network: use drop-ins for NetworkManager configuration (#1176)

Do not modify main /etc/NetworkManager/NetworkManager.conf as it would
cause conflicts during updates. Use
/etc/NetworkManager/conf.d/30-qubes.conf instead.
Also remove some dead code for dynamically generated parts (no longer
required to "blacklist" eth0 in VMs - we have proper connection
generated for it). It was commented out for some time already

Fixes QubesOS/qubes-issues#1176

Makefile

@@ -155,13 +155,14 @@ install-common:
 
 	install -m 0644 network/udev-qubes-network.rules $(DESTDIR)/etc/udev/rules.d/99-qubes-network.rules
 	install network/qubes-setup-dnat-to-ns $(DESTDIR)$(LIBDIR)/qubes
-	install network/qubes-fix-nm-conf.sh $(DESTDIR)$(LIBDIR)/qubes
 	install network/setup-ip $(DESTDIR)$(LIBDIR)/qubes/
 	install network/network-manager-prepare-conf-dir $(DESTDIR)$(LIBDIR)/qubes/
 	install -d $(DESTDIR)/etc/dhclient.d
 	ln -s /usr/lib/qubes/qubes-setup-dnat-to-ns $(DESTDIR)/etc/dhclient.d/qubes-setup-dnat-to-ns.sh
 	install -d $(DESTDIR)/etc/NetworkManager/dispatcher.d/
 	install network/{qubes-nmhook,30-qubes-external-ip} $(DESTDIR)/etc/NetworkManager/dispatcher.d/
+	install -m 0644 -D network/NetworkManager-qubes.conf \
+		$(DESTDIR)/etc/NetworkManager/conf.d/30-qubes.conf
 	install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes
 	install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf
 	install -m 0644 -D network/filter-updates $(DESTDIR)/etc/tinyproxy/filter-updates

archlinux/PKGBUILD.install

@@ -160,14 +160,6 @@ update_xdgstart () {
 
 update_qubesconfig() {
 
-	# Create NetworkManager configuration if we do not have it
-	if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-	echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-	echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-	echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-	fi
-	/usr/lib/qubes/qubes-fix-nm-conf.sh
-
 	# Remove ip_forward setting from sysctl, so NM will not reset it
 	# Archlinux now use sysctl.d/ instead of sysctl.conf
 	#sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf

debian/qubes-core-agent.postinst

@@ -69,14 +69,6 @@ case "${1}" in
         if [ -z "${2}" ]; then
 
             debug "FIRST INSTALL..."
-            # Create NetworkManager configuration if we do not have it
-            if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-                echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-                echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-                echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-            fi
-            /usr/lib/qubes/qubes-fix-nm-conf.sh
-
             # Location of files which contains list of protected files
             PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
 

network/NetworkManager-qubes.conf

@@ -0,0 +1,10 @@
+## This file is part of Qubes OS
+## Changes in this file may be overriden on update
+## Please use "/etc/NetworkManager/conf.d/50-user.conf" for your custom
+## configuration.
+
+[main]
+plugins += keyfile
+
+[keyfile]
+unmanaged_devices=mac:fe:ff:ff:ff:ff:ff

network/network-manager-prepare-conf-dir

@@ -8,12 +8,4 @@ if [ -d $NM_CONFIG_DIR -a ! -h $NM_CONFIG_DIR ]; then
     ln -s /rw/config/NM-system-connections $NM_CONFIG_DIR
 fi
 
-# Do not manage xen-provided network devices
-unmanaged_devices=mac:fe:ff:ff:ff:ff:ff
-#for mac in `xenstore-ls device/vif | grep mac | cut -d= -f2 | tr -d '" '`; do
-#    unmanaged_devices="$unmanaged_devices;mac:$mac"
-#done
-sed -i -e "s/^unmanaged-devices=.*/unmanaged-devices=$unmanaged_devices/" /etc/NetworkManager/NetworkManager.conf
-sed -i -e "s/^plugins=.*/plugins=keyfile/" /etc/NetworkManager/NetworkManager.conf
-
 exit 0

network/qubes-fix-nm-conf.sh

@@ -1,19 +0,0 @@
-#!/bin/sh
-FILE=/etc/NetworkManager/NetworkManager.conf
-VIFMAC=mac:fe:ff:ff:ff:ff:ff
-if ! grep -q ^plugins.*keyfile $FILE ; then
-	sed -i 's/^plugins.*$/&,keyfile/' $FILE
-fi
-if grep -q ^plugins.*ifcfg-rh $FILE ; then
-	sed -i 's/^plugins=\(.*\)ifcfg-rh,\(.*\)$/plugins=\1\2/' $FILE
-fi
-if ! grep -q '^\[keyfile\]$' $FILE ; then
-	echo '[keyfile]' >> $FILE
-fi
-if ! grep -q ^unmanaged-devices $FILE ; then
-	sed -i 's/^\[keyfile\]$/\[keyfile\]\x0aunmanaged-devices='$VIFMAC/ $FILE
-fi
-if ! grep -q ^unmanaged-devices.*$VIFMAC $FILE ; then
-	sed -i 's/^unmanaged-devices.*$/&,'$VIFMAC/ $FILE
-fi
-exit 0

network/setup-ip

@@ -32,6 +32,9 @@ if [ x$ip != x ]; then
     if [ -f /var/run/qubes-service/network-manager ]; then
         nm_config=/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE
         cat > $nm_config <<__EOF__
+## This file is automatically generated by Qubes OS
+## Changes in this file will be overriden by /usr/lib/qubes/setup-ip script.
+
 [802-3-ethernet]
 duplex=full
 

rpm_spec/core-vm.spec

@@ -135,15 +135,6 @@ for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
 	fi
 done
 
-# Create NetworkManager configuration if we do not have it
-if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-fi
-/usr/lib/qubes/qubes-fix-nm-conf.sh
-
-
 # Remove ip_forward setting from sysctl, so NM will not reset it
 sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
 
@@ -295,6 +286,7 @@ rm -f %{name}-%{version}
 %{kde_service_dir}/qvm-dvm.desktop
 /etc/NetworkManager/dispatcher.d/30-qubes-external-ip
 /etc/NetworkManager/dispatcher.d/qubes-nmhook
+%config /etc/NetworkManager/conf.d/30-qubes.conf
 %config(noreplace) /etc/X11/xorg-preload-apps.conf
 /etc/dispvm-dotfiles.tbz
 /etc/dhclient.d/qubes-setup-dnat-to-ns.sh
@@ -364,7 +356,6 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/qopen-in-vm
 /usr/lib/qubes/qrun-in-vm
 /usr/lib/qubes/qubes-download-dom0-updates.sh
-/usr/lib/qubes/qubes-fix-nm-conf.sh
 /usr/lib/qubes/qubes-setup-dnat-to-ns
 /usr/lib/qubes/qubes-trigger-sync-appmenus.sh
 /usr/lib/qubes/qvm-copy-to-vm.gnome