Bug#699213: unblock: network-manager/0.9.4.0-9
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package network-manager
It fixes a bunch of RC bugs and long standing issues.
Dropping the /e/n/i mangling bits is now possible due to the fine work
the d-i people did for d-i 7.0 RC1.
It's important to get those fixes in to wheezy along with the
corresponding changes in network-manager-applet: #699115,
gnome-control-center: #697894 and gnome-shell: #699119
The changelog:
network-manager (0.9.4.0-9) unstable; urgency=low
* Change the ifupdown dispatcher script and set ADDRFAM to "inet" or "inet6"
depending on whether the connection has a valid IPv4 or IPv6 address.
Using "NetworkManager" as ADDRFAM type did confuse most ifupdown hook
scripts and e.g. broke async NFS mounts. (Closes: #475188, #656584)
* debian/patches/05-force-online-with-unmanaged-devices.patch: If network
interfaces are configured in /etc/network/interfaces, NM will mark those
devices as unmanaged by default. If such a network interface has been
brought up by ifup, set the global online state to CONNECTED.
(Closes: #512286)
* No longer run the ifblacklist_migrate.sh script upon installation. This
script was used to comment out DHCP type network interface configurations
in /etc/network/interfaces as otherwise NM would mark such devices as
unmanaged. This script was buggy though and sometimes created a broken
network configuration.
Since debian-installer in wheezy (7.0) will create proper configuration
for NM if the network-manager package is part of the installation, this is
no longer necessary.
If users make a minimal system installation and install the
network-manager package afterwards, show a warning in postinst if we
find any interface configurations in /etc/network/interfaces.
(Closes: #688355, #690987, #606268)
* Update README.Debian for the latest changes.
-- Michael Biebl <biebl@debian.org> Tue, 29 Jan 2013 04:10:11 +0100
Full debdiff is attached.
Cheers,
Michael
unblock network-manager/0.9.4.0-9
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index cc2ead9..46d0ab2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,30 @@
+network-manager (0.9.4.0-9) unstable; urgency=low
+
+ * Change the ifupdown dispatcher script and set ADDRFAM to "inet" or "inet6"
+ depending on whether the connection has a valid IPv4 or IPv6 address.
+ Using "NetworkManager" as ADDRFAM type did confuse most ifupdown hook
+ scripts and e.g. broke async NFS mounts. (Closes: #475188, #656584)
+ * debian/patches/05-force-online-with-unmanaged-devices.patch: If network
+ interfaces are configured in /etc/network/interfaces, NM will mark those
+ devices as unmanaged by default. If such a network interface has been
+ brought up by ifup, set the global online state to CONNECTED.
+ (Closes: #512286)
+ * No longer run the ifblacklist_migrate.sh script upon installation. This
+ script was used to comment out DHCP type network interface configurations
+ in /etc/network/interfaces as otherwise NM would mark such devices as
+ unmanaged. This script was buggy though and sometimes created a broken
+ network configuration.
+ Since debian-installer in wheezy (7.0) will create proper configuration
+ for NM if the network-manager package is part of the installation, this is
+ no longer necessary.
+ If users make a minimal system installation and install the
+ network-manager package afterwards, show a warning in postinst if we
+ find any interface configurations in /etc/network/interfaces.
+ (Closes: #688355, #690987, #606268)
+ * Update README.Debian for the latest changes.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 29 Jan 2013 04:10:11 +0100
+
network-manager (0.9.4.0-8) unstable; urgency=low
* Move the pkla file to /etc/polkit-1 as requested by the release team.
diff --git a/debian/network-manager-dispatcher.script b/debian/network-manager-dispatcher.script
index 5869bda..ebadfd1 100644
--- a/debian/network-manager-dispatcher.script
+++ b/debian/network-manager-dispatcher.script
@@ -9,42 +9,68 @@ if [ -z "$1" ]; then
exit 1;
fi
+if [ -n "$IP4_NUM_ADDRESSES" ] && [ "$IP4_NUM_ADDRESSES" -gt 0 ]; then
+ ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
+fi
+if [ -n "$IP6_NUM_ADDRESSES" ] && [ "$IP6_NUM_ADDRESSES" -gt 0 ]; then
+ ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
+fi
+
+# If we have a VPN connection ignore the underlying IP address(es)
+if [ "$2" = "vpn-up" ] || [ "$2" = "vpn-down" ]; then
+ ADDRESS_FAMILIES=""
+fi
+
+if [ -n "$VPN_IP4_NUM_ADDRESSES" ] && [ "$VPN_IP4_NUM_ADDRESSES" -gt 0 ]; then
+ ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet"
+fi
+if [ -n "$VPN_IP6_NUM_ADDRESSES" ] && [ "$VPN_IP6_NUM_ADDRESSES" -gt 0 ]; then
+ ADDRESS_FAMILIES="$ADDRESS_FAMILIES inet6"
+fi
+
+# We're probably bringing the interface down.
