Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package network-manager It fixes a bunch of RC bugs and long standing issues. Dropping the /e/n/i mangling bits is now possible due to the fine work the d-i people did for d-i 7.0 RC1. It's important to get those fixes in to wheezy along with the corresponding changes in network-manager-applet: #699115, gnome-control-center: #697894 and gnome-shell: #699119 The changelog: network-manager (0.9.4.0-9) unstable; urgency=low * Change the ifupdown dispatcher script and set ADDRFAM to "inet" or "inet6" depending on whether the connection has a valid IPv4 or IPv6 address. Using "NetworkManager" as ADDRFAM type did confuse most ifupdown hook scripts and e.g. broke async NFS mounts. (Closes: #475188, #656584) * debian/patches/05-force-online-with-unmanaged-devices.patch: If network interfaces are configured in /etc/network/interfaces, NM will mark those devices as unmanaged by default. If such a network interface has been brought up by ifup, set the global online state to CONNECTED. (Closes: #512286) * No longer run the ifblacklist_migrate.sh script upon installation. This script was used to comment out DHCP type network interface configurations in /etc/network/interfaces as otherwise NM would mark such devices as unmanaged. This script was buggy though and sometimes created a broken network configuration. Since debian-installer in wheezy (7.0) will create proper configuration for NM if the network-manager package is part of the installation, this is no longer necessary. If users make a minimal system installation and install the network-manager package afterwards, show a warning in postinst if we find any interface configurations in /etc/network/interfaces. (Closes: #688355, #690987, #606268) * Update README.Debian for the latest changes. -- Michael Biebl <bi...@debian.org> Tue, 29 Jan 2013 04:10:11 +0100 Full debdiff is attached. Cheers, Michael unblock network-manager/0.9.4.0-9 -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog index cc2ead9..46d0ab2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,30 @@ +network-manager (0.9.4.0-9) unstable; urgency=low + + * Change the ifupdown dispatcher script and set ADDRFAM to "inet" or "inet6" + depending on whether the connection has a valid IPv4 or IPv6 address. + Using "NetworkManager" as ADDRFAM type did confuse most ifupdown hook + scripts and e.g. broke async NFS mounts. (Closes: #475188, #656584) + * debian/patches/05-force-online-with-unmanaged-devices.patch: If network + interfaces are configured in /etc/network/interfaces, NM will mark those + devices as unmanaged by default. If such a network interface has been + brought up by ifup, set the global online state to CONNECTED. + (Closes: #512286) + * No longer run the ifblacklist_migrate.sh script upon installation. This + script was used to comment out DHCP type network interface configurations + in /etc/network/interfaces as otherwise NM would mark such devices as + unmanaged. This script was buggy though and sometimes created a broken + network configuration. + Since debian-installer in wheezy (7.0) will create proper configuration + for NM if the network-manager package is part of the installation, this is + no longer necessary. + If users make a minimal system installation and install the + network-manager package afterwards, show a warning in postinst if we + find any interface configurations in /etc/network/interfaces. + (Closes: #688355, #690987, #606268) + * Update README.Debian for the latest changes. + + -- Michael Biebl <bi...