The "unbound" DNS plugin was very rudimentary and is deprecated since
commit 4a2fe09853 ('man: mark [main].dns=unbound as deprecated') (Jun
2021).
It is part of dnssec-trigger tool, but the dnssec-trigger tool doesn't
actually use it. Instead it installs a dispatcher script
"/usr/lib/NetworkManager/dispatcher.d/01-dnssec-trigger".
Especially, since the plugin requires "/usr/libexec/dnssec-trigger-script",
which is provided by "dnssec-trigger" package on Fedora. At the same
time, the package provides the dispatcher script. So I don't this works
or anybody is using this.
https://mail.gnome.org/archives/networkmanager-list/2022-April/msg00002.html
"autotools" also prints a similar output. It's useful to know
which libraries were enabled. Because, we run unit test against
all enabled libraries, even if they are actually used.
Currently it is possible to specify a list of default settings plugins
to be used when configuration doesn't contain the main.plugins key.
We want to add a mechanism that allows to automatically load any
plugin found in the plugins directory without needing
configuration. This mechanism is useful when plugins are shipped in a
different, optional subpackage, to automatically use them.
With such mechanism, the actual list of plugins will be determined
(in order of evaluation):
1. via explicit user configuration in /etc, if any
2. via distro configuration in /usr, if any
3. using the build-time default, if any
4. looking for known plugins in /usr/lib
- add "required:false" to dependency() and find_library(),
otherwise autodetection will fail.
- rename variable "enable_readline" to "with_readline" for
consistency with autotools.
- with -Dlibreadline=auto, once we detect a library, update
"with_readline" variable to reflect the detected choice.
This will also be printed in the summary output.
This is also important for the nmcli check
`assert(with_readline != 'none', 'readline ...`.
After this change the nmcli program built with meson will have the
possibility to use libedit (BSD license) instead of libreadline
(GPLv3).
Meson configuration line:
meson configure -Dreadline=libedit -C ../nm-build/
or
meson --reconfigure -Dreadline=libedit ../nm-build/
ninja -C ../nm-build/
The new 'readline' option is set to 'auto' by default, so
the current behavior shall be preserved (and the libreadline is
used).
Two new config.h flags (always defined) have been introduced -
HAVE_EDITLINE_READLINE and HAVE_READLINE_HISTORY.
"libnm-core/" is rather complicated. It provides a static library that
is linked into libnm.so and NetworkManager. It also contains public
headers (like "nm-setting.h") which are part of public libnm API.
Then we have helper libraries ("libnm-core/nm-libnm-core-*/") which
only rely on public API of libnm-core, but are themself static
libraries that can be used by anybody who uses libnm-core. And
"libnm-core/nm-libnm-core-intern" is used by libnm-core itself.
Move "libnm-core/" to "src/". But also split it in different
directories so that they have a clearer purpose.
The goal is to have a flat directory hierarchy. The "src/libnm-core*/"
directories correspond to the different modules (static libraries and set
of headers that we have). We have different kinds of such modules because
of how we combine various code together. The directory layout now reflects
this.
Add new configure option to set the path to "polkit-agent-helper-1".
The path cannot be obtained from pkg-config and `pkg-config
--variable=prefix polkit-agent-1` is not good enough.
On Fedora, the path is "/usr/lib/polkit-1/polkit-agent-helper-1".
On Debian Buster, the path is "/usr/lib/policykit-1/polkit-agent-helper-1"
On Debian Sid, the path is "/usr/libexec/polkit-agent-helper-1" (but
currently it is also symlinked from "/usr/lib/policykit-1/polkit-agent-helper-1".
(cherry picked from commit 801c41a11c)
Add new configure option to set the path to "polkit-agent-helper-1".
The path cannot be obtained from pkg-config and `pkg-config
--variable=prefix polkit-agent-1` is not good enough.
On Fedora, the path is "/usr/lib/polkit-1/polkit-agent-helper-1".
On Debian Buster, the path is "/usr/lib/policykit-1/polkit-agent-helper-1"
On Debian Sid, the path is "/usr/libexec/polkit-agent-helper-1" (but
currently it is also symlinked from "/usr/lib/policykit-1/polkit-agent-helper-1".
No big change, but eventually I' like to move all source
directories under src/. That must be done one after the other,
so the first step is to move libnm-core/ into src/. If libnm
gets loaded in between, that causes odd ordering.
"src/core" should not depend on "libnm" and vice versa, so this
should have little effect for now.
Our source tree also has certain consistency requirements. Since the
source is in git, this is a rather static check. However, we want to
ensure that future changes don't break it by adding a test.
Currently "src/" mostly contains the source code of the daemon.
I say mostly, because that is not true, there are also the device,
settings, wwan, ppp plugins, the initrd generator, the pppd and dhcp
helper, and probably more.
Also we have source code under libnm-core/, libnm/, clients/, and
shared/ directories. That is all confusing.
We should have one "src" directory, that contains subdirectories. Those
subdirectories should contain individual parts (libraries or
applications), that possibly have dependencies on other subdirectories.
There should be a flat hierarchy of directories under src/, which
contains individual modules.
As the name "src/" is already taken, that prevents any sensible
restructuring of the code.
As a first step, move "src/" to "src/core/". This gives space to
reorganize the code better by moving individual components into "src/".
For inspiration, look at systemd's "src/" directory.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/743
Drop some "helper" variables that are only used once. These variables
spread out what is defined, and only make the meson file more complicated
to follow.
musl added support for reallocarray, but the function prototype is
declared in stdlib.h instead of malloc.h.
Update the check for reallocarray to check both in malloc.h and
stdlib.h.
https://man7.org/linux/man-pages/man3/reallocarray.3.html
We must set these compiler flags independent as to whether this
is a release build or a debug build.
In most cases, we don't differentiate between release and debug build
anyway. Granted, we have "-D more_asserts=100" and set "-O" CFLAGS,
but that is more granular and not a simple "buildtype".
In particular, these compiler flags apply to all kinds of builds.
This is important, because otherwise we get build failures, because
also in release build we want to build with `-Werror` and `-Wall`.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/692
(cherry picked from commit c0c6470e4d)
We must set these compiler flags independent as to whether this
is a release build or a debug build.
In most cases, we don't differentiate between release and debug build
anyway. Granted, we have "-D more_asserts=100" and set "-O" CFLAGS,
but that is more granular and not a simple "buildtype".
In particular, these compiler flags apply to all kinds of builds.
This is important, because otherwise we get build failures, because
also in release build we want to build with `-Werror` and `-Wall`.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/692
more_asserts are our NetworkManager specific assertions, and the only
point of having them at all (beside g_assert(), assert() and g_return*()),
is that these assertions are disabled by default in production.
meson always enabled them by default. That is definitely wrong.
autotools enables more_asserts by default if we build a devel version
from master. I think that is bad too, because (again) having these assertions
disabled by default is the only point of having them. Anyway, mimic
the behavior of autotools, to at least disable them in release builds.
jansson 2.7 was released October 2014. It's also in Ubuntu 16.06.
Other distros (like CentOS 7.5 and Debian Stretch/9) have both newer
versions.
Bump the requirement, simply because our CI does not use such old version
so it's not clear whether it works at all.
We anyway load libjansson with dlopen(), and already before it could
happen that libjansson is not available. In that case, we would not
crash, but simply proceed without json validation.
Since libnm-core no longer uses libjansson directly, but only via
"nm-glib-aux/nm-json.h", we can just always compile with that, and use
it at runtime. That means, libjansson is not a build dependency for
libnm anymore, so we don't need a compile time check.
Note that if you build without libjansson, then JANSSON_SONAME is
undefined, and loading it will still fail at runtime. So, even if
we now always build with all our code enabled, it only works if you
actually build with libjansson. Still, it's simpler to drop the
conditional build, as the only benefit is a (minimally) smaller
build.
The build for 0.46.0 probably isn't working anymore. Also, I'd like to
use dictionaries, which might not be available in such old meson
versions.
Anyway, it's not a problem. We in general aim to build on ancient
distros, like CentOS-7.5 and Ubuntu-16.04. But on those systems we
install meson using `pip3 install` anyway, where we get a recent meson
version.
Note that on Ubuntu 16.04, `pip3 install meson` would currently give us
meson 0.54.2. However, that meson requires a newer Python 3 version than
we have available. Hence, on Ubuntu 16.04 we actually want to install
`pip3 install meson==0.53.2`. See commit 5feba97cd1 ('gitlab-ci: use
old meson version on Ubuntu 16.04 to work with ninja-1.5.1').
We also still build on Fedora 28, which installs meson 0.47.2 from
packaging system. So, let's stick to 0.47.2 for now.
Install a NM-specific firewalld zone to be used for interfaces that
are used for connection sharing. The zone blocks all traffic to the
local machine except some protocols (DHCP, DNS and ICMP) and allows
all forwarded traffic.
Seen on Debian 9, clang-3.8 (1:3.8.1-24):
../libnm-core/nm-setting-bond.c:596:49: error: comparison of constant 32 with expression of type 'NMBondMode' is always true [-Werror,-Wtautological-constant-out-of-range-compare]
nm_assert (_NM_INT_NOT_NEGATIVE (mode) && mode < 32);
~~~~ ^ ~~
This warning is not useful. While it may be implementation defined how enum
values outside the defined ones are handled, we commonly rely on placing
special numeric values in enums (e.g. ((NMEnumType) -1)).
An enum is (with our compilers) just a glorified integer, and there is nothing
preventing it from being outside the enum values. The warning is not helpful
and outright wrong. Disable it.
See-also: https://bugs.llvm.org//show_bug.cgi?id=16154
Fixes: 957bb2e111 ('libnm: use binary search for _nm_setting_bond_option_supported() implementation')
The following used functions:
`compiler.has_link_argument`,
`link_whole arg in declare_dependency`,
`compiler.has_multi_link_argument`
are present only from meson 0.46.
After 1.22.0 is released, merge it back into master so that
1.22.0 is part of the history of master. That means,
$ git log --first-parent master
will also traverse 1.22.0 and 1.22-rc*.
Also bump the micro version to 1.23.1-dev to indicate that this is
after 1.22.0 is out.
See mesonbuild issue 5003.
Oddly, this isn't inside a method call, while we use ternaries
inside a method calls otherwise. Anyway, workaround this and
avoid the crash.
Fixes: c21c6bc0be ('build/meson: allow configuring default for main.auth-polkit setting')
(cherry picked from commit 0e3400bef7)
See mesonbuild issue 5003.
Oddly, this isn't inside a method call, while we use ternaries
inside a method calls otherwise. Anyway, workaround this and
avoid the crash.
Fixes: c21c6bc0be ('build/meson: allow configuring default for main.auth-polkit setting')
We always build PolicyKit support, because it merely depends on some
D-Bus calls. However, there are two things to configure:
- the default value for main.auth-polkit in NetworkManager.conf. This
is now called "-Dconfig_auth_polkit_default=$VAL".
- whether to install the policy file. This is called "-Dpolkit=$VAL".
These settings are mostly independent, so add "config_auth_polkit_default" to
make the default explicitly configurable.
(cherry picked from commit c21c6bc0be)
We always build PolicyKit support, because it merely depends on some
D-Bus calls. However, there are two things to configure:
- the default value for main.auth-polkit in NetworkManager.conf. This
is now called "-Dconfig_auth_polkit_default=$VAL".
- whether to install the policy file. This is called "-Dpolkit=$VAL".
These settings are mostly independent, so add "config_auth_polkit_default" to
make the default explicitly configurable.
- the variables in meson.build and in the meson-post-install.sh script
should have the same names.
- the positional command line arguments should be assigned to variables,
because the variable name acts like a documentation what the variable
means (contrary to the argument number).
- the boolean flags should not map to other special values, like
"enable_docs ? 'install_docs' : ''". The name "enable_docs" is
good already, it shall be either passed as 1 or 0 and use the name
consistently.
We don't need such data duplicated. The build setup should
have only one configuration_data() for patching such values.
Now we only have one global, immutable data_conf dictionary with
configuration values. Note that none of the users of data_conf uses all
entries, but as the entries are basically only dependent on the
meson/configure option and valid for the entire project, this simplifies
to handling.
Some variables belong to variables in their correspondent pkg-config
file.
These variables have been renamed to `dependency_variable` to
reflect the dependency and variables from pkg-config files they are
related to.
Some of these has also been fixed to use paths relative to
installation prefix.
Qt dependencies have been moved to the main build file where the
rest of dependencies are located. This makes it easier to find them.
The included directories has also reviewed and removed the
unnecessary ones.
The variable holding the compiler flags, `cflags`, has been renamed
to `c_flags` to be consistent with the rest of build files.
Different objects used in the `test-dispatcher-envp` target
have been grouped together.
The dependency over the `libnm` library has been removed as it is
unnecessary.
The `ifcfg-rh` meson build file installs a new post install script
to create the `network-config` directory.
This has been moved to the main post install file so it's easier to
find because all post install steps are together and it avoids and
extra post install script execution.
There are multiple conditional steps for building encryption
support. This is because the support varies from `gnutls` or `nss`.
This has been improved to reduce the number of used conditions.
The used meson modules, default directories and includes have been
moved to the start of the build file, just after project related
information, so they are available early.
Functions derived from generators as `configure_file`,
`custom_target` and `i18n.merge_file` can use placeholders like
`@BASENAME@` that removes the extension from the input filename
string.
The output string has been replaced by this placeholder that
allows in some cases the use of less variables.
After 1.20.0 is released, merge it back into master so that
1.20.0 is part of the history of master. That means,
$ git log --first-parent master
will also traverse 1.20.0 and 1.20-rc*.
Also bump the micro version to 1.21.1-dev to indicate that this is
after 1.20.0 is out.
The functionality of the ibft settings plugin is now handled by
nm-initrd-generator. There is no need for it anymore, drop it.
Note that ibft called iscsiadm, which requires CAP_SYS_ADMIN to work
([1]). We really want to drop this capability, so the current solution
of a settings plugin (as it is implemented) is wrong. The solution
instead is nm-initrd-generator.
Also, on Fedora the ibft was disabled and probably on most other
distributions as well. This was only used on RHEL.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1371201#c7