The advantage of environment variables is that the user can use
`systemctl edit NetworkManager-dispatcher.service` for setting them,
without need to change the ExecStart= line.
Also, enabling debugging from the start is useful, despite that debug
logging can be enabled per-request.
Also, there is a difference whether we want verbose logging or whether
we want to log to stdout. There should be a flag, that only increases the
logging verbosity, but does not change the logging backend.
NetworkManager runs as root and has lots of capabilities.
We want to reduce the attach surface by dropping capabilities,
but there is a genuine need to do certain things.
For example, we currently require dac_override capability, to open
the unix socket of ovsdb. Most users wouldn't use OVS, so we should
find a way to not require that dac_override capability. The solution
is to have a separate, D-Bus activate service (nm-sudo), which
has the capability to open and provide the file descriptor.
For authentication, we only rely on D-Bus. We watch the name owner
of NetworkManager, and only accept requests from that service. We trust
D-Bus to get it right a request from that name owner is really coming
from NetworkManager. If we couldn't trust that, how could PolicyKit
or any authentication via D-Bus work? For testing, the user can set
NM_SUDO_NO_AUTH_FOR_TESTING=1.
https://bugzilla.redhat.com/show_bug.cgi?id=1921826
This file is not actually to be used by NetworkManager itself.
Instead, every (glib based) VPN plugin will want something like this,
hence we have a copy here.
Move it to a new directory "src/contrib/".
Otherwise, having a meson build directory along autotools,
lets `make check` fail with
The following files contain translations and are currently not in use. Please
consider adding these to the POTFILES.in file, located in the po/ directory.
build/data/org.freedesktop.NetworkManager.policy.in
If some of these files are left out on purpose then please add them to
POTFILES.skip instead of POTFILES.in. A file 'missing' containing this list
of left out files has been written in the current directory.
Please report to http://bugzilla.gnome.org/enter_bug.cgi?product=NetworkManager
if [ -r missing -o -r notexist ]; then \
exit 1; \
fi
Yes, meson does not require that the build directory is named "build"
and this fix only works for the default case.
This file is only used by plugins and copied between them.
It's purpose is to contain general utility functions that are
only relevant for implementing NetworkManager's VPN plugins.
In principle the utility functions could be part of libnm, however,
there are a few problems with that:
- if they are part of libnm, adding and using a new utility function
requires the plugin to bump the required libnm version. Since you
usally can work around/reimplement utility functions, this results
in not using the API from libnm, not adding the API to libnm,
and reimplementing it over and over in the plugin.
- plugins compile both against libnm and libnm-glib. Thus, either
the utility function would also be needed in libnm-glib, or again,
it is not usable by the plugin.
We must avoid that the utility functions diverge and no local
modifications to these files should be made in the plugin.
Instead, one special location of the utility functions shall be
extended and re-imported (copied) to the plugin as needed.
Add the files to NetworkManager's repository. Although they are not
needed for NetworkManager itself, they are a different API provided
by NetworkManager. An API that is reused and shared by copying the files
around.
The "shared" directory contains files that are possibly used by all components
of NetworkManager repository.
Some of these files are even copied as-is to other projects (VPN plugins, nm-applet)
and used there without modification. Move those files to a separate directory.
By moving them to a common directory, it is clearer that they belong
together. Also, you can easier compare the copied versions to their
original via
$ diff -r ./shared/nm-utils/ /path/to/nm-vpn-plugin/shared/nm-utils/
Let VPN plugins return a virtual function table to extend
the API while bypassing libnm. This allows to add and use
new functionality to VPN plugins without updating libnm.
The actual definitions are in a header-only file
"nm-vpn-editor-plugin-call.h", which can be copied to the
caller/plugin.
Add new Reload D-Bus command to reload NetworkManager configuration.
For now, this is like sending SIGHUP to the process. There are several
advantages here:
- it is guarded via PolicyKit authentication while signals
can only be sent by root.
- the user can wait for the reload to be complete instead of sending
an asynchronous signal. For now, we operation completes after
nm_config_reload() returns, but later we could delay the response
further until specific parts are fully reloaded.
- SIGHUP reloads everything including re-reading configuration from
disk while SIGUSR1 reloads just certain parts such as writing out DNS
configuration anew.
Now, the Reload command has a flags argument which is more granular
in selecting parts which are to be reloaded. For example, via
signals the user can:
1) send SIGUSR1: this writes out the DNS configuration to
resolv.conf and possibly reloads other parts without
re-reading configuration and without restarting the DNS plugin.
2) send SIGHUP: this reloads configuration from disk,
writes out resolv.conf and restarts the DNS plugin.
There is no way, to only restart the DNS plugin without also reloading
everything else.
make distcheck runs a build in dist directory subtirs and then runs intltool -m
which in turn complains about translations in a built file:
The following files contain translations and are currently not in use. Please
consider adding these to the POTFILES.in file, located in the po/ directory.
sub/policy/org.freedesktop.NetworkManager.policy.in
The issue is reported to intltool upstream already:
https://bugs.launchpad.net/intltool/+bug/1117944
Add contrib/fedora/rpm/ directory to POTFILES.skip.
Otherwise, after building an RPM, make check would fail
due to the source files from the rpmbuild.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Create a new clients/ subdirectory at the top level, and move cli/ and
tui/ into it, as well as nm-online.c (which was previously in test/,
which made no sense).
cli/ was split into two subdirectories, src/ and completion/. While
this does simplify things (given that the completion file and the
binary both need to be named "nmcli"), it bloats the source tree, and
we can work around it by just renaming the completion file at install
time. Then we can combine the two directories into one and just have
it all under clients/cli/.
tui/vpn-helpers.c is not yet used, so it shouldn't be translated yet.
Having it in po/POTFILES fails distcheck because, since it is not
yet used, it's not distributed, and thus can't be found in the
distcheck build.
