basebuilder_pel7x64builder0
5 years ago
17 changed files with 43546 additions and 0 deletions
@ -0,0 +1,32 @@
@@ -0,0 +1,32 @@
|
||||
From 53a95f9ebd941c9fd2464f69ee420c4c82842eda Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Fri, 2 Sep 2016 15:58:42 +0200 |
||||
Subject: [PATCH] service: give CAP_SYS_ADMIN for ibft/iscsiadm (rh#1371201) |
||||
|
||||
systemd on rhel-7.3 has a bug with merging CapabilityBoundingSet. |
||||
https://github.com/systemd/systemd/issues/1221 |
||||
Thus it is all in one line. |
||||
--- |
||||
data/NetworkManager.service.in | 6 +++--- |
||||
1 file changed, 3 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in |
||||
index ff90456ff..680b5889a 100644 |
||||
--- a/data/NetworkManager.service.in |
||||
+++ b/data/NetworkManager.service.in |
||||
@@ -14,10 +14,10 @@ ExecStart=@sbindir@/NetworkManager --no-daemon |
||||
Restart=on-failure |
||||
# NM doesn't want systemd to kill its children for it |
||||
KillMode=process |
||||
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT |
||||
+#CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT |
||||
|
||||
-# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN |
||||
-#CapabilityBoundingSet=CAP_SYS_ADMIN |
||||
+# ibft settings plugin calls iscsiadm which needs CAP_SYS_ADMIN (rh#1371201) |
||||
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN |
||||
|
||||
ProtectSystem=true |
||||
ProtectHome=read-only |
||||
-- |
||||
2.17.1 |
@ -0,0 +1,46 @@
@@ -0,0 +1,46 @@
|
||||
From 5ca3888861d4f05935c9f330804c1f30ab8c57e5 Mon Sep 17 00:00:00 2001 |
||||
From: Francesco Giudici <fgiudici@redhat.com> |
||||
Date: Tue, 9 Apr 2019 11:41:27 +0200 |
||||
Subject: [PATCH] dhcp/internal: make default dhcp-client-id based on systemd |
||||
DUID-EN |
||||
|
||||
For RHEL-7 we want to stick to the legacy behavior of the internal |
||||
dhcp client: the default dhcp-client-id is based on systemd DUID-EN. |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1695723 |
||||
|
||||
This reverts commit cfd696cc3cf43f5f510046b757949546bcee4cdc. |
||||
--- |
||||
src/dhcp/nm-dhcp-manager.c | 2 +- |
||||
src/dhcp/nm-dhcp-systemd.c | 3 ++- |
||||
2 files changed, 3 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/src/dhcp/nm-dhcp-manager.c b/src/dhcp/nm-dhcp-manager.c |
||||
index 7063c82cf..4a40d2e52 100644 |
||||
--- a/src/dhcp/nm-dhcp-manager.c |
||||
+++ b/src/dhcp/nm-dhcp-manager.c |
||||
@@ -237,7 +237,7 @@ client_start (NMDhcpManager *self, |
||||
* |
||||
* - for IPv4, the calling code may determine a client-id (from NM's connection profile). |
||||
* If present, it is taken. If not present, the DHCP plugin uses a plugin specific default. |
||||
- * - for "internal" plugin, the default is just "mac". |
||||
+ * - for "internal" plugin, the default is just "duid". |
||||
* - for "dhclient", we try to get the configuration from dhclient's /etc/dhcp or fallback |
||||
* to whatever dhclient uses by default. |
||||
* We do it this way, because for dhclient the user may configure a default |
||||
diff --git a/src/dhcp/nm-dhcp-systemd.c b/src/dhcp/nm-dhcp-systemd.c |
||||
index 70ed87150..84973aa2a 100644 |
||||
--- a/src/dhcp/nm-dhcp-systemd.c |
||||
+++ b/src/dhcp/nm-dhcp-systemd.c |
||||
@@ -750,7 +750,8 @@ ip4_start (NMDhcpClient *client, |
||||
|
||||
client_id = nm_dhcp_client_get_client_id (client); |
||||
if (!client_id) { |
||||
- client_id_new = nm_utils_dhcp_client_id_mac (arp_type, hwaddr_arr, hwaddr_len); |
||||
+ client_id_new = nm_utils_dhcp_client_id_systemd_node_specific (TRUE, |
||||
+ nm_dhcp_client_get_iface (client)); |
||||
client_id = client_id_new; |
||||
} |
||||
|
||||
-- |
||||
2.20.1 |
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
From a67de1d4f7025f86701c1e2cc319238cbbc88f98 Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Tue, 9 Apr 2019 18:00:21 +0200 |
||||
Subject: [PATCH 1/1] Revert "keyfile: also add ".nmconnection" extension when |
||||
writing keyfiles in /etc" |
||||
|
||||
This reverts commit d37ad15f12bafd91cf724cda50aea7093e04bf7a. |
||||
--- |
||||
src/settings/plugins/keyfile/nms-keyfile-writer.c | 7 +++++-- |
||||
1 file changed, 5 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/src/settings/plugins/keyfile/nms-keyfile-writer.c b/src/settings/plugins/keyfile/nms-keyfile-writer.c |
||||
index 8c75d8c79..fe05df28e 100644 |
||||
--- a/src/settings/plugins/keyfile/nms-keyfile-writer.c |
||||
+++ b/src/settings/plugins/keyfile/nms-keyfile-writer.c |
||||
@@ -357,16 +357,19 @@ nms_keyfile_writer_connection (NMConnection *connection, |
||||
GError **error) |
||||
{ |
||||
const char *keyfile_dir; |
||||
+ gboolean with_extension = FALSE; |
||||
|
||||
if (save_to_disk) |
||||
keyfile_dir = nms_keyfile_utils_get_path (); |
||||
- else |
||||
+ else { |
||||
keyfile_dir = NM_KEYFILE_PATH_NAME_RUN; |
||||
+ with_extension = TRUE; |
||||
+ } |
||||
|
||||
return _internal_write_connection (connection, |
||||
keyfile_dir, |
||||
nms_keyfile_utils_get_path (), |
||||
- TRUE, |
||||
+ with_extension, |
||||
0, |
||||
0, |
||||
existing_path, |
||||
-- |
||||
2.20.1 |
@ -0,0 +1,397 @@
@@ -0,0 +1,397 @@
|
||||
From ff8fb5975a6cf8d904256fa414b359c9f1c4682d Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 14:17:47 +0200 |
||||
Subject: [PATCH 1/6] cli: fix setting private key password |
||||
|
||||
Fixes: fe390556abfe ('cli: add property type for 802-1x certificate properties (pt3)') |
||||
(cherry picked from commit ee96387578ca5428b9836dda382f9e6d64d5a7a8) |
||||
(cherry picked from commit d8badb280ce2acfcd0ae6fb3d8d133cae6326b7c) |
||||
--- |
||||
clients/common/nm-meta-setting-desc.c | 1 + |
||||
1 file changed, 1 insertion(+) |
||||
|
||||
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c |
||||
index 698ded869..b21ce37cf 100644 |
||||
--- a/clients/common/nm-meta-setting-desc.c |
||||
+++ b/clients/common/nm-meta-setting-desc.c |
||||
@@ -2276,6 +2276,7 @@ _set_fcn_cert_8021x (ARGS_SET_FCN) |
||||
password = path + strcspn (path, " \t"); |
||||
if (password[0] != '\0') { |
||||
password[0] = '\0'; |
||||
+ password++; |
||||
while (nm_utils_is_separator (password[0])) |
||||
password++; |
||||
} else { |
||||
-- |
||||
2.20.1 |
||||
|
||||
From 2fe6e3a039fa1c1b1975020f409a1b505c27ec3d Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 14:55:32 +0200 |
||||
Subject: [PATCH 2/6] cli: parse escape sequences when reading an 802.1x |
||||
private key |
||||
|
||||
In this way it become possible to specify a filename that includes one |
||||
of the delimiters. |
||||
|
||||
(cherry picked from commit eac15501b2364a20505a90661e037a339a63b0ea) |
||||
(cherry picked from commit 0f03773b75548151a98cae8d696fcfc698a23bb7) |
||||
--- |
||||
clients/common/nm-meta-setting-desc.c | 28 +++++++++++++++++---------- |
||||
1 file changed, 18 insertions(+), 10 deletions(-) |
||||
|
||||
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c |
||||
index b21ce37cf..768e371e9 100644 |
||||
--- a/clients/common/nm-meta-setting-desc.c |
||||
+++ b/clients/common/nm-meta-setting-desc.c |
||||
@@ -2268,17 +2268,25 @@ _set_fcn_cert_8021x (ARGS_SET_FCN) |
||||
vtable = &nm_setting_8021x_scheme_vtable[property_info->property_typ_data->subtype.cert_8021x.scheme_type]; |
||||
|
||||
if (vtable->is_secret) { |
||||
- gs_free char *path = NULL; |
||||
nm_auto_free_secret char *password_free = NULL; |
||||
- char *password; |
||||
- |
||||
- path = g_strdup (value); |
||||
- password = path + strcspn (path, " \t"); |
||||
- if (password[0] != '\0') { |
||||
- password[0] = '\0'; |
||||
- password++; |
||||
- while (nm_utils_is_separator (password[0])) |
||||
- password++; |
||||
+ gs_free const char **strv = NULL; |
||||
+ const char *password; |
||||
+ const char *path; |
||||
+ gsize len; |
||||
+ |
||||
+ strv = nm_utils_escaped_tokens_split (value, NM_ASCII_SPACES); |
||||
+ len = NM_PTRARRAY_LEN (strv); |
||||
+ if (len > 2) { |
||||
+ g_set_error_literal (error, |
||||
+ NM_UTILS_ERROR, |
||||
+ NM_UTILS_ERROR_INVALID_ARGUMENT, |
||||
+ _("too many arguments. Please only specify a private key file and optionally a password")); |
||||
+ return FALSE; |
||||
+ } |
||||
+ |
||||
+ path = len > 0 ? strv[0] : NULL; |
||||
+ if (len == 2) { |
||||
+ password = strv[1]; |
||||
} else { |
||||
password_free = g_strdup (vtable->passwd_func (NM_SETTING_802_1X (setting))); |
||||
password = password_free; |
||||
-- |
||||
2.20.1 |
||||
|
||||
From 312f84cefd672ee141c999e374d49711176ff877 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 21:14:31 +0200 |
||||
Subject: [PATCH 3/6] cli: remove bluetooth completion code |
||||
|
||||
The 'bt-type' property alias accepts values provided by |
||||
gen_func_bt_type(); instead the 'bluetooth.type' property can only be |
||||
set to [dun, panu, nap] and therefore it doesn't need special |
||||
handling. |
||||
|
||||
(cherry picked from commit 78b9448b69d1e511aab9f24f4da8a6731c2dc7ee) |