+[ -n "$ADDRESS_FAMILIES" ] || ADDRESS_FAMILIES="inet"
+
# Fake ifupdown environment
export IFACE="$1"
export LOGICAL="$1"
-export ADDRFAM="NetworkManager"
export METHOD="NetworkManager"
export VERBOSITY="0"
-# Run the right scripts
-case "$2" in
- up|vpn-up)
- export MODE="start"
- export PHASE="post-up"
- exec run-parts /etc/network/if-up.d
- ;;
- down|vpn-down)
- export MODE="stop"
- export PHASE="post-down"
- exec run-parts /etc/network/if-post-down.d
- ;;
+for i in $ADDRESS_FAMILIES; do
+
+ export ADDRFAM="$i"
+
+ # Run the right scripts
+ case "$2" in
+ up|vpn-up)
+ export MODE="start"
+ export PHASE="post-up"
+ run-parts /etc/network/if-up.d
+ ;;
+ down|vpn-down)
+ export MODE="stop"
+ export PHASE="post-down"
+ run-parts /etc/network/if-post-down.d
+ ;;
# pre-up/pre-down not implemented. See
# https://bugzilla.gnome.org/show_bug.cgi?id=387832
-# pre-up)
-# export MODE="start"
-# export PHASE="pre-up"
-# exec run-parts /etc/network/if-pre-up.d
-# ;;
-# pre-down)
-# export MODE="stop"
-# export PHASE="pre-down"
-# exec run-parts /etc/network/if-down.d
-# ;;
- hostname|dhcp4-change|dhcp6-change)
- # Do nothing
- ;;
- *)
- echo "$0: called with unknown action \`$2'" 1>&2
- exit 1
- ;;
-esac
+# pre-up)
+# export MODE="start"
+# export PHASE="pre-up"
+# run-parts /etc/network/if-pre-up.d
+# ;;
+# pre-down)
+# export MODE="stop"
+# export PHASE="pre-down"
+# run-parts /etc/network/if-down.d
+# ;;
+ hostname|dhcp4-change|dhcp6-change)
+ # Do nothing
+ ;;
+ *)
+ echo "$0: called with unknown action \`$2'" 1>&2
+ exit 1
+ ;;
+ esac
+done
diff --git a/debian/network-manager.README.Debian b/debian/network-manager.README.Debian
index 43fad37..f11dfa7 100644
--- a/debian/network-manager.README.Debian
+++ b/debian/network-manager.README.Debian
@@ -1,62 +1,36 @@
-NetworkManager consists of two parts: one is on the system level daemon that
-manages the connections and gathers information about new networks. The other
-is a systray applet that users can use to interact with the NetworkManager
-daemon.
-
-Security
-~~~~~~~~
-
-To allow users to connect to the NetworkManager daemon they have to be in the
-group "netdev". If you want to add a user to group "netdev" use the command
-"adduser username netdev" or one of the graphical user management frontends.
-After that you have to reload D-Bus with the command "service dbus reload".
-
-Alternatively you can install the "consolekit" package which will grant access
-for all locally logged in users.
-
-
-Managed vs. Unmanaged mode and /etc/network/interfaces
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Devices listed in /etc/network/interfaces _will_ be managed by NetworkManager
-unless the ifupdown system-config-setting is enabled and is setup to run
-in "Unmanaged mode".
-
-The config to select unmanaged/managed mode is in
-/etc/NetworkManager/NetworkManager.conf:
-
- [ifupdown]
- managed=true/false
-
-Unmanaged mode will make NetworkManager not touch any wired/wireless device
-matching an interface name configured in /etc/network/interfaces.
-
-Managed mode will make NetworkManager manage all devices and will make
-NetworkManager honour all dhcp and static configurations for wired and
-wireless devices.
