keyfile should become our main import/export format. It is desirable,
that a keyfile can contain every aspect of a connection.
For blob certificates, the writer in core daemon would always write
them to a file and convert the scheme to path.
This behavior is not great for a (hyptetical) `nmcli connection export`
command because it would have to export them somehow outside of keyfile,
e.g. by writing them to temporary files.
Instead, if the write handler does not handle a certificate, use a
default implementation in nm_keyfile_write() which adds the blob inside
the keyfile.
Interestingly, keyfile reader already supported reading certificate
blobs. But this legacy format accepts the blob as arbitrary
binary without marking the format and without scheme prefix.
Instead of writing the binary data directly, write it with a new
uri scheme "data:;base64," and encode it in base64.
Also go through some lengths to make sure that whatever path
keyfile plugin writes, can be read back again. That is, because
keyfile writer preferably writes relative paths without prefix.
Add nm_keyfile_detect_unqualified_path_scheme() to encapsulate
the detection of pathnames without file:// prefix and use it to
check whether the path name must be fully qualified.
Update crypto_verify_private_key() and
crypto_verify_private_key_data() to indicate whether the key was
encrypted or not.
Rename crypto_decrypt_private_key() and
crypto_decrypt_private_key_data() to
crypto_decrypt_openssl_private_key*, since that's the only private key
format they deal with, and the old names made them sound more generic
than they were. Also, update the openssl private key parsing code to
recognize unencrypted private keys as well. (Previously we accepted
unencrypted PKCS#8 keys, but not unencrypted openssl-style keys.)
Make the formerly-nm-param-spec-specialized test compile (fix use of
inet_pton), and pass (include the mandatory "gateway" element in the
IPv6 addresses), make it use gtestutils and g_assert (so it actually
fails when it fails), and test a few more cases.
Rather than having test-crypto and test-setting-8021x be programs that
you have to pass arguments to to get them to run a single test, just
have them run all of the tests themselves.
This lets us get rid of the big "check-local" rule in Makefile.am and
just use TESTS to run everything.
https://bugzilla.gnome.org/show_bug.cgi?id=734388
Add NetworkManager.h, which includes all of the other NM header, and
require all external users of libnm to use that rather than the
individual headers.
(An exception is made for nm-dbus-interface.h,
nm-vpn-dbus-interface.h, and nm-version.h, which can be included
separately.)
This fixes up the code from the previous "clean" import, and adds
build infrastructure.
[There are two slightly orthogonal sets of changes in this patch.
First, the files added in the previous commit were modified as followed:
# Replace internal references to "libnm-util" and "libnm-glib" with "libnm"
perl -pi -e 's/libnm-(util|glib)/libnm/;' libnm-core/*.[ch] libnm-core/tests/*.[ch] libnm/*.[ch] libnm/tests/*.[ch]
# Fix includes of the enum-types files
perl -pi -e 's/nm-utils-enum-types/nm-core-enum-types/;' libnm-core/*.[ch] libnm-core/tests/*.[ch] libnm/*.[ch] libnm/tests/*.[ch]
perl -pi -e 's/nm-glib-enum-types/nm-enum-types/;' libnm/*.[ch] libnm/tests/*.[ch]
# Fix some python example code
perl -pi -e 's/import NMClient/import NM/;' -e 's/NMClient.Client\(\)/NM.Client()/;' libnm/nm-client.c
Then, the build infrastructure was added (without further modifying
any existing files in libnm-core or libnm.)
Note: to regenerate libnm.ver after rebase:
(head -2 libnm-util/libnm-util.ver; (grep -h '\s'nm_ libnm-util/libnm-util.ver libnm-glib/libnm-glib.ver | env LANG=C sort); tail -3 libnm-util/libnm-util.ver) > libnm/libnm.ver
]