||||
(cherry picked from commit a9728a61125ef44ac5008ebb0d6d028d26d683af) |
||||
--- |
||||
clients/cli/connections.c | 10 ++-------- |
||||
1 file changed, 2 insertions(+), 8 deletions(-) |
||||
|
||||
diff --git a/clients/cli/connections.c b/clients/cli/connections.c |
||||
index 6ee3b49f9..b8f9b5f27 100644 |
||||
--- a/clients/cli/connections.c |
||||
+++ b/clients/cli/connections.c |
||||
@@ -4561,14 +4561,8 @@ complete_property (const char *setting_name, const char *property, const char *p |
||||
const NMMetaPropertyInfo *property_info; |
||||
|
||||
property_info = nm_meta_property_info_find_by_name (setting_name, property); |
||||
- if (property_info) { |
||||
- if (complete_option ((const NMMetaAbstractInfo *) property_info, prefix, connection)) |
||||
- return; |
||||
- } |
||||
- |
||||
- if ( strcmp (setting_name, NM_SETTING_BLUETOOTH_SETTING_NAME) == 0 |
||||
- && strcmp (property, NM_SETTING_BLUETOOTH_TYPE) == 0) |
||||
- run_rl_generator (gen_func_bt_type, prefix); |
||||
+ if (property_info) |
||||
+ complete_option ((const NMMetaAbstractInfo *) property_info, prefix, connection); |
||||
} |
||||
|
||||
/*****************************************************************************/ |
||||
-- |
||||
2.20.1 |
||||
|
||||
From 00cffb99f83e058835ed1f5a0ce78e4b2dc92e5c Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 21:35:19 +0200 |
||||
Subject: [PATCH 4/6] cli: allow completing filenames |
||||
|
||||
Allow the completion function to indicate that the word should be |
||||
completed as a filename by the shell. |
||||
|
||||
(cherry picked from commit eb724293c25038c7e0f0d6789af2cea11da176eb) |
||||
(cherry picked from commit 09f9831fc628c2bfa406987bc1e1b77c036a3b20) |
||||
--- |
||||
clients/cli/connections.c | 23 ++++++++++++++++------- |
||||
clients/common/nm-meta-setting-access.c | 2 ++ |
||||
clients/common/nm-meta-setting-access.h | 1 + |
||||
clients/common/nm-meta-setting-desc.c | 4 +++- |
||||
clients/common/nm-meta-setting-desc.h | 2 ++ |
||||
5 files changed, 24 insertions(+), 8 deletions(-) |
||||
|
||||
diff --git a/clients/cli/connections.c b/clients/cli/connections.c |
||||
index b8f9b5f27..034fc19f5 100644 |
||||
--- a/clients/cli/connections.c |
||||
+++ b/clients/cli/connections.c |
||||
@@ -3785,6 +3785,7 @@ _meta_abstract_complete (const NMMetaAbstractInfo *abstract_info, const char *te |
||||
nmc_meta_environment_arg, |
||||
&ctx, |
||||
text, |
||||
+ NULL, |
||||
&values_to_free); |
||||
if (values) |
||||
return values_to_free ?: g_strdupv ((char **) values); |
||||
@@ -4525,11 +4526,12 @@ run_rl_generator (rl_compentry_func_t *generator_func, const char *prefix) |
||||
} |
||||
|
||||
static gboolean |
||||
-complete_option (const NMMetaAbstractInfo *abstract_info, const char *prefix, NMConnection *context_connection) |
||||
+complete_option (NmCli *nmc, const NMMetaAbstractInfo *abstract_info, const char *prefix, NMConnection *context_connection) |
||||
{ |
||||
const OptionInfo *candidate; |
||||
const char *const*values; |
||||
gs_strfreev char **values_to_free = NULL; |
||||
+ gboolean complete_filename = FALSE; |
||||
const NMMetaOperationContext ctx = { |
||||
.connection = context_connection, |
||||
}; |
||||
@@ -4539,7 +4541,12 @@ complete_option (const NMMetaAbstractInfo *abstract_info, const char *prefix, NM |
||||
nmc_meta_environment_arg, |
||||
&ctx, |
||||
prefix, |
||||
+ &complete_filename, |
||||
&values_to_free); |
||||
+ if (complete_filename) { |
||||
+ nmc->return_value = NMC_RESULT_COMPLETE_FILE; |
||||
+ return TRUE; |
||||
+ } |
||||
if (values) { |
||||
for (; values[0]; values++) |
||||
g_print ("%s\n", values[0]); |
||||
@@ -4556,13 +4563,13 @@ complete_option (const NMMetaAbstractInfo *abstract_info, const char *prefix, NM |
||||
} |
||||
|
||||
static void |
||||
-complete_property (const char *setting_name, const char *property, const char *prefix, NMConnection *connection) |
||||
+complete_property (NmCli *nmc, const char *setting_name, const char *property, const char *prefix, NMConnection *connection) |
||||
{ |
||||
const NMMetaPropertyInfo *property_info; |
||||
|
||||
property_info = nm_meta_property_info_find_by_name (setting_name, property); |
||||
if (property_info) |
||||
- complete_option ((const NMMetaAbstractInfo *) property_info, prefix, connection); |
||||
+ complete_option (nmc, (const NMMetaAbstractInfo *) property_info, prefix, connection); |
||||
} |
||||
|
||||
/*****************************************************************************/ |
||||
@@ -4652,8 +4659,10 @@ nmc_read_connection_properties (NmCli *nmc, |
||||
if (!get_value (&value, argc, argv, option, error)) |
||||
return FALSE; |
||||
|
||||
- if (!*argc && nmc->complete) |
||||
- complete_property (setting, strv[1], value ?: "", connection); |
||||
+ if (!*argc && nmc->complete) { |
||||
+ complete_property (nmc, setting, strv[1], value ?: "", connection); |
||||
+ return TRUE; |
||||
+ } |
||||
|
||||
if (!set_property (nmc->client, connection, setting_name, strv[1], value, modifier, error)) |
||||
return FALSE; |
||||
@@ -4734,7 +4743,7 @@ nmc_read_connection_properties (NmCli *nmc, |
||||
return FALSE; |
||||
|
||||
if (!*argc && nmc->complete) |
||||
- complete_option (chosen, value ?: "", connection); |
||||
+ complete_option (nmc, chosen, value ?: "", connection); |
||||
|
||||
if (!set_option (nmc, connection, chosen, value, error)) |
||||
return FALSE; |
||||
@@ -8861,7 +8870,7 @@ do_connection_import (NmCli *nmc, int argc, char **argv) |
||||
if ( argc == 1 |
||||
&& nmc->complete) { |
||||
nmc_complete_strings (*argv, "wireguard"); |
||||
- complete_option ((const NMMetaAbstractInfo *) nm_meta_property_info_vpn_service_type, |
||||
+ complete_option (nmc, (const NMMetaAbstractInfo *) nm_meta_property_info_vpn_service_type, |
||||
*argv, |
||||
NULL); |
||||
} |
||||
diff --git a/clients/common/nm-meta-setting-access.c b/clients/common/nm-meta-setting-access.c |
||||
index 8399f29db..ce5cd331c 100644 |
||||
--- a/clients/common/nm-meta-setting-access.c |
||||
+++ b/clients/common/nm-meta-setting-access.c |
||||
@@ -273,6 +273,7 @@ nm_meta_abstract_info_complete (const NMMetaAbstractInfo *abstract_info, |
||||
gpointer environment_user_data, |
||||
const NMMetaOperationContext *operation_context, |
||||
const char *text, |
||||
+ gboolean *out_complete_filename, |
||||
char ***out_to_free) |
||||
{ |
||||
const char *const*values; |
||||
@@ -292,6 +293,7 @@ nm_meta_abstract_info_complete (const NMMetaAbstractInfo *abstract_info, |
||||
environment_user_data, |
||||
operation_context, |
||||
text, |
||||
+ out_complete_filename, |
||||
out_to_free); |
||||
|
||||
nm_assert (!*out_to_free || values == (const char *const*) *out_to_free); |
||||
diff --git a/clients/common/nm-meta-setting-access.h b/clients/common/nm-meta-setting-access.h |
||||
index ec1c2ba00..38f22c7a4 100644 |
||||
--- a/clients/common/nm-meta-setting-access.h |
||||
+++ b/clients/common/nm-meta-setting-access.h |
||||
@@ -69,6 +69,7 @@ const char *const*nm_meta_abstract_info_complete (const NMMetaAbstractInfo *abst |
||||
gpointer environment_user_data, |
||||
const NMMetaOperationContext *operation_context, |
||||
const char *text, |
||||
+ gboolean *out_complete_filename, |
||||
char ***out_to_free); |
||||
|
||||
/*****************************************************************************/ |
||||
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c |
||||
index 768e371e9..7e4eb3d31 100644 |
||||
--- a/clients/common/nm-meta-setting-desc.c |
||||
+++ b/clients/common/nm-meta-setting-desc.c |
||||
@@ -788,7 +788,7 @@ _env_warn_fcn (const NMMetaEnvironment *environment, |
||||
const NMMetaPropertyInfo *property_info, const NMMetaEnvironment *environment, gpointer environment_user_data, NMSetting *setting, const char *value, GError **error |
||||
|
||||
#define ARGS_COMPLETE_FCN \ |
||||
- const NMMetaPropertyInfo *property_info, const NMMetaEnvironment *environment, gpointer environment_user_data, const NMMetaOperationContext *operation_context, const char *text, char ***out_to_free |
||||
+ const NMMetaPropertyInfo *property_info, const NMMetaEnvironment *environment, gpointer environment_user_data, const NMMetaOperationContext *operation_context, const char *text, gboolean *out_complete_filename, char ***out_to_free |
||||
|
||||
#define ARGS_VALUES_FCN \ |
||||
const NMMetaPropertyInfo *property_info, char ***out_to_free |
||||
@@ -8159,6 +8159,7 @@ _meta_type_property_info_complete_fcn (const NMMetaAbstractInfo *abstract_info, |
||||
gpointer environment_user_data, |
||||
const NMMetaOperationContext *operation_context, |
||||
const char *text, |
||||
+ gboolean *out_complete_filename, |
||||
char ***out_to_free) |
||||
{ |
||||
const NMMetaPropertyInfo *info = (const NMMetaPropertyInfo *) abstract_info; |
||||
@@ -8171,6 +8172,7 @@ _meta_type_property_info_complete_fcn (const NMMetaAbstractInfo *abstract_info, |
