From b10e6e79b0e4521deaab460a4085901c5eb30ecd Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 15 Oct 2025 08:58:59 +0000 Subject: [PATCH] import UBI nmstate-2.2.52-1.el9_6 --- .gitignore | 4 +- .nmstate.metadata | 4 +- SOURCES/1001-dont-add-dns-to-down-iface.patch | 430 ------------------ SOURCES/nmstate-2.2.48.tar.gz.asc | 16 - SOURCES/nmstate-2.2.52.tar.gz.asc | 16 + SPECS/nmstate.spec | 17 +- 6 files changed, 32 insertions(+), 455 deletions(-) delete mode 100644 SOURCES/1001-dont-add-dns-to-down-iface.patch delete mode 100644 SOURCES/nmstate-2.2.48.tar.gz.asc create mode 100644 SOURCES/nmstate-2.2.52.tar.gz.asc diff --git a/.gitignore b/.gitignore index cb682f9..abada14 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/nmstate-2.2.48.tar.gz -SOURCES/nmstate-vendor-2.2.48.tar.xz +SOURCES/nmstate-2.2.52.tar.gz +SOURCES/nmstate-vendor-2.2.52.tar.xz diff --git a/.nmstate.metadata b/.nmstate.metadata index 9db024a..43273f3 100644 --- a/.nmstate.metadata +++ b/.nmstate.metadata @@ -1,2 +1,2 @@ -ba63d09b7fbd3e4743659cc525d3edeca8ba3543 SOURCES/nmstate-2.2.48.tar.gz -5ba7df6211c6430f4b4ce58bcf964decafd17761 SOURCES/nmstate-vendor-2.2.48.tar.xz +523f75fb1d3f85ef7e2a648485f8160a208ffc7b SOURCES/nmstate-2.2.52.tar.gz +2048179750f6b7230150d5941415b0627fb3a50a SOURCES/nmstate-vendor-2.2.52.tar.xz diff --git a/SOURCES/1001-dont-add-dns-to-down-iface.patch b/SOURCES/1001-dont-add-dns-to-down-iface.patch deleted file mode 100644 index 00124bb..0000000 --- a/SOURCES/1001-dont-add-dns-to-down-iface.patch +++ /dev/null @@ -1,430 +0,0 @@ -From 1577e1073593d19cdaa7de2eadfc893978cab255 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Fri, 18 Jul 2025 14:22:41 +0200 -Subject: [PATCH 1/5] Fix interface state detection when NM device is - "unavailable" -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -A device that is not ready to connect may have the NetworkManager's state -"unavailable" in some circumstances. Consider this as `state: down`, as -we do for the "disconnected" state. - -Fixes https://github.com/nmstate/nmstate/issues/2798 - -Signed-off-by: Íñigo Huguet ---- - rust/src/lib/nm/show.rs | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/rust/src/lib/nm/show.rs b/rust/src/lib/nm/show.rs -index 78ff66a1..d4dd575f 100644 ---- a/rust/src/lib/nm/show.rs -+++ b/rust/src/lib/nm/show.rs -@@ -285,7 +285,9 @@ fn nm_dev_to_nm_iface(nm_dev: &NmDevice) -> Option { - base_iface.state = InterfaceState::Ignore; - } - } -- NmDeviceState::Disconnected => base_iface.state = InterfaceState::Down, -+ NmDeviceState::Disconnected | NmDeviceState::Unavailable => { -+ base_iface.state = InterfaceState::Down -+ } - _ => base_iface.state = InterfaceState::Up, - } - base_iface.iface_type = nm_dev_iface_type_to_nmstate(nm_dev); --- -2.49.0 - - -From f09fc1a5efc589b5740922cdfcc68ba29b94406e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Fri, 18 Jul 2025 16:12:18 +0200 -Subject: [PATCH 2/5] Fix interface state detection in kernel mode -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Any device with administrative state UP was being considered as `state: -up` in kernel mode. This is not correct because if the operational state -is not Up, for example because of the cable being disconnected, nobody -would think that the device is **really** up. - -Fix it by ignoring the administrative state and consider