delta/NetworkManager.git, branch bg/cli-test-debug gitlab.freedesktop.org: NetworkManager/NetworkManager.git clients: print additional information on failure 2018-10-25T12:25:30+00:00 Beniamino Galvani bgalvani@redhat.com 2018-10-25T12:23:55+00:00 fbc75e1ac02a6f3bc9fee37dc24ec49fae4ef926 






release: bump version to 1.14.2
2018-10-19T14:13:28+00:00

Lubomir Rintel
lkundrak@v3.sk

2018-10-18T13:40:55+00:00

ef5ada1d1d53b04a468dc44838afb459f85e95e7












keyfile: also add ".nmconnection" extension when writing keyfiles in /etc
2018-10-19T13:24:15+00:00

Thomas Haller
thaller@redhat.com

2018-10-19T13:12:34+00:00

7d3fba9366b6b5bf52f793569dd6a73db82503fb

This is a change in behavior regarding the filename that we choose when
writing files to "/etc/NetworkManager/system-connections/".

(cherry picked from commit d37ad15f12bafd91cf724cda50aea7093e04bf7a)





This is a change in behavior regarding the filename that we choose when
writing files to "/etc/NetworkManager/system-connections/".

(cherry picked from commit d37ad15f12bafd91cf724cda50aea7093e04bf7a)







initrd: add .nmconnection extension when writing keyfiles
2018-10-19T10:39:53+00:00

Thomas Haller
thaller@redhat.com

2018-10-19T09:55:02+00:00

095bac3019fe0b66aff07da3228916938b94baa4

initrd does not use keyfile API from "src/settings/plugins/keyfile",
hence it does not use nms_keyfile_utils_escape_filename() to add
the ".nmconnection" file extension.

I think that is problematic, because it also misses escapings which
are necessary so that NetworkManager will accept the file.

Anyway, the proper solution here would be to move the keyfile utility
functions to libnm-core, alongside base keyfile API. That way, it
could be used by initrd generator.

For now, just dirty fix the generated filename.

Fixes: 648c256b9014198aac388097e410999c68c4b452
(cherry picked from commit 4ca7fa7f4abfd52e13844013cffa0dbda3146f9a)





initrd does not use keyfile API from "src/settings/plugins/keyfile",
hence it does not use nms_keyfile_utils_escape_filename() to add
the ".nmconnection" file extension.

I think that is problematic, because it also misses escapings which
are necessary so that NetworkManager will accept the file.

Anyway, the proper solution here would be to move the keyfile utility
functions to libnm-core, alongside base keyfile API. That way, it
could be used by initrd generator.

For now, just dirty fix the generated filename.

Fixes: 648c256b9014198aac388097e410999c68c4b452
(cherry picked from commit 4ca7fa7f4abfd52e13844013cffa0dbda3146f9a)







keyfile: merge branch 'th/nm-1-14-keyfile-changes'
2018-10-19T08:14:50+00:00

Thomas Haller
thaller@redhat.com

2018-10-19T08:14:50+00:00

3a368f351b5ab911d8db05a0078d3b655cb4d3b0

https://github.com/NetworkManager/NetworkManager/pull/237





https://github.com/NetworkManager/NetworkManager/pull/237







keyfile: write keyfiles to "/run" directory with ".nmconnection" file suffix
2018-10-18T22:14:54+00:00

Thomas Haller
thaller@redhat.com

2018-10-18T14:36:51+00:00

7685cf284031958edd3bfd153846f177a6962b9d

For profiles in "/etc/NetworkManager/system-connections", we did not enforce
that the keyfiles have a special suffix, nor did we generate the
filenames in such a manner. In hindsight, I think that was a mistake.

Recently we added "/run/NetworkManager/system-connections" as additional
keyfile directory. Enforce a suffix and write keyfiles with such a name.

In principle, we could also start writing keyfiles in /etc with the
same suffix. But let's not do that, because we anyway cannot enforce
it.

An ugly part is, that during `nmcli connection load` we need to
determine whether the to-be-loaded connection is under /etc or /run.
Preferably, we would allow any kind of symlinking as what matters
is the file object (inode) and not the path. Anyway, we don't do
that but compare plain paths. That means, paths which are not
in an expected form, will be rejected. In particular, the paths
starting with "/run/..." and "/var/run/..." will be treated differently,
and one of them will be rejected.

Note that ifcfg-rh plugin strictly enforces that the path
starts with IFCFG_DIR as well. So, while this is a breaking
change for keyfile, I think it's reasonable.

(cherry picked from commit 648c256b9014198aac388097e410999c68c4b452)





For profiles in "/etc/NetworkManager/system-connections", we did not enforce
that the keyfiles have a special suffix, nor did we generate the
filenames in such a manner. In hindsight, I think that was a mistake.

Recently we added "/run/NetworkManager/system-connections" as additional
keyfile directory. Enforce a suffix and write keyfiles with such a name.

In principle, we could also start writing keyfiles in /etc with the
same suffix. But let's not do that, because we anyway cannot enforce
it.

An ugly part is, that during `nmcli connection load` we need to
determine whether the to-be-loaded connection is under /etc or /run.
Preferably, we would allow any kind of symlinking as what matters
is the file object (inode) and not the path. Anyway, we don't do
that but compare plain paths. That means, paths which are not
in an expected form, will be rejected. In particular, the paths
starting with "/run/..." and "/var/run/..." will be treated differently,
and one of them will be rejected.