||||
environment_user_data, |
||||
operation_context, |
||||
text, |
||||
+ out_complete_filename, |
||||
out_to_free); |
||||
} |
||||
|
||||
diff --git a/clients/common/nm-meta-setting-desc.h b/clients/common/nm-meta-setting-desc.h |
||||
index b69a07b50..2fee080b9 100644 |
||||
--- a/clients/common/nm-meta-setting-desc.h |
||||
+++ b/clients/common/nm-meta-setting-desc.h |
||||
@@ -221,6 +221,7 @@ struct _NMMetaPropertyType { |
||||
gpointer environment_user_data, |
||||
const NMMetaOperationContext *operation_context, |
||||
const char *text, |
||||
+ gboolean *out_complete_filename, |
||||
char ***out_to_free); |
||||
|
||||
/* Whether set_fcn() supports the '-' modifier. That is, whether the property |
||||
@@ -444,6 +445,7 @@ struct _NMMetaType { |
||||
gpointer environment_user_data, |
||||
const NMMetaOperationContext *operation_context, |
||||
const char *text, |
||||
+ gboolean *out_complete_filename, |
||||
char ***out_to_free); |
||||
}; |
||||
|
||||
-- |
||||
2.20.1 |
||||
|
||||
From 4fe5505236fdf1d268d8d8a8cc9a339c4e2eb47e Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 22:01:15 +0200 |
||||
Subject: [PATCH 5/6] cli: complete 802.1x certificate file names |
||||
|
||||
(cherry picked from commit ec4a12ecdbebbca5b8108e1611e95fa93b43d637) |
||||
(cherry picked from commit 3d3fac55e38c5da544f8acc36aaf9334a92cbf11) |
||||
--- |
||||
clients/common/nm-meta-setting-desc.c | 21 +++++++++++++++++++++ |
||||
1 file changed, 21 insertions(+) |
||||
|
||||
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c |
||||
index 7e4eb3d31..7c8f89563 100644 |
||||
--- a/clients/common/nm-meta-setting-desc.c |
||||
+++ b/clients/common/nm-meta-setting-desc.c |
||||
@@ -2307,6 +2307,26 @@ _set_fcn_cert_8021x (ARGS_SET_FCN) |
||||
} |
||||
} |
||||
|
||||
+static const char *const* |
||||
+_complete_fcn_cert_8021x (ARGS_COMPLETE_FCN) |
||||
+{ |
||||
+ const NMSetting8021xSchemeVtable *vtable; |
||||
+ |
||||
+ vtable = &nm_setting_8021x_scheme_vtable[property_info->property_typ_data->subtype.cert_8021x.scheme_type]; |
||||
+ |
||||
+ if (vtable->is_secret) { |
||||
+ gs_free const char **strv = NULL; |
||||
+ |
||||
+ strv = nm_utils_escaped_tokens_split (text, NM_ASCII_SPACES); |
||||
+ /* don't try to complete the password */ |
||||
+ if (NM_PTRARRAY_LEN (strv) > 1) |
||||
+ return NULL; |
||||
+ } |
||||
+ |
||||
+ NM_SET_OUT (out_complete_filename, TRUE); |
||||
+ return NULL; |
||||
+} |
||||
+ |
||||
static gconstpointer |
||||
_get_fcn_gobject_bytes (ARGS_GET_FCN) |
||||
{ |
||||
@@ -4466,6 +4486,7 @@ static const NMMetaPropertyType _pt_dcb = { |
||||
static const NMMetaPropertyType _pt_cert_8021x = { |
||||
.get_fcn = _get_fcn_cert_8021x, |
||||
.set_fcn = _set_fcn_cert_8021x, |
||||
+ .complete_fcn = _complete_fcn_cert_8021x, |
||||
}; |
||||
|
||||
static const NMMetaPropertyType _pt_ethtool = { |
||||
-- |
||||
2.20.1 |
||||
|
||||
From 1d02cd13072aa90471cdf0f0f2dde048a126c007 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Wed, 24 Apr 2019 15:21:34 +0200 |
||||
Subject: [PATCH 6/6] cli: hide certificate blobs unless --show-secrets is |
||||
passed |
||||
|
||||
This restores the behavior before commit 99711579ed43. |
||||
|
||||
Fixes: 99711579ed43 ('cli: add property type for 802-1x certificate properties (pt2)'). |
||||
(cherry picked from commit c91aad49695fc0d5ff1dd07a4459dc7fbe9bdbc0) |
||||
(cherry picked from commit 8c75120df055ac6c7b778a885473af202897abf9) |
||||
--- |
||||
clients/common/nm-meta-setting-desc.c | 3 +-- |
||||
1 file changed, 1 insertion(+), 2 deletions(-) |
||||
|
||||
diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c |
||||
index 7c8f89563..9b5debcfe 100644 |
||||
--- a/clients/common/nm-meta-setting-desc.c |
||||
+++ b/clients/common/nm-meta-setting-desc.c |
||||
@@ -2229,8 +2229,7 @@ _get_fcn_cert_8021x (ARGS_GET_FCN) |
||||
|
||||
switch (vtable->scheme_func (s_8021X)) { |
||||
case NM_SETTING_802_1X_CK_SCHEME_BLOB: |
||||
- if ( vtable->is_secret |
||||
- && !NM_FLAGS_HAS (get_flags, NM_META_ACCESSOR_GET_FLAGS_SHOW_SECRETS)) |
||||
+ if (!NM_FLAGS_HAS (get_flags, NM_META_ACCESSOR_GET_FLAGS_SHOW_SECRETS)) |
||||
return _get_text_hidden (get_type); |
||||
str = bytes_to_string (vtable->blob_func (s_8021X)); |
||||
break; |
||||
-- |
||||
2.20.1 |
@ -0,0 +1,41 @@
@@ -0,0 +1,41 @@
|
||||
From 89af6353940018621493764927a3f10335084628 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Fri, 26 Apr 2019 10:49:21 +0200 |
||||
Subject: [PATCH] device: fix reapply of MTU |
||||
|
||||
When we set the MTU on the link we remember its previous source |
||||
(ip-config, parent-device or connection profile) and don't change it |
||||
again afterwards to avoid interfering with user's manual changes. The |
||||
only exceptions when we change it again are (1) if the parent device |
||||
MTU changes and (2) if the new MTU has higher priority than the one |
||||
previously set. |
||||
|
||||
To allow a live reapply of the MTU property we also need to clear the |
||||
saved source, or the checks described above will prevent setting the |
||||
new value. |
||||
|
||||
Fixes: 2f8917237fdf ('device: rework mtu priority handling') |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1702657 |
||||
(cherry picked from commit 4ed72fa658c03790700ba9084e9328fe38afdee9) |
||||
(cherry picked from commit e738479bdd714f754aa311bada3315147efab376) |
||||
--- |
||||
src/devices/nm-device.c | 3 +++ |
||||
1 file changed, 3 insertions(+) |
||||
|
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c |
||||
index b909f0ddf..8ae64b968 100644 |
||||
--- a/src/devices/nm-device.c |
||||
+++ b/src/devices/nm-device.c |
||||
@@ -11312,6 +11312,9 @@ check_and_reapply_connection (NMDevice *self, |
||||
s_ip6_old = nm_connection_get_setting_ip6_config (con_old); |
||||
s_ip6_new = nm_connection_get_setting_ip6_config (con_new); |
||||
|
||||
+ /* Allow reapply of MTU */ |
||||
+ priv->mtu_source = NM_DEVICE_MTU_SOURCE_NONE; |
||||
+ |
||||
nm_device_reactivate_ip4_config (self, s_ip4_old, s_ip4_new); |
||||
nm_device_reactivate_ip6_config (self, s_ip6_old, s_ip6_new); |
||||
|
||||
-- |
||||
2.20.1 |
@ -0,0 +1,33 @@
@@ -0,0 +1,33 @@
|
||||
From f85322d23536c1004db8ddc722d4f2f6abc56aba Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 11:10:33 +0200 |
||||
Subject: [PATCH] settings: fix failed assertion |
||||
|
||||
Fix the following assertion failure: |
||||
|
||||
g_object_ref: assertion 'G_IS_OBJECT (object)' failed. |
||||
|
||||
nm_settings_add_connection() can return a NULL connection. |
||||
|
||||
Fixes: f034f17ff69c ('settings: keep the added connection alive for a bit longer') |
||||
(cherry picked from commit 48ce3628c528553d4105ed443934d733998e81b4) |
||||
(cherry picked from commit d80818e6cad94def1402be8326274bde998aa276) |
||||
--- |
||||
src/settings/nm-settings.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c |
||||
index 8e18a33e0..e594860bc 100644 |
||||
--- a/src/settings/nm-settings.c |
||||
+++ b/src/settings/nm-settings.c |
||||
@@ -1174,7 +1174,7 @@ pk_add_cb (NMAuthChain *chain, |
||||
* because it's found to be incompatible with the device on AddAndActivate). |
||||
* But we need to keep it alive for a bit longer, precisely to check wehther |
||||
* it's still known to the setting manager. */ |
||||
- g_object_ref (added); |
||||
+ nm_g_object_ref (added); |
||||
} |
||||
|
||||
callback = nm_auth_chain_get_data (chain, "callback"); |
||||
-- |
||||
2.20.1 |
@ -0,0 +1,80 @@
@@ -0,0 +1,80 @@
|
||||
From 98b1cf070bfa857a8a39b6499b39494bc4f4e54b Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 16:39:17 +0200 |
||||
Subject: [PATCH 1/2] manager: clear unmanaged-sleeping flag on software |
||||
devices on resume |
||||
|
||||
When networking is disabled at NM startup we unmanage all devices |
||||
(including software ones) due to SLEEPING. After networking gets |
||||
enabled again we must clear the unmanaged-sleeping flag on software |
||||
devices. |
||||
|
||||
(cherry picked from commit 656753b70888badc29ffca592f82fd8355894596) |
||||
(cherry picked from commit bb555ff6b5959767ab663d610cdabb8baa280447) |
||||
--- |
||||
src/nm-manager.c | 8 ++++---- |
||||
1 file changed, 4 insertions(+), 4 deletions(-) |
||||
|
||||
diff --git a/src/nm-manager.c b/src/nm-manager.c |
||||
index 40e068ac5..ed2fa3df4 100644 |
||||
--- a/src/nm-manager.c |
||||
+++ b/src/nm-manager.c |
||||
@@ -5923,10 +5923,10 @@ do_sleep_wake (NMManager *self, gboolean sleeping_changed) |
||||
c_list_for_each_entry (device, &priv->devices_lst_head, devices_lst) { |
||||
guint i; |
||||
|
||||
- if (nm_device_is_software (device)) { |
||||
- /* We do not manage/unmanage software devices but |
||||
- * their dhcp leases could have gone stale so we need |
||||
- * to renew them */ |
||||
+ if ( nm_device_is_software (device) |
||||
+ && !nm_device_get_unmanaged_flags (device, NM_UNMANAGED_SLEEPING)) { |
