1. 06 Apr, 2022 13 commits
  2. 05 Apr, 2022 4 commits
    • Thomas Haller's avatar
      systemd: merge branch systemd into main · 261d74d8
      Thomas Haller authored
      !1178
      261d74d8
    • Fernando Fernández Mancera's avatar
      ovs, dpdk: fix creating ovs-interface when the ovs-bridge is netdev · 99a6c6ed
      Fernando Fernández Mancera authored
      When the ovs-bridge datapath is netdev, OpenvSwitch will not create a
      ovs-interface but a tun interface. The ovs-interface device must check
      all the link-change signals and check if the link type is tun and the
      interface name is the same than the device name. If so, the
      ovs-interface device will get the ifindex of the tun device. This allow
      NetworkManager to manage the interface properly, modifying MTU,
      configuring IPv4/IPv6 and others.
      
      Example:
      
      ```
      55: ovsbridge-port0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UNKNOWN group default qlen 1000
          link/ether fa:fb:07:98:e0:c6 brd ff:ff:ff:ff:ff:ff
          inet 192.168.123.100/24 brd 192.168.123.255 scope global noprefixroute ovsbridge-port0
             valid_lft forever preferred_lft forever
          inet6 fe80::9805:55c4:4c5f:da1c/64 scope link noprefixroute
             valid_lft forever preferred_lft forever
      ```
      
      https://bugzilla.redhat.com/show_bug.cgi?id=2001792
      !1179
      99a6c6ed
    • Thomas Haller's avatar
    • Thomas Haller's avatar
      find-backports: support "Ignore-Fixes:" tag to ignore "Fixes:" commit · 4e28bd5a
      Thomas Haller authored
      "Ignore-Backport:" is already in use. For the find-backports script it
      has the same meaning as a "cherry picked from" line, that means, we
      assume that the referenced patch was backported already and the fix
      applied.
      
      This is of course useful to make the script shut up about backports that
      we don't want to do. However, it requires us to tag the old branch
      with this, so that the script thinks that the patch is already there.
      
      Imaging we have a wrong commit on "next" branch with a Fixes line. We
      don't want to backport it, so we would have to tag the "old" branch with
      "Ignore-Backport:". That is cumbersome.
      
      Instead, now also support that if a commit contains a "Fixes:" line any
      an "Ignore-Fixes:" for the same fixed commit, then this let's the
      "Fixes:" line be ignored.
      4e28bd5a
  3. 04 Apr, 2022 11 commits
    • Thomas Haller's avatar
      4a35dbe6
    • Thomas Haller's avatar
      systemd: update code from upstream (2022-04-01) · 7b3466fc
      Thomas Haller authored
      This is a direct dump from systemd git.
      
        $ git clean -fdx && \
          git cat-file -p HEAD | sed '1,/^======$/ d' | bash - && \
          git add .
      
      ======
      
      SYSTEMD_DIR=../systemd
      COMMIT=64c843d12dde2a7dc2646a09f38d697caa7faee3
      
      (
        cd "$SYSTEMD_DIR"
        git checkout "$COMMIT"
        git reset --hard
        git clean -fdx
      )
      
      git ls-files -z :/src/libnm-systemd-core/src/ \
                      :/src/libnm-systemd-shared/src/ \
                      :/src/libnm-std-aux/unaligned.h | \
        xargs -0 rm -f
      
      nm_copy_sd_shared() {
          mkdir -p "./src/libnm-systemd-shared/$(dirname "$1")"
          cp "$SYSTEMD_DIR/$1" "./src/libnm-systemd-shared/$1"
      }
      
      nm_copy_sd_core() {
          mkdir -p "./src/libnm-systemd-core/$(dirname "$1")"
          cp "$SYSTEMD_DIR/$1" "./src/libnm-systemd-core/$1"
      }
      
      nm_copy_sd_stdaux() {
          mkdir -p "./src/libnm-std-aux/"
          cp "$SYSTEMD_DIR/$1" "./src/libnm-std-aux/${1##*/}"
      }
      
