nmcli is build with libtool, so "clients/cli/nmcli" is really a shell script
that invokes the real nmcli (at "clients/cli/.libs/nmcli").
When building with LTO for some reasons "clients/cli/nmcli" still
does some build steps during the first invocation.
That means, if we run `make check-local-clients-tests-test-client` it
would first do the final build step. This takes a while, and the test
times out (worse, we do that build step many times in parallel).
Avoid that by invoking "clients/cli/nmcli" first.
We use a linker version script "NetworkManager.ver", to hide
symbols from NetworkManager that are not used. That is important
due to our habit of using internal helper libraries that we link
statically everywhere, without handpicking the symbols we actually
need. We want the tooling to get rid of unnecessary symbols.
However, NetworkManager loads shared libraries for settings and device
plugins. These libraries require symbols from the NetworkManager binary,
but which one depends on build options. Hence, we also generate
"NetworkManager.ver" by the "tools/create-exports-NetworkManager.sh"
script.
For that the script uses "nm" to find symbols that are undefined in the
plugin libraries but defined in NetworkManager. With autotools the
script looked at "./src/.libs/libNetworkManager.a" to find the present
symbols. Note that for meson that already didn't work, and we build
instead an intermediate NetworkManager binary first (with all symbols
exposed). With LTO, "nm" doesn't find all symbols in
"./src/.libs/libNetworkManager.a", and consequently they are not
exported and dropped/hidden.
This also causes unit tests to fail with LTO, because our test script
"tools/check-exports.sh" catches such bugs.
Fix that by also with autotools generate a complete "NetworkManager-all-sym"
binary that is used to generate "NetworkManager.ver", before rebuilding
"NetworkManager" again.
On Debian sid, pygobject no longer builds "python-gobject" for
python2. Still, python2 may be installed and detected preferably
by AM_PATH_PYTHON(). Add workaround.
The matchfilecon API is deprecated for a very long time. Since selinux 3.1
the functions are also marked as deprecated in the header, which causes
compiler warnings and build failures.
Update the code to use selabel API instead.
Seems with LTO the compiler can sometimes think that thes variables are
uninitialized. Usually those code paths are only after an assertion was
hit (g_return*()), but we still need to workaround the warning.
With LTO and optimizations enabled, we get a compiler warning about fd_udp
not initialized:
../src/n-dhcp4-c-connection.c: In function ‘n_dhcp4_c_connection_connect’:
../src/n-dhcp4-c-connection.c:196:13: error: ‘fd_udp’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
196 | r = epoll_ctl(connection->fd_epoll,
| ^
../src/n-dhcp4-c-connection.c:185:16: note: ‘fd_udp’ was declared here
185 | int r, fd_udp;
| ^
6c6e936898
gcc-10.2.1-1.fc32 with optimizations and LTO enabled can think that "len"
is uninitialized. Let packet_recv_udp() always set the length.
../src/n-dhcp4-socket.c: In function ‘n_dhcp4_c_socket_packet_recv.constprop’:
../src/n-dhcp4-incoming.c:210:29: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
210 | incoming->n_message = n_raw;
| ^
../src/n-dhcp4-socket.c:558:16: note: ‘len’ was declared here
558 | size_t len;
| ^
142eedcfc3
Older kernels may not support or send all bridge options in the netlink
message. In case the parameter is missing, set the default value.
Note that there may be future cases where we need to encode whether
the option is present or not. Currently we don't express that.
Older versions of iproute2 (Ubuntu 16.04) don't support all the requested
bridge options. We need to gracefully ignore a failure and try with our
own implementation.
While doing that, only set the command line arguments if they are
necessary (that is, if they requested value is not the default already).
Luckily, Ubuntu 16.04's kernel supports these properties just fine, so
we can avoid complicated compatibility code to cope with missing kernel
support. It's really just an iproute2 limitation and affects only the
tests.
Imagine we wait for a device, the device appears and starts activating.
That might take a while (during which it has a pending action). In the
meantime, the "connection.wait-device-timeout" timeout expires.
Now we want to log a warning about profiles that don't have their
device upon timeout. However, that the device is still busy at that
point is irrelevant. Skip logging a message about those profiles.
