import NetworkManager-1.32.3-0.z.3.d8706caef2.el8

.NetworkManager.metadata

@@ -0,0 +1 @@
+b3635a0c53cdb2954301d93ec52d605dabf82159 SOURCES/NetworkManager-1.32.3-0.z.3.d8706caef2.tar.xz

.gitignore

@@ -0,0 +1 @@
+SOURCES/NetworkManager-1.32.3-0.z.3.d8706caef2.tar.xz

SOURCES/00-server.conf

@@ -0,0 +1,14 @@
+# This configuration file changes NetworkManager's behavior to
+# what's expected on "traditional UNIX server" type deployments.
+#
+# See "man NetworkManager.conf" for more information about these
+# and other keys.
+
+[main]
+# Do not do automatic (DHCP/SLAAC) configuration on ethernet devices
+# with no other matching connections.
+no-auto-default=*
+
+# Ignore the carrier (cable plugged in) state when attempting to
+# activate static-IP connections.
+ignore-carrier=*

SOURCES/0001-cloud-setup-systemd-unit-rh1791758.patch

@@ -0,0 +1,37 @@
+From 2eaf8be60d91a49bee3bf658071bb4a302affa7f Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Thu, 16 Jan 2020 13:40:26 +0100
+Subject: [PATCH] cloud-setup: avoid unsupported systemd settings in
+ nm-cloud-setup.service init for rhel-8.2
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1791758
+---
+ src/nm-cloud-setup/nm-cloud-setup.service.in | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/nm-cloud-setup/nm-cloud-setup.service.in b/src/nm-cloud-setup/nm-cloud-setup.service.in
+index 809f707da1..78441c74be 100644
+--- a/src/nm-cloud-setup/nm-cloud-setup.service.in
++++ b/src/nm-cloud-setup/nm-cloud-setup.service.in
+@@ -27,15 +27,15 @@ PrivateDevices=yes
+ PrivateTmp=yes
+ ProtectControlGroups=yes
+ ProtectHome=yes
+-ProtectHostname=yes
+-ProtectKernelLogs=yes
++#ProtectHostname=yes
++#ProtectKernelLogs=yes
+ ProtectKernelModules=yes
+ ProtectKernelTunables=yes
+ ProtectSystem=strict
+ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+ RestrictNamespaces=yes
+ RestrictRealtime=yes
+-RestrictSUIDSGID=yes
++#RestrictSUIDSGID=yes
+ SystemCallFilter=@system-service
+ 
+ [Install]
+-- 
+2.29.2
+

SOURCES/0002-firewall-Default-to-iptables-backend-to-preserve-behavior.patch

@@ -0,0 +1,34 @@
+From 35fa1c22b6b6f89fd74f31186ec92ec70ed34af2 Mon Sep 17 00:00:00 2001
+From: Wen Liang <wenliang@redhat.com>
+Date: Wed, 16 Jun 2021 22:43:32 +0200
+Subject: [PATCH 1/1] firewall: Default to iptables backend to preserve behavior
+
+For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will
+always default to "iptables" to preserve behavior.
+---
+ src/core/nm-firewall-utils.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/nm-firewall-utils.c b/src/core/nm-firewall-utils.c
+index 3f2251569fa0..f2712f3d72ab 100644
+--- a/src/core/nm-firewall-utils.c
++++ b/src/core/nm-firewall-utils.c
+@@ -744,12 +744,9 @@ nm_firewall_config_apply(NMFirewallConfig *self, gboolean shared)
+ static NMFirewallBackend
+ _firewall_backend_detect(void)
+ {
+-    if (g_file_test(NFT_PATH, G_FILE_TEST_IS_EXECUTABLE))
+-        return NM_FIREWALL_BACKEND_NFTABLES;
+-    if (g_file_test(IPTABLES_PATH, G_FILE_TEST_IS_EXECUTABLE))
+-        return NM_FIREWALL_BACKEND_IPTABLES;
+-
+-    return NM_FIREWALL_BACKEND_NFTABLES;
++    /* For upsteam, the default is "nftables" (if nft is installed). On RHEL8, we will
++     * always default to "iptables" to preserve behavior. */
++    return NM_FIREWALL_BACKEND_IPTABLES;
+ }
+ 
+ NMFirewallBackend
+-- 
+2.31.1
+

SOURCES/20-connectivity-fedora.conf

@@ -0,0 +1,10 @@
+# Enable connectivity checking for NetworkManager.
+# See `man NetworkManager.conf`.
+#
+# Note that connectivity checking works badly with rp_filter set to
+# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
+[connectivity]
+enabled=true
+uri=http://fedoraproject.org/static/hotspot.txt
+response=OK
+interval=300

SOURCES/20-connectivity-redhat.conf

@@ -0,0 +1,10 @@
+# Enable connectivity checking for NetworkManager.
+# See `man NetworkManager.conf`.
+#
+# Note that connectivity checking works badly with rp_filter set to
+# strict. Check "/proc/sys/net/ipv4/conf/*/rp_filter".
+[connectivity]
+enabled=true
+uri=http://static.redhat.com/test/rhel-networkmanager.txt
+response=OK
+interval=300