      nm_copy_sd_core "src/libsystemd-network/arp-util.c"
      nm_copy_sd_core "src/libsystemd-network/arp-util.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp-identifier.c"
      nm_copy_sd_core "src/libsystemd-network/dhcp-identifier.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp-internal.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp-lease-internal.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp-network.c"
      nm_copy_sd_core "src/libsystemd-network/dhcp-option.c"
      nm_copy_sd_core "src/libsystemd-network/dhcp-packet.c"
      nm_copy_sd_core "src/libsystemd-network/dhcp-protocol.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp6-internal.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp6-lease-internal.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp6-network.c"
      nm_copy_sd_core "src/libsystemd-network/dhcp6-option.c"
      nm_copy_sd_core "src/libsystemd-network/dhcp6-option.h"
      nm_copy_sd_core "src/libsystemd-network/dhcp6-protocol.c"
      nm_copy_sd_core "src/libsystemd-network/dhcp6-protocol.h"
      nm_copy_sd_core "src/libsystemd-network/lldp-neighbor.c"
      nm_copy_sd_core "src/libsystemd-network/lldp-neighbor.h"
      nm_copy_sd_core "src/libsystemd-network/lldp-network.c"
      nm_copy_sd_core "src/libsystemd-network/lldp-network.h"
      nm_copy_sd_core "src/libsystemd-network/lldp-rx-internal.h"
      nm_copy_sd_core "src/libsystemd-network/network-common.c"
      nm_copy_sd_core "src/libsystemd-network/network-common.h"
      nm_copy_sd_core "src/libsystemd-network/network-internal.c"
      nm_copy_sd_core "src/libsystemd-network/network-internal.h"
      nm_copy_sd_core "src/libsystemd-network/sd-dhcp-client.c"
      nm_copy_sd_core "src/libsystemd-network/sd-dhcp-lease.c"
      nm_copy_sd_core "src/libsystemd-network/sd-dhcp6-client.c"
      nm_copy_sd_core "src/libsystemd-network/sd-dhcp6-lease.c"
      nm_copy_sd_core "src/libsystemd-network/sd-ipv4ll.c"
      nm_copy_sd_core "src/libsystemd-network/sd-lldp-rx.c"
      nm_copy_sd_core "src/libsystemd/sd-event/event-source.h"
      nm_copy_sd_core "src/libsystemd/sd-event/event-util.c"
      nm_copy_sd_core "src/libsystemd/sd-event/event-util.h"
      nm_copy_sd_core "src/libsystemd/sd-event/sd-event.c"
      nm_copy_sd_core "src/libsystemd/sd-id128/id128-util.c"
      nm_copy_sd_core "src/libsystemd/sd-id128/id128-util.h"
      nm_copy_sd_core "src/libsystemd/sd-id128/sd-id128.c"
      nm_copy_sd_core "src/systemd/_sd-common.h"
      nm_copy_sd_core "src/systemd/sd-dhcp-client.h"
      nm_copy_sd_core "src/systemd/sd-dhcp-lease.h"
      nm_copy_sd_core "src/systemd/sd-dhcp-option.h"
      nm_copy_sd_core "src/systemd/sd-dhcp6-client.h"
      nm_copy_sd_core "src/systemd/sd-dhcp6-lease.h"
      nm_copy_sd_core "src/systemd/sd-dhcp6-option.h"
      nm_copy_sd_core "src/systemd/sd-event.h"
      nm_copy_sd_core "src/systemd/sd-id128.h"
      nm_copy_sd_core "src/systemd/sd-ipv4acd.h"
      nm_copy_sd_core "src/systemd/sd-ipv4ll.h"
      nm_copy_sd_core "src/systemd/sd-lldp-rx.h"
      nm_copy_sd_core "src/systemd/sd-lldp.h"
      nm_copy_sd_core "src/systemd/sd-ndisc.h"
      nm_copy_sd_shared "src/basic/alloc-util.c"
      nm_copy_sd_shared "src/basic/alloc-util.h"
      nm_copy_sd_shared "src/basic/async.h"
      nm_copy_sd_shared "src/basic/cgroup-util.h"
      nm_copy_sd_shared "src/basic/dns-def.h"
      nm_copy_sd_shared "src/basic/env-file.c"
      nm_copy_sd_shared "src/basic/env-file.h"
      nm_copy_sd_shared "src/basic/env-util.c"
      nm_copy_sd_shared "src/basic/env-util.h"
      nm_copy_sd_shared "src/basic/errno-util.h"
      nm_copy_sd_shared "src/basic/escape.c"
      nm_copy_sd_shared "src/basic/escape.h"
      nm_copy_sd_shared "src/basic/ether-addr-util.c"
      nm_copy_sd_shared "src/basic/ether-addr-util.h"
      nm_copy_sd_shared "src/basic/extract-word.c"
      nm_copy_sd_shared "src/basic/extract-word.h"
      nm_copy_sd_shared "src/basic/fd-util.c"
      nm_copy_sd_shared "src/basic/fd-util.h"
      nm_copy_sd_shared "src/basic/fileio.c"
      nm_copy_sd_shared "src/basic/fileio.h"
      nm_copy_sd_shared "src/basic/format-util.c"
      nm_copy_sd_shared "src/basic/format-util.h"
      nm_copy_sd_shared "src/basic/fs-util.c"
      nm_copy_sd_shared "src/basic/fs-util.h"