only the -operational state. - -Fixes https://github.com/nmstate/nmstate/issues/2798 - -Signed-off-by: Íñigo Huguet ---- - rust/src/lib/nispor/base_iface.rs | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/rust/src/lib/nispor/base_iface.rs b/rust/src/lib/nispor/base_iface.rs -index f7f3e507..4b04abdb 100644 ---- a/rust/src/lib/nispor/base_iface.rs -+++ b/rust/src/lib/nispor/base_iface.rs -@@ -37,8 +37,11 @@ fn np_iface_type_to_nmstate( - impl From<(&nispor::IfaceState, &[nispor::IfaceFlag])> for InterfaceState { - fn from(tuple: (&nispor::IfaceState, &[nispor::IfaceFlag])) -> Self { - let (state, flags) = tuple; -+ // nispor::IfaceState::Up means operational up. -+ // Check also the Running flag with, according to [1], means operational -+ // state Up or Unknown. -+ // [1] https://www.kernel.org/doc/Documentation/networking/operstates.txt - if *state == nispor::IfaceState::Up -- || flags.contains(&nispor::IfaceFlag::Up) - || flags.contains(&nispor::IfaceFlag::Running) - { - InterfaceState::Up --- -2.49.0 - - -From 6f7692f9900499d75548eda250487d09f59c357c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Fri, 18 Jul 2025 09:38:32 +0200 -Subject: [PATCH 3/5] dns: don't add DNS search and/or options to down NM - connection -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When configuring only search and/or options in dns-resolver we add them -to a NM connection and not to NM's global config, but nmstate may choose -a down interface, which results on errors at apply time or even on the -configurations being accepted but stay unused by NetworkManager. - -Fix that by always checking that the interface is valid for DNS, and by -adding the requirement of the interface being up. - -Signed-off-by: Íñigo Huguet ---- - rust/src/lib/dns.rs | 3 ++ - rust/src/lib/nm/dns.rs | 120 ++++++++++++++++++++++------------------- - 2 files changed, 67 insertions(+), 56 deletions(-) - -diff --git a/rust/src/lib/dns.rs b/rust/src/lib/dns.rs -index 1aae91ff..e3025ed3 100644 ---- a/rust/src/lib/dns.rs -+++ b/rust/src/lib/dns.rs -@@ -382,6 +382,9 @@ pub(crate) fn parse_dns_ipv6_link_local_srv( - impl MergedInterface { - // IP stack is merged with current at this point. - pub(crate) fn is_iface_valid_for_dns(&self, is_ipv6: bool) -> bool { -+ if !self.merged.is_up() { -+ return false; -+ } - if is_ipv6 { - self.merged.base_iface().ipv6.as_ref().map(|ip_conf| { - ip_conf.enabled && (ip_conf.is_static() || (ip_conf.is_auto())) -diff --git a/rust/src/lib/nm/dns.rs b/rust/src/lib/nm/dns.rs -index a180178a..3c45f78b 100644 ---- a/rust/src/lib/nm/dns.rs -+++ b/rust/src/lib/nm/dns.rs -@@ -693,13 +693,14 @@ fn store_dns_search_or_options_to_auto_iface( - Some(i) => i, - None => continue, - }; -- if iface -- .merged -- .base_iface() -- .ipv6 -- .as_ref() -- .map(|i| i.is_auto()) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(true) -+ && iface -+ .merged -+ .base_iface() -+ .ipv6 -+ .as_ref() -+ .map(|i| i.is_auto()) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, -@@ -708,13 +709,14 @@ fn store_dns_search_or_options_to_auto_iface( - true, - ); - } -- if iface -- .merged -- .base_iface() -- .ipv4 -- .as_ref() -- .map(|i| i.is_auto()) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(false) -+ && iface -+ .merged -+ .base_iface() -+ .ipv4 -+ .as_ref() -+ .map(|i| i.is_auto()) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, -@@ -754,13 +756,14 @@ fn store_dns_search_or_options_to_auto_iface( - Some(i) => i, - None => continue, - }; -- if iface -- .merged -- .base_iface() -- .ipv6 -- .as_ref() -- .map(|i| i.is_auto()) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(true) -+ && iface -+ .merged -+ .base_iface() -+ .ipv6 -+ .as_ref() -+ .map(|i| i.is_auto()) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, -@@ -769,13 +772,14 @@ fn store_dns_search_or_options_to_auto_iface( - true, - ); - } -- if iface -- .merged -- .base_iface() -- .ipv4 -- .as_ref() -- .map(|i| i.is_auto()) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(false) -+ && iface -+ .merged -+ .base_iface() -+ .ipv4 -+ .as_ref() -+ .map(|i| i.is_auto()) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, -@@ -821,13 +825,14 @@ fn store_dns_search_or_options_to_ip_enabled_iface( - Some(i) => i, - None => continue, - }; -- if iface -- .merged -- .base_iface() -- .ipv6 -- .as_ref() -- .map(|i| i.enabled) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(true) -+ && iface -+ .merged -+ .base_iface() -+ .ipv6 -+ .as_ref() -+ .map(|i| i.enabled) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, -@@ -836,13 +841,14 @@ fn store_dns_search_or_options_to_ip_enabled_iface( - true, - ); - } -- if iface -- .merged -- .base_iface() -- .ipv4 -- .as_ref() -- .map(|i| i.enabled) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(false) -+ && iface -+ .merged -+ .base_iface() -+ .ipv4 -+ .as_ref() -+ .map(|i| i.enabled) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, -@@ -882,13 +888,14 @@ fn store_dns_search_or_options_to_ip_enabled_iface( - Some(i) => i, - None => continue, - }; -- if iface -- .merged -- .base_iface() -- .ipv6 -- .as_ref() -- .map(|i| i.enabled) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(true) -+ && iface -+ .merged -+ .base_iface() -+ .ipv6 -+ .as_ref() -+ .map(|i| i.enabled) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, -@@ -897,13 +904,14 @@ fn store_dns_search_or_options_to_ip_enabled_iface( - true, - ); - } -- if iface -- .merged -- .base_iface() -- .ipv4 -- .as_ref() -- .map(|i| i.enabled) -- .unwrap_or_default() -+ if iface.is_iface_valid_for_dns(false) -+ && iface -+ .merged -+ .base_iface() -+ .ipv4 -+ .as_ref() -+ .map(|i| i.enabled) -+ .unwrap_or_default() - { - return set_iface_dns_search_or_option( - iface, --- -2.49.0 - - -From ea08a8dc2b5f6d39f9199e6484a289e2621b0b40 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Wed, 23 Jul 2025 16:18:27 +0200 -Subject: [PATCH 4/5] nm dns: purge ifaces before saving new config -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In store_dns_config_to_iface we correctly purge the current DNS -configurations from NM profiles before saving the new config, ensuring -that no old leftover configs remain afterwards. - -Do the same in store_dns_search_or_option_to_iface so the DNS config is -correctly applied when only DNS searches or options are defined too. - -Without this fix, the configuration fails in the following scenario: -- A deactivated NM profile/device contains a dns-search -- A desired state with only DNS searches or options is applied -- The new state is saved to an activated interface, but the dns-search - from the deactivated one is not removed as expected. - -$ nmcli c show downiface | grep dns-search -ipv4.dns-search: example.com -ipv6.dns-search: -- -$ nmcli c show upiface | grep dns-search -ipv4.dns-search: -- -ipv6.dns-search: -- -$ cat desired.yml -dns-resolver: - config: - search: ["example2.com"] - server: [] -$ nmstatectl apply desired.yml -... -Retrying on: VerificationError: Failed to apply DNS config: desire searches 'example2.com', got 'example.com example2.com' -... -$ nmstate apply --no-verify desired.yml -... -$ nmcli c show downiface | grep dns-search -ipv4.dns-search: example.com <-- NOT PURGED! -ipv6.dns-search: -- -$ nmcli c show upiface | grep dns-search -ipv4.dns-search: -- -ipv6.dns-search: example2.com - -Signed-off-by: Íñigo Huguet ---- - rust/src/lib/nm/dns.rs | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/rust/src/lib/nm/dns.rs b/rust/src/lib/nm/dns.rs -index 3c45f78b..7e125579 100644 ---- a/rust/src/lib/nm/dns.rs -+++ b/rust/src/lib/nm/dns.rs -@@ -579,6 +579,10 @@ pub(crate) fn store_dns_search_or_option_to_iface( - let (cur_v4_ifaces, cur_v6_ifaces) = - get_cur_dns_ifaces(&merged_state.interfaces); - -+ // First purge existing configs -+ purge_dns_config(false, &cur_v4_ifaces, merged_state)?; -+ purge_dns_config(true, &cur_v6_ifaces, merged_state)?; -+ - // Use current DNS interface if they are desired - for iface_name in cur_v6_ifaces { - if let Some(iface) = --- -2.49.0 - - -From 66c6aff0d4fe4873515a898f3f58b752b054fdd2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=8D=C3=B1igo=20Huguet?= -Date: Thu, 24 Jul 2025 10:26:49 +0200 -Subject: [PATCH 5/5] test: nm dns: add test for DNS searches in down iface -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Íñigo Huguet ---- - tests/integration/nm/dns_test.py | 33 ++++++++++++++++++++++++++++++++ - 1 file changed, 33 insertions(+) - -diff --git a/tests/integration/nm/dns_test.py b/tests/integration/nm/dns_test.py -index 57a5e1d5..2062b27f 100644 ---- a/tests/integration/nm/dns_test.py -+++ b/tests/integration/nm/dns_test.py -@@ -328,3 +328,36 @@ def test_write_both_global_dns_and_iface_dns(eth1_up): - assert cmdlib.exec_cmd( - "nmcli -g ipv4.dns c show eth1".split(), check=True - )[1].strip() == ",".join(TEST_DNS_SRVS) -+ -+ -+# https://issues.redhat.com/browse/RHEL-102333 -+def test_set_dns_search_only_in_down_iface(auto_eth1, eth2_up): -+ # Add a DNS search domain to a down interface -+ cmdlib.exec_cmd("nmcli device down eth2".split(), check=True) -+ cmdlib.exec_cmd("nmcli c modify eth2 ipv4.method auto".split(), check=True) -+ cmdlib.exec_cmd( -+ "nmcli c modify eth2 ipv4.dns-search 'example.com'".split(), -+ check=True, -+ ) -+ -+ # Assert that the DNS searches configuration can change correctly -+ libnmstate.apply( -+ { -+ DNS.KEY: {DNS.CONFIG: {DNS.SEARCH: ["example2.com"]}}, -+ } -+ ) -+ -+ # Assert that the old configuration has been purged from the down interface -+ # and the new one hasn't been added to it. -+ _r, search4, _e = cmdlib.exec_cmd( -+ "nmcli -g ipv4.dns-search c show eth2".split(), check=True -+ ) -+ _r, search6, _e = cmdlib.exec_cmd( -+ "nmcli -g ipv6.dns-search c show eth2".split(), check=True -+ ) -+ assert "example.com" not in search4 and "example.com" not in search6 -+ assert "example2.com" not in search4 and "example2.com" not in search6 -+ -+ # It is not possible to assert that the new configuration has been put into -+ # eth1 because, if there are more interfaces in the host, it might be in -+ # any of them --- -2.49.0 - diff --git a/SOURCES/nmstate-2.2.48.tar.gz.asc b/SOURCES/nmstate-2.2.48.tar.gz.asc deleted file mode 100644 index 582b75b..0000000 --- a/SOURCES/nmstate-2.2.48.