That is also what autotools does. Keep the behvior in sync.
Also, "contrib/scripts/nm-ci-run.sh" does not explicitly enable
nm-cloud-setup, so we ended up not building it in test. This
solves that, by enabling it by default.
When building network-manager in cross-compile environment meson is not able
to detect the right location of the mobile-broadband-provider-info
database by using the pkg-config module.
By adding the option 'mobile_broadband_provider_info_database' to set the
correct path to the datafile this can be solved.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1519
"-Difcfg_rh=false" did not work, we would always fallback to
autodetection. That is wrong, an explicit "false" should be honored.
It's also not what autotools does. Fix this.
While at it, drop "distro" variable. It's not a clear concept
that can be reused and it's unused otherwise.
Also, no longer let the autodetection be based on cross compilation.
When cross-compiling, it seems not entirely unreasonable that you cross
compile to a comparable distro, so let the autodetection be based on
what we detect on the host. In any case, a user can and is encouraged
to explicitly enable/disable the plugins via "-Difcfg_rh=" or
"-Difupdown=".
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1310
The "unbound" DNS plugin was very rudimentary and is deprecated since
commit 4a2fe09853 ('man: mark [main].dns=unbound as deprecated') (Jun
2021).
It is part of dnssec-trigger tool, but the dnssec-trigger tool doesn't
actually use it. Instead it installs a dispatcher script
"/usr/lib/NetworkManager/dispatcher.d/01-dnssec-trigger".
Especially, since the plugin requires "/usr/libexec/dnssec-trigger-script",
which is provided by "dnssec-trigger" package on Fedora. At the same
time, the package provides the dispatcher script. So I don't this works
or anybody is using this.
https://mail.gnome.org/archives/networkmanager-list/2022-April/msg00002.html
After this change the nmcli program built with meson will have the
possibility to use libedit (BSD license) instead of libreadline
(GPLv3).
Meson configuration line:
meson configure -Dreadline=libedit -C ../nm-build/
or
meson --reconfigure -Dreadline=libedit ../nm-build/
ninja -C ../nm-build/
The new 'readline' option is set to 'auto' by default, so
the current behavior shall be preserved (and the libreadline is
used).
Two new config.h flags (always defined) have been introduced -
HAVE_EDITLINE_READLINE and HAVE_READLINE_HISTORY.
Add new configure option to set the path to "polkit-agent-helper-1".
The path cannot be obtained from pkg-config and `pkg-config
--variable=prefix polkit-agent-1` is not good enough.
On Fedora, the path is "/usr/lib/polkit-1/polkit-agent-helper-1".
On Debian Buster, the path is "/usr/lib/policykit-1/polkit-agent-helper-1"
On Debian Sid, the path is "/usr/libexec/polkit-agent-helper-1" (but
currently it is also symlinked from "/usr/lib/policykit-1/polkit-agent-helper-1".
(cherry picked from commit 801c41a11c)
more_asserts are our NetworkManager specific assertions, and the only
point of having them at all (beside g_assert(), assert() and g_return*()),
is that these assertions are disabled by default in production.
meson always enabled them by default. That is definitely wrong.
autotools enables more_asserts by default if we build a devel version
from master. I think that is bad too, because (again) having these assertions
disabled by default is the only point of having them. Anyway, mimic
the behavior of autotools, to at least disable them in release builds.
Add a new `main.rc-manager=auto` setting, that favours to use
systemd-resolved (and not touch "/etc/resolv.conf" but configure
it via D-Bus), or falls back to `resolvconf`/`netconfig` binaries
if they are installed and enabled at compile time.
As final fallback use "symlink", like before.
Note that on Fedora there is no "openresolv" package ([1]). Instead, "systemd"
package provides "/usr/sbin/resolvconf" as a wrapper for systemd-resolved's
"resolvectl". On such a system the fallback to resolvconf is always
wrong, because NetworkManager should either talk to systemd-resolved
directly or not but never call "/usr/sbin/resolvconf". So, the special handling
for resolvconf and netconfig is only done if NetworkManager was build with these
applications explicitly enabled.
Note that SUSE builds NetworkManager with
--with-netconfig=yes
--with-config-dns-rc-manager-default=netconfig
and the new option won't be used there either. But of course, netconfig
already does all the right things on SUSE.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=668153
Suggested-by: Jason A. Donenfeld <Jason@zx2c4.com>
We anyway load libjansson with dlopen(), and already before it could
happen that libjansson is not available. In that case, we would not
crash, but simply proceed without json validation.
