net-misc/networkmanager: Fix VPN routes (#571246 by Lu Ran)

Package-Manager: portage-2.2.26
johu · Jan 16, 2016 · 3a26ff7 · 3a26ff7
1 parent 1df71db
commit 3a26ff7
Show file tree

Hide file tree

Showing 2 changed files with 397 additions and 0 deletions.
diff --git a/net-misc/networkmanager/files/networkmanager-1.0.10-vpn-routes.patch b/net-misc/networkmanager/files/networkmanager-1.0.10-vpn-routes.patch
@@ -0,0 +1,51 @@
+From 11aa07ed939193e85516c287a57dee1837242972 Mon Sep 17 00:00:00 2001
+From: Thomas Haller <[email protected]>
+Date: Mon, 4 Jan 2016 18:54:26 +0100
+Subject: core: fix failure to configure routes due to wrong device-route for
+ IPv4 peer-addresses
+
+As in the case of a OpenVPN connection, we might add an address like:
+  10.8.0.58/32 ptp 10.8.0.57
+
+In this case, kernel would automatically add a device-route like:
+  10.8.0.57/32 via 0.0.0.0 dev 32 metric 0 mss 0 src rtprot-kernel scope link pref-src 10.8.0.58
+
+nm_ip4_config_commit() checks all IP addresses to figure out
+the present device-routes. Then the routes are synced by NMRouteManager.
+Due to a bug, we would not consider the peer-address, but the local-address
+and configure a route 10.8.0.58/32, instead of 10.8.0.57/32.
+
+That stays mostly unnoticed, because usually the peer and the local-address are
+in the same subnet, so that there is no difference (/32 is an example of the
+peer-address being in a different subnet).
+
+It also seems that due to a bug fixed by df4e5357521 this issue didn't surface.
+Probably because we would not notice the 10.8.0.57/32 right away and thus
+nm_route_manager_ip4_route_sync() would not wrongly delete it.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=759892
+
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809195
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809494
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809526
+https://bugs.archlinux.org/task/47535
+https://bugzilla.redhat.com/show_bug.cgi?id=1294309
+https://mail.gnome.org/archives/networkmanager-list/2015-December/msg00059.html
+
+diff --git a/src/nm-ip4-config.c b/src/nm-ip4-config.c
+index f625d35..61e29af 100644
+--- a/src/nm-ip4-config.c
++++ b/src/nm-ip4-config.c
+@@ -298,7 +298,8 @@ nm_ip4_config_commit (const NMIP4Config *config, int ifindex, gboolean routes_fu
+
+ 				route.ifindex = ifindex;
+ 				route.source = NM_IP_CONFIG_SOURCE_KERNEL;
+-				route.network = nm_utils_ip4_address_clear_host_address (addr->address, addr->plen);
++				route.network = nm_utils_ip4_address_clear_host_address (addr->peer_address ? : addr->address,
++				                                                         addr->plen);
+ 				route.plen = addr->plen;
+ 				route.pref_src = addr->address;
+ 				route.metric = default_route_metric;
+-- 
+cgit v0.10.2
+
diff --git a/net-misc/networkmanager/networkmanager-1.0.10-r1.ebuild b/net-misc/networkmanager/networkmanager-1.0.10-r1.ebuild
@@ -0,0 +1,346 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+GCONF_DEBUG="no"
+GNOME_ORG_MODULE="NetworkManager"
+GNOME2_LA_PUNT="yes"
+VALA_USE_DEPEND="vapigen"
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )
+
+inherit autotools bash-completion-r1 eutils gnome2 linux-info multilib python-any-r1 systemd \
+	user readme.gentoo toolchain-funcs vala versionator virtualx udev multilib-minimal
+
+DESCRIPTION="A set of co-operative tools that make networking simple and straightforward"
+HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
+
+LICENSE="GPL-2+"
+SLOT="0" # add subslot if libnm-util.so.2 or libnm-glib.so.4 bumps soname version
+
+IUSE="bluetooth connection-sharing consolekit +dhclient dhcpcd gnutls +introspection \
+kernel_linux +nss +modemmanager ncurses +ppp resolvconf selinux systemd teamd test \
+vala +wext +wifi zeroconf" # wimax
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+
+REQUIRED_USE="
+	modemmanager? ( ppp )
+	wext? ( wifi )
+	^^ ( nss gnutls )
+	^^ ( dhclient dhcpcd )
+"
+
+# gobject-introspection-0.10.3 is needed due to gnome bug 642300
+# wpa_supplicant-0.7.3-r3 is needed due to bug 359271
+# TODO: Qt support?