-
-After modifying /etc/NetworkManager/NetworkManager.conf _or_
-/etc/network/interfaces you may want to tell NetworkManager about the changes
-by running "service network-manager restart".
-
-System settings
-~~~~~~~~~~~~~~~
-
-System settings allow to setup network connections which are available at
-boot time, before login and to all users of the machine. The settings are
-stored in a system-wide location.
-There are plugins for different configuration sources.
-By default the ifupdown and keyfile plugin are enabled, see
-/etc/NetworkManager/NetworkManager.conf:
-
- [main]
- plugins=ifupdown,keyfile
-
-The ifupdown plugin is read-only and reads the native ifupdown configuration
-file /etc/network/interfaces.
-
-The keyfile plugin is read-write. The configuration files for network
-connections are stored in /etc/NetworkManager/system-connections/.
+NetworkManager is a set of co-operative tools that make networking simple and
+straightforward. Whether WiFi, wired, 3G, or Bluetooth, NetworkManager allows
+you to quickly move from one network to another.
+
+It has two components:
+
+1. a system level service which manages connections and reports network changes
+2. a graphical desktop applet which allows the user to manipulate network
+ connections. The nmcli tool provides similar functionality on the command
+ line.
+
+
+system connections and security
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In NetworkManager version 0.9, network connections are stored as keyfiles in
+the /etc/NetworkManager/system-connections/ directory.
+When creating new wireless or wired connections, they are by default
+system-owned (i.e. available to everyone) and the secrets (e.g WPA-PSK or WEP
+key) are stored as plain text in the corresponding connection configuration
+file. The advantage of system connections is, that they can be active before a
+user has logged in and they are active across user sessions.
+Modifying or creating such system-owned connections requires admin privileges.
+To avoid prompts for the root/admin password, NetworkManager ships a PolicyKit
+configuration file which grants everyone in group "netdev" or "sudo" the
+privilege to modify a system connection without prior authentication. Adding a
+user to group sudo grants him root-like privileges though. If that is not
+wanted, you can choose to add him to group netdev instead.
+If the user should not have the privilege to add and modify system connections
+don't add him to either groups.
+In that case, the user clients (like nm-applet) will default to creating
+user-owned connections where the secrets are stored in the user keyring.
+VPN and 3G type connections are by default also user-owned.
For more information see NetworkManager.conf(5) or
http://live.gnome.org/NetworkManager/SystemSettings
@@ -64,19 +38,29 @@ http://live.gnome.org/NetworkManager/SystemSettings
The keyfile specification is available at
http://projects.gnome.org/NetworkManager/developers/settings-spec-08.html
+unmanaged devices and /etc/network/interfaces
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Network devices which are configured in /etc/network/interfaces will typically
+be managed by ifupdown. Such devices will by default be marked as "unmanaged"
+in NetworkManager.
-Dial-up configuration
-~~~~~~~~~~~~~~~~~~~~~
+You can tell NetworkManager to read and use the network configuration from
+/etc/network/interfaces by editing /etc/NetworkManager/NetworkManager.conf
+and changing the configuration as follows:
+
+ [ifupdown]
+ managed=true
-Your dialup configurations can now be done in nm-connection-editor.
-Because of that /etc/network/interfaces configurations are considered "legacy"
-from a network manager point of view.
+After modifying /etc/NetworkManager/NetworkManager.conf or
+/etc/network/interfaces you need to restart the NetworkManager service via
+"service network-manager restart".
-However, if you want to use your /etc/network/interfaces configuration make
-sure that you have the ifupdown plugin in "Unmanaged mode" and take care that
-the used wired/wireless device is also configured in /etc/network/interfaces.
+It needs to be considered though that the network interface will also still be
+managed by ifupdown. This can lead to unexpected behaviour if two network
+configuration systems manage the same device.
-Note that NetworkManager 0.7 will not provide UI hooks to up and down ppp
-connections managed outside of NetworkManager itself (not that it ever worked
-nicely before).
