Recent rpmbuild will delete the source directory on successful build.
With `makerepo.sh` that is bad, because we want that directory with the
git history. Pass "--noclean" to avoid that.
Script to do some anonymization to NetworkManager logs. It does
very basic stuff so it shouldn't be trusted without manually
reviewing the logs, but it can still be useful to replace lot
of potentially sensitive data.
What it masks by default:
- MAC addresses
- Public IP addresses
- Hostnames detected from `hostname` command and some known
log messages from NM.
- Hostnames ending in some common domains such as .com or .org
- Hostnames specified via --hostname argument
What it can mask but it doesn't by default:
- Private IPs
Options like --show-macs and --hide-private-ips can override the default
behaviour.
Note that masking IP addresses can make difficult to analyze routing
problems, and trying to be smart analyzing the defined routes from the
logs or from `ip route` can lead to even worse results. Because of this,
if routing problems need to be analyzed, --show-public-ips need to be
passed.
Instead of doing the broken `podman run` and `podman start` approach,
build an image ("nm-code-format:f38"), cache it, and use it to run
"nm-code-format.sh" via `podman run`. We should build and keep a
container image, not a container.
The benefit is that this allows to hand over the command line arguments
to "nm-code-format.sh". In particular the "-u" and "-F" options, which
are life savers.
This means,
$ contrib/scripts/nm-code-format-container.sh -u
works.
Try also
$ contrib/scripts/nm-code-format-container.sh -h
which tells you that you are running inside the container, and how to
delete/renew the container image.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1798
Install a configuration snippet on Fedora 40+, that sets the default for
"wifi.cloned-mac-address" to "stable-ssid" (otherwise, the built-in default
is "preserve").
This will mean, that on Wi-Fi profiles that don't explicitly override
the property "wifi.cloned-mac-address", a stable address is generated.
The benefit is, that Fedora will randomize the MAC address by default.
Note that this also affects all pre-existing Wi-Fi profiles, that don't
explicitly configure the property in the profile. Depending on how you
see it, this is desirable. Randomization should be done, unless the user
opts-out (not the other way around).
Note that setting "wifi.cloned-mac-address=stable-ssid" is similar to
setting a stable ID "${NETWORK_SSID}" and "wifi.cloned-mac-address=stable".
The difference is that the latter also affects other properties, like
- "ipv6.addr-gen-mode=stable-privacy"
- "{ethernet,wifi}.cloned-mac-address=stable"
- "ipv4.dhcp-client-id=stable"
- "ipv6.dhcp-duid=stable-{llt,ll,uuid}"
- "{ipv4,ipv6}.iaid=stable"
Especially with "ipv6.addr-gen-mode=stable", changing the stable ID
would mean that also all IPv6 addresses change. We want to avoid that by
only changing the cloned-mac-address to "stable-ssid".
This means, after upgrade to F40, different MAC addresses will be used
on most users' Wi-Fi. This means, DHCP might hand out different IP
addresses, sessions might expire, and configuration that depended on the
previous MAC address will be affected.
https://pagure.io/fedora-workstation/issue/350
Now that we no longer test on CentOS7, we also have no more tests that
build using Python2.
Note that build with Python2 is currently broken already (which would be
fixable).
Drop Python2 too.
Existing Python scripts still use a common subset of Python2 and
Python3. They can be improved to use Python3 features in the future.
The license identifier was updated for the main package, but not for
libnm which overrides it to LGPL 2.1 or later. Update it too.
Fixes: 8c5aec7a1b ('contrib/rpm: migrate to SPDX license')
From time to time we bump the used clang-format (and Fedora) version.
Previously, we had to change more than one places.
Instead, let the "nm-code-format-container.sh" parse it from ".gitlab-ci/config.yml".
network-online.target should not be reached before nm-cloud-setup
completes configuring the network, which may make user service get
started before the network is fully configured.
Setting nm-cloud-setup.service as "Before=network-online.target" would
maybe have already achieved that. However, also use a pre-up dispatcher
script, so that the device activation in NetworkManager is also waiting
for nm-cloud-setup to complete.
https://bugzilla.redhat.com/show_bug.cgi?id=2151040https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1653
Originally, the package was called vala-devel (it still is on CentOS7).
Then it was renamed to libvala-devel, but keeping a Provides.
On Fedora 39, the Provides was dropped. Workaround.
This is the version shipped in Fedora 38. As Fedora 38 is now out, the
core developers switch to it. Our gitlab-ci will also use that as base
image for the check-{patch.tree} tests and to generate the pages. There
is a need that everybody agrees on which clang-format version to use,
and that version should be the one of the currently used Fedora release.
Also update the used Fedora image in "contrib/scripts/nm-code-format-container.sh"
script.
The gitlab-ci still needs update in the following commit. This change
in isolation will break the "check-tree" test.
The actual formatting depends on the version of clang-format. Print the
used version, which is in particular interesting when we get an error in
our gitlab-ci check (which uses the correct version).
- We need to fetch more entries per page. 100 is the maximum without
pagination, but that is enough for us.
- Previously, we checked all stages. Now, let's skip the "prep" and "tier3" stages.
This change should work both with old and new pipelines.
Every branch (for example "nm-1-40") has exactly one next branch, from
which patches should be backported (in that example that branch is
"nm-1-42").
While "find-backports" searches all newer branches for patches, it does
not make it clear form where the patch should come from.
That means, if you run the script `contrib/scripts/find-backports origin/nm-1-40`
it will check nm-1-42 and main branch, and might suggest to backport
patches that are only on main, but not "nm-1-42". That would be wrong,
because patches need to first go into nm-1-42, and then backported (from
there) further to nm-1-40.
Print a warning to highlight that.
By default, podman bind mounts a "/etc/resolv.conf" file. That prevents
NetworkManager (inside the container) to update the file, which leads to
warnings in the log and certain NM-ci tests won't pass due to that.
Disable handling of "/etc/resolv.conf" in podman. But also pre-deploy a
default resolv.conf, with the google name server 8.8.8.8. I don't
understand why, but even with "--dns=none", writing "/etc/resolv.conf"
while building the container doesn't take effect. Instead, write a
usable "/etc/resolv.conf" from "/etc/rc.d/rc.local".
A "minor" release can still be the latest release. It depends
on which minor release you do. The script isn't smart enough
to understand the difference, so make the hint a bit clearer.
"configure-for-system.sh" is supposed to be in sync with
NetworkManager.spec. Update for the recent changes.
Also add a make/ninja call at the end. Almost always we want to build
after the configure.