+COMMON_DEPEND="
+	>=sys-apps/dbus-1.2[${MULTILIB_USEDEP}]
+	>=dev-libs/dbus-glib-0.100[${MULTILIB_USEDEP}]
+	>=dev-libs/glib-2.37.6:2[${MULTILIB_USEDEP}]
+	>=dev-libs/libnl-3.2.8:3=
+	>=sys-auth/polkit-0.106
+	net-libs/libndp
+	>=net-libs/libsoup-2.40:2.4=
+	net-misc/iputils
+	sys-libs/readline:0
+	>=virtual/libgudev-165:=[${MULTILIB_USEDEP}]
+	bluetooth? ( >=net-wireless/bluez-5 )
+	connection-sharing? (
+		net-dns/dnsmasq[dhcp]
+		net-firewall/iptables )
+	gnutls? (
+		dev-libs/libgcrypt:0=[${MULTILIB_USEDEP}]
+		net-libs/gnutls:=[${MULTILIB_USEDEP}] )
+	modemmanager? ( >=net-misc/modemmanager-0.7.991 )
+	ncurses? ( >=dev-libs/newt-0.52.15 )
+	nss? ( >=dev-libs/nss-3.11:=[${MULTILIB_USEDEP}] )
+	dhclient? ( >=net-misc/dhcp-4[client] )
+	dhcpcd? ( >=net-misc/dhcpcd-4.0.0_rc3 )
+	introspection? ( >=dev-libs/gobject-introspection-0.10.3:= )
+	ppp? ( >=net-dialup/ppp-2.4.5:=[ipv6] net-dialup/rp-pppoe )
+	resolvconf? ( net-dns/openresolv )
+	systemd? ( >=sys-apps/systemd-209:0= )
+	!systemd? ( || ( sys-power/upower sys-power/upower-pm-utils ) )
+	teamd? ( >=net-misc/libteam-1.9 )
+	zeroconf? ( net-dns/avahi:=[autoipd] )
+"
+RDEPEND="${COMMON_DEPEND}
+	consolekit? ( sys-auth/consolekit )
+	wifi? ( >=net-wireless/wpa_supplicant-0.7.3-r3[dbus] )
+"
+DEPEND="${COMMON_DEPEND}
+	dev-util/gdbus-codegen
+	dev-util/gtk-doc-am
+	>=dev-util/intltool-0.40
+	>=sys-devel/gettext-0.17
+	>=sys-kernel/linux-headers-2.6.29
+	virtual/pkgconfig
+	vala? ( $(vala_depend) )
+	test? (
+		$(python_gen_any_dep '
+			dev-python/dbus-python[${PYTHON_USEDEP}]
+			dev-python/pygobject:2[${PYTHON_USEDEP}]')
+	)
+"
+
+sysfs_deprecated_check() {
+	ebegin "Checking for SYSFS_DEPRECATED support"
+
+	if { linux_chkconfig_present SYSFS_DEPRECATED_V2; }; then
+		eerror "Please disable SYSFS_DEPRECATED_V2 support in your kernel config and recompile your kernel"
+		eerror "or NetworkManager will not work correctly."
+		eerror "See https://bugs.gentoo.org/333639 for more info."
+		die "CONFIG_SYSFS_DEPRECATED_V2 support detected!"
+	fi
+	eend $?
+}
+
+pkg_pretend() {
+	if use kernel_linux; then
+		get_version
+		if linux_config_exists; then
+			sysfs_deprecated_check
+		else
+			ewarn "Was unable to determine your kernel .config"
+			ewarn "Please note that if CONFIG_SYSFS_DEPRECATED_V2 is set in your kernel .config, NetworkManager will not work correctly."
+			ewarn "See https://bugs.gentoo.org/333639 for more info."
+		fi
+
+	fi
+}
+
+pkg_setup() {
+	enewgroup plugdev
+}
+
+src_prepare() {
+	DOC_CONTENTS="To modify system network connections without needing to enter the
+		root password, add your user account to the 'plugdev' group."
