=%{logging_backend_default} \ --enable-json-validation \ %if %{with libnm_glib} --with-libnm-glib @@ -802,7 +853,7 @@ fi %systemd_postun -%if 0%{?fedora} < 28 +%if (0%{?fedora} && 0%{?fedora} < 28) || 0%{?rhel} %post glib -p /sbin/ldconfig %postun glib -p /sbin/ldconfig From 3443a8004ac88ca8091172ecfd0fb13d3d701eea Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Tue, 9 Apr 2019 15:44:51 +0200 Subject: [PATCH 8/8] contrib/rpm: disable eBPF for package builds on Fedora We have random failures to build on gitlab-ci. Something is wrong, at least, eBPF is not working reliably. Disable it for now. (cherry picked from commit 0d16b037f546bf8f251ab30f47a0a06657fd098b) --- contrib/fedora/rpm/NetworkManager.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec index dba5e66899..167c3e4891 100644 --- a/contrib/fedora/rpm/NetworkManager.spec +++ b/contrib/fedora/rpm/NetworkManager.spec @@ -120,7 +120,12 @@ %endif %if 0%{?fedora} -%global ebpf_enabled yes +# Altough eBPF would be available on Fedora's kernel, it seems +# we often get SELinux denials (rh#1651654). But even aside them, +# bpf(BPF_MAP_CREATE, ...) randomly fails with EPERM. That might +# be related to `ulimit -l`. Anyway, this is not usable at the +# moment. +%global ebpf_enabled no %else %global ebpf_enabled no %endif