Use a macro that uses NM_CAST_STRV_CC() to cast the strv argument. Note that
NM_CAST_STRV_CC() uses C11's _Generic() to check whether the argument is
of a valid type.
Add a new `main.rc-manager=auto` setting, that favours to use
systemd-resolved (and not touch "/etc/resolv.conf" but configure
it via D-Bus), or falls back to `resolvconf`/`netconfig` binaries
if they are installed and enabled at compile time.
As final fallback use "symlink", like before.
Note that on Fedora there is no "openresolv" package ([1]). Instead, "systemd"
package provides "/usr/sbin/resolvconf" as a wrapper for systemd-resolved's
"resolvectl". On such a system the fallback to resolvconf is always
wrong, because NetworkManager should either talk to systemd-resolved
directly or not but never call "/usr/sbin/resolvconf". So, the special handling
for resolvconf and netconfig is only done if NetworkManager was build with these
applications explicitly enabled.
Note that SUSE builds NetworkManager with
--with-netconfig=yes
--with-config-dns-rc-manager-default=netconfig
and the new option won't be used there either. But of course, netconfig
already does all the right things on SUSE.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=668153
Suggested-by: Jason A. Donenfeld <Jason@zx2c4.com>
Arguably, a fixme comment isn't useful. It would be better to fix it.
On the other hand, nowadays these modes are not very popular and usually
not used. If somebody cares, please provide a patch.
glib's is{alnum,alpha,ascii,...}() functions perform the check based
on the current locale. Probably using isascii() would be fine anyway,
but add a NM version that just checks that the upper bit is zero.
The kernel of Ubuntu 16.04 doesn't support IFLA_BR_VLAN_STATS_ENABLED.
If we want to run on such old kernels (which we probably do), we need to
detect that, and act accordingly.
Add nm_platform_kernel_support_get_full() to allow fetching the support
state without setting it to the compile time default.
Also, use g_atomic_int_get() to access _nm_platform_kernel_support_state
values. We should not access static variables without synchronization.
Better get it correct in any case than fast.
With Fedora 33, LTO will be enabled by default via CFLAGS in
redhat-rpm-config ([1]).
That basically sets "CFLAGS=-flto -ffat-lto-objects".
Note that we have our own configure/meson option to enable LTO.
With "--with-lto" we set CFLAGS="-flto -flto-partition=none". This
is necessary due ([2], [3]).
So, disable Fedora's automatism, but turn on the suitable configure
option to get working LTO.
[1] 5baaf4a99c
[2] e6cf4213a7 ('build: fix building with LTO')
[3] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48200#c28
No amount of _Pragma was able to disable this warning.
In function ‘strncpy’,
inlined from ‘_nm_strndup_a_step’ at ./shared/nm-glib-aux/nm-macros-internal.h:1367:3,
inlined from ‘nms_keyfile_nmmeta_check_filename’ at src/settings/plugins/keyfile/nms-keyfile-utils.c:61:0:
/usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^
src/settings/plugins/keyfile/nms-keyfile-utils.c: In function ‘nms_keyfile_nmmeta_check_filename’:
src/settings/plugins/keyfile/nms-keyfile-utils.c:44: note: length computed here
44 | len = strlen (filename);
|
lto1: all warnings being treated as errors
Oddly enough, gcc is still emitting the warning even with "-Wno-stringop-overflow",
but at least it doesn't break the build.
nmcli is build with libtool, so "clients/cli/nmcli" is really a shell script
that invokes the real nmcli (at "clients/cli/.libs/nmcli").
When building with LTO for some reasons "clients/cli/nmcli" still
does some build steps during the first invocation.
That means, if we run `make check-local-clients-tests-test-client` it
would first do the final build step. This takes a while, and the test
times out (worse, we do that build step many times in parallel).
Avoid that by invoking "clients/cli/nmcli" first.
We use a linker version script "NetworkManager.ver", to hide
symbols from NetworkManager that are not used. That is important
due to our habit of using internal helper libraries that we link
statically everywhere, without handpicking the symbols we actually
need. We want the tooling to get rid of unnecessary symbols.
However, NetworkManager loads shared libraries for settings and device
plugins. These libraries require symbols from the NetworkManager binary,
but which one depends on build options. Hence, we also generate
"NetworkManager.ver" by the "tools/create-exports-NetworkManager.sh"
script.
For that the script uses "nm" to find symbols that are undefined in the
plugin libraries but defined in NetworkManager. With autotools the
script looked at "./src/.libs/libNetworkManager.a" to find the present
symbols. Note that for meson that already didn't work, and we build
instead an intermediate NetworkManager binary first (with all symbols
exposed). With LTO, "nm" doesn't find all symbols in
"./src/.libs/libNetworkManager.a", and consequently they are not
exported and dropped/hidden.
This also causes unit tests to fail with LTO, because our test script
"tools/check-exports.sh" catches such bugs.
Fix that by also with autotools generate a complete "NetworkManager-all-sym"
binary that is used to generate "NetworkManager.ver", before rebuilding
"NetworkManager" again.
On Debian sid, pygobject no longer builds "python-gobject" for
python2. Still, python2 may be installed and detected preferably
by AM_PATH_PYTHON(). Add workaround.
The matchfilecon API is deprecated for a very long time. Since selinux 3.1
the functions are also marked as deprecated in the header, which causes
compiler warnings and build failures.
Update the code to use selabel API instead.
Seems with LTO the compiler can sometimes think that thes variables are
uninitialized. Usually those code paths are only after an assertion was
hit (g_return*()), but we still need to workaround the warning.
With LTO and optimizations enabled, we get a compiler warning about fd_udp
not initialized:
../src/n-dhcp4-c-connection.c: In function ‘n_dhcp4_c_connection_connect’:
../src/n-dhcp4-c-connection.c:196:13: error: ‘fd_udp’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
196 | r = epoll_ctl(connection->fd_epoll,
| ^
../src/n-dhcp4-c-connection.c:185:16: note: ‘fd_udp’ was declared here
185 | int r, fd_udp;
| ^
6c6e936898
gcc-10.2.1-1.fc32 with optimizations and LTO enabled can think that "len"
is uninitialized. Let packet_recv_udp() always set the length.
../src/n-dhcp4-socket.c: In function ‘n_dhcp4_c_socket_packet_recv.constprop’:
../src/n-dhcp4-incoming.c:210:29: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
210 | incoming->n_message = n_raw;
| ^
../src/n-dhcp4-socket.c:558:16: note: ‘len’ was declared here
558 | size_t len;
| ^
142eedcfc3
Older kernels may not support or send all bridge options in the netlink
message. In case the parameter is missing, set the default value.
Note that there may be future cases where we need to encode whether
the option is present or not. Currently we don't express that.
Older versions of iproute2 (Ubuntu 16.04) don't support all the requested
bridge options. We need to gracefully ignore a failure and try with our
own implementation.
While doing that, only set the command line arguments if they are
necessary (that is, if they requested value is not the default already).
Luckily, Ubuntu 16.04's kernel supports these properties just fine, so
we can avoid complicated compatibility code to cope with missing kernel
support. It's really just an iproute2 limitation and affects only the
tests.
Imagine we wait for a device, the device appears and starts activating.
That might take a while (during which it has a pending action). In the
meantime, the "connection.wait-device-timeout" timeout expires.
Now we want to log a warning about profiles that don't have their
device upon timeout. However, that the device is still busy at that
point is irrelevant. Skip logging a message about those profiles.
Fixes: 3df662f534 ('settings: rework wait-device-timeout handling and consider device compatibility')
