Merge pull request #127461 from maxeaubrey/NetworkManager-1.32.0

2021-07-21 20:03:32 +02:00 · 2021-07-21 20:03:32 +02:00 · 78b21f405c
commit 78b21f405c
parent 7a1e77336a ea125a5fd9
4 changed files with 217 additions and 80 deletions
--- a/nixos/modules/services/networking/networkmanager.nix
+++ b/nixos/modules/services/networking/networkmanager.nix
@ -49,6 +49,7 @@ let
      rc-manager =
        if config.networking.resolvconf.enable then "resolvconf"
        else "unmanaged";
+      firewall-backend = cfg.firewallBackend;
    })
    (mkSection "keyfile" {
      unmanaged-devices =
@ -244,6 +245,15 @@ in {
        '';
      };

+      firewallBackend = mkOption {
+        type = types.enum [ "iptables" "nftables" "none" ];
+        default = "iptables";
+        description = ''
+          Which firewall backend should be used for configuring masquerading with shared mode.
+          If set to none, NetworkManager doesn't manage the configuration at all.
+        '';
+      };
+
      logLevel = mkOption {
        type = types.enum [ "OFF" "ERR" "WARN" "INFO" "DEBUG" "TRACE" ];
        default = "WARN";
--- a/nixos/modules/services/networking/nftables.nix
+++ b/nixos/modules/services/networking/nftables.nix
@ -103,6 +103,7 @@ in
    }];
    boot.blacklistedKernelModules = [ "ip_tables" ];
    environment.systemPackages = [ pkgs.nftables ];
+    networking.networkmanager.firewallBackend = mkDefault "nftables";
    systemd.services.nftables = {
      description = "nftables firewall";
      before = [ "network-pre.target" ];
--- a/pkgs/tools/networking/networkmanager/default.nix
+++ b/pkgs/tools/networking/networkmanager/default.nix
@ -1,20 +1,64 @@
-{ lib, stdenv, fetchurl, substituteAll, intltool, pkg-config, fetchpatch, dbus
-, gnome, systemd, libuuid, polkit, gnutls, ppp, dhcp, iptables, python3, vala
-, libgcrypt, dnsmasq, bluez5, readline, libselinux, audit
-, gobject-introspection, modemmanager, openresolv, libndp, newt, libsoup
-, ethtool, gnused, iputils, kmod, jansson, gtk-doc, libxslt
-, docbook_xsl, docbook_xml_dtd_412, docbook_xml_dtd_42, docbook_xml_dtd_43
-, openconnect, curl, meson, ninja, libpsl, mobile-broadband-provider-info, runtimeShell }:
+{ lib
+, stdenv
+, fetchurl
+, substituteAll
+, intltool
+, pkg-config
+, fetchpatch
+, dbus
+, gnome
+, systemd
+, libuuid
+, polkit
+, gnutls
+, ppp
+, dhcp
+, iptables
+, nftables
+, python3
+, vala
+, libgcrypt
+, dnsmasq
+, bluez5
+, readline
+, libselinux
+, audit
+, gobject-introspection
+, modemmanager
+, openresolv
+, libndp
+, newt
+, libsoup
+, ethtool
+, gnused
+, iputils
+, kmod
+, jansson
+, gtk-doc
+, libxslt
+, docbook_xsl
+, docbook_xml_dtd_412
+, docbook_xml_dtd_42
+, docbook_xml_dtd_43
+, openconnect
+, curl
+, meson
+, ninja
+, libpsl
+, mobile-broadband-provider-info
+, runtimeShell
+}:

 let
  pythonForDocs = python3.withPackages (pkgs: with pkgs; [ pygobject3 ]);
-in stdenv.mkDerivation rec {
+in
+stdenv.mkDerivation rec {
  pname = "networkmanager";
-  version = "1.30.4";
+  version = "1.32.4";

  src = fetchurl {
    url = "mirror://gnome/sources/NetworkManager/${lib.versions.majorMinor version}/NetworkManager-${version}.tar.xz";
-    sha256 = "sha256-YFC3JCEuo85zhhEzWb6pr6H2eaVPYNmZpZmYkuZywZA=";
+    sha256 = "sha256-Kay9QceLfvh/+I/sU2DR6vi1tvy5BVXXORq8XjaSMVg=";
  };