Note that ifcfg-rh plugin strictly enforces that the path
starts with IFCFG_DIR as well. So, while this is a breaking
change for keyfile, I think it's reasonable.

(cherry picked from commit 648c256b9014198aac388097e410999c68c4b452)







keyfile: split automatically setting ID/UUID for keyfile
2018-10-18T22:14:54+00:00

Thomas Haller
thaller@redhat.com

2018-10-02T17:53:54+00:00

ae5a09d720910e69c119cfac55f343141b4db06b

keyfile already supports omitting the "connection.id" and
"connection.uuid". In that case, the ID would be taken from the
keyfile's name, and the UUID was generated by md5 hashing the
full filename.

No longer do this during nm_keyfile_read(), instead let all
callers call nm_keyfile_read_ensure_*() to their liking. This is done
for two reasons:

 - a minor reason is, that one day we want to expose keyfile API
   as public API. That means, we also want to read keyfiles from
   stdin, where there is no filename available. The implementation
   which parses stdio needs to define their own way of auto-generating
   ID and UUID. Note how nm_keyfile_read()'s API no longer takes a
   filename as argument, which would be awkward for the stdin case.

 - Currently, we only support one keyfile directory, which (configurably)
   is "/etc/NetworkManager/system-connections".
   In the future, we want to support multiple keyfile dirctories, like
   "/var/run/NetworkManager/profiles" or "/usr/lib/NetworkManager/profiles".
   Here we want that a file "foo" (which does not specify a UUID) gets the
   same UUID regardless of the directory it is in. That seems better, because
   then the UUID won't change as you move the file between directories.
   Yes, that means, that the same UUID will be provided by multiple
   files, but NetworkManager must already cope with that situation anyway.
   Unfortunately, the UUID generation scheme hashes the full path. That
   means, we must hash the path name of the file "foo" inside the
   original "system-connections" directory.
   Refactor the code so that it accounds for a difference between the
   filename of the keyfile, and the profile_dir used for generating
   the UUID.

(cherry picked from commit 837d44ffa4bfb3ef1a1cd786336dcd2415e9259b)





keyfile already supports omitting the "connection.id" and
"connection.uuid". In that case, the ID would be taken from the
keyfile's name, and the UUID was generated by md5 hashing the
full filename.

No longer do this during nm_keyfile_read(), instead let all
callers call nm_keyfile_read_ensure_*() to their liking. This is done
for two reasons:

 - a minor reason is, that one day we want to expose keyfile API
   as public API. That means, we also want to read keyfiles from
   stdin, where there is no filename available. The implementation
   which parses stdio needs to define their own way of auto-generating
   ID and UUID. Note how nm_keyfile_read()'s API no longer takes a
   filename as argument, which would be awkward for the stdin case.

 - Currently, we only support one keyfile directory, which (configurably)
   is "/etc/NetworkManager/system-connections".
   In the future, we want to support multiple keyfile dirctories, like
   "/var/run/NetworkManager/profiles" or "/usr/lib/NetworkManager/profiles".
   Here we want that a file "foo" (which does not specify a UUID) gets the
   same UUID regardless of the directory it is in. That seems better, because
   then the UUID won't change as you move the file between directories.
   Yes, that means, that the same UUID will be provided by multiple
   files, but NetworkManager must already cope with that situation anyway.
   Unfortunately, the UUID generation scheme hashes the full path. That
   means, we must hash the path name of the file "foo" inside the
   original "system-connections" directory.
   Refactor the code so that it accounds for a difference between the
   filename of the keyfile, and the profile_dir used for generating
   the UUID.

(cherry picked from commit 837d44ffa4bfb3ef1a1cd786336dcd2415e9259b)







keyfile: refactor setting default ID/UUID in nm_keyfile_read()
2018-10-18T22:14:54+00:00

Thomas Haller
thaller@redhat.com

2018-10-02T17:44:31+00:00

0642fc2d352e73141b2002b64a1a1ab9c4e629f8

Split out the functionality for auto-detecting the ID and UUID of
a connection. First of all, nm_keyfile_read() is already overcomplicated.
The next commit will require the caller to explicitly call these
functions.

(cherry picked from commit 02c8844178380c5f4cc1c6aa971f90cfea2be0dc)





Split out the functionality for auto-detecting the ID and UUID of
a connection. First of all, nm_keyfile_read() is already overcomplicated.
The next commit will require the caller to explicitly call these
functions.

(cherry picked from commit 02c8844178380c5f4cc1c6aa971f90cfea2be0dc)







keyfile: refactor check whether filename starts with a dot
2018-10-18T22:14:54+00:00

Thomas Haller
thaller@redhat.com

2018-09-27T11:35:42+00:00

1460ce9f51c5f791b6f57c7474e1faee37a1a086

check_prefix() was only ever called with "." as prefix.
Simplify the implementation to explicitly check for a leading
dot.

(cherry picked from commit 2e5985f2e93b4475b54b535d87bf2f7a466246b9)





check_prefix() was only ever called with "." as prefix.
Simplify the implementation to explicitly check for a leading
dot.

(cherry picked from commit 2e5985f2e93b4475b54b535d87bf2f7a466246b9)







keyfile: move file permission check of keyfile to helper function
2018-10-18T22:14:54+00:00

Thomas Haller
thaller@redhat.com

2018-09-27T10:58:58+00:00

8db02e240bf7c1cadc25e7d1eac02ed7bf8712d9

(cherry picked from commit 345c91a0a4adf132285151e143e697a81acaee2a)





(cherry picked from commit 345c91a0a4adf132285151e143e697a81acaee2a)