@debian.org> Tue, 29 Jan 2013 04:10:11 +0100 + network-manager (0.9.4.0-8) unstable; urgency=low * Move the pkla file to /etc/polkit-1 as requested by the release team. diff --git a/debian/network-manager-dispatcher.script b/debian/network-manager-dispatcher.script index 5869bda..ebadfd1 100644 --- a/debian/network-manager-dispatcher.script +++ b/debian/network-manager-dispatcher.script @@ -9,42 +9,68 @@ if [ -z "$1" ]; then exit 1; fi +if [ -n "$IP4_NUM_ADDRESSES" ] && [ "$IP4_NUM_ADDRESSES" -gt 0 ]; then + ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet" +fi +if [ -n "$IP6_NUM_ADDRESSES" ] && [ "$IP6_NUM_ADDRESSES" -gt 0 ]; then + ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6" +fi + +# If we have a VPN connection ignore the underlying IP address(es) +if [ "$2" = "vpn-up" ] || [ "$2" = "vpn-down" ]; then + ADDRESS_FAMILIES="" +fi + +if [ -n "$VPN_IP4_NUM_ADDRESSES" ] && [ "$VPN_IP4_NUM_ADDRESSES" -gt 0 ]; then + ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet" +fi +if [ -n "$VPN_IP6_NUM_ADDRESSES" ] && [ "$VPN_IP6_NUM_ADDRESSES" -gt 0 ]; then + ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6" +fi + +# We're probably bringing the interface down. +[ -n "$ADDRESS_FAMILIES" ] || ADDRESS_FAMILIES="inet" + # Fake ifupdown environment export IFACE="$1" export LOGICAL="$1" -export ADDRFAM="NetworkManager" export METHOD="NetworkManager" export VERBOSITY="0" -# Run the right scripts -case "$2" in - up|vpn-up) - export MODE="start" - export PHASE="post-up" - exec run-parts /etc/network/if-up.d - ;; - down|vpn-down) - export MODE="stop" - export PHASE="post-down" - exec run-parts /etc/network/if-post-down.d - ;; +for i in $ADDRESS_FAMILIES; do + + export ADDRFAM="$i" + + # Run the right scripts + case "$2" in + up|vpn-up) + export MODE="start" + export PHASE="post-up" + run-parts /etc/network/if-up.d + ;; + down|vpn-down) + export MODE="stop" + export PHASE="post-down" + run-parts /etc/network/if-post-down.d + ;; # pre-up/pre-down not implemented. See # https://bugzilla.gnome.org/show_bug.cgi?id=387832 -# pre-up) -# export MODE="start" -# export PHASE="pre-up" -# exec run-parts /etc/network/if-pre-up.d -# ;; -# pre-down) -# export MODE="stop" -# export PHASE="pre-down" -# exec run-parts /etc/network/if-down.d -# ;; - hostname|dhcp4-change|dhcp6-change) - # Do nothing - ;; - *) - echo "$0: called with unknown action \`$2'" 1>&2 - exit 1 - ;; -esac +# pre-up) +# export MODE="start" +# export PHASE="pre-up" +# run-parts /etc/network/if-pre-up.d +# ;; +# pre-down) +# export MODE="stop" +# export PHASE="pre-down" +# run-parts /etc/network/if-down.d +# ;; + hostname|dhcp4-change|dhcp6-change) + # Do nothing + ;; + *) + echo "$0: called with unknown action \`$2'" 1>&2 + exit 1 + ;; + esac +done diff --git a/debian/network-manager.README.Debian b/debian/network-manager.README.Debian index 43fad37..f11dfa7 100644 --- a/debian/network-manager.README.Debian +++ b/debian/network-manager.README.Debian @@ -1,62 +1,36 @@ -NetworkManager consists of two parts: one is on the system level daemon that -manages the connections and gathers information about new networks. The other -is a systray applet that users can use to interact with the NetworkManager -daemon. - -Security -~~~~~~~~ - -To allow users to connect to the NetworkManager daemon they have to be in the -group "netdev". If you want to add a user to group "netdev" use the command -"adduser username netdev" or one of the graphical user management frontends. -After that you have to reload D-Bus with the command "service dbus reload". - -Alternatively you can install the "consolekit" package which will grant access -for all locally logged in users. - - -Managed vs. Unmanaged mode and /etc/network/interfaces -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Devices listed in /etc/network/interfaces _will_ be managed by NetworkManager -unless the ifupdown system-config-setting is enabled and is setup to run -in "Unmanaged mode". - -The config to select unmanaged/managed mode is in -/etc/NetworkManager/NetworkManager.conf: - - [ifupdown] - managed=true/false - -Unmanaged mode will make NetworkManager not touch any wired/wireless device -matching an interface name configured in /etc/network/interfaces. - -Managed mode will make NetworkManager manage all devices