  outputs = [ "out" "dev" "devdoc" "man" "doc" ];
@ -23,34 +67,46 @@ in stdenv.mkDerivation rec {
  # patch networkmanager to allow passing these path in config file. This will
  # remove unneeded build-time dependencies.
  mesonFlags = [
-    "-Ddhclient=${dhcp}/bin/dhclient"
+    # System paths
+    "--sysconfdir=/etc"
+    "--localstatedir=/var"
+    "-Dsystemdsystemunitdir=${placeholder "out"}/etc/systemd/system"
+    # to enable link-local connections
+    "-Dudev_dir=${placeholder "out"}/lib/udev"
+    "-Ddbus_conf_dir=${placeholder "out"}/share/dbus-1/system.d"
+    "-Dkernel_firmware_dir=/run/current-system/firmware"
+
+    # Platform
+    "-Dsession_tracking=systemd"
+    "-Dlibaudit=yes-disabled-by-default"
+    "-Dpolkit_agent_helper_1=/run/wrappers/bin/polkit-agent-helper-1"
+
+    # Features
+    # Allow using iwd when configured to do so
+    "-Diwd=true"
+    "-Dpppd=${ppp}/bin/pppd"
+    "-Diptables=${iptables}/bin/iptables"
+    "-Dnft=${nftables}/bin/nft"
+    "-Dmodem_manager=true"
+    "-Dnmtui=true"
    "-Ddnsmasq=${dnsmasq}/bin/dnsmasq"
+    "-Dqt=false"
+
+    # Handlers
+    "-Dresolvconf=${openresolv}/bin/resolvconf"
+
+    # DHCP clients
+    "-Ddhclient=${dhcp}/bin/dhclient"
    # Upstream prefers dhclient, so don't add dhcpcd to the closure
    "-Ddhcpcd=no"
    "-Ddhcpcanon=no"
-    "-Dpppd=${ppp}/bin/pppd"
-    "-Diptables=${iptables}/bin/iptables"
-    # to enable link-local connections
-    "-Dudev_dir=${placeholder "out"}/lib/udev"
-    "-Dresolvconf=${openresolv}/bin/resolvconf"
-    "-Ddbus_conf_dir=${placeholder "out"}/share/dbus-1/system.d"
-    "-Dsystemdsystemunitdir=${placeholder "out"}/etc/systemd/system"
-    "-Dkernel_firmware_dir=/run/current-system/firmware"
-    "--sysconfdir=/etc"
-    "--localstatedir=/var"
-    "-Dcrypto=gnutls"
-    "-Dsession_tracking=systemd"
-    "-Dmodem_manager=true"
-    "-Dnmtui=true"
+
+    # Miscellaneous
    "-Ddocs=true"
-    "-Dtests=no"
-    "-Dqt=false"
-    "-Dpolkit_agent_helper_1=/run/wrappers/bin/polkit-agent-helper-1"
-    # Allow using iwd when configured to do so
-    "-Diwd=true"
-    "-Dlibaudit=yes-disabled-by-default"
    # We don't use firewalld in NixOS
    "-Dfirewalld_zone=false"
+    "-Dtests=no"
+    "-Dcrypto=gnutls"
  ];

  patches = [
@ -66,17 +122,44 @@ in stdenv.mkDerivation rec {
  ];

  buildInputs = [
-    systemd libselinux audit libpsl libuuid polkit ppp libndp curl mobile-broadband-provider-info
-    bluez5 dnsmasq gobject-introspection modemmanager readline newt libsoup jansson
+    systemd
+    libselinux
+    audit
+    libpsl
+    libuuid
+    polkit
+    ppp
+    libndp
+    curl
+    mobile-broadband-provider-info
+    bluez5
+    dnsmasq
+    gobject-introspection
+    modemmanager
+    readline
+    newt
+    libsoup
+    jansson
  ];

  propagatedBuildInputs = [ gnutls libgcrypt ];

  nativeBuildInputs = [
-    meson ninja intltool pkg-config
-    vala gobject-introspection dbus
+    meson
+    ninja
+    intltool
+    pkg-config
+    vala
+    gobject-introspection
+    dbus
    # Docs
-    gtk-doc libxslt docbook_xsl docbook_xml_dtd_412 docbook_xml_dtd_42 docbook_xml_dtd_43 pythonForDocs
+    gtk-doc
+    libxslt
+    docbook_xsl
+    docbook_xml_dtd_412
+    docbook_xml_dtd_42
+    docbook_xml_dtd_43
+    pythonForDocs
  ];