SOURCES/70-nm-connectivity.conf

@@ -0,0 +1,15 @@
+# The Strict mode of RFC3704 Reverse Path filtering breaks some pretty
+# common and reasonable use cases.
+#
+# Notably, it makes it impossible for NetworkManager to do connectivity
+# check on a newly arriving default route (it starts with a higher metric
+# and is bumped lower if there's connectivity).
+#
+# Kernel's default is 0 (no filter), systemd configures a Loose filter since
+# commit 230450d4e4f1 ('sysctl.d: switch net.ipv4.conf.all.rp_filter from 1
+# to 2'). However, RHEL systemd package happens to default to Strict mode
+# for historic reasons. Let's override it if we're doing connectivity
+# checking.
+
+# Source route verification
+net.ipv4.conf.all.rp_filter = 0

SOURCES/9999-fix-pregen-doc.patch

@@ -0,0 +1,44 @@
+From b0bd54da20c0757c81f9086d187547cb0532a8a0 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Tue, 27 Aug 2019 15:47:32 +0200
+Subject: [PATCH] patch documentation with the proper default values
+
+We don't regenerate the documentation for RHEL builds, but
+the docs from the tarball are generated with a certain set
+of defaults.
+
+Patch the man pages with the proper values.
+---
+ docs/api/html/NetworkManager.conf.html | 2 +-
+ man/NetworkManager.conf.5              | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs/api/html/NetworkManager.conf.html b/docs/api/html/NetworkManager.conf.html
+index 035fd4811f..00432090db 100644
+--- a/docs/api/html/NetworkManager.conf.html
++++ b/docs/api/html/NetworkManager.conf.html
+@@ -628,7 +628,7 @@ unmanaged-devices=mac:00:22:68:1c:59:b1;mac:00:1E:65:30:D1:C4;interface-name:eth
+           are "<code class="literal">syslog</code>" and "<code class="literal">journal</code>".
+           When NetworkManager is started with "<code class="literal">--debug</code>"
+           in addition all messages will be printed to stderr.
+-          If unspecified, the default is "<code class="literal">syslog</code>".
++          If unspecified, the default is "<code class="literal">journal</code>".
+           </p></td>
+ </tr>
+ <tr>
+diff --git a/man/NetworkManager.conf.5 b/man/NetworkManager.conf.5
+index cf94846780..ac3df6082e 100644
+--- a/man/NetworkManager.conf.5
++++ b/man/NetworkManager.conf.5
+@@ -640,7 +640,7 @@ INFO\&.
+ .PP
+ \fIbackend\fR
+ .RS 4
+-The logging backend\&. Supported values are "syslog" and "journal"\&. When NetworkManager is started with "\-\-debug" in addition all messages will be printed to stderr\&. If unspecified, the default is "syslog"\&.
++The logging backend\&. Supported values are "syslog" and "journal"\&. When NetworkManager is started with "\-\-debug" in addition all messages will be printed to stderr\&. If unspecified, the default is "journal"\&.
+ .RE
+ .PP
+ \fIaudit\fR
+-- 
+2.29.2
+

SOURCES/NetworkManager.conf

@@ -0,0 +1,52 @@
+# Configuration file for NetworkManager.
+#
+# See "man 5 NetworkManager.conf" for details.
+#
+# The directories /usr/lib/NetworkManager/conf.d/ and /run/NetworkManager/conf.d/
+# can contain additional .conf snippets installed by packages. These files are
+# read before NetworkManager.conf and have thus lowest priority.
+# The directory /etc/NetworkManager/conf.d/ can contain additional .conf
+# snippets. Those snippets are merged last and overwrite the settings from this main
+# file.
+#
+# The files within one conf.d/ directory are read in asciibetical order.
+#
+# You can prevent loading a file /usr/lib/NetworkManager/conf.d/NAME.conf
+# by having a file NAME.conf in either /run/NetworkManager/conf.d/ or /etc/NetworkManager/conf.d/.
+# Likewise, snippets from /run can be prevented from loading by placing
+# a file with the same name in /etc/NetworkManager/conf.d/.
+#
+# If two files define the same key, the one that is read afterwards will overwrite
+# the previous one.
+
+[main]
+#plugins=ifcfg-rh
+
+
+[logging]
+# When debugging NetworkManager, enabling debug logging is of great help.
+#
+# Logfiles contain no passwords and little sensitive information. But please
+# check before posting the file online. You can also personally hand over the
+# logfile to a NM developer to treat it confidential. Meet us on #nm on Libera.Chat.
+#
+# You can also change the log-level at runtime via
+#   $ nmcli general logging level TRACE domains ALL
+# However, usually it's cleaner to enable debug logging
+# in the configuration and restart NetworkManager so that
+# debug logging is enabled from the start.
+#
+# You will find the logfiles in syslog, for example via
+#   $ journalctl -u NetworkManager
+#
+# Please post full logfiles for bug reports without pre-filtering or truncation.
+# Also, for debugging the entire `journalctl` output can be interesting. Don't
+# limit unnecessarily with `journalctl -u`. Exceptions are if you are worried
+# about private data. Check before posting logfiles!
+#
+# Note that debug logging of NetworkManager can be quite verbose. Some messages
+# might be rate-limited by the logging daemon (see RateLimitIntervalSec, RateLimitBurst
+# in man journald.conf). Please disable rate-limiting before collecting debug logs!
+#
+#level=TRACE
+#domains=ALL