and will make -NetworkManager honour all dhcp and static configurations for wired and -wireless devices. - -After modifying /etc/NetworkManager/NetworkManager.conf _or_ -/etc/network/interfaces you may want to tell NetworkManager about the changes -by running "service network-manager restart". - -System settings -~~~~~~~~~~~~~~~ - -System settings allow to setup network connections which are available at -boot time, before login and to all users of the machine. The settings are -stored in a system-wide location. -There are plugins for different configuration sources. -By default the ifupdown and keyfile plugin are enabled, see -/etc/NetworkManager/NetworkManager.conf: - - [main] - plugins=ifupdown,keyfile - -The ifupdown plugin is read-only and reads the native ifupdown configuration -file /etc/network/interfaces. - -The keyfile plugin is read-write. The configuration files for network -connections are stored in /etc/NetworkManager/system-connections/. +NetworkManager is a set of co-operative tools that make networking simple and +straightforward. Whether WiFi, wired, 3G, or Bluetooth, NetworkManager allows +you to quickly move from one network to another. + +It has two components: + +1. a system level service which manages connections and reports network changes +2. a graphical desktop applet which allows the user to manipulate network + connections. The nmcli tool provides similar functionality on the command + line. + + +system connections and security +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In NetworkManager version 0.9, network connections are stored as keyfiles in +the /etc/NetworkManager/system-connections/ directory. +When creating new wireless or wired connections, they are by default +system-owned (i.e. available to everyone) and the secrets (e.g WPA-PSK or WEP +key) are stored as plain text in the corresponding connection configuration +file. The advantage of system connections is, that they can be active before a +user has logged in and they are active across user sessions. +Modifying or creating such system-owned connections requires admin privileges. +To avoid prompts for the root/admin password, NetworkManager ships a PolicyKit +configuration file which grants everyone in group "netdev" or "sudo" the +privilege to modify a system connection without prior authentication. Adding a +user to group sudo grants him root-like privileges though. If that is not +wanted, you can choose to add him to group netdev instead. +If the user should not have the privilege to add and modify system connections +don't add him to either groups. +In that case, the user clients (like nm-applet) will default to creating +user-owned connections where the secrets are stored in the user keyring. +VPN and 3G type connections are by default also user-owned. For more information see NetworkManager.conf(5) or http://live.gnome.org/NetworkManager/SystemSettings @@ -64,19 +38,29 @@ http://live.gnome.org/NetworkManager/SystemSettings The keyfile specification is available at http://projects.gnome.org/NetworkManager/developers/settings-spec-08.html +unmanaged devices and /etc/network/interfaces +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Network devices which are configured in /etc/network/interfaces will typically +be managed by ifupdown. Such devices will by default be marked as "unmanaged" +in NetworkManager. -Dial-up configuration -~~~~~~~~~~~~~~~~~~~~~ +You can tell NetworkManager to read and use the network configuration from +/etc/network/interfaces by editing /etc/NetworkManager/NetworkManager.conf +and changing the configuration as follows: + + [ifupdown] + managed=true -Your dialup configurations can now be done in nm-connection-editor. -Because of that /etc/network/interfaces configurations are considered "legacy" -from a network manager point of view. +After modifying /etc/NetworkManager/NetworkManager.conf or +/etc/network/interfaces you