  doCheck = false; # requires /sys, the net
@ -92,7 +175,7 @@ in stdenv.mkDerivation rec {
    # though, so we need to replace the absolute path with a local one during build.
    # We are using a symlink that will be overridden during installation.
    mkdir -p ${placeholder "out"}/lib
-    ln -s $PWD/libnm/libnm.so.0 ${placeholder "out"}/lib/libnm.so.0
+    ln -s $PWD/src/libnm-client-impl/libnm.so.0 ${placeholder "out"}/lib/libnm.so.0
  '';

  passthru = {
@ -107,7 +190,8 @@ in stdenv.mkDerivation rec {
    homepage = "https://wiki.gnome.org/Projects/NetworkManager";
    description = "Network configuration and management tool";
    license = licenses.gpl2Plus;
-    maintainers = teams.freedesktop.members ++ (with maintainers; [ phreedom domenkozar obadz ]);
+    changelog = "https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/raw/${version}/NEWS";
+    maintainers = teams.freedesktop.members ++ (with maintainers; [ phreedom domenkozar obadz maxeaubrey ]);
    platforms = platforms.linux;
  };
 }
--- a/pkgs/tools/networking/networkmanager/fix-paths.patch
+++ b/pkgs/tools/networking/networkmanager/fix-paths.patch
@ -1,26 +1,5 @@
-diff --git a/clients/common/nm-vpn-helpers.c b/clients/common/nm-vpn-helpers.c
-index 15c47c3ec..4d1913aa6 100644
--- a/clients/common/nm-vpn-helpers.c
-+++ b/clients/common/nm-vpn-helpers.c
-@@ -208,15 +208,7 @@ nm_vpn_openconnect_authenticate_helper(const char *host,
-         NULL,
-     };
- 
-    path = nm_utils_file_search_in_paths("openconnect",
-                                         "/usr/sbin/openconnect",
-                                         DEFAULT_PATHS,
-                                         G_FILE_TEST_IS_EXECUTABLE,
-                                         NULL,
-                                         NULL,
-                                         error);
-    if (!path)
-        return FALSE;
-+    path = "@openconnect@/bin/openconnect";
- 
-     if (!g_spawn_sync(NULL,
-                       (char **) NM_MAKE_STRV(path, "--authenticate", host),
 diff --git a/data/84-nm-drivers.rules b/data/84-nm-drivers.rules
-index e398cb9f2..a43d61864 100644
+index e398cb9f2f..a43d61864f 100644
 --- a/data/84-nm-drivers.rules
 +++ b/data/84-nm-drivers.rules
@@ -7,6 +7,6 @@ ACTION!="add|change", GOTO="nm_drivers_end"
@ -32,7 +11,7 @@ index e398cb9f2..a43d61864 100644
 
 LABEL="nm_drivers_end"
 diff --git a/data/NetworkManager.service.in b/data/NetworkManager.service.in
-index 91ebd9a36..5201a56c3 100644
+index e23b3a5282..c7246a3b61 100644
 --- a/data/NetworkManager.service.in
 +++ b/data/NetworkManager.service.in
@@ -8,7 +8,7 @@ Before=network.target @DISTRO_NETWORK_SERVICE@
@ -44,23 +23,11 @@ index 91ebd9a36..5201a56c3 100644
 #ExecReload=/bin/kill -HUP $MAINPID
 ExecStart=@sbindir@/NetworkManager --no-daemon
 Restart=on-failure
-diff --git a/libnm/meson.build b/libnm/meson.build
-index d0846419c..a7adb2cc6 100644
--- a/libnm/meson.build
-+++ b/libnm/meson.build
-@@ -280,7 +280,6 @@ if enable_introspection
-     output: 'nm-settings-docs-gir.xml',
-     command: [
-       generate_setting_docs_env,
-      python.path(),
-       join_paths(meson.source_root(), 'tools', 'generate-docs-nm-settings-docs-gir.py'),
-       '--lib-path', meson.current_build_dir(),
-       '--gir', '@INPUT@',
 diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c
-index 040dd0b4d..98aea3aa9 100644
+index 21863b9533..c9b709659d 100644
 --- a/src/core/devices/nm-device.c
 +++ b/src/core/devices/nm-device.c
-@@ -13957,14 +13957,14 @@ nm_device_start_ip_check(NMDevice *self)
+@@ -13994,14 +13994,14 @@ nm_device_start_ip_check(NMDevice *self)
             gw = nm_ip4_config_best_default_route_get(priv->ip_config_4);
             if (gw) {
                 _nm_utils_inet4_ntop(NMP_OBJECT_CAST_IP4_ROUTE(gw)->gateway, buf);
@ -77,11 +44,31 @@ index 040dd0b4d..98aea3aa9 100644
                 log_domain  = LOGD_IP6;
             }
         }
-diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
-index 9075c30dd..4b140e92b 100644
--- a/src/core/nm-core-utils.c
-+++ b/src/core/nm-core-utils.c
-@@ -333,7 +333,7 @@ nm_utils_modprobe(GError **error, gboolean suppress_error_logging, const char *a
+diff --git a/src/libnm-client-impl/meson.build b/src/libnm-client-impl/meson.build
+index 21a01e0b04..091c98428f 100644
+--- a/src/libnm-client-impl/meson.build
+++ b/src/libnm-client-impl/meson.build
+@@ -162,7 +162,6 @@ if enable_introspection
+       input: libnm_core_settings_sources,
+       output: 'nm-propery-infos-' + info + '.xml',
+       command: [
+-        python.path(),
+         join_paths(meson.source_root(), 'tools', 'generate-docs-nm-property-infos.py'),
+         info,
+         '@OUTPUT@',
+@@ -219,7 +218,6 @@ if enable_introspection
+       'env',
+       'GI_TYPELIB_PATH=' + gi_typelib_path,
+       'LD_LIBRARY_PATH=' + ld_library_path,
+-      python.path(),
+       join_paths(meson.source_root(), 'tools', 'generate-docs-nm-settings-docs-gir.py'),
+       '--lib-path', meson.current_build_dir(),
+       '--gir', '@INPUT@',
+diff --git a/src/libnm-platform/nm-platform-utils.c b/src/libnm-platform/nm-platform-utils.c
+index 6435dcc482..214d01194e 100644
+--- a/src/libnm-platform/nm-platform-utils.c
+++ b/src/libnm-platform/nm-platform-utils.c
+@@ -2097,7 +2097,7 @@ nmp_utils_modprobe(GError **error, gboolean suppress_error_logging, const char *
 
     /* construct the argument list */
     argv = g_ptr_array_sized_new(4);
@ -90,3 +77,58 @@ index 9075c30dd..4b140e92b 100644
     g_ptr_array_add(argv, "--use-blacklist");
     g_ptr_array_add(argv, (char *) arg1);
 
+diff --git a/src/libnmc-base/nm-vpn-helpers.c b/src/libnmc-base/nm-vpn-helpers.c
+index 72691e34c2..95495b6585 100644
+--- a/src/libnmc-base/nm-vpn-helpers.c
+++ b/src/libnmc-base/nm-vpn-helpers.c
+@@ -198,25 +198,8 @@ nm_vpn_openconnect_authenticate_helper(const char *host,
+     gs_free const char **output_v = NULL;
+     const char *const *  iter;
+     const char *         path;
+-    const char *const    DEFAULT_PATHS[] = {
+-        "/sbin/",
+-        "/usr/sbin/",
+-        "/usr/local/sbin/",
+-        "/bin/",
+-        "/usr/bin/",
+-        "/usr/local/bin/",
+-        NULL,
+-    };
+ 
+-    path = nm_utils_file_search_in_paths("openconnect",
+-                                         "/usr/sbin/openconnect",
+-                                         DEFAULT_PATHS,
+-                                         G_FILE_TEST_IS_EXECUTABLE,
+-                                         NULL,
+-                                         NULL,
+-                                         error);
+-    if (!path)
+-        return FALSE;
+    path = "@openconnect@/bin/openconnect";
+ 
+     if (!g_spawn_sync(NULL,
+                       (char **) NM_MAKE_STRV(path, "--authenticate", host),
+diff --git a/src/libnmc-setting/meson.build b/src/libnmc-setting/meson.build
+index 8f07ae634e..a1326b3403 100644
+--- a/src/libnmc-setting/meson.build
+++ b/src/libnmc-setting/meson.build
+@@ -6,7 +6,6 @@ if enable_docs
+     input: [nm_settings_docs_xml_gir, nm_property_infos_xml['nmcli']],
+     output: 'settings-docs-input.xml',
+     command: [
+-      python.path(),
+       join_paths(meson.source_root(), 'tools', 'generate-docs-nm-settings-docs-merge.py'),
+       '@OUTPUT@',
+       nm_property_infos_xml['nmcli'],
+diff --git a/src/tests/client/meson.build b/src/tests/client/meson.build
+index b2e455bbbd..a12ebf212a 100644
+--- a/src/tests/client/meson.build
+++ b/src/tests/client/meson.build
+@@ -6,7 +6,6 @@ test(
+   args: [
+     build_root,
+     source_root,
+-    python.path(),
+   ],
+   timeout: 120,
+ )