||||
+ /* DHCP leases of software devices could have gone stale |
||||
+ * so we need to renew them. */ |
||||
nm_device_update_dynamic_ip_setup (device); |
||||
continue; |
||||
} |
||||
-- |
||||
2.20.1 |
||||
|
||||
From 9b08f52f043cb5f3794f1432df157a16c222b21c Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 15:30:53 +0200 |
||||
Subject: [PATCH 2/2] manager: unmanage software devices when networking gets |
||||
disabled |
||||
|
||||
If a user disables networking, we consider that as an indication that |
||||
also software devices must be disconnected. OTOH, we don't want to |
||||
destroy them for external events as a system suspend. |
||||
|
||||
(cherry picked from commit 32ee51eee002f5e6717b856fd0a095114a02cc96) |
||||
(cherry picked from commit da8462df1a273cd6b31f885b866726a64ca14550) |
||||
--- |
||||
src/nm-manager.c | 12 +++++++++--- |
||||
1 file changed, 9 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/src/nm-manager.c b/src/nm-manager.c |
||||
index ed2fa3df4..c0cd15c0c 100644 |
||||
--- a/src/nm-manager.c |
||||
+++ b/src/nm-manager.c |
||||
@@ -5866,9 +5866,15 @@ do_sleep_wake (NMManager *self, gboolean sleeping_changed) |
||||
* suspend/resume? |
||||
*/ |
||||
c_list_for_each_entry (device, &priv->devices_lst_head, devices_lst) { |
||||
- /* FIXME: shouldn't we be unmanaging software devices if !suspending? */ |
||||
- if (nm_device_is_software (device)) |
||||
- continue; |
||||
+ if (nm_device_is_software (device)) { |
||||
+ /* If a user disables networking we consider that as an |
||||
+ * indication that also software devices must be disconnected. |
||||
+ * But we don't want to destroy them for external events as |
||||
+ * a system suspend. |
||||
+ */ |
||||
+ if (suspending) |
||||
+ continue; |
||||
+ } |
||||
/* Wake-on-LAN devices will be taken down post-suspend rather than pre- */ |
||||
if ( suspending |
||||
&& device_is_wake_on_lan (priv->platform, device)) { |
||||
-- |
||||
2.20.1 |
@ -0,0 +1,122 @@
@@ -0,0 +1,122 @@
|
||||
From bb782ab4b2058e0ae14aae1a4c71bd0dc908fbdc Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 7 May 2019 16:26:09 +0200 |
||||
Subject: [PATCH 1/3] all: fix typos (milli seconds -> milliseconds) |
||||
|
||||
(cherry picked from commit 4735d6764a5dc9c3bc6bc09d3220751e789b39c4) |
||||
(cherry picked from commit f6b9366eb4435d7ee45f862dabdefb5f87c4739d) |
||||
--- |
||||
shared/nm-glib-aux/nm-time-utils.c | 2 +- |
||||
src/devices/nm-device.c | 2 +- |
||||
2 files changed, 2 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/shared/nm-glib-aux/nm-time-utils.c b/shared/nm-glib-aux/nm-time-utils.c |
||||
index ae526c342..98a414595 100644 |
||||
--- a/shared/nm-glib-aux/nm-time-utils.c |
||||
+++ b/shared/nm-glib-aux/nm-time-utils.c |
||||
@@ -231,7 +231,7 @@ nm_utils_get_monotonic_timestamp_s (void) |
||||
* @timestamp: the monotonic-timestamp that should be converted into CLOCK_BOOTTIME. |
||||
* @timestamp_ns_per_tick: How many nano seconds make one unit of @timestamp? E.g. if |
||||
* @timestamp is in unit seconds, pass %NM_UTILS_NS_PER_SECOND; @timestamp in nano |
||||
- * seconds, pass 1; @timestamp in milli seconds, pass %NM_UTILS_NS_PER_SECOND/1000; etc. |
||||
+ * seconds, pass 1; @timestamp in milliseconds, pass %NM_UTILS_NS_PER_SECOND/1000; etc. |
||||
* |
||||
* Returns: the monotonic-timestamp as CLOCK_BOOTTIME, as returned by clock_gettime(). |
||||
* The unit is the same as the passed in @timestamp basd on @timestamp_ns_per_tick. |
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c |
||||
index 8ae64b968..7bf1eb4ce 100644 |
||||
--- a/src/devices/nm-device.c |
||||
+++ b/src/devices/nm-device.c |
||||
@@ -3588,7 +3588,7 @@ nm_device_set_carrier (NMDevice *self, gboolean carrier) |
||||
now_ms = nm_utils_get_monotonic_timestamp_ms (); |
||||
until_ms = NM_MAX (now_ms + _get_carrier_wait_ms (self), priv->carrier_wait_until_ms); |
||||
priv->carrier_defer_id = g_timeout_add (until_ms - now_ms, carrier_disconnected_action_cb, self); |
||||
- _LOGD (LOGD_DEVICE, "carrier: link disconnected (deferring action for %ld milli seconds) (id=%u)", |
||||
+ _LOGD (LOGD_DEVICE, "carrier: link disconnected (deferring action for %ld milliseconds) (id=%u)", |
||||
(long) (until_ms - now_ms), priv->carrier_defer_id); |
||||
} |
||||
} |
||||
-- |
||||
2.20.1 |
||||
|
||||
From ef2113cf7c06d5157ddd2cdc26c1f781b60c477c Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 7 May 2019 16:25:04 +0200 |
||||
Subject: [PATCH 2/3] device: unconditionally reapply IP configuration on link |
||||
up |
||||
|
||||
Consider the situation in which ipv4.method=auto and there is an |
||||
address configured. Also, the DHCP timeout is long and there is no |
||||
DHCP server. If the link is brought down temporarily, the prefix route |
||||
for the static address is lost and not restored by NM because we |
||||
reapply the IP configuration only when the IP state is DONE. |
||||
|
||||
The same can happen also for IPv6, but in that case also static IPv6 |
||||
addresses are lost. |
||||
|
||||
We should always reapply the IP configuration when the link goes up. |
||||
|
||||
(cherry picked from commit d0b16b9283dc16e9db642280be9d6b10a04092a8) |
||||
(cherry picked from commit 4482ca64ba5bbf1c173ea5b4a3854da0173542a8) |
||||
--- |
||||
src/devices/nm-device.c | 12 ++++-------- |
||||
1 file changed, 4 insertions(+), 8 deletions(-) |
||||
|
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c |
||||
index 7bf1eb4ce..510d9792e 100644 |
||||
--- a/src/devices/nm-device.c |
||||
+++ b/src/devices/nm-device.c |
||||
@@ -3890,16 +3890,12 @@ device_link_changed (NMDevice *self) |
||||
if (priv->up && (!was_up || seen_down)) { |
||||
/* the link was down and just came up. That happens for example, while changing MTU. |
||||
* We must restore IP configuration. */ |
||||
- if (priv->ip_state_4 == NM_DEVICE_IP_STATE_DONE) { |
||||
- if (!ip_config_merge_and_apply (self, AF_INET, TRUE)) |
||||
- _LOGW (LOGD_IP4, "failed applying IP4 config after link comes up again"); |
||||
- } |
||||
+ if (!ip_config_merge_and_apply (self, AF_INET, TRUE)) |
||||
+ _LOGW (LOGD_IP4, "failed applying IP4 config after link comes up again"); |
||||
|
||||
priv->linklocal6_dad_counter = 0; |
||||
- if (priv->ip_state_6 == NM_DEVICE_IP_STATE_DONE) { |
||||
- if (!ip_config_merge_and_apply (self, AF_INET6, TRUE)) |
||||
- _LOGW (LOGD_IP6, "failed applying IP6 config after link comes up again"); |
||||
- } |
||||
+ if (!ip_config_merge_and_apply (self, AF_INET6, TRUE)) |
||||
+ _LOGW (LOGD_IP6, "failed applying IP6 config after link comes up again"); |
||||
} |
||||
|
||||
if (update_unmanaged_specs) |
||||
-- |
||||
2.20.1 |
||||
|
||||
From b3f9c33557951ed90767ff50e9e72e533a211b45 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 7 May 2019 16:32:12 +0200 |
||||
Subject: [PATCH 3/3] device: fix intersecting IPv6 configurations |
||||
|
||||
If the link is down we shouldn't drop the link-local address from |
||||
configuration as it wasn't removed by user but by kernel. |
||||
|
||||
(cherry picked from commit 18d2edfaa13d97597ddf5551e6dd5ea854f1fdbf) |
||||
(cherry picked from commit 6f6914450072b79a91731e042e498ca26892696c) |
||||
--- |
||||
src/devices/nm-device.c | 3 ++- |
||||
1 file changed, 2 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c |
||||
index 510d9792e..06a95110b 100644 |
||||
--- a/src/devices/nm-device.c |
||||
+++ b/src/devices/nm-device.c |
||||
@@ -12882,7 +12882,8 @@ update_ext_ip_config (NMDevice *self, int addr_family, gboolean intersect_config |
||||
for (iter = priv->vpn_configs_6; iter; iter = iter->next) |
||||
nm_ip6_config_intersect (iter->data, priv->ext_ip_config_6, is_up, is_up, 0); |
||||
|
||||
- if ( priv->ipv6ll_has |
||||
+ if ( is_up |
||||
+ && priv->ipv6ll_has |
||||
&& !nm_ip6_config_lookup_address (priv->ext_ip_config_6, &priv->ipv6ll_addr)) |
||||
priv->ipv6ll_has = FALSE; |
||||
} |
||||
-- |
||||
2.20.1 |
@ -0,0 +1,126 @@
@@ -0,0 +1,126 @@
|
||||
From 48193ae383de29c52bf37d869f2e0a8534fbe825 Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Fri, 10 May 2019 14:35:52 +0200 |
||||
Subject: [PATCH 1/2] settings: avoid assertion for LoadConnections D-Bus |
||||
method with relative paths |
||||
|
||||
$ busctl call org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/Settings org.freedesktop.NetworkManager.Settings LoadConnections as 1 relative/filename |
||||
|
||||
triggers a g_critical() assertion in nm_utils_file_is_in_path(): |
||||
|
||||
... |
||||
#3 0x00007ffff7a19e7d in g_return_if_fail_warning |
||||
(log_domain=log_domain@entry=0x55555586c333 "NetworkManager", pretty_function=pretty_function@entry=0x55555586c0a0 <__FUNCTION__.38585> "nm_utils_file_is_in_path", expression=expression@entry=0x55555586c010 "abs_filename && abs_filename[0] == '/'") at ../glib/gmessages.c:2767 |
||||
