It's clearer this way, and it will allow to modify directly the
"Version:" and "Release:" fields to bump the version. It is more aligned
with the layout of other projects' spec files too.
(cherry picked from commit 6d952902b9)
Snapshot is only used from nm-copr-build.sh script, so not very useful.
Git_sha is used from build.sh. Other than that, downstream is always
nil.
Remove them and modify build.sh to use --define "dist xxx" instead of
them. This change is motivated by Packit not being able to modify the
release number if it has the %{snap} suffix.
(cherry picked from commit 5445ad2287)
When dist_version is defined in meson, NM installs plugins to a
directory called `NetworkManager-${dist_version}`. If the dist version
contains a `~`, like `1.56~rc1`, defining nmplugindir with
`%{version_no_tilde}` makes it `NetworkManager-1.56-rc1`, causing
rpmbuild errors due to the mismatch.
Fix it by defining nmplugindir with `%{version}` instead.
Fixes: d975389bcd ('spec: use versioning scheme with ~dev and ~rc suffixes')
(cherry picked from commit 9ebc8aa480)
It's clearer this way, and it will allow to modify directly the
"Version:" and "Release:" fields to bump the version. It is more aligned
with the layout of other projects' spec files too.
Snapshot is only used from nm-copr-build.sh script, so not very useful.
Git_sha is used from build.sh. Other than that, downstream is always
nil.
Remove them and modify build.sh to use --define "dist xxx" instead of
them. This change is motivated by Packit not being able to modify the
release number if it has the %{snap} suffix.
When dist_version is defined in meson, NM installs plugins to a
directory called `NetworkManager-${dist_version}`. If the dist version
contains a `~`, like `1.56~rc1`, defining nmplugindir with
`%{version_no_tilde}` makes it `NetworkManager-1.56-rc1`, causing
rpmbuild errors due to the mismatch.
Fix it by defining nmplugindir with `%{version}` instead.
Fixes: d975389bcd ('spec: use versioning scheme with ~dev and ~rc suffixes')
The purpose of the validation is to check that we pass to the
supplicant a configuration that it can understand. For certificates
and keys we enforce a maximum length of 64KiB; that means that the
value of the property we send (i.e. the file path or the blob id) can
be at most 64KiB. Instead we wrongly checked the size of the blob
data.
Fix the validation. Also, enforce a maximum blob size of 32MiB.
Fixes: e85cc46d0b ('core: pass certificates as blobs to supplicant for private connections')
(cherry picked from commit eb784c3f27)
The purpose of the validation is to check that we pass to the
supplicant a configuration that it can understand. For certificates
and keys we enforce a maximum length of 64KiB; that means that the
value of the property we send (i.e. the file path or the blob id) can
be at most 64KiB. Instead we wrongly checked the size of the blob
data.
Fix the validation. Also, enforce a maximum blob size of 32MiB.
Fixes: e85cc46d0b ('core: pass certificates as blobs to supplicant for private connections')
The previous commits has unified the versioning scheme to only use the
version names like 1.56-rc2, 1.56.2 and 1.57.1-dev, like the version
names that we use in the Git tags. The scheme with micro>=90 for RCs
will be used only internally, in the C headers. The tarballs will be
named with the new scheme.
Adapt the release.sh script to correctly understand this versioning
scheme and to create the tarballs with the right new name.
This will enable us to use Packit to automate rpm updates.
(cherry picked from commit 9f4261168d)
In the previous commit meson.build was adapted to use versions with -dev
and -rc suffixes, as we create them in the Git tags, instead of versions
with micro>90 for RCs as we used to do. The tarball name will contain
the version with the new scheme, so adapt the spec file for it.
This will enable us to use Packit to do automatic updates.
(cherry picked from commit d975389bcd)
This will create the tarball with names NetworkManager-1.56-rc2.tar.xz
or NetworkManager-1.57.1-dev.tar.xz. This way they will match with the
name of the Git tag, making easier for users, and specially for tools
like Packit, to understand the versioning scheme.