+If you want to have a network interface managed by NetworkManager it is thus
+recommended to manually remove any configuration for that interface from
+/etc/network/interfaces.
diff --git a/debian/network-manager.postinst b/debian/network-manager.postinst
index b2dd435..17c4950 100644
--- a/debian/network-manager.postinst
+++ b/debian/network-manager.postinst
@@ -42,10 +42,17 @@ case "$1" in
kill `pidof /usr/sbin/nm-system-settings` 2>/dev/null || true
fi
- if [ -z "$2" ] || dpkg --compare-versions "$2" lt-nl "0.8.1-4"; then
- if [ -f /etc/network/interfaces ]; then
- echo "Disabling interfaces configured with plain DHCP in /etc/network/interfaces so that NetworkManager can take them over"
- /usr/lib/NetworkManager/ifblacklist_migrate.sh
+ NIF=/etc/network/interfaces
+ if [ -z "$2" ] && [ -f $NIF ]; then
+ ifaces=`grep -v '^#' $NIF | awk '/iface/ {print $2}' | sort -u | sed -e 's/lo//' -e '/^$/d' -e 's/^/- /'`
+ if [ -n "$ifaces" ]; then
+ echo "" 1>&2
+ echo "The following network interfaces were found in $NIF" 1>&2
+ echo "which means they are currently configured by ifupdown:" 1>&2
+ echo "$ifaces" 1>&2
+ echo "If you want to manage those interfaces with NetworkManager instead" 1>&2
+ echo "remove their configuration from $NIF." 1>&2
+ echo "" 1>&2
fi
fi
;;
diff --git a/debian/network-manager.postrm b/debian/network-manager.postrm
index 5bc3e9b..d41768c 100644
--- a/debian/network-manager.postrm
+++ b/debian/network-manager.postrm
@@ -27,14 +27,8 @@ case "$1" in
fi
;;
remove)
- # Restore the ifupdown configuration that were disabled at installation
- backup_suffix=0
- while test -e /etc/network/interfaces.bak-${backup_suffix}; do
- backup_suffix=$(($backup_suffix + 1))
- done
- if [ -f /etc/network/interfaces ]; then
- sed -i.bak-${backup_suffix} -e "s/^#NetworkManager#//g" /etc/network/interfaces
- fi
+ # Since we no longer run the ifblacklist_migrate.sh script
+ # we also don't need to clean up anymore afterwards.
;;
upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
diff --git a/debian/patches/05-force-online-with-unmanaged-devices.patch b/debian/patches/05-force-online-with-unmanaged-devices.patch
new file mode 100644
index 0000000..30cd02b
--- /dev/null
+++ b/debian/patches/05-force-online-with-unmanaged-devices.patch
@@ -0,0 +1,154 @@
+Description: Force online state with unmanaged devices
+ If we have unmanaged devices in /e/n/i, monitor the ifupdown state file
+ and in case we find active interfaces besides lo, forcefully set the
+ online state to CONNECTED.
+Author: Michael Biebl <biebl@debian.org>
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512286
+Index: network-manager/src/nm-manager.c
+===================================================================
+--- network-manager.orig/src/nm-manager.c 2013-01-15 14:18:54.847100261 +0100
++++ network-manager/src/nm-manager.c 2013-01-15 14:22:20.945799751 +0100
+@@ -79,6 +79,8 @@
+
+ #define UPOWER_DBUS_SERVICE "org.freedesktop.UPower"
+
++#define IFUPDOWN_STATE_FILE "/run/network/ifstate"
++
+ static gboolean impl_manager_get_devices (NMManager *manager,
+ GPtrArray **devices,
+ GError **err);
+@@ -237,6 +239,11 @@
+ guint fw_monitor_id;
+ guint fw_changed_id;
+
++ /* ifupdown state file monitor */
++ GFileMonitor *ifstate_monitor;
++ guint ifstate_monitor_id;
++ gboolean ifstate_force_online;
++
+ guint timestamp_update_id;
+
+ gboolean disposed;
+@@ -448,6 +455,14 @@
+ break;
+ }
+
++ if (state == NM_DEVICE_STATE_UNMANAGED) {
++ const char *iface = nm_device_get_ip_iface (dev);
++ if (priv->ifstate_force_online) {
++ new_state = NM_STATE_CONNECTED;