#4 0x00005555555f1128 in nm_utils_file_is_in_path (abs_filename=abs_filename@entry=0x555555b56670 "dfd", abs_path=<optimized out>) at src/NetworkManagerUtils.c:1077 |
||||
#5 0x00005555555a4779 in load_connection (config=<optimized out>, filename=0x555555b56670 "dfd") at src/settings/plugins/keyfile/nms-keyfile-plugin.c:522 |
||||
#6 0x00005555557ce291 in nm_settings_plugin_load_connection (self=0x5555559fd400 [NMSKeyfilePlugin], filename=0x555555b56670 "dfd") at src/settings/nm-settings-plugin.c:70 |
||||
#7 0x000055555559ccdf in impl_settings_load_connections |
||||
(obj=<optimized out>, interface_info=<optimized out>, method_info=<optimized out>, connection=<optimized out>, sender=<optimized out>, invocation=0x7fffe0015ed0 [GDBusMethodInvocation], parameters=<optimized out>) at src/settings/nm-settings.c:1439 |
||||
#8 0x00005555555a9bf9 in dbus_vtable_method_call |
||||
(connection=0x5555559b91b0 [GDBusConnection], sender=sender@entry=0x555555b5c360 ":1.32283", object_path=object_path@entry=0x7fffe0019070 "/org/freedesktop/NetworkManager/Settings", interface_name=<optimized out>, interface_name@entry=0x7fffe002aa70 "org.freedesktop.NetworkManager.Settings", method_name=<optimized out>, |
||||
method_name@entry=0x7fffe00276b0 "LoadConnections", parameters=parameters@entry=0x555555c4a690, invocation=0x7fffe0015ed0 [GDBusMethodInvocation], user_data=0x5555559a1a00) |
||||
at src/nm-dbus-manager.c:947 |
||||
#9 0x00007ffff7c506c4 in call_in_idle_cb (user_data=user_data@entry=0x7fffe0015ed0) at ../gio/gdbusconnection.c:4874 |
||||
#10 0x00007ffff7a0e8eb in g_idle_dispatch (source=source@entry=0x7fffe00208a0, callback=0x7ffff7c50590 <call_in_idle_cb>, user_data=0x7fffe0015ed0) at ../glib/gmain.c:5627 |
||||
#11 0x00007ffff7a11fd0 in g_main_dispatch (context=0x555555994d00) at ../glib/gmain.c:3189 |
||||
#12 0x00007ffff7a11fd0 in g_main_context_dispatch (context=context@entry=0x555555994d00) at ../glib/gmain.c:3854 |
||||
#13 0x00007ffff7a12368 in g_main_context_iterate (context=0x555555994d00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3927 |
||||
#14 0x00007ffff7a126b3 in g_main_loop_run (loop=0x555555995e60) at ../glib/gmain.c:4123 |
||||
#15 0x000055555558a741 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:444 |
||||
|
||||
Filter out relative filenames early. |
||||
|
||||
(cherry picked from commit a1b102eae4bc412297b72c327530abc1ca38d659) |
||||
(cherry picked from commit c21171e06987353868e91d6e1cd395ade05e9390) |
||||
--- |
||||
src/settings/nm-settings.c | 31 ++++++++++++++++++------------- |
||||
1 file changed, 18 insertions(+), 13 deletions(-) |
||||
|
||||
diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c |
||||
index e594860bc..1f8314847 100644 |
||||
--- a/src/settings/nm-settings.c |
||||
+++ b/src/settings/nm-settings.c |
||||
@@ -1409,8 +1409,6 @@ impl_settings_load_connections (NMDBusObject *obj, |
||||
NMSettings *self = NM_SETTINGS (obj); |
||||
NMSettingsPrivate *priv = NM_SETTINGS_GET_PRIVATE (self); |
||||
gs_unref_ptrarray GPtrArray *failures = NULL; |
||||
- GSList *iter; |
||||
- guint i; |
||||
gs_free const char **filenames = NULL; |
||||
|
||||
g_variant_get (parameters, "(^a&s)", &filenames); |
||||
@@ -1427,21 +1425,28 @@ impl_settings_load_connections (NMDBusObject *obj, |
||||
return; |
||||
|
||||
if (filenames) { |
||||
+ gsize i; |
||||
+ |
||||
for (i = 0; filenames[i]; i++) { |
||||
- for (iter = priv->plugins; iter; iter = g_slist_next (iter)) { |
||||
- NMSettingsPlugin *plugin = NM_SETTINGS_PLUGIN (iter->data); |
||||
+ GSList *iter; |
||||
|
||||
- if (nm_settings_plugin_load_connection (plugin, filenames[i])) |
||||
- break; |
||||
- } |
||||
+ if (filenames[i][0] != '/') |
||||
+ _LOGW ("load: connection filename '%s' is not an absolute path", filenames[i]); |
||||
+ else { |
||||
+ for (iter = priv->plugins; iter; iter = iter->next) { |
||||
+ NMSettingsPlugin *plugin = NM_SETTINGS_PLUGIN (iter->data); |
||||
|
||||
- if (!iter) { |
||||
- if (!g_path_is_absolute (filenames[i])) |
||||
- _LOGW ("connection filename '%s' is not an absolute path", filenames[i]); |
||||
- if (!failures) |
||||
- failures = g_ptr_array_new (); |
||||
- g_ptr_array_add (failures, (char *) filenames[i]); |
||||
+ if (nm_settings_plugin_load_connection (plugin, filenames[i])) |
||||
+ goto next_filename; |
||||
+ } |
||||
} |
||||
+ |
||||
+ if (!failures) |
||||
+ failures = g_ptr_array_new (); |
||||
+ g_ptr_array_add (failures, (char *) filenames[i]); |
||||
+ |
||||
+next_filename: |
||||
+ ; |
||||
} |
||||
} |
||||
|
||||
-- |
||||
2.21.0 |
||||
|
||||
|
||||
From b9123eb59de18ddf30b2cb5eab0f5a0c0eeef345 Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Fri, 10 May 2019 14:53:51 +0200 |
||||
Subject: [PATCH 2/2] settings/d-bus: fix boolean return value of |
||||
"LoadConnections" |
||||
|
||||
The boolean value is intended to indicate success. It would indicated |
||||
failure due to a bug. |
||||
|
||||
Fixes: 297d4985abcc ('core/dbus: rework D-Bus implementation to use lower layer GDBusConnection API'): |
||||
(cherry picked from commit 22e830f0469a654159e71b5bbddb2774bb5342c2) |
||||
(cherry picked from commit e73a505866a784b41393ae6082a26ff7389633d3) |
||||
--- |
||||
src/settings/nm-settings.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/settings/nm-settings.c b/src/settings/nm-settings.c |
||||
index 1f8314847..90dd892cb 100644 |
||||
--- a/src/settings/nm-settings.c |
||||
+++ b/src/settings/nm-settings.c |
||||
@@ -1455,7 +1455,7 @@ next_filename: |
||||
|
||||
g_dbus_method_invocation_return_value (invocation, |
||||
g_variant_new ("(b^as)", |
||||
- (gboolean) (!!failures), |
||||
+ (gboolean) (!failures), |
||||
failures |
||||
? (const char **) failures->pdata |
||||
: NM_PTRARRAY_EMPTY (const char *))); |
||||
-- |
||||
2.21.0 |
@ -0,0 +1,42 @@
@@ -0,0 +1,42 @@
|
||||
From a6562097a4d0f35c22c4f0f949012dee918bf510 Mon Sep 17 00:00:00 2001 |
||||
From: Thomas Haller <thaller@redhat.com> |
||||
Date: Tue, 14 May 2019 13:55:41 +0200 |
||||
Subject: [PATCH 1/1] core: fix file permissions for |
||||
"/var/lib/NetworkManager/secret_key" |
||||
|
||||
Ooherwise, the file has wrong permissions: |
||||
|
||||
# ls -la /var/lib/NetworkManager/secret_key |
||||
----r-xr-x. 1 root root 50 May 14 13:52 /var/lib/NetworkManager/secret_key |
||||
|
||||
Luckily, /var/lib/NetworkManager should be already |
||||
|
||||
# ls -lad /var/lib/NetworkManager |
||||
drwx------. 2 root root 8192 May 14 13:57 /var/lib/NetworkManager |
||||
|
||||
which mitigates this a bit. |
||||
|
||||
Fixes: dbcb1d6d97c6 ('core: let nm_utils_secret_key_read() handle failures internally') |
||||
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/175 |
||||
(cherry picked from commit dc3a2f9bc4c35030bcaf9e81953daf7894ab62b6) |
||||
(cherry picked from commit 2d46247c6ac6f89a0b8bac86d684431c07dc6c8e) |
||||
--- |
||||
src/nm-core-utils.c | 2 +- |
||||
1 file changed, 1 insertion(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c |
||||
index b0cc914e7..fd1628027 100644 |
||||
--- a/src/nm-core-utils.c |
||||
+++ b/src/nm-core-utils.c |
||||
@@ -2697,7 +2697,7 @@ _host_id_read (guint8 **out_host_id, |
||||
} else if (!nm_utils_file_set_contents (SECRET_KEY_FILE, |
||||
(const char *) new_content, |
||||
len, |
||||
- 0077, |
||||
+ 0600, |
||||
&error)) { |
||||
nm_log_warn (LOGD_CORE, "secret-key: failure to persist secret key in \"%s\" (%s) (use non-persistent key)", |
||||
SECRET_KEY_FILE, error->message); |
||||
-- |
||||
2.21.0 |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,32 @@
@@ -0,0 +1,32 @@
|
||||
From 2711e9be108063d9e269412c9026c10c63f1cda3 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Sun, 19 May 2019 11:35:02 +0200 |
||||
Subject: [PATCH] team: don't kill teamd for external devices |
||||
|
||||
The teamd instance must not be killed if the device was externally |
||||
activated. |
||||
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/158 |
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1693142 |
||||
(cherry picked from commit 008a4b4215dcce40345b2c372ffc8cfd0d388fa5) |
||||
(cherry picked from commit bd113fe72eac3f609a6d05ab33ef52d6773c1985) |
||||
--- |
||||
src/devices/team/nm-device-team.c | 3 +++ |
||||
1 file changed, 3 insertions(+) |
||||
|
||||
diff --git a/src/devices/team/nm-device-team.c b/src/devices/team/nm-device-team.c |
||||
index 287f4d1b1..4ae276dbf 100644 |
||||
--- a/src/devices/team/nm-device-team.c |
||||
+++ b/src/devices/team/nm-device-team.c |
||||
@@ -694,6 +694,9 @@ deactivate (NMDevice *device) |
||||
NMDeviceTeam *self = NM_DEVICE_TEAM (device); |
||||
NMDeviceTeamPrivate *priv = NM_DEVICE_TEAM_GET_PRIVATE (self); |
||||
|
||||
+ if (nm_device_sys_iface_state_is_external (device)) |
||||
+ return; |
||||
+ |
||||
if (priv->teamd_pid || priv->tdc) |
||||
_LOGI (LOGD_TEAM, "deactivation: stopping teamd..."); |
||||
|
||||
-- |
||||
2.20.1 |
@ -0,0 +1,304 @@
@@ -0,0 +1,304 @@
|
||||
From 51c47c0a9d77f04d04c6cde7f1254623328898f9 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 14 May 2019 13:59:00 +0200 |
||||
Subject: [PATCH 1/3] ifcfg-rh: write client certificate even if it is pkcs12 |
||||
|
||||
The writer should only persist properties without too much additional |
||||
logic, which should be instead embedded in the setting itself. |
||||
|
||||
(cherry picked from commit a995244e9bf526b2d10143858655c3ea3731bf91) |
||||
(cherry picked from commit 5a5cd8d05dfbde11b0983e09a5a37f6929bb2178) |
||||
--- |
||||
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 4 ---- |
||||
.../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 24 ++++++------------- |
||||
2 files changed, 7 insertions(+), 21 deletions(-) |
||||
|
||||
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
index e5423b181..9b7511064 100644 |
||||
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
@@ -3117,10 +3117,6 @@ eap_tls_reader (const char *eap_method, |
||||
&client_cert, |
||||
error)) |
||||
return FALSE; |
||||
- /* FIXME: writer does not actually write IEEE_8021X_CLIENT_CERT_PASSWORD and other |
||||
- * certificate related passwords. It should, because otherwise persisting such profiles |
||||
- * to ifcfg looses information. As this currently only matters for PKCS11 URIs, it seems |
||||
- * a seldom used feature so that it is not fixed yet. */ |
||||
_secret_set_from_ifcfg (s_8021x, |
||||
ifcfg, |
||||
keys_ifcfg, |
||||
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c |
||||
index 80b1bffe1..90f06e183 100644 |
||||
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c |
||||
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c |
||||
@@ -358,23 +358,13 @@ write_8021x_certs (NMSetting8021x *s_8021x, |
||||
if (!write_object (s_8021x, ifcfg, secrets, blobs, otype, error)) |
||||
return FALSE; |
||||
|
||||
- /* Client certificate */ |
||||
- if (otype->vtable->format_func (s_8021x) == NM_SETTING_802_1X_CK_FORMAT_PKCS12) { |
||||
- /* Don't need a client certificate with PKCS#12 since the file is both |
||||
- * the client certificate and the private key in one file. |
||||
- */ |
||||
- svSetValueStr (ifcfg, |
||||
- phase2 ? "IEEE_8021X_INNER_CLIENT_CERT" : "IEEE_8021X_CLIENT_CERT", |
||||
- NULL); |
||||
- } else { |
||||
- /* Save the client certificate */ |
||||
- if (!write_object (s_8021x, ifcfg, secrets, blobs, |
||||
- phase2 |
||||
- ? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CLIENT_CERT] |
||||
- : &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CLIENT_CERT], |
||||
- error)) |
||||
- return FALSE; |
||||
- } |
||||
+ /* Save the client certificate */ |
||||
+ if (!write_object (s_8021x, ifcfg, secrets, blobs, |
||||
+ phase2 |
||||
+ ? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CLIENT_CERT] |
||||
+ : &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CLIENT_CERT], |
||||
+ error)) |
||||
+ return FALSE; |
||||
|
||||
return TRUE; |
||||
} |
||||
-- |
||||
2.20.1 |
||||
|
||||
From c62a97f608c4c28cbefe1b5b57bec5f6da24b342 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 14 May 2019 14:32:19 +0200 |
||||
Subject: [PATCH 2/3] ifcfg-rh: don't check for 802.1x private key or client |
||||
cert in reader |
||||
|
||||
Let the setting check it in verify(). |
||||
|
||||
(cherry picked from commit d9b3b2b8cec9fdb984a6103240688dc46f33866e) |
||||
(cherry picked from commit c28db67a781388e1f742b3406e26a35c8c2522a8) |
||||
--- |
||||
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 16 +++------------- |
||||
1 file changed, 3 insertions(+), 13 deletions(-) |
||||
|
||||
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
index 9b7511064..da3b89e1a 100644 |
||||
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
@@ -3077,6 +3077,7 @@ eap_tls_reader (const char *eap_method, |
||||
svGetValueStr (ifcfg, "IEEE_8021X_IDENTITY", &identity_free), |
||||
NULL); |
||||
|
||||
+ /* CA certificate */ |
||||
if (!_cert_set_from_ifcfg (s_8021x, |
||||
ifcfg, |
||||
phase2 ? "IEEE_8021X_INNER_CA_CERT" : "IEEE_8021X_CA_CERT", |
||||
@@ -3090,6 +3091,7 @@ eap_tls_reader (const char *eap_method, |
||||
phase2 ? "IEEE_8021X_INNER_CA_CERT_PASSWORD" : "IEEE_8021X_CA_CERT_PASSWORD", |
||||
phase2 ? NM_SETTING_802_1X_PHASE2_CA_CERT_PASSWORD : NM_SETTING_802_1X_CA_CERT_PASSWORD); |
||||
|
||||
+ /* Private key */ |
||||
if (!_cert_set_from_ifcfg (s_8021x, |
||||
ifcfg, |
||||
phase2 ? "IEEE_8021X_INNER_PRIVATE_KEY" : "IEEE_8021X_PRIVATE_KEY", |
||||
@@ -3102,14 +3104,8 @@ eap_tls_reader (const char *eap_method, |
||||
keys_ifcfg, |
||||
phase2 ? "IEEE_8021X_INNER_PRIVATE_KEY_PASSWORD" : "IEEE_8021X_PRIVATE_KEY_PASSWORD", |
||||
phase2 ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD : NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD); |
||||
- if (!privkey) { |
||||
- g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, |
||||
- "Missing %s for EAP method '%s'.", |
||||
- phase2 ? "IEEE_8021X_INNER_PRIVATE_KEY" : "IEEE_8021X_PRIVATE_KEY", |
||||
- eap_method); |
||||
- return FALSE; |
||||
- } |
||||
|
||||
+ /* Client certificate */ |
||||
if (!_cert_set_from_ifcfg (s_8021x, |
||||
ifcfg, |
||||
phase2 ? "IEEE_8021X_INNER_CLIENT_CERT" : "IEEE_8021X_CLIENT_CERT", |
||||
@@ -3122,12 +3118,6 @@ eap_tls_reader (const char *eap_method, |
||||
keys_ifcfg, |
||||
phase2 ? "IEEE_8021X_INNER_CLIENT_CERT_PASSWORD" : "IEEE_8021X_CLIENT_CERT_PASSWORD", |
||||
phase2 ? NM_SETTING_802_1X_PHASE2_CLIENT_CERT_PASSWORD : NM_SETTING_802_1X_CLIENT_CERT_PASSWORD); |
||||
- if (!client_cert) { |
||||
- g_set_error (error, NM_SETTINGS_ERROR, NM_SETTINGS_ERROR_INVALID_CONNECTION, |
||||
- "Missing certificate for EAP method '%s'.", |
||||
- eap_method); |
||||
- return FALSE; |
||||
- } |
||||
|
||||
return TRUE; |
||||
} |
||||
-- |
||||
2.20.1 |
||||
|
||||
From b3935bb0f25bede6e9c29735314f42f4bd773e09 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 14 May 2019 15:27:45 +0200 |
||||
Subject: [PATCH 3/3] ifcfg-rh: use PKCS #12 private key also as client cert in |
||||
reader |
||||
|
||||
Before commit e3ac45c02610 the reader set the private key in the |
||||
setting using the libnm function, which also set the key as client |
||||
certificate if it was in PKCS #12 format. |
||||
|
||||
After the commit, existing connections with a PKCS #12 private key but |
||||
without a client certificate became invalid. Restore the old behavior. |
||||
|
||||
Fixes: e3ac45c02610 ('ifcfg-rh: don't use 802-1x certifcate setter functions') |
||||
(cherry picked from commit 9a410fc312c50ac405c57ff4e9eb692e798e248d) |
||||
(cherry picked from commit 51896e1e6b24e0b5d6aefce3c4945d27a5b9f5b7) |
||||
--- |
||||
Makefile.am | 2 ++ |
||||
.../plugins/ifcfg-rh/nms-ifcfg-rh-reader.c | 28 ++++++++++++++++-- |
||||
.../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c | 21 +++++++++---- |
||||
...fg-test-wired-8021x-tls-p12-no-client-cert | 13 ++++++++ |
||||
.../tests/network-scripts/test_client.p12 | Bin 0 -> 2848 bytes |
||||
.../plugins/ifcfg-rh/tests/test-ifcfg-rh.c | 23 ++++++++++++++ |
||||
6 files changed, 79 insertions(+), 8 deletions(-) |
||||
create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-p12-no-client-cert |
||||
create mode 100644 src/settings/plugins/ifcfg-rh/tests/network-scripts/test_client.p12 |
||||
|
||||
diff --git a/Makefile.am b/Makefile.am |
||||
index d78bfdeda..8c470df31 100644 |
||||
--- a/Makefile.am |
||||
+++ b/Makefile.am |
||||
@@ -3014,6 +3014,7 @@ EXTRA_DIST += \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-peap-mschapv2 \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-agent \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-always \ |
||||
+ src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-8021x-tls-p12-no-client-cert \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-auto-negotiate-on \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-autoip \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/ifcfg-test-wired-ctc-static \ |
||||
@@ -3083,6 +3084,7 @@ EXTRA_DIST += \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/route6-test-wired-ipv6-manual \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/test1_key_and_cert.pem \ |
||||
src/settings/plugins/ifcfg-rh/tests/network-scripts/test_ca_cert.pem \ |
||||
+ src/settings/plugins/ifcfg-rh/tests/network-scripts/test_client.p12 \ |
||||
$(NULL) |
||||
|
||||
# make target dependencies can't have colons in their names, which ends up |
||||
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
index da3b89e1a..317e22f7a 100644 |
||||
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c |
||||
@@ -3071,6 +3071,10 @@ eap_tls_reader (const char *eap_method, |
||||
gs_unref_bytes GBytes *privkey = NULL; |
||||
gs_unref_bytes GBytes *client_cert = NULL; |
||||
gs_free char *identity_free = NULL; |
||||
+ gs_free char *value_to_free = NULL; |
||||
+ const char *client_cert_var; |
||||
+ const char *client_cert_prop; |
||||
+ NMSetting8021xCKFormat format; |
||||
|
||||
g_object_set (s_8021x, |
||||
NM_SETTING_802_1X_IDENTITY, |
||||
@@ -3106,10 +3110,12 @@ eap_tls_reader (const char *eap_method, |
||||
phase2 ? NM_SETTING_802_1X_PHASE2_PRIVATE_KEY_PASSWORD : NM_SETTING_802_1X_PRIVATE_KEY_PASSWORD); |
||||
|
||||
/* Client certificate */ |
||||
+ client_cert_var = phase2 ? "IEEE_8021X_INNER_CLIENT_CERT" : "IEEE_8021X_CLIENT_CERT"; |
||||
+ client_cert_prop = phase2 ? NM_SETTING_802_1X_PHASE2_CLIENT_CERT : NM_SETTING_802_1X_CLIENT_CERT; |
||||
if (!_cert_set_from_ifcfg (s_8021x, |
||||
ifcfg, |
||||
- phase2 ? "IEEE_8021X_INNER_CLIENT_CERT" : "IEEE_8021X_CLIENT_CERT", |
||||
- phase2 ? NM_SETTING_802_1X_PHASE2_CLIENT_CERT : NM_SETTING_802_1X_CLIENT_CERT, |
||||
+ client_cert_var, |
||||
+ client_cert_prop, |
||||
&client_cert, |
||||
error)) |
||||
return FALSE; |
||||
@@ -3119,6 +3125,24 @@ eap_tls_reader (const char *eap_method, |
||||
phase2 ? "IEEE_8021X_INNER_CLIENT_CERT_PASSWORD" : "IEEE_8021X_CLIENT_CERT_PASSWORD", |
||||
phase2 ? NM_SETTING_802_1X_PHASE2_CLIENT_CERT_PASSWORD : NM_SETTING_802_1X_CLIENT_CERT_PASSWORD); |
||||
|
||||
+ /* In the past when the private key and client certificate |
||||
+ * were the same PKCS #12 file we used to write only the |
||||
+ * private key variable. Still support that even if it means |
||||
+ * that we have to look into the file content, which makes |
||||
+ * the connection not self-contained. |
||||
+ */ |
||||
+ if ( !client_cert |
||||
+ && privkey |
||||
+ && !svGetValue (ifcfg, client_cert_var, &value_to_free)) { |
||||
+ if (phase2) |
||||
+ format = nm_setting_802_1x_get_phase2_private_key_format (s_8021x); |
||||
+ else |
||||
+ format = nm_setting_802_1x_get_private_key_format (s_8021x); |
||||
+ |
||||
+ if (format == NM_SETTING_802_1X_CK_FORMAT_PKCS12) |
||||
+ g_object_set (s_8021x, client_cert_prop, privkey, NULL); |
||||
+ } |
||||
+ |
||||
return TRUE; |
||||
} |
||||
|
||||
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c |
||||
index 90f06e183..6e2bc8493 100644 |
||||
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c |
||||
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c |
||||
@@ -209,6 +209,7 @@ write_object (NMSetting8021x *s_8021x, |
||||
GHashTable *secrets, |
||||
GHashTable *blobs, |
||||
const Setting8021xSchemeVtable *objtype, |
||||
+ gboolean force_write, |
||||
GError **error) |
||||
{ |
||||
NMSetting8021xCKScheme scheme; |
||||
@@ -287,7 +288,7 @@ write_object (NMSetting8021x *s_8021x, |
||||
*/ |
||||
standard_file = utils_cert_path (svFileGetName (ifcfg), objtype->vtable->file_suffix, extension); |
||||
g_hash_table_replace (blobs, standard_file, NULL); |
||||
- svUnsetValue (ifcfg, objtype->ifcfg_rh_key); |
||||
+ svSetValue (ifcfg, objtype->ifcfg_rh_key, force_write ? "" : NULL); |
||||
return TRUE; |
||||
} |
||||
|
||||
@@ -338,31 +339,39 @@ write_8021x_certs (NMSetting8021x *s_8021x, |
||||
shvarFile *ifcfg, |
||||
GError **error) |
||||
{ |
||||
- const Setting8021xSchemeVtable *otype = NULL; |
||||
+ const Setting8021xSchemeVtable *pk_otype = NULL; |
||||
+ gs_free char *value_to_free = NULL; |
||||
|
||||
/* CA certificate */ |
||||
if (!write_object (s_8021x, ifcfg, secrets, blobs, |
||||
phase2 |
||||
? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CA_CERT] |
||||
: &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CA_CERT], |
||||
+ FALSE, |
||||
error)) |
||||
return FALSE; |
||||
|
||||
/* Private key */ |
||||
if (phase2) |
||||
- otype = &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_PRIVATE_KEY]; |
||||
+ pk_otype = &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_PRIVATE_KEY]; |
||||
else |
||||
- otype = &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PRIVATE_KEY]; |
||||
+ pk_otype = &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PRIVATE_KEY]; |
||||
|
||||
/* Save the private key */ |
||||
- if (!write_object (s_8021x, ifcfg, secrets, blobs, otype, error)) |
||||
+ if (!write_object (s_8021x, ifcfg, secrets, blobs, pk_otype, FALSE, error)) |
||||
return FALSE; |
||||
|
||||
- /* Save the client certificate */ |
||||
+ /* Save the client certificate. |
||||
+ * If there is a private key, always write a property for the |
||||
+ * client certificate even if it is empty, so that the reader |
||||
+ * doesn't have to read the private key file to determine if it |
||||
+ * is a PKCS #12 one which serves also as client certificate. |
||||
+ */ |
||||
if (!write_object (s_8021x, ifcfg, secrets, blobs, |
||||
phase2 |
||||
? &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_PHASE2_CLIENT_CERT] |
||||
: &setting_8021x_scheme_vtable[NM_SETTING_802_1X_SCHEME_TYPE_CLIENT_CERT], |
||||
+ !!svGetValue (ifcfg, pk_otype->ifcfg_rh_key, &value_to_free), |
||||
error)) |
||||
return FALSE; |
||||
|
||||
-- |
||||
2.20.1 |
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,39 @@
@@ -0,0 +1,39 @@
|
||||
From ac383b87ffd097b67b0b1cd2818df0e41bb17903 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 23 Apr 2019 22:24:36 +0200 |
||||
Subject: [PATCH] cli: don't wait for connection change on update failure |
||||
|
||||
When saving a connection, we wait the connection-changed signal before |
||||
proceeding to ensure that the remote connection is up to date. |
||||
However, no signal is emitted if the update fails and so we shouldn't |
||||
wait for it. |
||||
|
||||
Fixes: a370faeb59a9 ('cli: wait for changed signal after updating a connection'): |
||||
|
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/124 |
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1702203 |
||||
(cherry picked from commit 2d347e7e176e7cb8daaa2e02b0758821fc3f5f04) |
||||
(cherry picked from commit 3423629ff0fc65c16c2a4c541a5fc3435cd72091) |
||||
--- |
||||
clients/cli/connections.c | 6 ++++-- |
||||
1 file changed, 4 insertions(+), 2 deletions(-) |
||||
|
||||
diff --git a/clients/cli/connections.c b/clients/cli/connections.c |
||||
index 034fc19f5..7bfbe0b6a 100644 |
||||
--- a/clients/cli/connections.c |
||||
+++ b/clients/cli/connections.c |
||||
@@ -7817,8 +7817,10 @@ editor_menu_main (NmCli *nmc, NMConnection *connection, const char *connection_t |
||||
while (!nmc_editor_cb_called && !timeout) |
||||
g_main_context_iteration (NULL, TRUE); |
||||
|
||||
- while (!connection_changed && !timeout) |
||||
- g_main_context_iteration (NULL, TRUE); |
||||
+ if (!nmc_editor_error) { |
||||
+ while (!connection_changed && !timeout) |
||||
+ g_main_context_iteration (NULL, TRUE); |
||||
+ } |
||||
|
||||
if (handler_id) |
||||
g_signal_handler_disconnect (rem_con, handler_id); |
||||
-- |
||||
2.20.1 |
@ -0,0 +1,36 @@
@@ -0,0 +1,36 @@
|
||||
From 42c7f7dfee122b9da446c0e985187e0dc66ecb09 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Fri, 14 Jun 2019 16:31:53 +0200 |
||||
Subject: [PATCH] libnm-core: fix conversion to json of team watcher flags |
||||
|
||||
Team watcher flags are boolean objects: persist them as such and not |
||||
as strings. |
||||
|
||||
Fixes: e59878ce1911f3930c60a104673b59fb3c5ae001 |
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1720153 |
||||
(cherry picked from commit 28c3692023fe65d5a6def93774ff1ac7f07e27f0) |
||||
--- |
||||
libnm-core/nm-utils.c | 6 +++--- |
||||
1 file changed, 3 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c |
||||
index 394ca7c3a..6d8a0fe32 100644 |
||||
--- a/libnm-core/nm-utils.c |
||||
+++ b/libnm-core/nm-utils.c |
||||
@@ -5786,11 +5786,11 @@ _nm_utils_team_link_watcher_to_json (NMTeamLinkWatcher *watcher) |
||||
|
||||
flags = nm_team_link_watcher_get_flags (watcher); |
||||
if (flags & NM_TEAM_LINK_WATCHER_ARP_PING_FLAG_VALIDATE_ACTIVE) |
||||
- json_object_set_new (json_element, "validate_active", json_string ("true")); |
||||
+ json_object_set_new (json_element, "validate_active", json_true ()); |
||||
if (flags & NM_TEAM_LINK_WATCHER_ARP_PING_FLAG_VALIDATE_INACTIVE) |
||||
- json_object_set_new (json_element, "validate_inactive", json_string ("true")); |
||||
+ json_object_set_new (json_element, "validate_inactive", json_true ()); |
||||
if (flags & NM_TEAM_LINK_WATCHER_ARP_PING_FLAG_SEND_ALWAYS) |
||||
- json_object_set_new (json_element, "send_always", json_string ("true")); |
||||
+ json_object_set_new (json_element, "send_always", json_true ()); |
||||
|
||||
return json_element; |
||||
|
||||
-- |
||||
2.20.1 |
@ -0,0 +1,203 @@
@@ -0,0 +1,203 @@
|
||||
From 8775e71d12bf26f4153d12dcb20e8e92ba6f0189 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Mon, 29 Jul 2019 16:13:27 +0200 |
||||
Subject: [PATCH 1/3] ovs: don't release slaves on quit |
||||
|
||||
An OVS bridge and its slaves can continue to work even after NM has |
||||
quit. Keep the interface enslaved when the @configure argument of |
||||
device->release_slave() is FALSE, which happens on quit and in other |
||||
