From 6c4831339c85ebd1ed84593bb3f1a79d43c0a2a5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Tue, 6 Oct 2015 15:15:26 +0200
Subject: [PATCH] network: use drop-ins for NetworkManager configuration
 (#1176)

Do not modify main /etc/NetworkManager/NetworkManager.conf as it would
cause conflicts during updates. Use
/etc/NetworkManager/conf.d/30-qubes.conf instead.
Also remove some dead code for dynamically generated parts (no longer
required to "blacklist" eth0 in VMs - we have proper connection
generated for it). It was commented out for some time already

Fixes QubesOS/qubes-issues#1176
---
 Makefile                                 |  3 ++-
 archlinux/PKGBUILD.install               |  8 --------
 debian/qubes-core-agent.postinst         |  8 --------
 network/NetworkManager-qubes.conf        | 10 ++++++++++
 network/network-manager-prepare-conf-dir |  8 --------
 network/qubes-fix-nm-conf.sh             | 19 -------------------
 network/setup-ip                         |  3 +++
 rpm_spec/core-vm.spec                    | 11 +----------
 8 files changed, 16 insertions(+), 54 deletions(-)
 create mode 100644 network/NetworkManager-qubes.conf
 delete mode 100755 network/qubes-fix-nm-conf.sh

diff --git a/Makefile b/Makefile
index 3429fc5..2fcf89f 100644
--- a/Makefile
+++ b/Makefile
@@ -155,13 +155,14 @@ install-common:
 
 	install -m 0644 network/udev-qubes-network.rules $(DESTDIR)/etc/udev/rules.d/99-qubes-network.rules
 	install network/qubes-setup-dnat-to-ns $(DESTDIR)$(LIBDIR)/qubes
-	install network/qubes-fix-nm-conf.sh $(DESTDIR)$(LIBDIR)/qubes
 	install network/setup-ip $(DESTDIR)$(LIBDIR)/qubes/
 	install network/network-manager-prepare-conf-dir $(DESTDIR)$(LIBDIR)/qubes/
 	install -d $(DESTDIR)/etc/dhclient.d
 	ln -s /usr/lib/qubes/qubes-setup-dnat-to-ns $(DESTDIR)/etc/dhclient.d/qubes-setup-dnat-to-ns.sh
 	install -d $(DESTDIR)/etc/NetworkManager/dispatcher.d/
 	install network/{qubes-nmhook,30-qubes-external-ip} $(DESTDIR)/etc/NetworkManager/dispatcher.d/
+	install -m 0644 -D network/NetworkManager-qubes.conf \
+		$(DESTDIR)/etc/NetworkManager/conf.d/30-qubes.conf
 	install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes
 	install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf
 	install -m 0644 -D network/filter-updates $(DESTDIR)/etc/tinyproxy/filter-updates
diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install
index 51f6a75..07898b7 100644
--- a/archlinux/PKGBUILD.install
+++ b/archlinux/PKGBUILD.install
@@ -160,14 +160,6 @@ update_xdgstart () {
 
 update_qubesconfig() {
 
-	# Create NetworkManager configuration if we do not have it
-	if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-	echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-	echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-	echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-	fi
-	/usr/lib/qubes/qubes-fix-nm-conf.sh
-
 	# Remove ip_forward setting from sysctl, so NM will not reset it
 	# Archlinux now use sysctl.d/ instead of sysctl.conf
 	#sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
diff --git a/debian/qubes-core-agent.postinst b/debian/qubes-core-agent.postinst
index e6408e1..c1a8d72 100755
--- a/debian/qubes-core-agent.postinst
+++ b/debian/qubes-core-agent.postinst
@@ -69,14 +69,6 @@ case "${1}" in
         if [ -z "${2}" ]; then
 
             debug "FIRST INSTALL..."
-            # Create NetworkManager configuration if we do not have it
-            if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-                echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-                echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-                echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-            fi
-            /usr/lib/qubes/qubes-fix-nm-conf.sh
-
             # Location of files which contains list of protected files
             PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
 
diff --git a/network/NetworkManager-qubes.conf b/network/NetworkManager-qubes.conf
new file mode 100644
index 0000000..48e74c5
--- /dev/null
+++ b/network/NetworkManager-qubes.conf
@@ -0,0 +1,10 @@
+## This file is part of Qubes OS
+## Changes in this file may be overriden on update
+## Please use "/etc/NetworkManager/conf.d/50-user.conf" for your custom
+## configuration.
+
+[main]
+plugins += keyfile
+
+[keyfile]
+unmanaged_devices=mac:fe:ff:ff:ff:ff:ff
diff --git a/network/network-manager-prepare-conf-dir b/network/network-manager-prepare-conf-dir
index 04cb00b..bfb6dee 100755
--- a/network/network-manager-prepare-conf-dir
+++ b/network/network-manager-prepare-conf-dir
@@ -8,12 +8,4 @@ if [ -d $NM_CONFIG_DIR -a ! -h $NM_CONFIG_DIR ]; then
     ln -s /rw/config/NM-system-connections $NM_CONFIG_DIR
 fi
 