      nm_copy_sd_shared "src/basic/hash-funcs.c"
      nm_copy_sd_shared "src/basic/hash-funcs.h"
      nm_copy_sd_shared "src/basic/hashmap.c"
      nm_copy_sd_shared "src/basic/hashmap.h"
      nm_copy_sd_shared "src/basic/hexdecoct.c"
      nm_copy_sd_shared "src/basic/hexdecoct.h"
      nm_copy_sd_shared "src/basic/hostname-util.c"
      nm_copy_sd_shared "src/basic/hostname-util.h"
      nm_copy_sd_shared "src/basic/in-addr-util.c"
      nm_copy_sd_shared "src/basic/in-addr-util.h"
      nm_copy_sd_shared "src/basic/inotify-util.c"
      nm_copy_sd_shared "src/basic/inotify-util.h"
      nm_copy_sd_shared "src/basic/io-util.c"
      nm_copy_sd_shared "src/basic/io-util.h"
      nm_copy_sd_shared "src/basic/list.h"
      nm_copy_sd_shared "src/basic/log.h"
      nm_copy_sd_shared "src/basic/macro.h"
      nm_copy_sd_shared "src/basic/memory-util.c"
      nm_copy_sd_shared "src/basic/memory-util.h"
      nm_copy_sd_shared "src/basic/mempool.c"
      nm_copy_sd_shared "src/basic/mempool.h"
      nm_copy_sd_shared "src/basic/missing_fcntl.h"
      nm_copy_sd_shared "src/basic/missing_random.h"
      nm_copy_sd_shared "src/basic/missing_socket.h"
      nm_copy_sd_shared "src/basic/missing_stat.h"
      nm_copy_sd_shared "src/basic/missing_syscall.h"
      nm_copy_sd_shared "src/basic/missing_type.h"
      nm_copy_sd_shared "src/basic/ordered-set.c"
      nm_copy_sd_shared "src/basic/ordered-set.h"
      nm_copy_sd_shared "src/basic/parse-util.c"
      nm_copy_sd_shared "src/basic/parse-util.h"
      nm_copy_sd_shared "src/basic/path-util.c"
      nm_copy_sd_shared "src/basic/path-util.h"
      nm_copy_sd_shared "src/basic/prioq.c"
      nm_copy_sd_shared "src/basic/prioq.h"
      nm_copy_sd_shared "src/basic/process-util.c"
      nm_copy_sd_shared "src/basic/process-util.h"
      nm_copy_sd_shared "src/basic/random-util.c"
      nm_copy_sd_shared "src/basic/random-util.h"
      nm_copy_sd_shared "src/basic/ratelimit.c"
      nm_copy_sd_shared "src/basic/ratelimit.h"
      nm_copy_sd_shared "src/basic/set.h"
      nm_copy_sd_shared "src/basic/signal-util.c"
      nm_copy_sd_shared "src/basic/signal-util.h"
      nm_copy_sd_shared "src/basic/siphash24.h"
      nm_copy_sd_shared "src/basic/socket-util.c"
      nm_copy_sd_shared "src/basic/socket-util.h"
      nm_copy_sd_shared "src/basic/sort-util.h"
      nm_copy_sd_shared "src/basic/sparse-endian.h"
      nm_copy_sd_shared "src/basic/stat-util.c"
      nm_copy_sd_shared "src/basic/stat-util.h"
      nm_copy_sd_shared "src/basic/stdio-util.h"
      nm_copy_sd_shared "src/basic/string-table.c"
      nm_copy_sd_shared "src/basic/string-table.h"
      nm_copy_sd_shared "src/basic/string-util.c"
      nm_copy_sd_shared "src/basic/string-util.h"
      nm_copy_sd_shared "src/basic/strv.c"
      nm_copy_sd_shared "src/basic/strv.h"
      nm_copy_sd_shared "src/basic/strxcpyx.c"
      nm_copy_sd_shared "src/basic/strxcpyx.h"
      nm_copy_sd_shared "src/basic/time-util.c"
      nm_copy_sd_shared "src/basic/time-util.h"
      nm_copy_sd_shared "src/basic/tmpfile-util.c"
      nm_copy_sd_shared "src/basic/tmpfile-util.h"
      nm_copy_sd_shared "src/basic/umask-util.h"
      nm_copy_sd_shared "src/basic/user-util.h"
      nm_copy_sd_shared "src/basic/utf8.c"
      nm_copy_sd_shared "src/basic/utf8.h"
      nm_copy_sd_shared "src/basic/util.c"
      nm_copy_sd_shared "src/basic/util.h"
      nm_copy_sd_shared "src/fundamental/macro-fundamental.h"
      nm_copy_sd_shared "src/fundamental/string-util-fundamental.c"
      nm_copy_sd_shared "src/fundamental/string-util-fundamental.h"
      nm_copy_sd_shared "src/fundamental/types-fundamental.h"
      nm_copy_sd_shared "src/shared/dns-domain.c"
      nm_copy_sd_shared "src/shared/dns-domain.h"
      nm_copy_sd_shared "src/shared/log-link.h"
      nm_copy_sd_shared "src/shared/web-util.c"
      nm_copy_sd_shared "src/shared/web-util.h"
      nm_copy_sd_stdaux "src/basic/unaligned.h"
      7b3466fc
    • Thomas Haller's avatar
      721f0e75
    • Thomas Haller's avatar
      connectivity: only enable verbose libcurl debug logging with "NM_LOG_CONCHECK" environment · a8927465
      Thomas Haller authored
      For regular operation -- even for `level=TRACE` -- it's just too verbose.
      Only enable it if the environment "NM_LOG_CONCHECK=1" is set.
      