++ nm_log_dbg (LOGD_CORE, "Unmanaged device found: %s; state CONNECTED forced.", iface);
++ }
++ }
++
+ if (nm_device_is_activating (dev))
+ new_state = NM_STATE_CONNECTING;
+ else if (new_state != NM_STATE_CONNECTING) {
+@@ -3766,6 +3781,65 @@
+ }
+ }
+
++static void
++check_ifstate_file (gpointer user_data)
++{
++ NMManager *self = NM_MANAGER (user_data);
++ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
++ GIOChannel *channel;
++ gchar *line;
++ gboolean online = FALSE;
++
++ channel = g_io_channel_new_file (IFUPDOWN_STATE_FILE, "r", NULL);
++ if (!channel) {
++ nm_log_warn (LOGD_CORE, "Error: failed to open %s", IFUPDOWN_STATE_FILE);
++ return;
++ }
++
++ while (g_io_channel_read_line (channel, &line, NULL, NULL, NULL)
++ != G_IO_STATUS_EOF && !online) {
++ g_strstrip (line);
++ if (strlen (line) > 0 && g_strcmp0 (line, "lo=lo") != 0) {
++ online = TRUE;
++ }
++ g_free (line);
++ }
++
++ g_io_channel_shutdown (channel, FALSE, NULL);
++ g_io_channel_unref (channel);
++
++ if (priv->ifstate_force_online != online) {
++ priv->ifstate_force_online = online;
++ nm_manager_update_state (self);
++ }
++}
++
++static void
++ifstate_file_changed (GFileMonitor *monitor,
++ GFile *file,
++ GFile *other_file,
++ GFileMonitorEvent event_type,
++ gpointer user_data)
++{
++ NMManager *self = NM_MANAGER (user_data);
++ NMManagerPrivate *priv = NM_MANAGER_GET_PRIVATE (self);
++
++ switch (event_type) {
++// case G_FILE_MONITOR_EVENT_CREATED:
++//#if GLIB_CHECK_VERSION(2,23,4)
++// case G_FILE_MONITOR_EVENT_MOVED:
++//#endif
++// case G_FILE_MONITOR_EVENT_ATTRIBUTE_CHANGED:
++ case G_FILE_MONITOR_EVENT_CHANGED:
++ case G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT:
++ nm_log_dbg (LOGD_CORE, "ifupdown state file %s was changed", IFUPDOWN_STATE_FILE);
++ check_ifstate_file (user_data);
++ break;
++ default:
++ break;
++ }
++}
++
+ #define PERM_DENIED_ERROR "org.freedesktop.NetworkManager.PermissionDenied"
+
+ static void
+@@ -4121,6 +4195,17 @@
+ g_object_unref (priv->fw_monitor);
+ }
+
++ if (priv->ifstate_monitor) {
++ if (priv->ifstate_monitor_id)
++ g_signal_handler_disconnect (priv->ifstate_monitor, priv->ifstate_monitor_id);
++
++ if (priv->ifstate_force_online)
++ g_source_remove (priv->ifstate_force_online);
++
++ g_file_monitor_cancel (priv->ifstate_monitor);
++ g_object_unref (priv->ifstate_monitor);
++ }
++
+ g_slist_free (priv->factories);
+
+ if (priv->timestamp_update_id) {
+@@ -4469,6 +4554,23 @@
+ KERNEL_FIRMWARE_DIR);
+ }
+
++ /* Monitor the ifupdown state file */
++ file = g_file_new_for_path (IFUPDOWN_STATE_FILE);
++ priv->ifstate_monitor = g_file_monitor_file (file, G_FILE_MONITOR_NONE, NULL, NULL);
++ g_object_unref (file);
++
++ if (priv->ifstate_monitor) {
++ priv->ifstate_monitor_id = g_signal_connect (priv->ifstate_monitor, "changed",
++ G_CALLBACK (ifstate_file_changed),
++ manager);
++ nm_log_info (LOGD_CORE, "monitoring ifupdown state file '%s'.",
++ IFUPDOWN_STATE_FILE);
++ } else {
++ nm_log_warn (LOGD_CORE, "failed to monitor ifupdown state file '%s'.",
++ IFUPDOWN_STATE_FILE);
++ }
++ priv->ifstate_force_online = FALSE;
++
+ load_device_factories (manager);
+
+ /* Update timestamps in active connections */
diff --git a/debian/patches/series b/debian/patches/series
index ed9f3f0..3c1f280 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,6 +2,7 @@
02-dbus_access_network_manager.patch
03-systemd.patch
04-systemd-set-kill-mode-process.patch
+05-force-online-with-unmanaged-devices.patch
10-format-security.patch
11-initialize-nm-remote-settings.patch
12-initialize-gerror.patch
Reply to: