diff --git a/.gitignore b/.gitignore index e737291..0c653ac 100644 --- a/.gitignore +++ b/.gitignore @@ -390,3 +390,4 @@ network-manager-applet-0.8.1.tar.bz2 /NetworkManager-1.31.3.tar.xz /NetworkManager-1.31.4.tar.xz /NetworkManager-1.31.90.tar.xz +/NetworkManager-1.32.0.tar.xz diff --git a/0001-firewall-Fedora-patch-to-default-to-iptables-backend.patch b/0001-firewall-Fedora-patch-to-default-to-iptables-backend.patch new file mode 100644 index 0000000..c2caeb9 --- /dev/null +++ b/0001-firewall-Fedora-patch-to-default-to-iptables-backend.patch @@ -0,0 +1,36 @@ +From 35fa1c22b6b6f89fd74f31186ec92ec70ed34af2 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 16 Jun 2021 22:43:32 +0200 +Subject: [PATCH 1/1] firewall: Fedora patch to default to iptables backend + +Currently, SELinux prevents NetworkManager talking to `nft -f -` (rh #1972911). +Until that is resolved, apply a downstream patch to default to "iptables" backend. + +https://bugzilla.redhat.com/show_bug.cgi?id=1972911 +--- + src/core/nm-firewall-utils.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c +index 3f2251569fa0..f2712f3d72ab 100644 +--- a/src/core/nm-firewall-utils.c ++++ b/src/core/nm-firewall-utils.c +@@ -744,12 +744,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared) + static NMFirewallBackend + _firewall_backend_detect(void) + { +- if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE)) +- return NM_FIREWALL_BACKEND_NFTABLES; +- if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE)) +- return NM_FIREWALL_BACKEND_IPTABLES; +- +- return NM_FIREWALL_BACKEND_NFTABLES; ++ /* Currently, SELinux prevents NetworkManager talking to `nft -f -` (rh ##1972911). ++ * Until that is resolved, apply a downstream patch to default to "iptables" backend. */ ++ return NM_FIREWALL_BACKEND_IPTABLES; + } + + NMFirewallBackend +-- +2.31.1 + diff --git a/NetworkManager.spec b/NetworkManager.spec index eb38d44..51860f0 100644 --- a/NetworkManager.spec +++ b/NetworkManager.spec @@ -6,8 +6,8 @@ %global epoch_version 1 %global rpm_version 1.32.0 -%global real_version 1.31.90 -%global release_version 0.4 +%global real_version 1.32.0 +%global release_version 1 %global snapshot %{nil} %global git_sha %{nil} @@ -185,7 +185,7 @@ Source4: 20-connectivity-fedora.conf Source5: 20-connectivity-redhat.conf Source6: 70-nm-connectivity.conf -#Patch1: 0001-some.patch +Patch1: 0001-firewall-Fedora-patch-to-default-to-iptables-backend.patch Requires(post): systemd Requires(post): /usr/sbin/update-alternatives @@ -989,6 +989,7 @@ fi %{_libexecdir}/nm-dispatcher %{_libexecdir}/nm-iface-helper %{_libexecdir}/nm-initrd-generator +%{_libexecdir}/nm-daemon-helper %dir %{_libdir}/%{name} %dir %{nmplugindir} %{nmplugindir}/libnm-settings-plugin*.so @@ -1148,6 +1149,10 @@ fi %changelog +* Wed Jun 16 2021 Thomas Haller - 1:1.32.0-1 +- update to 1.32.0 release +- default to "iptables" firewall-backend due to SELinux bug rh #1972911. + * Fri Jun 4 2021 Thomas Haller - 1:1.32.0-0.4 - update to 1.32-rc1 (1.31.90) (release candidate) diff --git a/sources b/sources index 4d50b6d..a3d96cd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (NetworkManager-1.31.90.tar.xz) = 8ee41e6184fee68feae98d5cd941abd10bf5a633e3142328587a7883aed435463f165f52582f6e331b1aad0799653aca225e16c8a61b43de77cf053c3c495f5c +SHA512 (NetworkManager-1.32.0.tar.xz) = 71b6740900847f4efca665340bed76083a5f17037e570d2c89c016750b9ada70b09033c02ded0b9974a172051517cacf7466107783f2fbde70e9741bf0ae0ad0