      An environment variable is a bit unwieldy to use, but this
      is really just for a heavy libcurl debugging session.
      a8927465
    • Thomas Haller's avatar
      connectivity: refactor easy_debug_cb() · 1dc16931
      Thomas Haller authored
      It seems nicer to me to choose a message in the switch
      and only print at one place.
      1dc16931
    • Thomas Haller's avatar
      connectivity: resolve hostname ourselves to avoid blocking libcurl · 57d226d3
      Thomas Haller authored
      Usually we anyway require systemd-resolved to resolve the hostname for
      connectivity checking. Only systemd-resolved provides a per-interface
      API. Without it, connectivity check (together with bumping the route
      metric) has problems.
      
      Anyway. If we had no systemd-resolved or it failed, we would just call
      libcurl. That would then try to resolve the name, using whatever resolver
      libcurl has enabled. Often that is the threaded resolver, which calls
      libc's blocking getaddrinfo() API on a thread.
      
      libcurl has a bug ([1]) that can cause the process to block, waiting to join
      the resolver thread:
      
        #0  0x00007ffff781fb27 in __pthread_timedjoin_ex () at /lib64/libpthread.so.0
        #1  0x00007ffff7c0ac9a in Curl_thread_join () at /lib64/libcurl.so.4
        #2  0x00007ffff7c0d693 in thread_wait_resolv () at /lib64/libcurl.so.4
        #3  0x00007ffff7bf9284 in multi_done () at /lib64/libcurl.so.4
        #4  0x00007ffff7bfb588 in curl_multi_remove_handle () at /lib64/libcurl.so.4
        #5  0x000055555574adc3 in cb_data_complete
      
      That's not acceptable. Resolve the name ourselves using glib's implementation
      (which also does getaddrinfo() in a thread). If we fail, we no longer call to
      libcurl.
      
      [1] https://github.com/curl/curl/issues/8515
      
      #312
      #404
      #934
      #970
      
      !1176
      57d226d3
    • Yuri Chornoivan's avatar
      po: update Ukrainian (uk) translation · 2e2877b5
      Yuri Chornoivan authored and Thomas Haller's avatar Thomas Haller committed
      !1177
      2e2877b5
    • Beniamino Galvani's avatar
      ca9a6c47
    • Beniamino Galvani's avatar
      supplicant: enable WPA3 transition mode only when interface supports PMF · 1a7db1d7
      Beniamino Galvani authored
      We have some reports of APs that advertise WPA2/WPA3 with
      MFP-required=0/MFP-capable=0, and reject the association when the
      client doesn't support 802.11w.
      