The goal is to make that there is only one public versioning scheme, the
one with -rc and -dev suffixes. Version numbers with micro>=90 for RC
releases is kept only as an internal thing for the C headers. Users of
the API can still use it.
Bump meson version to 0.56 to use str.substring().
(cherry picked from commit e422b1c3d9)
The previous commits has unified the versioning scheme to only use the
version names like 1.56-rc2, 1.56.2 and 1.57.1-dev, like the version
names that we use in the Git tags. The scheme with micro>=90 for RCs
will be used only internally, in the C headers. The tarballs will be
named with the new scheme.
Adapt the release.sh script to correctly understand this versioning
scheme and to create the tarballs with the right new name.
This will enable us to use Packit to automate rpm updates.
In the previous commit meson.build was adapted to use versions with -dev
and -rc suffixes, as we create them in the Git tags, instead of versions
with micro>90 for RCs as we used to do. The tarball name will contain
the version with the new scheme, so adapt the spec file for it.
This will enable us to use Packit to do automatic updates.
This will create the tarball with names NetworkManager-1.56-rc2.tar.xz
or NetworkManager-1.57.1-dev.tar.xz. This way they will match with the
name of the Git tag, making easier for users, and specially for tools
like Packit, to understand the versioning scheme.
The goal is to make that there is only one public versioning scheme, the
one with -rc and -dev suffixes. Version numbers with micro>=90 for RC
releases is kept only as an internal thing for the C headers. Users of
the API can still use it.
Bump meson version to 0.56 to use str.substring().
Currently NetworkManager depends on the external ping binary to
perform the reachability check on IP addresses. This means that the NM
daemon package must depend on another package. On Fedora the iputils
package is 800KiB.
Implement the same functionality natively so that we can drop such
dependency.
Introduce a function that pings a given host. It opens a "ping socket"
(IPPROTO_ICMP), binds it to the given ifindex, connects it to the
remote address, and keep sending ICMP echo-request packets until it
receives a reply or the optional timeout is reached. By using this
kind of socket, the kernel automatically sets the ICMP ID on outgoing
packets and matches incoming packets by the same ID.
Wireless Extensions is the legacy, ioctl-based kernel interface used
to configure Wi-Fi cards. It has been deprecated and replaced by the
cfg80211/nl80211 API since 2007, as it doesn't support modern Wi-Fi
encryption and technologies. Mark it as deprecated, so that we can get
rid of some unmaintained and untested code in a future release.
When connecting to a wifi network and providing the password on the
command line, nmcli first looks if there is a compatible connection to
reuse. If there is not, it creates and activates a new one via a
single call to AddAndActivate().
If there is a compatible connection, nmcli first calls Update() on it
to set the new password and then Activate() to bring it up. Before
that, it registers a secret agent that can prompt for a new password
in case of authentication failure.
However, as soon as nmcli registers a secret agent, NM tries to
activate again the connection if it was blocked due to a previous
authentication failure. This connection attempt is going to fail
because it still uses the old password, as new one hasn't been set via
Update().
Change the order of operations to register the agent after Update()
and before Activate().
Reproducer:
nmcli device wifi connect SSID password BAD_PASSWORD
nmcli device wifi connect SSID password GOOD_PASSWORD
Fixes: c8ff1b30fb ('nmcli/dev: use secret agent for nmcli d [wifi] connect')
(cherry picked from commit 427a7cf257)
Executing this command twice, or when a connection profile already
exists for the SSID:
nmcli device wifi connect $SSID password $PASSWORD
returns error:
Error: 802-11-wireless-security.key-mgmt: property is missing.
When setting the password nmcli was wiping the existing wireless
security setting.
Fixes: c8ff1b30fb ('nmcli/dev: use secret agent for nmcli d [wifi] connect')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1688
(cherry picked from commit 3a4e18e302)
The D-Bus API documentation of the IPv4 and IPv6 settings say:
* addresses
Deprecated in favor of the 'address-data' and 'gateway'
properties, but this can be used for backward-compatibility
with older daemons. Note that if you send this property the
daemon will ignore 'address-data' and 'gateway'.