circumstances when we don't really want to release the slave from its |
||||
master. |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1733709 |
||||
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/215 |
||||
(cherry picked from commit ccd4be4014f9f4cfdd0d298ff387ee7558d5f3a5) |
||||
(cherry picked from commit a1f39b69e0b09b7ab02513e34bd41276808ad778) |
||||
--- |
||||
src/devices/ovs/nm-device-ovs-port.c | 19 ++++++++++++------- |
||||
1 file changed, 12 insertions(+), 7 deletions(-) |
||||
|
||||
diff --git a/src/devices/ovs/nm-device-ovs-port.c b/src/devices/ovs/nm-device-ovs-port.c |
||||
index 35eb739f9..8a93a5a9d 100644 |
||||
--- a/src/devices/ovs/nm-device-ovs-port.c |
||||
+++ b/src/devices/ovs/nm-device-ovs-port.c |
||||
@@ -140,13 +140,18 @@ del_iface_cb (GError *error, gpointer user_data) |
||||
static void |
||||
release_slave (NMDevice *device, NMDevice *slave, gboolean configure) |
||||
{ |
||||
- nm_ovsdb_del_interface (nm_ovsdb_get (), nm_device_get_iface (slave), |
||||
- del_iface_cb, g_object_ref (slave)); |
||||
- |
||||
- /* Open VSwitch is going to delete this one. We must ignore what happens |
||||
- * next with the interface. */ |
||||
- if (NM_IS_DEVICE_OVS_INTERFACE (slave)) |
||||
- nm_device_update_from_platform_link (slave, NULL); |
||||
+ NMDeviceOvsPort *self = NM_DEVICE_OVS_PORT (device); |
||||
+ |
||||
+ if (configure) { |
||||
+ _LOGI (LOGD_DEVICE, "releasing ovs interface %s", nm_device_get_ip_iface (slave)); |
||||
+ nm_ovsdb_del_interface (nm_ovsdb_get (), nm_device_get_iface (slave), |
||||
+ del_iface_cb, g_object_ref (slave)); |
||||
+ /* Open VSwitch is going to delete this one. We must ignore what happens |
||||
+ * next with the interface. */ |
||||
+ if (NM_IS_DEVICE_OVS_INTERFACE (slave)) |
||||
+ nm_device_update_from_platform_link (slave, NULL); |
||||
+ } else |
||||
+ _LOGI (LOGD_DEVICE, "ovs interface %s was released", nm_device_get_ip_iface (slave)); |
||||
} |
||||
|
||||
/*****************************************************************************/ |
||||
-- |
||||
2.21.0 |
||||
|
||||
From 846a67ab95bc5f3e36099a45b0f2131c6346ef6a Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Tue, 30 Jul 2019 11:03:59 +0200 |
||||
Subject: [PATCH 2/3] device: check platform link compatibility when setting |
||||
nm-owned flag |
||||
|
||||
We set nm-owned to indicate whether a software device was created by |
||||
NM or it was pre-existing. When checking the existence, we must verify |
||||
also whether the link type is compatible with the device, otherwise it |
||||
is possible to match unrelated interfaces. For example, when checking |
||||
for the existence of an ovs-bridge (which is not compatible with any |
||||
platform link) we could match a unrelated platform link with the same |
||||
name. |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1733709 |
||||
(cherry picked from commit 3cb4b36261684aa3d2676f922c6d53bc31085153) |
||||
(cherry picked from commit cb20d0791a6daf20d64f4cd57d6bd4b60e35a9a0) |
||||
(cherry picked from commit 511ef27d5eaf6fd0577b867d9d31de3bee0440fe) |
||||
--- |
||||
src/devices/nm-device.c | 7 ++++--- |
||||
1 file changed, 4 insertions(+), 3 deletions(-) |
||||
|
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c |
||||
index 9ad69998b..eaf72a7a0 100644 |
||||
--- a/src/devices/nm-device.c |
||||
+++ b/src/devices/nm-device.c |
||||
@@ -4106,13 +4106,14 @@ nm_device_create_and_realize (NMDevice *self, |
||||
{ |
||||
nm_auto_nmpobj const NMPObject *plink_keep_alive = NULL; |
||||
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (self); |
||||
- const NMPlatformLink *plink = NULL; |
||||
+ const NMPlatformLink *plink; |
||||
|
||||
/* Must be set before device is realized */ |
||||
- priv->nm_owned = !nm_platform_link_get_by_ifname (nm_device_get_platform (self), priv->iface); |
||||
- |
||||
+ plink = nm_platform_link_get_by_ifname (nm_device_get_platform (self), priv->iface); |
||||
+ priv->nm_owned = !plink || !link_type_compatible (self, plink->type, NULL, NULL); |
||||
_LOGD (LOGD_DEVICE, "create (is %snm-owned)", priv->nm_owned ? "" : "not "); |
||||
|
||||
+ plink = NULL; |
||||
/* Create any resources the device needs */ |
||||
if (NM_DEVICE_GET_CLASS (self)->create_and_realize) { |
||||
if (!NM_DEVICE_GET_CLASS (self)->create_and_realize (self, connection, parent, &plink, error)) |
||||
-- |
||||
2.21.0 |
||||
|
||||
From 70ada1a2c9e936ec5abe737e1eb80463ff4fba60 Mon Sep 17 00:00:00 2001 |
||||
From: Beniamino Galvani <bgalvani@redhat.com> |
||||
Date: Wed, 31 Jul 2019 11:40:35 +0200 |
||||
Subject: [PATCH 3/3] device: fix releasing slaves |
||||
|
||||
Not all masters type have a platform link and so it's wrong to check |
||||
for it to decide whether the slave should be really released. Move the |
||||
check to master devices that need it (bond, bridge and team). |
||||
|
||||
OVS ports don't need the check because they don't call to platform to |
||||
remove a slave. |
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1733709 |
||||
(cherry picked from commit 57e3734b6cc1bb453216c7e2150a698114507a46) |
||||
(cherry picked from commit ec1b5fb019929441fdcdf6bf7c54a2856ad61976) |
||||
(cherry picked from commit f6a90b899ab01d6dc2635faf6bc8d72839a9064c) |
||||
--- |
||||
src/devices/nm-device-bond.c | 6 ++++++ |
||||
src/devices/nm-device-bridge.c | 6 ++++++ |
||||
src/devices/nm-device.c | 7 +------ |
||||
src/devices/team/nm-device-team.c | 6 ++++++ |
||||
4 files changed, 19 insertions(+), 6 deletions(-) |
||||
|
||||
diff --git a/src/devices/nm-device-bond.c b/src/devices/nm-device-bond.c |
||||
index 37159fca8..790f00d44 100644 |
||||
--- a/src/devices/nm-device-bond.c |
||||
+++ b/src/devices/nm-device-bond.c |
||||
@@ -413,6 +413,12 @@ release_slave (NMDevice *device, |
||||
NMDeviceBond *self = NM_DEVICE_BOND (device); |
||||
gboolean success; |
||||
gs_free char *address = NULL; |
||||
+ int ifindex; |
||||
+ |
||||
+ ifindex = nm_device_get_ifindex (device); |
||||
+ if ( ifindex <= 0 |
||||
+ || !nm_platform_link_get (nm_device_get_platform (device), ifindex)) |
||||
+ configure = FALSE; |
||||
|
||||
if (configure) { |
||||
/* When the last slave is released the bond MAC will be set to a random |
||||
diff --git a/src/devices/nm-device-bridge.c b/src/devices/nm-device-bridge.c |
||||
index 4275af912..e81bcd5d2 100644 |
||||
--- a/src/devices/nm-device-bridge.c |
||||
+++ b/src/devices/nm-device-bridge.c |
||||
@@ -625,6 +625,12 @@ release_slave (NMDevice *device, |
||||
{ |
||||
NMDeviceBridge *self = NM_DEVICE_BRIDGE (device); |
||||
gboolean success; |
||||
+ int ifindex; |
||||
+ |
||||
+ ifindex = nm_device_get_ifindex (device); |
||||
+ if ( ifindex <= 0 |
||||
+ || !nm_platform_link_get (nm_device_get_platform (device), ifindex)) |
||||
+ configure = FALSE; |
||||
|
||||
if (configure) { |
||||
success = nm_platform_link_release (nm_device_get_platform (device), |
||||
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c |
||||
index eaf72a7a0..5bb7a592e 100644 |
||||
--- a/src/devices/nm-device.c |
||||
+++ b/src/devices/nm-device.c |
||||
@@ -4851,7 +4851,6 @@ nm_device_master_release_slaves (NMDevice *self) |
||||
{ |
||||
NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (self); |
||||
NMDeviceStateReason reason; |
||||
- gboolean configure = TRUE; |
||||
CList *iter, *safe; |
||||
|
||||
/* Don't release the slaves if this connection doesn't belong to NM. */ |
||||
@@ -4862,14 +4861,10 @@ nm_device_master_release_slaves (NMDevice *self) |
||||
if (priv->state == NM_DEVICE_STATE_FAILED) |
||||
reason = NM_DEVICE_STATE_REASON_DEPENDENCY_FAILED; |
||||
|
||||
- if ( priv->ifindex <= 0 |
||||
- || !nm_platform_link_get (nm_device_get_platform (self), priv->ifindex)) |
||||
- configure = FALSE; |
||||
- |
||||
c_list_for_each_safe (iter, safe, &priv->slaves) { |
||||
SlaveInfo *info = c_list_entry (iter, SlaveInfo, lst_slave); |
||||
|
||||
- nm_device_master_release_one_slave (self, info->slave, configure, reason); |
||||
+ nm_device_master_release_one_slave (self, info->slave, TRUE, reason); |
||||
} |
||||
} |
||||
|
||||
diff --git a/src/devices/team/nm-device-team.c b/src/devices/team/nm-device-team.c |
||||
index 4ae276dbf..7afd18606 100644 |
||||
--- a/src/devices/team/nm-device-team.c |
||||
+++ b/src/devices/team/nm-device-team.c |
||||
@@ -774,6 +774,12 @@ release_slave (NMDevice *device, |
||||
NMDeviceTeam *self = NM_DEVICE_TEAM (device); |
||||
NMDeviceTeamPrivate *priv = NM_DEVICE_TEAM_GET_PRIVATE (self); |
||||
gboolean success; |
||||
+ int ifindex; |
||||
+ |
||||
+ ifindex = nm_device_get_ifindex (device); |
||||
+ if ( ifindex <= 0 |
||||
+ || !nm_platform_link_get (nm_device_get_platform (device), ifindex)) |
||||
+ configure = FALSE; |
||||
|
||||
if (configure) { |
||||
success = nm_platform_link_release (nm_device_get_platform (device), |
||||
-- |
||||
2.21.0 |
Loading…
Reference in new issue