Since libnm-core no longer uses libjansson directly, but only via
"nm-glib-aux/nm-json.h", we can just always compile with that, and use
it at runtime. That means, libjansson is not a build dependency for
libnm anymore, so we don't need a compile time check.
Note that if you build without libjansson, then JANSSON_SONAME is
undefined, and loading it will still fail at runtime. So, even if
we now always build with all our code enabled, it only works if you
actually build with libjansson. Still, it's simpler to drop the
conditional build, as the only benefit is a (minimally) smaller
build.
Install a NM-specific firewalld zone to be used for interfaces that
are used for connection sharing. The zone blocks all traffic to the
local machine except some protocols (DHCP, DNS and ICMP) and allows
all forwarded traffic.
We always build with PolicyKit support enabled, because it has no
additional dependencies, beside some D-Bus calls.
However, in NetworkManager.conf the user could configure
"main.auth-polkit" to disable PolicyKit. However, previously it would
only allow to disable PolicyKit while granting access to all users.
I think it's useful to have an option that disables PolicyKit and grants
access only to root. I think we should not go too far in implementing
our own authorization mechanisms beside PolicyKit (e.g. you cannot
disable PolicyKit and grant access based on group membership of the
user). However, disabling PolicyKit can be useful sometimes, and it's
simple to implement a "root-only" setup.
Note one change is that when NetworkManager now runs without a D-Bus
connection (in initrd), it would deny all non-root requests. Previously
it would grant access. I think there should be little difference in
practice, because if we have no D-Bus we also don't have any requests to
authenticate.
(cherry picked from commit 6d7446e52f)
We always build PolicyKit support, because it merely depends on some
D-Bus calls. However, there are two things to configure:
- the default value for main.auth-polkit in NetworkManager.conf. This
is now called "-Dconfig_auth_polkit_default=$VAL".
- whether to install the policy file. This is called "-Dpolkit=$VAL".
These settings are mostly independent, so add "config_auth_polkit_default" to
make the default explicitly configurable.
(cherry picked from commit c21c6bc0be)
This is inspired by the existing systemd integration, with a few differences:
* This parses the WPAD option, which systemd requested, but did not use.
* We hook into the DAD handling, only making use of the configured address
once DAD has completed successfully, and declining the lease if it fails.
There are still many areas of possible improvement. In particular, we need
to ensure the parsing of all options are compliant, as n-dhcp4 treats all
options as opaque, unlike sd-dhcp4. We probably also need to look at how
to handle failures and retries (in particular if we decline a lease).
We need to query the current MTU at client startu, as well as the hardware
broadcast address. Both these are provided by the kernel over netlink, so
it should simply be a matter of hooking that up with NM's netlink layer.
Contribution under LGPL2.0+, in addition to stated licenses.
The functionality of the ibft settings plugin is now handled by
nm-initrd-generator. There is no need for it anymore, drop it.
Note that ibft called iscsiadm, which requires CAP_SYS_ADMIN to work
([1]). We really want to drop this capability, so the current solution
of a settings plugin (as it is implemented) is wrong. The solution
instead is nm-initrd-generator.
Also, on Fedora the ibft was disabled and probably on most other
distributions as well. This was only used on RHEL.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1371201#c7
This removes libnm-glib, libnm-glib-vpn, and libnm-util for good.
The it has been replaced with libnm since NetworkManager 1.0, disabled
by default since 1.12 and no up-to-date distributions ship it for years
now.
Removing the libraries allows us to:
* Remove the horrible hacks that were in place to deal with accidental use
of both the new and old library in a single process.
* Relief the translators of maintenance burden of similar yet different
strings.
* Get rid of known bad code without chances of ever getting fixed
(libnm-glib/nm-object.c and libnm-glib/nm-object-cache.c)
* Generally lower the footprint of the releases and our workspace
If there are some really really legacy users; they can just build
libnm-glib and friends from the NetworkManager-1.16 distribution. The
D-Bus API is stable and old libnm-glib will keep working forever.
https://github.com/NetworkManager/NetworkManager/pull/308
This removes libnm-glib, libnm-glib-vpn, and libnm-util for good.
The it has been replaced with libnm since NetworkManager 1.0, disabled
by default since 1.12 and no up-to-date distributions ship it for years
now.