Fixes: 3df662f534 ('settings: rework wait-device-timeout handling and consider device compatibility')
Since commit 3df662f534 ('settings: rework wait-device-timeout
handling and consider device compatibility'), "connection.wait-device-timeout"
works with profiles in general and doesn't require an interface-name
set.
Remove that restriction and let initrd generator create profiles that
always wait.
A profile can configure "connection.wait-device-timeout" to indicate
that startup complete is blocked until a suitable device around.
This is useful for NetworkManager-wait-online and initrd mode.
Previously, we looked at NMPlatform whether a link with matching
interface-name was present. That is wrong because it cannot handle
profiles that rely on "ethernet.mac-address" setting or other "match"
settings. Also, the mere presence of the link does not yet mean
that the NMDevice was created and ready. In fact, there is a race here:
NMPlatform indicates that the device is ready (unblocking NMSettings),
but there is no corresponding NMDevice yet which keeps NetworkManager
busy to block startup complete.
Rework this. Now, only check whether there is a compatible device for
the profile.
Since we wait for compatible devices, it works now not only for the
interface name. Note that we do some optimizations so that we don't have
to re-evaluate all profiles (w.r.t. all devices) whenever something on the
device changes: we only care about this when all devices finally become
ready.
Also, we no longer start the timeout for "connection.wait-device-timeout"
when the profile appears. Instead, there is one system-wide start time
(NMSettingsPrivate.startup_complete_start_timestamp_msec). That simplifies
code and makes sense: we start waiting when NetworkManager is starting, not
when the profile gets added. Also, we wait for all profiles to become
ready together.
NMSettings needs access to the list of all devices, which is tracked
by NMManager. Of course, this ties NMSettings and NMManager closer
together. Note that NMManager already owns a reference to NMSettings,
so they are in fact related.
The alternatives of just letting NMSettings reference NMManager (and
vice versa) would be more complicated, and likely not help to simplify
the code (on the contrary).
In practice, we wouldn't need the _WITH_MORE() variants here, because
all the suffixes that we check start with a ".", and we check first
that the filename itself does not start with a ".".
However, it doesn't hurt to be explicit about this, and it has no
overhead at all.
They are like NM_STR_HAS_SUFFIX()/NM_STR_HAS_SUFFIX_ASCII_CASE(), but require that
the checked string is not identical to the suffix. They require some non-empty word
preceding the suffix.
shared/nm-glib-aux/nm-shared-utils.c: In function ‘nm_utils_escaped_tokens_escape_full’:
shared/nm-glib-aux/nm-shared-utils.c:1569:26: error: ‘ch_lookup_as_needed.<U7d10>.table[0]’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
1569 | nm_assert (lookup->table[(guint8) 0] == 0);
| ^
shared/nm-glib-aux/nm-shared-utils.c:1569:26: error: ‘ch_lookup_as_needed.<U7d10>.table[0]’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
Fixes: ae55b98e02 ('shared: add CharLookupTable type for nm_utils_strsplit_set_full()')
It's not a big difference and unclear which is preferable. It however
seems slighly clearer to require the user to provide a pointer, instead
of a variable for which the macro itself takes the reference.
It makes it clearer that the "iter" and "obj" arguments are modified
by the macro.
This makes the macro more function like. Also, taking a pointer
makes it a bit clearer that this possibly changes the value.
Of course, it's not a big difference to before, but this
form seems slightly preferable to me.
It's not a large difference, whether we use a 256 array directly or a
struct. I guess, theoretically this gives the compiler some more
information about the type, like the alignment. Also, it seems nicer
to use a dedicated struct instead of a pointer array.
The network-legacy dracut module waits for all ethernet devices if the
command line contains rd.neednet=1. It also waits for the device
specified by 'bootdev='.
Do the same.
https://bugzilla.redhat.com/show_bug.cgi?id=1853348
Reapply now handles all the options supported by kernel and NM, meaning
that some options are simply not allowed to be set while keeping the
bond up, one of those options is the mode for instance.
https://bugzilla.redhat.com/show_bug.cgi?id=1847814
can_reapply_change() would wrongly return true for
unsupported reapply values because it used 'nm_setting_bond_get_option_default()'
that is ill-named because it returns the overriden option other than
its default value.
https://bugzilla.redhat.com/show_bug.cgi?id=1847814
Fixes: 9bd07336ef ('bond: bond options logic rework')