It's easier to be able to pass both a whole hashed connection, or just
a hashed setting to the function, and have it figure out what needs
to be updated based on the given setting_name.
Add some testcases to make sure that all works correctly too.
Timestamps are no longer written to the connection file itself, but
are kept in a lookaside file in /var to allow for read-only or
stateless /etc and to ease system administration and deployment.
NM updates timestamp for active connections every 5 min. We don't
want to touch files in /etc due to this. This commit solves that
by not updating timestamp in the connection's property. Rather it
updates the timestamp internally. All timestamps are also kept track
of in /var/lib/NetworkManager/timestamps file.
When settings are requested via D-Bus GetSettings(), the proper
timestamp is put in the connection setting before returning.
We only need newer glib for G_DEFINE_BOXED_TYPE, which is only
required for introspection. If you don't want introspection, you
don't need that, so allow building on glib 2.24 without.
We may be compatible with even earlier glib versions too, if so
let me know and I'll downgrade the requirement further.
gtk-doc removes the 'html' directory as part of the build process
so we need to have spec.html generation depend on the gtk-doc html
target. Also, fix up the paths to make sure the generated spec.html
gets copied into the final 'html' directory.
Some adjustments need to be made to read and write secret flags, and
to ensure that connections that don't have system-owned secrets are
still parsed as expected. testcases for 802.1x connections to come
shortly.
First, it was not easily possible to set a private key without
also providing a password. This used to be OK, but now with
secret flags it may be the case that when the connection is read,
there's no private key password. So functions that set the
private key must account for NULL passwords.
Unfortunately, the crytpo code did not handle this case well.
We need to be able to independently (a) verify that a file looks
like a certificate or private key and (b) that a given password
decrypts a private key. Previously the crypto code would fail
to verify the file when the password was NULL.
So this change fixes up the crytpo code for a more distinct
split between these two operations, such that if no password is
given, the file is still checked to ensure that it's a private
key or a certificate. If a password is given, the password is
checked against the private key file.
This commit also changes how private keys and certificates were
handled with the BLOB scheme. Previously only the first certificate
or first private key was included in the property data, while now
the entire file is encoded in the data. This is intended to fix
cases where multiple private keys or certificates are present in
a PEM file. It also allows clients to push certificate data to
NetworkManager for storage in system settings locations, which was
not as flexible before when only part of the certificate or key
was sent as the data.