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEESP1vrlFad7SENoIch4lWe4cVzrwFAmhxMKUACgkQh4lWe4cV -zrz+7hAA3+qdS5bZWrYlbRCvwih73Kx5An4OjBzMvLdqJ0Hakb05fMvJ001sSMAw -xTCAXXFq3pKIEzXOj0tfTkZlj0iD0Yboq35HZuVQEr6pYieyF9udyn954oAvwqZX -QakHXVTy9Xm0QJF6VNW0l18jGcRlEjl53KUK8W3H3Ls5l4iXQpxxTnVIM5twPC7e -V7uv6fuWBXR729jli43JHvWOdNdROP1n2UfRqX07GnWrrEPZp2P+nETlnD2A+/Nm -znp0XBp9ZHcZqNWmDD7Z8tgINcJWtpYz/zd2SERluqJ1DE8LyRyCqYVMl5T9Sj1s -xpuoyPMc/qwHkC0HTNL3VSMay53lcyVVrA4LRj7qlJJ1adsaS69myaJHtGaOy1Qj -oluBIq9I+6yzbj8kJczjXDAvKpUdj+J0wu5wPyl2hLhPVekz70ZFZRtbilhYQT1o -dSAD1U9pvdWI1ors11i3ctiAtefj6KEx4eDC1gs5rneAm+nR5G+oGijnIe2NOBis -cdmDG7JOnxKS7x6RJHmaQIDtnbtSeQvsUcreWuu9MJNfmj3ZVN3ob/WhD5E1yXM9 -VabJEsHJGPtR6Cw5hCq51b/vXWLV7D3nTTLdApwTsXZtVmL0HfUAGzCduofLNd1S -LdBDU6lSkWYD/EZA12Hc7jooAQMqK400cSXEaoZ9F7UjCZrxK6c= -=kM1B ------END PGP SIGNATURE----- diff --git a/SOURCES/nmstate-2.2.52.tar.gz.asc b/SOURCES/nmstate-2.2.52.tar.gz.asc new file mode 100644 index 0000000..8cfba88 --- /dev/null +++ b/SOURCES/nmstate-2.2.52.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEESP1vrlFad7SENoIch4lWe4cVzrwFAmjJFTsACgkQh4lWe4cV +zrz7WxAA0OZdEfcQIfRR2Cb6C7IqfhvVTYShRRsWSmxlgMRkIa5qCr4pwrzCHk0y +bYm603rJAWddavds8elIrXvf34rkyf4RT35mucK0TRsMw3ufaH0RKVnwJkiC6Xhp +bp7DF4BhlT5Xw97Zb53u/VTHJUdzUI1q7y6XR08FlJ3tBC5UBPRIu2eQF4YoBVW8 +knFO4zeVCW3vJEF4dvKBauYI0diFB6o8921skZM5BfZz6jXHv46cwb8YojGAV8tZ +gh6gJDp3i91l8la1lTdFoc5DVVpDEU5VqWKcERa71MPqy0bKK3JJWdFcurkKFkm6 +yitbGxMwPqm4VI/DnaIV7tWp2uMnDNjNbu0q1doJJBHccHpZLOaQ6Xx3jhsWaqFZ +NSk23y3tIAl3NlrIXnAaWZmj9y0l1ENU4wTuU02OyOx+BJ7r5hnO4aQfECRkvmnO +LQO2uL8J5VOicpVbkk6/5zNTv0JPENHKLbLR4az66/Qi6zmvqa1g5Pz2BbUaPkVR +vCLImW6a5y8DvKDP+9EkY4fkQ93Jh18yVHuVKlAaSWqPH0Y9B8lVZ9Vd2gDdsob1 +NQl76tAnosHovUE2U87MUnb8VJ+ox6QZuj4i4/wC27Qlv5vic/fDS1WcAMeqkwq8 +Sxuo/czdN65zzCMDHKFraLQzBl3Zt3f3i7MPoFKlLoDlJir5EYk= +=jxWO +-----END PGP SIGNATURE----- diff --git a/SPECS/nmstate.spec b/SPECS/nmstate.spec index 95ad8cd..3fe3131 100644 --- a/SPECS/nmstate.spec +++ b/SPECS/nmstate.spec @@ -3,8 +3,8 @@ %define libname libnmstate Name: nmstate -Version: 2.2.48 -Release: 2%{?dist} +Version: 2.2.52 +Release: 1%{?dist} Summary: Declarative network manager API License: LGPLv2+ URL: https://github.com/%{srcname}/%{srcname} @@ -20,9 +20,6 @@ BuildRequires: pkg-config BuildRequires: systemd Requires: (nmstate-libs%{?_isa} = %{version}-%{release} if nmstate-libs) -# Patches to remove in next rebase -Patch1001: 1001-dont-add-dns-to-down-iface.patch - %description Nmstate is a library with an accompanying command line tool that manages host networking settings in a declarative manner and aimed to satisfy enterprise @@ -146,6 +143,16 @@ popd /sbin/ldconfig %changelog +* Mon Sep 22 2025 Gris Ge - 2.2.52-1 +- Upgrade to 2.2.52 +- Support interface alternative names. RHEL-110777 +- Support IPv4 forwarding. RHEL-110786 +- Support IPSec `leftsendcert` option. RHEL-110633 + +* Fri Sep 05 2025 Gris Ge - 2.2.50-1 +- Upgrade to 2.2.50 +- Support MAC referring for VLAN in `nmstatectl gc`. RHEL-110368 + * Thu Jul 24 2025 Íñigo Huguet - 2.2.48-2 - Fix DNS settings with search or option only being saved to down NM connection. RHEL-104796