* gateway
The gateway associated with this configuration. This is only
meaningful if "addresses" is also set.
This documentation wrongly suggests that at D-Bus level "gateway"
requires "addresses", while it actually requires "address-data". The
reason for the inconsistency is that the gateway documentation is
common between nmcli and D-Bus and it refers to the "address" GObject
property, not to the D-Bus property.
Fix this inconsistency by not explicitly mentioning the property name.
Fixes: 36156b70dc ('libnm: Override parts of nm-setting-docs.xml')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2319
(cherry picked from commit dad4da06b1)
When connecting to a wifi network and providing the password on the
command line, nmcli first looks if there is a compatible connection to
reuse. If there is not, it creates and activates a new one via a
single call to AddAndActivate().
If there is a compatible connection, nmcli first calls Update() on it
to set the new password and then Activate() to bring it up. Before
that, it registers a secret agent that can prompt for a new password
in case of authentication failure.
However, as soon as nmcli registers a secret agent, NM tries to
activate again the connection if it was blocked due to a previous
authentication failure. This connection attempt is going to fail
because it still uses the old password, as new one hasn't been set via
Update().
Change the order of operations to register the agent after Update()
and before Activate().
Reproducer:
nmcli device wifi connect SSID password BAD_PASSWORD
nmcli device wifi connect SSID password GOOD_PASSWORD
Fixes: c8ff1b30fb ('nmcli/dev: use secret agent for nmcli d [wifi] connect')
Executing this command twice, or when a connection profile already
exists for the SSID:
nmcli device wifi connect $SSID password $PASSWORD
returns error:
Error: 802-11-wireless-security.key-mgmt: property is missing.
When setting the password nmcli was wiping the existing wireless
security setting.
Fixes: c8ff1b30fb ('nmcli/dev: use secret agent for nmcli d [wifi] connect')
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1688
The function strerror_r returns an int per POSIX spec, but GNU version
returns char *. Using it fails the compilation in Alpine, so use
_nm_strerror_r instead that handles both cases.
Fixes: 41e28b900f ('daemon-helper: add read-file-as-user')
(cherry picked from commit 599cc1ed1d)
Avoid build failures in some distros.
ERROR: Assert failed: systemd required but not found, please provide a valid systemd user generator dir or disable it
Fixes: 636fb5ef24 ('systemd: install initrd services using a generator')
The function strerror_r returns an int per POSIX spec, but GNU version
returns char *. Using it fails the compilation in Alpine, so use
_nm_strerror_r instead that handles both cases.
Fixes: 41e28b900f ('daemon-helper: add read-file-as-user')
In the past, stable branches used odd micro numbers as development micro
version. Because of that, NM_API_VERSION was defined with MICRO+1 so we
don't get warnings during development.
As we stopped using odd micro=devel it is wrong to set MICRO+1 on odd
releases. Final users of 1.52.3 has NM_API_VERSION 1.52.4.
However, during development we need to have MICRO+1. For example, if we
are working on top of 1.52.3 towards the next 1.52.4, we define new
symbols with NM_AVAILABLE_IN_1_52_4. Because of that, we get compilation
failures until we finally bump to 1.52.4, just before the release. The
CI remains red until then, potentially missing many bugs.
For now, just set MICRO+1 all the time. It is wrong, but it was wrong
half of the time anyway, and at least we'll have a green CI until we
implement a definitive solution.
(cherry picked from commit 13bfa44ceb)
Add a new public function nm_utils_copy_cert_as_user() to libnm. It
reads a certificate or key file on behalf of the given user and writes
it to a directory in /run/NetworkManager. It is useful for VPN plugins
that run as root and need to verify that the user owning the
connection (the one listed in the connection.permissions property) can
access the file.
(cherry picked from commit 1a52bbe7c9)
The new API indicates that the VPN plugin supports reading files
(certificates, keys) of private connections in a safe way
(i.e. checking user permissions), or that it doesn't need to read any
file from disk.
(cherry picked from commit 10db4baeb6)