-# Do not manage xen-provided network devices
-unmanaged_devices=mac:fe:ff:ff:ff:ff:ff
-#for mac in `xenstore-ls device/vif | grep mac | cut -d= -f2 | tr -d '" '`; do
-#    unmanaged_devices="$unmanaged_devices;mac:$mac"
-#done
-sed -i -e "s/^unmanaged-devices=.*/unmanaged-devices=$unmanaged_devices/" /etc/NetworkManager/NetworkManager.conf
-sed -i -e "s/^plugins=.*/plugins=keyfile/" /etc/NetworkManager/NetworkManager.conf
-
 exit 0
diff --git a/network/qubes-fix-nm-conf.sh b/network/qubes-fix-nm-conf.sh
deleted file mode 100755
index 9f1eca7..0000000
--- a/network/qubes-fix-nm-conf.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-FILE=/etc/NetworkManager/NetworkManager.conf
-VIFMAC=mac:fe:ff:ff:ff:ff:ff
-if ! grep -q ^plugins.*keyfile $FILE ; then
-	sed -i 's/^plugins.*$/&,keyfile/' $FILE
-fi
-if grep -q ^plugins.*ifcfg-rh $FILE ; then
-	sed -i 's/^plugins=\(.*\)ifcfg-rh,\(.*\)$/plugins=\1\2/' $FILE
-fi
-if ! grep -q '^\[keyfile\]$' $FILE ; then
-	echo '[keyfile]' >> $FILE
-fi
-if ! grep -q ^unmanaged-devices $FILE ; then
-	sed -i 's/^\[keyfile\]$/\[keyfile\]\x0aunmanaged-devices='$VIFMAC/ $FILE
-fi
-if ! grep -q ^unmanaged-devices.*$VIFMAC $FILE ; then
-	sed -i 's/^unmanaged-devices.*$/&,'$VIFMAC/ $FILE
-fi
-exit 0
diff --git a/network/setup-ip b/network/setup-ip
index 30cd11c..8d65ad4 100755
--- a/network/setup-ip
+++ b/network/setup-ip
@@ -32,6 +32,9 @@ if [ x$ip != x ]; then
     if [ -f /var/run/qubes-service/network-manager ]; then
         nm_config=/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE
         cat > $nm_config <<__EOF__
+## This file is automatically generated by Qubes OS
+## Changes in this file will be overriden by /usr/lib/qubes/setup-ip script.
+
 [802-3-ethernet]
 duplex=full
 
diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec
index e5319a2..93c245b 100644
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@@ -135,15 +135,6 @@ for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do
 	fi
 done
 
-# Create NetworkManager configuration if we do not have it
-if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then
-echo '[main]' > /etc/NetworkManager/NetworkManager.conf
-echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf
-echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf
-fi
-/usr/lib/qubes/qubes-fix-nm-conf.sh
-
-
 # Remove ip_forward setting from sysctl, so NM will not reset it
 sed 's/^net.ipv4.ip_forward.*/#\0/'  -i /etc/sysctl.conf
 
@@ -295,6 +286,7 @@ rm -f %{name}-%{version}
 %{kde_service_dir}/qvm-dvm.desktop
 /etc/NetworkManager/dispatcher.d/30-qubes-external-ip
 /etc/NetworkManager/dispatcher.d/qubes-nmhook
+%config /etc/NetworkManager/conf.d/30-qubes.conf
 %config(noreplace) /etc/X11/xorg-preload-apps.conf
 /etc/dispvm-dotfiles.tbz
 /etc/dhclient.d/qubes-setup-dnat-to-ns.sh
@@ -364,7 +356,6 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/qopen-in-vm
 /usr/lib/qubes/qrun-in-vm
 /usr/lib/qubes/qubes-download-dom0-updates.sh
-/usr/lib/qubes/qubes-fix-nm-conf.sh
 /usr/lib/qubes/qubes-setup-dnat-to-ns
 /usr/lib/qubes/qubes-trigger-sync-appmenus.sh
 /usr/lib/qubes/qvm-copy-to-vm.gnome