- the container that is also "pages_build" should always
run automatically. This can replace the "always" tag.
- comment out the "always: 33" part, because we no longer need
it. It was also wrong, because by now we should run Fedora 34
automatically.
On Fedora 33, we get it automatically because "clang" package
has an indirect (weak) dependency for clang-tools-extra. On
Fedora 34, that is no loger the case.
We need to explicitly install it.
Active-connections in the async_op_lst are not guaranteed to have a
settings-connection. In particular, the settings-connection for an
AddAndActivate() AC is set only after the authorization succeeds. Use
the non-asserting variant of the function to fix the following
failure:
nm_active_connection_get_settings_connection: assertion 'sett_conn' failed
1 _g_log_abort()
2 g_logv()
3 g_log()
4 _nm_g_return_if_fail_warning.constprop.14()
5 nm_active_connection_get_settings_connection()
6 active_connection_find()
7 _get_activatable_connections_filter()
8 nm_settings_get_connections_clone()
9 nm_manager_get_activatable_connections()
10 auto_activate_device_cb()
11 g_idle_dispatch()
12 g_main_context_dispatch()
13 g_main_context_iterate.isra.21()
14 g_main_loop_run()
15 main()
Fixes: 33b9fa3a3c ('manager: Keep volatile/external connections while referenced by async_op_lst')
https://bugzilla.redhat.com/show_bug.cgi?id=1933719https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/834
Invoke Reload() asynchronously and run the main loop. In this way, the
polkit agent built into nmcli can be used to authenticate the reload
request.
Fixes: 5afcf9c045 ('cli: add 'general reload' command')
If the configuration contains dns=none and resolv.conf is updated
through a dispatcher script, currently there is no way to tell NM that
the content of resolv.conf changed, so that it can restart a hostname
resolution.
Use SIGUSR1 (and SIGHUP) for that.
- consistently check for success/failure of _ethtool_call_handle()
with "< 0" / ">= 0".
- drop unnecessary memset(). In the past, I argued to add this because
there were obscure cases with valgrind where this made a difference.
As it's not clear when/how that is necessary, drop it again.
Also, we want to prefer explicit struct initialization over memset(),
so if memset() would be necessary, those places would be problematic
as well.
- inline unnecessary helper functions. They had only one caller and
only make the code more verbose.
- use _ethtool_call_once() instead of _ethtool_call_handle() at places
where we use the handle only once. The handle and _ethtool_call_handle()
are useful to cache and reuse the file descriptor and the interface
name. If we only make one call with the handle, we can use
_ethtool_call_once() instead.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/830
Most string properties can be either %NULL (unset) or a non-empty
string.
For a few properties, like "gsm.apn", also the empty word is a valid
value. That makes it problematic to use from nmcli, because
nmcli connection modify "$PROFILE" gsm.apn ""
means to reset the default (NULL). How to configure the empty word?
For the APN, "" has a specific meaning, distinct from NULL, so we
need to be able to represent that.
The other problem with nmcli is that
nmcli -g gsm.apn connection show "$PROFILE"
is supposed to give you a value that you an set again, like
X="$(nmcli -g gsm.apn connection show "$PROFILE"; echo x)"
nmcli connection modify "$PROFILE2" gsm.apn "${X%$'\n'x}"
but for %NULL and "" the output would be the same.
The "solution" to that is interpreting "" as NULL (like we always did)
and a non-empty string that contains all whitespace, like a string with
one whitespace less. This way, all values can be expressed.
Note that in case of "gsm.apn", the string is anyway internally
normalized with g_strstrip(), so a string with all whitespace was
not expressable.
This was currently unused, because actually no property of type string
had handle_emptyunuset set.
Fixes: e9ee4e39f1 ('cli: handle string properties that can both be empty and %NULL')
Property aliases should really just be shortcuts for one fully spelled
out property (sometimes, they do more like "master").
Anyway, we must also handle resetting the value, otherwise:
$ nmcli connection add type gsm apn ""
will still result in "gsm.apn=internet", unlike
$ nmcli connection add type gsm gsm.apn ""
This will be used for NMTernary properties. The get() method
is still the same as for _pt_gobject_enum, but the setter
and complete functions are more flexible to also allow yes/true
and any unique abbreviations.
- use strstrip() to remove leading and trailing whitespace
- use _nm_utils_ascii_str_to_int64() for parsing numeric values
like -1, 0 and 1. In particular, this now also allows passing
the numeric values.
- also accept "default" as valid value for NM_TERNARY_DEFAULT.
With this change, nmc_string_to_ternary() can also parse everything that
we commonly and currently parse with _nm_utils_enum_from_str_full()
and NM_TYPE_TERNARY. This will allow to configure ternary values in
a more flexible way.
- use strstrip() to remove leading and trailing whitespace
- use _nm_utils_ascii_str_to_int64() for parsing numeric values
like 0 and 1. The difference is small, for one, it also accepts
hex numbers like 0x1. More interestingly, it uses our common
number parsing function, and we will later do the same for
parsing ternaries.
g_set_error(error, 1, 0, ...) is not right. "1" is not a valid GQuark,
we should initialize proper error instances.
Use nm_utils_error_set() for that.
Also, the code previously hacked the numeric value "1" to indicate
ambiguous text. Add and use a new error code NM_UTILS_ERROR_AMBIGUOUS
for that.
With a const argument, we can make variables static const,
which means the linker loads the memory as read only.
Also, use NM_CAST_STRV_CC() macro, which casts the argument
accordingly.
When supported by the D-Bus daemon, it's better to have service files
in /usr rather than in /etc. Change the path for RHEL 8.
See also commit ef8c292881 ('contrib/rpm: install D-Bus service
files to /usr if we can').
wpa-eap-suite-b-192 key-mgmt method uses special values for "pairwise"
and "group" ciphers, we can also handle that a few lines underneath
where those are set to make this a bit easier to read.
We currently set the supplicants PMF config (ieee80211w) inside an if
block that tries to detect whether WPA is used. That if-block doesn't
include the "wpa-eap-suite-b-192" case because we want special
"pairwise" and "group" handling for wpa-eap-suite-b-192. This means
we're currently missing to enable PMF in the "wpa-eap-suite-b-192" case,
even though it's set to REQUIRED.
Fix it by moving the "pairwise" and "group" special-casing down a bit so
we can include "wpa-eap-suite-b-192" in the "Only WPA-specific things
when using WPA" check, that will make sure ieee80211w gets set in the
wpa-eap-suite-b-192 case.
A small bug sneaked into commit 3ef3733c81 ('wireless-security: ensure
Mesh networks can't use anything but SAE') during review: Instead of
allowing only "sae" or "none" as key-mgmt, we now disallow "sae" and
"none", but allow anything else. This is obviously not what was
intended, so fix the check.
Also move the valid_key_mgmt check back up to where it was before that
commit, it seems we want to apply that check in all cases.
We only set the "ieee80211w" option in the wpa_supplicant config in case
we're using WPA (see the if-block underneath), otherwise the value of
"pmf" is completely ignored. That means the override here (in case WPA
isn't used) isn't getting applied anyway, so just remove it.
It looks a bit weird on the first glance that we do nothing when
NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL is used. The reason for this
is that we already intialize the global option "pmf" of wpa_supplicant
to "1" (optional), so add a brief comment about that here.
ResolveAddress is a simple D-Bus API. One might think that it does not
require much logic, and we would just make the D-Bus call directly.
However, we want to ensure that we always sent our latest DNS
configuration to systemd-resolved first, before making any D-Bus request
to resolve a name.
Also, as we D-Bus activate the service and watch the name owner, we
want to handle that. If a user resolves a name while we are still D-Bus
activating, then we need to queue the request.
This adds some complexity in the implementation. But the benefit is that
the API becomes simple from the user's point of view. The queuing and
avoiding race conditions is handled internally.
The implementation does not use standard glib patterns with GAsyncResult
GTask and GCancellable. I find implementing them correctly is more
effort and leads to a less nice API. That might be fine for public API,
which should follow glib style. But this is entirely internal, and
returning a NMDnsSystemdResolvedResolveHandle that allows cancellation
seems more convenient to me.
As we already track the current name owner, it seems wrong to make
requests to the well-known name. It theoretically opens a race
where we would talk to the wrong systemd-resolved instance.
So far, we didn't care and it didn't make much of a difference.
Still, let's talk to the process that we expect.