      According to WPA3_Specification_v3.0 section 2.3, when operating in
      WPA3-Personal transition mode a STA:
      
      - should allow AKM suite selector: 00-0F-AC:6 (WPA-PSK-SHA256) to be
        selected for an association;
      
      - shall negotiate PMF when associating to an AP using SAE.
      
      The first is guaranteed by capability PMF; the second by checking that
      the interface supports BIP ciphers suitable for PMF.
      
      #964
      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003907
      1a7db1d7
    • Beniamino Galvani's avatar
      supplicant: add BIP interface capability · cd1e0193
      Beniamino Galvani authored
      Introduce a new capability indicating whether the interface supports
      any of the BIP ciphers that can be used for 802.11w (PMF).
      cd1e0193
    • Thomas Haller's avatar
      588ac2e2
  4. 02 Apr, 2022 5 commits
  5. 01 Apr, 2022 7 commits
    • Thomas Haller's avatar
      core: don't update connection timestamps periodically every 300 seconds · eaba1f30
      Thomas Haller authored
      We store the timestamp when a profile activated the last time to
      "/var/lib/NetworkManager/timestamps". There was also a timer which
      would update the timestamp of activated connections every 300 seconds.
      
      That seems unnecessary, drop it.
      
      For one, waking up every 5 minutes and rewriting a file to disk seems
      undesirable, for example if /var is a device where unnecessary writes
      should be minimized.
      
      Note that we already update the timestamp when a device goes down,
      and of course when it comes up. Updating the timestamp in between seems
      unnecessary.
      
      This reverts commit 60735029 ('core: update timestamp in active
      system connections every 5 mins (bgo #583756)').
      
      An alternative would be to only update the timestamp in memory (so that
      it would appear updated on D-Bus), but delay writing the file until
      something important happens. `nm_key_file_db_*()` already tracks whether
      there are changes ("dirty") and whether it's necessary to write the
      file. It would be possible to track two dirty flags: one that requires
      immediate update, and one that only ensures we will re-write dirty files
      eventually.
      
      See-also: https://bugzilla.gnome.org/show_bug.cgi?id=583756
      
      !1171
      eaba1f30
    • Thomas Haller's avatar
      build: merge branch 'th/python-black' · a640d0b7
      Thomas Haller authored
      !1174
      a640d0b7
    • Thomas Haller's avatar
    • Thomas Haller's avatar
      build: drop "check-python-black" check from autotools · 12299ee9
      Thomas Haller authored
      Previously, autotools would detect whether we have "black"
      in the path. And if so, it would check formatting during `make check`.
      
      That's problematic. When I run `./contrib/fedora/rpm/build_clean.sh -w test`
      in certain cases, it would pick up black, but then fail with
      
        Traceback (most recent call last):
          File "/usr/bin/black", line 5, in <module>
            from black import patched_main
          File "/usr/lib/python3.6/site-packages/black.py", line 42, in <module>
            from attr import dataclass, evolve, Factory
        ModuleNotFoundError: No module named 'attr'
        make[3]: *** [Makefile:21658: check-python-black] Error 1
      
      That's an installation error of black, but still, during package build
      there is no need to check the formatting. We could export
      `NMTST_SKIP_PYTHON_BLACK=1` to prevent it, but it's still unnecessary.
      
      We check proper formatting in gitlab-ci. That is enough, it doesn't
      need to run during `make check`. In particular, because `black .`
      takes 1.5 seconds on my machine.
      12299ee9
    • Thomas Haller's avatar
      contrib: add "nm-python-black-format.sh" script · 49b0a92b
      Thomas Haller authored
      This is more for completeness, to go along "nm-code-format.sh"
      script.
      
      Usually it's very simple to run black directly (you may still do that).
      However, black by default only reformats files with ".py" extension.
      So to get all our python files, you'd need to know and explicitly
      select them... or use this script.
      
      Also, `black .` scans the entire source tree, and is rather slow.
      This script knows which files to select and is thus faster.
      49b0a92b
    • Thomas Haller's avatar
      670894b6
    • gogogogi's avatar
      po: update Croatian (hr) translation · 5d440610
      gogogogi authored and Thomas Haller's avatar Thomas Haller committed
      !1172
      5d440610