From a11897a1d03548bc3de816a492788abfc49a422a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 28 Nov 2015 17:00:36 +0100 Subject: [PATCH] Revert "network: use drop-ins for NetworkManager configuration (#1176)" Apparently unmanaged devices are loaded only from main NetworkManager.conf. Exactly the same line pasted (not typed!) to main NetworkManager.conf works, but in /etc/NetworkManager/conf.d/30-qubes.conf it doesn't. BTW There was a typo in option name ("unmanaged_devices" instead of "unmanaged-devices", but it wasn't the cause). This reverts commit 6c4831339c85ebd1ed84593bb3f1a79d43c0a2a5. QubesOS/qubes-issues#1176 --- Makefile | 3 +-- archlinux/PKGBUILD.install | 8 ++++++++ debian/qubes-core-agent.postinst | 8 ++++++++ network/NetworkManager-qubes.conf | 10 ---------- network/network-manager-prepare-conf-dir | 8 ++++++++ network/qubes-fix-nm-conf.sh | 19 +++++++++++++++++++ network/setup-ip | 3 --- rpm_spec/core-vm.spec | 11 ++++++++++- 8 files changed, 54 insertions(+), 16 deletions(-) delete mode 100644 network/NetworkManager-qubes.conf create mode 100755 network/qubes-fix-nm-conf.sh diff --git a/Makefile b/Makefile index 0f28e0e..ab88e4d 100644 --- a/Makefile +++ b/Makefile @@ -176,14 +176,13 @@ install-common: install -m 0644 network/udev-qubes-network.rules $(DESTDIR)/etc/udev/rules.d/99-qubes-network.rules install network/qubes-setup-dnat-to-ns $(DESTDIR)$(LIBDIR)/qubes + install network/qubes-fix-nm-conf.sh $(DESTDIR)$(LIBDIR)/qubes install network/setup-ip $(DESTDIR)$(LIBDIR)/qubes/ install network/network-manager-prepare-conf-dir $(DESTDIR)$(LIBDIR)/qubes/ install -d $(DESTDIR)/etc/dhclient.d ln -s /usr/lib/qubes/qubes-setup-dnat-to-ns $(DESTDIR)/etc/dhclient.d/qubes-setup-dnat-to-ns.sh install -d $(DESTDIR)/etc/NetworkManager/dispatcher.d/ install network/{qubes-nmhook,30-qubes-external-ip} $(DESTDIR)/etc/NetworkManager/dispatcher.d/ - install -m 0644 -D network/NetworkManager-qubes.conf \ - $(DESTDIR)/etc/NetworkManager/conf.d/30-qubes.conf install -D network/vif-route-qubes $(DESTDIR)/etc/xen/scripts/vif-route-qubes install -m 0644 -D network/tinyproxy-updates.conf $(DESTDIR)/etc/tinyproxy/tinyproxy-updates.conf install -m 0755 -D network/iptables-updates-proxy $(DESTDIR)$(LIBDIR)/qubes/iptables-updates-proxy diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install index 75e2fe0..bb51d26 100644 --- a/archlinux/PKGBUILD.install +++ b/archlinux/PKGBUILD.install @@ -78,6 +78,14 @@ configure_selinux() { update_qubesconfig() { + # Create NetworkManager configuration if we do not have it + if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then + echo '[main]' > /etc/NetworkManager/NetworkManager.conf + echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf + echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf + fi + /usr/lib/qubes/qubes-fix-nm-conf.sh + # Remove ip_forward setting from sysctl, so NM will not reset it # Archlinux now use sysctl.d/ instead of sysctl.conf #sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf diff --git a/debian/qubes-core-agent.postinst b/debian/qubes-core-agent.postinst index d7b0acb..de55576 100755 --- a/debian/qubes-core-agent.postinst +++ b/debian/qubes-core-agent.postinst @@ -69,6 +69,14 @@ case "${1}" in if [ -z "${2}" ]; then debug "FIRST INSTALL..." + # Create NetworkManager configuration if we do not have it + if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then + echo '[main]' > /etc/NetworkManager/NetworkManager.conf + echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf + echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf + fi + /usr/lib/qubes/qubes-fix-nm-conf.sh + # Location of files which contains list of protected files PROTECTED_FILE_LIST='/etc/qubes/protected-files.d' diff --git a/network/NetworkManager-qubes.conf b/network/NetworkManager-qubes.conf deleted file mode 100644 index 48e74c5..0000000 --- a/network/NetworkManager-qubes.conf +++ /dev/null @@ -1,10 +0,0 @@ -## This file is part of Qubes OS -## Changes in this file may be overriden on update -## Please use "/etc/NetworkManager/conf.d/50-user.conf" for your custom -## configuration. - -[main] -plugins += keyfile - -[keyfile] -unmanaged_devices=mac:fe:ff:ff:ff:ff:ff diff --git a/network/network-manager-prepare-conf-dir b/network/network-manager-prepare-conf-dir index bfb6dee..04cb00b 100755 --- a/network/network-manager-prepare-conf-dir +++ b/network/network-manager-prepare-conf-dir @@ -8,4 +8,12 @@ if [ -d $NM_CONFIG_DIR -a ! -h $NM_CONFIG_DIR ]; then ln -s /rw/config/NM-system-connections $NM_CONFIG_DIR fi +# Do not manage xen-provided network devices +unmanaged_devices=mac:fe:ff:ff:ff:ff:ff +#for mac in `xenstore-ls device/vif | grep mac | cut -d= -f2 | tr -d '" '`; do +# unmanaged_devices="$unmanaged_devices;mac:$mac" +#done +sed -i -e "s/^unmanaged-devices=.*/unmanaged-devices=$unmanaged_devices/" /etc/NetworkManager/NetworkManager.conf +sed -i -e "s/^plugins=.*/plugins=keyfile/" /etc/NetworkManager/NetworkManager.conf + exit 0 diff --git a/network/qubes-fix-nm-conf.sh b/network/qubes-fix-nm-conf.sh new file mode 100755 index 0000000..9f1eca7 --- /dev/null +++ b/network/qubes-fix-nm-conf.sh @@ -0,0 +1,19 @@ +#!/bin/sh +FILE=/etc/NetworkManager/NetworkManager.conf +VIFMAC=mac:fe:ff:ff:ff:ff:ff +if ! grep -q ^plugins.*keyfile $FILE ; then + sed -i 's/^plugins.*$/&,keyfile/' $FILE +fi +if grep -q ^plugins.*ifcfg-rh $FILE ; then + sed -i 's/^plugins=\(.*\)ifcfg-rh,\(.*\)$/plugins=\1\2/' $FILE +fi +if ! grep -q '^\[keyfile\]$' $FILE ; then + echo '[keyfile]' >> $FILE +fi +if ! grep -q ^unmanaged-devices $FILE ; then + sed -i 's/^\[keyfile\]$/\[keyfile\]\x0aunmanaged-devices='$VIFMAC/ $FILE +fi +if ! grep -q ^unmanaged-devices.*$VIFMAC $FILE ; then + sed -i 's/^unmanaged-devices.*$/&,'$VIFMAC/ $FILE +fi +exit 0 diff --git a/network/setup-ip b/network/setup-ip index 67ca40e..07071d7 100755 --- a/network/setup-ip +++ b/network/setup-ip @@ -20,9 +20,6 @@ if [ x$ip != x ]; then if [ -f /var/run/qubes-service/network-manager ]; then nm_config=/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE cat > $nm_config <<__EOF__ -## This file is automatically generated by Qubes OS -## Changes in this file will be overriden by /usr/lib/qubes/setup-ip script. - [802-3-ethernet] duplex=full diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index fe8adac..116da0d 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -138,6 +138,15 @@ for F in plymouth-shutdown prefdm splash-manager start-ttys tty ; do fi done +# Create NetworkManager configuration if we do not have it +if ! [ -e /etc/NetworkManager/NetworkManager.conf ]; then +echo '[main]' > /etc/NetworkManager/NetworkManager.conf +echo 'plugins = keyfile' >> /etc/NetworkManager/NetworkManager.conf +echo '[keyfile]' >> /etc/NetworkManager/NetworkManager.conf +fi +/usr/lib/qubes/qubes-fix-nm-conf.sh + + # Remove ip_forward setting from sysctl, so NM will not reset it sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf @@ -289,7 +298,6 @@ rm -f %{name}-%{version} %{kde_service_dir}/qvm-dvm.desktop /etc/NetworkManager/dispatcher.d/30-qubes-external-ip /etc/NetworkManager/dispatcher.d/qubes-nmhook -%config /etc/NetworkManager/conf.d/30-qubes.conf %config(noreplace) /etc/X11/xorg-preload-apps.conf /etc/dispvm-dotfiles.tbz /etc/dhclient.d/qubes-setup-dnat-to-ns.sh @@ -363,6 +371,7 @@ rm -f %{name}-%{version} /usr/lib/qubes/qopen-in-vm /usr/lib/qubes/qrun-in-vm /usr/lib/qubes/qubes-download-dom0-updates.sh +/usr/lib/qubes/qubes-fix-nm-conf.sh /usr/lib/qubes/qubes-setup-dnat-to-ns /usr/lib/qubes/qubes-trigger-sync-appmenus.sh /usr/lib/qubes/qvm-copy-to-vm.gnome