Removing the libraries allows us to:
* Remove the horrible hacks that were in place to deal with accidental use
of both the new and old library in a single process.
* Relief the translators of maintenance burden of similar yet different
strings.
* Get rid of known bad code without chances of ever getting fixed
(libnm-glib/nm-object.c and libnm-glib/nm-object-cache.c)
* Generally lower the footprint of the releases and our workspace
If there are some really really legacy users; they can just build
libnm-glib and friends from the NetworkManager-1.16 distribution. The
D-Bus API is stable and old libnm-glib will keep working forever.
https://github.com/NetworkManager/NetworkManager/pull/308
Although some paths related to DBus and PolicyKit are present in
their pkg-config files, those paths might not be writable for the
user. To solve this issue, some build options are present that can
be used to choose a different location.
However, usually these paths are relative to some other variables
such as `prefix`, `datadir`, etc. Using the `define_variable`
option the relative path can be change to point to a directory
under prefix.
These paths are now using relative paths based on the installation
`prefix` and their related options have been removed as they are
unnecessary now. Only `dbus_conf_dir` option has been left because
it must be modified depending on the distribution[0].
[0] contrib/fedora/rpm/NetworkManager.spec
meson is able to get variables defined in pkg-config files such as
directory paths. PolicyKit defines in its pkg-config file the path to
the directory where `policy` files are present.
This removes the `polkit_dir` option to ease the move to start using
those variables. The `polkit` variable has also been converted to
boolean.
Fedora spec script has also been updated accordingly.
Add a configure option to disable eBPF support in n-acd.
Note that, even if eBPF is not supported, n-acd requires a kernel >
3.19, which means that the setsockopt(..., SO_ATTACH_BPF) option must
be defined. To allow building on older kernels without modifying the
n-acd code, we inject the SO_ATTACH_BPF value as a preprocessor define
in the compiler the command line.
dhcpcd version 6, the first supporting IPv6, was released more than 5
years ago. Remove all checks on version number and IPv6 support.
(cherry picked from commit e0c49d7341)
Handle the iptables, dnsmasq and dnssec-trigger paths in the same way
through common code.
The path set by user must be accepted as is, even if does not exist,
because this is a requirement for cross-compilation. When user does
not specify a path, search a predefined set of paths and fall back to
an hardcoded one.
(cherry picked from commit 220dea0948)
suspend-resume must be selectable, out of for possible options.
We can do auto-detection based on present libraries, but it
shall be selectable. Like it is with autotools.
- always define the SESSION_TRACKING_* defines to replace
"#ifdef" with "#if".
- drop defining the consolekit database path CKDB_PATH in
config.h. The path was not customizable via configure/meson.
- fix meson build to enable consolekit support for session tracking
without also enabling logind/elogind session tracking.
logind/elogind is mutually exclusive, but consolekit session tracking
goes together just fine.
"debug" was documentation in `man NetworkManager.conf` as a valid
logging backend. However, it was completely ignored by
nm_logging_syslog_openlog().
In fact, it makes not sense. Passing debug = TRUE to
nm_logging_syslog_openlog(), means that all messages will be
printed to stderr in addition to syslog/journal. However, when
NetworkManager is daemonizing, stderr is closed.
Whether NetworkManager is daemonizing depends entirely on command
line options --no-daemon and --debug. Hence, the logging backend "debug"
from the configuration file either conflicts or is redundant.
Also, adjust logging backend description in `man NetworkManager.conf`.
Also, log a warning about invalid/unsupported logging backend.
(cherry picked from commit 2ccf6168dc)
It's deprecated and has been replaced by libnm for 6 major releases now.
Its use in modern distributions has faded to the point it can probably
be safely removed.
The `settings-docs.c` file is generated by processing the
`nm-property-docs.xml` file. Although this works in autotools,
the `.c` extension makes meson not to handle it properly.
Given the fact that it only contains a number of defines it
makes sense to change its extension to `.h` an use it as a header.
This also makes meson to handle it properly and build it before
its used.
https://mail.gnome.org/archives/networkmanager-list/2018-January/msg00057.html
Even Gentoo disables this plugin since before 0.9.8 release
of NetworkManager. Time to say goodbye.
If somebody happens to show up to maintain it, we may resurrect it
later.
If "$distro_plugins=ifnet" was set, configure.ac would use that
to autodetect --with-hostname-persist=gentoo. Replace that autodetect
part by checking for /etc/gentoo-release file.