When setting any secrets via D-Bus' Update2 call, then
it assumes that all settings are reset. That means, when
we modify any secrets in the client, we need to first load
them all.
Anyway, load always all secrets, then we can also print them
in the get output.
Honor WG_HIDE_KEYS like `wg` does.
The tests run nmcli with Polish locale and compare the output.
After modifying Polish translation we must regenerate the expected
output.
Fixes: 01b7b32afb
Older versions of meson don't support building the same names
multiple times.
Meson encountered an error in file src/tests/meson.build, line 14, column 2:
Tried to create target "test-general", but a target of that name already exists.
We really need to use unique filenames everywhere. Revert the name
change for now.
This breaks again the valgrind workaround in "tools/run-nm-test.sh".
This reverts commit 5466edc63e.
Meson and autotools should name the tests the same way.
Also, all tests binaries built by autotools start on purpose
with "test-". Do that for meson too.
Also, otherwise "tools/run-nm-test.sh" fails to workaround
valgrind failures for platform tests as it does not expect
the tests to be named that way:
if [ $HAS_ERRORS -eq 0 ]; then
# valgrind doesn't support setns syscall and spams the logfile.
# hack around it...
if [ "$TEST_NAME" = 'test-link-linux' -o \
"$TEST_NAME" = 'test-acd' ]; then
if [ -z "$(sed -e '/^--[0-9]\+-- WARNING: unhandled .* syscall: /,/^--[0-9]\+-- it at http.*\.$/d' "$LOGFILE")" ]; then
HAS_ERRORS=1
fi
fi
fi
The defaults for test timeouts in meson is 30 seconds. That is not long
enough when running
$ NMTST_USE_VALGRIND=1 ninja -C build test
Note that meson supports --timeout-multiplier, and automatically
increases the timeout when running under valgrind. However, meson
does not understand that we are running tests under valgrind via
NMTST_USE_VALGRIND=1 environment variable.
Timeouts are really not expected to be reached and are a mean of last
resort. Hence, increasing the timeout to a large value is likely to
have no effect or to fix test failures where the timeout was too rigid.
It's unlikely that the test indeed hangs and the increase of timeout
causes a unnecessary increase of waittime before aborting.
New code we want to add LGPL licensed to make it easier to share code
between libnm and the daemon.
The code in question was only recently added in commit b544f7243d
("initrd: add iBFT reader") and mostly written from scratch by Lubomir.
Some parts were adapted from earlier ibft code.
$ git shortlog -s -e -- src/settings/plugins/ibft/ ':(exclude)*/meson.build'
3 Beniamino Galvani <bgalvani@redhat.com>
1 Colin Walters <walters@verbum.org>
2 Dan Williams <dcbw@redhat.com>
17 Dan Winship <danw@redhat.com>
7 Lubomir Rintel <lkundrak@v3.sk>
46 Thomas Haller <thaller@redhat.com>
$ git log --no-merges -L '/^fill_ip4_setting_from_ibft/,/^}/:src/settings/plugins/ifcfg-rh/reader.c' fc9c1f1557b517e799d15802e8f3d0ea43b0daea~ | grep '^Author: ' | sort | uniq
Author: Dan Williams <dcbw@redhat.com>
Author: Dan Winship <danw@redhat.org>
Author: Jiří Klimeš <jklimes@redhat.com>
Author: Pavel Šimerda <psimerda@redhat.com>
Hence, all non-trival contributions were provided by Red Hat employees
and the copy-right is with Red Hat.
Acked-by: Dan Williams <dcbw@redhat.com>
Acked-by: Dan Winship <danw@redhat.com>
Acked-by: Lubomir Rintel <lkundrak@v3.sk>
Wrongly did not suppress the message
<warn> [1550844832.3749] device (tunl0): failed to disable userspace IPv6LL address handling (not-supported)
Fixes: d18f40320d
Delay ARP announcements for masters until the first interfaces gets
enslaved. There is no point in doing it before as the ARP packets
would be dropped in most cases; also, if the first slave is added when
we already started announcing, the MAC of the master is going to
change and so the remaining ARPs will have a wrong "sender mac
address" field.
https://bugzilla.redhat.com/show_bug.cgi?id=1678796https://github.com/NetworkManager/NetworkManager/pull/301
Rework the explicit implementation of NM_SETTING_802_1X_PASSWORD_RAW
handling to generically handle GBytes properties.
Note that the NM_SETTING_802_1X_PASSWORD_RAW setter accepts a legacy
format where hex-words are separated by space. I don't think we want
to support this format for new options.
So, there are two possibilities:
1) either leave _set_fcn_802_1x_password_raw() as-is, with the special
handling.
2) interpret a property-data gobject_bytes.legacy_format.
1) seems to make more sense, because there is only one such property,
and we won't use this for new properties. However let's do 2), because
it shows nicely the two styles side-by-side. In other words, let's
password-raw also be a _pt_gobject_bytes typed property, with some
special legacy handling. Instead, of having it an entirely separate
property type (with a different setter implementation). I think it's
better to have the parts where they differ pushed down (the "stack") as
much as possible.
- it's less lines of code (for the caller).
- it's a function that can be easier unit-tested on its own.
Possibly there are already other unit-tests that cover it.
- it's more efficient than the GString based implementation.
- it reuses our one and only bin-to-hexstr implementation.
libnm exposes simplified variants of hexstr2bin in its public API. I
think that was a mistake, because libnm should provide NetworkManager
specific utils. It should not provide such string functions.
However, nmcli used to need this, so it was added to libnm.
The better approach is to add it to our internally shared static
library, so that all interested components can make use of it.
That is slightly complex, because we need to (DNS) resolve the endpoints,
and we also have to retry periodically. For example, initially we may be
unable to resolve an endpoint, but later we may be.
What is also interesting is that during assume and reapply, we may not
have all information in the profile. Most notably, the private keys will
be missing. We need to cope with that and not reconfigure keys. However,
we still need to resolve names and update the endpoints.
Use the script to test how GObject introspection with libnm's WireGuard
support works.
Also, since support for WireGuard peers is not yet implemented in nmcli
(or other clients), this script is rather useful.
For now only add the core settings, no peers' data.
To support peers and the allowed-ips of the peers is more complicated
and will be done later. It's more complicated because these are nested
lists (allowed-ips) inside a list (peers). That is quite unusual and to
conveniently support that in D-Bus API, in keyfile format, in libnm,
and nmcli, is a effort.
Also, it's further complicated by the fact that each peer has a secret (the
preshared-key). Thus we probably need secret flags for each peer, which
is a novelty as well (until now we require a fixed set of secrets per
profile that is well known).
We already have NMPLookup to express a set of objects that can be looked
up via the multi-index.
Change the behavior of nmp_cache_dirty_set_all(), not to accept an
object-type. Instead, make it generally useful and accept a lookup
instance that is used to filter the elements that should be set as
dirty.
for-each macros can be nice to use. However, such macros are potentially
error prone, as they abstract C control statements and scoping blocks.
I find it ugly to expand the macro to:
for (...)
if (...)
Instead, move the additional "if" check inside the loop's condition
expression, so that the macro only expands to one "for(;;)" statement.
It does not matter too much, but the code optimizes for deletion events.
In that case, we don't require parsing the full netlink message.
Instead, it's enough to parse only the ID part so that we can find the
object in the cache that is to be removed removed.
Fix that for qdisc/tfilter objects.