need to restart the NetworkManager service via +"service network-manager restart". -However, if you want to use your /etc/network/interfaces configuration make -sure that you have the ifupdown plugin in "Unmanaged mode" and take care that -the used wired/wireless device is also configured in /etc/network/interfaces. +It needs to be considered though that the network interface will also still be +managed by ifupdown. This can lead to unexpected behaviour if two network +configuration systems manage the same device. -Note that NetworkManager 0.7 will not provide UI hooks to up and down ppp -connections managed outside of NetworkManager itself (not that it ever worked -nicely before). +If you want to have a network interface managed by NetworkManager it is thus +recommended to manually remove any configuration for that interface from +/etc/network/interfaces. diff --git a/debian/network-manager.postinst b/debian/network-manager.postinst index b2dd435..17c4950 100644 --- a/debian/network-manager.postinst +++ b/debian/network-manager.postinst @@ -42,10 +42,17 @@ case "$1" in kill `pidof /usr/sbin/nm-system-settings` 2>/dev/null || true fi - if [ -z "$2" ] || dpkg --compare-versions "$2" lt-nl "0.8.1-4"; then - if [ -f /etc/network/interfaces ]; then - echo "Disabling interfaces configured with plain DHCP in /etc/network/interfaces so that NetworkManager can take them over" - /usr/lib/NetworkManager/ifblacklist_migrate.sh + NIF=/etc/network/interfaces + if [ -z "$2" ] && [ -f $NIF ]; then + ifaces=`grep -v '^#' $NIF | awk '/iface/ {print $2}' | sort -u | sed -e 's/lo//' -e '/^$/d' -e 's/^/- /'` + if [ -n "$ifaces" ]; then + echo "" 1>&2 + echo "The following network interfaces were found in $NIF" 1>&2 + echo "which means they are currently configured by ifupdown:" 1>&2 + echo "$ifaces" 1>&2 + echo "If you want to manage those interfaces with NetworkManager instead" 1>&2 + echo "remove their configuration from $NIF." 1>&2 + echo "" 1>&2 fi fi ;; diff --git a/debian/network-manager.postrm b/debian/network-manager.postrm index 5bc3e9b..d41768c 100644 --- a/debian/network-manager.postrm +++ b/debian/network-manager.postrm @@ -27,14 +27,8 @@ case "$1" in fi ;; remove) - # Restore the ifupdown configuration that were disabled at installation - backup_suffix=0 - while test -e /etc/network/interfaces.bak-${backup_suffix}; do - backup_suffix=$(($backup_suffix + 1)) - done - if [ -f /etc/network/interfaces ]; then - sed -i.bak-${backup_suffix} -e "s/^#NetworkManager#//g" /etc/network/interfaces - fi + # Since we no longer run the ifblacklist_migrate.sh script + # we also don't need to clean up anymore afterwards. ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; diff --git a/debian/patches/05-force-online-with-unmanaged-devices.patch b/debian/patches/05-force-online-with-unmanaged-devices.patch new file mode 100644 index 0000000..30cd02b --- /dev/null +++ b/debian/patches/05-force-online-with-unmanaged-devices.patch @@ -0,0 +1,154 @@ +Description: Force online state with unmanaged devices + If we have unmanaged devices in /e/n/i, monitor the ifupdown state file + and in case we find active interfaces besides lo, forcefully set the + online state to CONNECTED. +Author: Michael Biebl <bi...@debian.org> +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512286 +Index: network-manager/src/nm-manager.c +=================================================================== +--- network-manager.orig/src/nm-manager.c 2013-01-15 14:18:54.847100261 +0100 ++++ network-manager/src/nm-manager.c 2013-01-15 14:22:20.945799751 +0100 +@@ -79,6 +79,8 @@ + + #define UPOWER_DBUS_SERVICE "org.freedesktop.UPower" + ++#define IFUPDOWN_STATE_FILE "/run/network/ifstate" ++ + static gboolean impl_manager_get_devices (NMManager *manager, + GPtrArray **devices, + GError **err); +@@ -237,6 +239,11 @@ + guint fw_monitor_id; + guint fw_changed_id; + ++ /* ifupdown state file monitor */ ++ GFileMonitor *ifstate_monitor; ++ guint ifstate_monitor_id; ++ gboolean ifstate_force_online; ++ + guint timestamp_update_id; + + gboolean disposed; +@@ -448,6 +455,14 @@ + break; + } + ++ if (state == NM_DEVICE_STATE_UNMANAGED) { ++ const char *iface = nm_device_get_ip_iface (dev); ++ if (priv->ifstate_force_online) { ++ new_state = NM_STATE_CONNECTED; ++ nm_log_dbg (LOGD_CORE, "Unmanaged device found: %s; state CONNECTED forced.", iface); ++ } ++ } ++ + if (nm_device_is_activating (dev)) + new_state = NM_STATE_CONNECTING; + else if (new_state != NM_STATE_CONNECTING) { +@@ -3766,6 +3781,65 @@ + } + } + ++static void ++check_ifstate_file (gpointer user_data) ++{ ++ NMManager *self = NM_MANAGER (user_data); ++ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self); ++ GIOChannel *channel; ++ gchar *line; ++ gboolean online = FALSE; ++ ++ channel = g_io_channel_new_file (IFUPDOWN_STATE_FILE, "r", NULL); ++ if (!channel) { ++ nm_log_warn (LOGD_CORE, "Error: failed to open %s", IFUPDOWN_STATE_FILE); ++ return; ++ } ++ ++ while (g_io_channel_read_line (channel, &line, NULL, NULL, NULL) ++ != G_IO_STATUS_EOF && !online) { ++ g_strstrip (line); ++ if (strlen (line) > 0 && g_strcmp0 (line, "lo=lo") != 0) { ++ online = TRUE; ++ } ++ g_free (line); ++ } ++ ++ g_io_channel_shutdown (channel, FALSE, NULL); ++ g_io_channel_unref (channel); ++ ++ if (priv->ifstate_force_online != online) { ++ priv->ifstate_force_online = online; ++ nm_manager_update_state (self); ++ } ++} ++ ++static void ++ifstate_file_changed (GFileMonitor *monitor, ++ GFile *file, ++ GFile *other_file, ++ GFileMonitorEvent event_type, ++ gpointer user_data) ++{ ++ NMManager *self = NM_MANAGER (user_data); ++ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self); ++ ++ switch (event_type) { ++// case G_FILE_MONITOR_EVENT_CREATED: ++//#if GLIB_CHECK_VERSION(2,23,4) ++// case G_FILE_MONITOR_EVENT_MOVED: ++//#endif ++// case G_FILE_MONITOR_EVENT_ATTRIBUTE_CHANGED: ++ case G_FILE_MONITOR_EVENT_CHANGED: ++ case G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT: ++ nm_log_dbg (LOGD_CORE, "ifupdown state file %s was changed", IFUPDOWN_STATE_FILE); ++ check_ifstate_file (user_data); ++ break; ++ default: ++ break; ++ } ++} ++ + #define PERM_DENIED_ERROR "org.freedesktop.NetworkManager.PermissionDenied" + + static void +@@ -4121,6 +4195,17 @@ + g_object_unref (priv->fw_monitor); + } + ++ if (priv->ifstate_monitor) { ++ if (priv->ifstate_monitor_id) ++ g_signal_handler_disconnect (priv->ifstate_monitor, priv->ifstate_monitor_id); ++ ++ if (priv->ifstate_force_online) ++ g_source_remove (priv->ifstate_force_online); ++ ++ g_file_monitor_cancel (priv->ifstate_monitor); ++ g_object_unref (priv->ifstate_monitor); ++ } ++ + g_slist_free (priv->factories); + + if (priv->timestamp_update_id) { +@@ -4469,6 +4554,23 @@ + KERNEL_FIRMWARE_DIR); + } + ++ /* Monitor the ifupdown state file */ ++ file = g_file_new_for_path (IFUPDOWN_STATE_FILE); ++ priv->ifstate_monitor = g_file_monitor_file (file, G_FILE_MONITOR_NONE, NULL, NULL); ++ g_object_unref (file); ++ ++ if (priv->ifstate_monitor) { ++ priv->ifstate_monitor_id = g_signal_connect (priv->ifstate_monitor, "changed", ++ G_CALLBACK (ifstate_file_changed), ++ manager); ++ nm_log_info (LOGD_CORE, "monitoring ifupdown state file '%s'.", ++ IFUPDOWN_STATE_FILE); ++ } else { ++ nm_log_warn (LOGD_CORE, "failed to monitor ifupdown state file '%s'.", ++ IFUPDOWN_STATE_FILE); ++ } ++ priv->ifstate_force_online = FALSE; ++ + load_device_factories (manager); + + /* Update timestamps in active connections */ diff --git a/debian/patches/series b/debian/patches/series index ed9f3f0..3c1f280 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,6 +2,7 @@ 02-dbus_access_network_manager.patch 03-systemd.patch 04-systemd-set-kill-mode-process.patch +05-force-online-with-unmanaged-devices.patch 10-format-security.patch 11-initialize-nm-remote-settings.patch 12-initialize-gerror.patch