+
+	# Force use of /run, avoid eautoreconf, upstream bug #737139, fixed in 'master'
+	sed -e 's:$localstatedir/run/:/run/:' -i configure || die
+
+	# Don't build examples, they are not needed and can cause build failure
+	sed -e '/^\s*examples\s*\\/d' -i Makefile.{am,in} || die
+
+	# core: fix failure to configure routes due to wrong device-route for IPv4 peer-addresses
+	# (from 1.0 branch)
+	epatch "${FILESDIR}"/${P}-vpn-routes.patch
+
+	use vala && vala_src_prepare
+	epatch_user # don't remove, users often want custom patches for NM
+	eautoreconf
+	gnome2_src_prepare
+}
+
+multilib_src_configure() {
+	local myconf=()
+
+	# Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986
+	if use ppp; then
+		local PPPD_VER=`best_version net-dialup/ppp`
+		PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR}
+		PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision
+		myconf+=( --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER} )
+	fi
+
+	# unit files directory needs to be passed only when systemd is enabled,
+	# otherwise systemd support is not disabled completely, bug #524534
+	use systemd && myconf+=( "$(systemd_with_unitdir)" )
+
+	if multilib_is_native_abi; then
+		# work-around man out-of-source brokenness, must be done before configure
+		mkdir man || die
+		find "${S}"/man -name '*.?' -exec ln -s {} man/ ';' || die
+	else
+		# libnl, libndp are only used for executables, not libraries
+		myconf+=( LIB{NL,NDP}_{CFLAGS,LIBS}=' ' )
+	fi
+
+	# TODO: enable wimax when we have a libnl:3 compatible revision of it
+	# wimax will be removed, bug #522822
+	# ifnet plugin always disabled until someone volunteers to actively
+	# maintain and fix it
+	ECONF_SOURCE=${S} \
+	gnome2_src_configure \
+		--disable-more-warnings \
+		--disable-static \
+		--localstatedir=/var \
+		--disable-lto \
+		--disable-config-plugin-ibft \
+		--disable-ifnet \
+		--without-netconfig \
+		--with-dbus-sys-dir=/etc/dbus-1/system.d \
+		--with-udev-dir="$(get_udevdir)" \
+		--with-config-plugins-default=keyfile \
+		--with-iptables=/sbin/iptables \
+		$(multilib_native_with libsoup) \
+		$(multilib_native_enable concheck) \
+		--with-crypto=$(usex nss nss gnutls) \
+		--with-session-tracking=$(multilib_native_usex systemd systemd $(multilib_native_usex consolekit consolekit no)) \
+		--with-suspend-resume=$(multilib_native_usex systemd systemd upower) \
+		$(multilib_native_use_enable bluetooth bluez5-dun) \
+		$(multilib_native_use_enable introspection) \
+		$(multilib_native_use_enable ppp) \
+		--disable-wimax \
+		$(use_with dhclient) \
+		$(use_with dhcpcd) \
+		$(multilib_native_use_with modemmanager modem-manager-1) \
+		$(multilib_native_use_with ncurses nmtui) \
+		$(multilib_native_use_with resolvconf) \
+		$(multilib_native_use_with selinux) \
+		$(multilib_native_use_enable teamd teamdctl) \
+		$(multilib_native_use_enable test tests) \
+		$(multilib_native_use_enable vala) \
+		--without-valgrind \
+		$(multilib_native_use_with wext) \
+		$(multilib_native_use_enable wifi) \
+		"${myconf[@]}"
+
+	# work-around gtk-doc out-of-source brokedness
+	if multilib_is_native_abi; then
+		local d
+		for d in api libnm libnm-util libnm-glib; do
+			ln -s "${S}"/docs/${d}/html docs/${d}/html || die
+		done
+	fi
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi; then
+		emake
+	else
+		emake all-am
+		emake -C include
+		emake -C introspection # generated headers, needed for libnm
+		emake -C libnm-core
+		emake -C libnm
+		emake -C libnm-util
+		emake -C libnm-glib
+	fi
+}
+
+multilib_src_test() {
+	if multilib_is_native_abi; then
+		python_setup
+		Xemake check
+	fi
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi; then
+		# Install completions at proper place, bug #465100
+		gnome2_src_install completiondir="$(get_bashcompdir)"
+	else
+		emake DESTDIR="${D}" install-am
+		emake DESTDIR="${D}" install -C include
+		emake DESTDIR="${D}" install -C introspection
+		emake DESTDIR="${D}" install -C libnm-core
+		emake DESTDIR="${D}" install -C libnm
+		emake DESTDIR="${D}" install -C libnm-util
+		emake DESTDIR="${D}" install -C libnm-glib
+	fi
+}
+
+multilib_src_install_all() {
+	! use systemd && readme.gentoo_create_doc
+
+	newinitd "${FILESDIR}/init.d.NetworkManager" NetworkManager
+	newconfd "${FILESDIR}/conf.d.NetworkManager" NetworkManager
+
+	# /var/run/NetworkManager is used by some distros, but not by Gentoo
+	rmdir -v "${ED}/var/run/NetworkManager" || die "rmdir failed"
+	rmdir -v "${ED}/var/run" || die "rmdir failed"
+
+	# Need to keep the /etc/NetworkManager/dispatched.d for dispatcher scripts
+	keepdir /etc/NetworkManager/dispatcher.d
+
+	# Provide openrc net dependency only when nm is connected
+	exeinto /etc/NetworkManager/dispatcher.d
+	newexe "${FILESDIR}/10-openrc-status-r4" 10-openrc-status
+	sed -e "s:@EPREFIX@:${EPREFIX}:g" \
+		-i "${ED}/etc/NetworkManager/dispatcher.d/10-openrc-status" || die
+
+	keepdir /etc/NetworkManager/system-connections
+	chmod 0600 "${ED}"/etc/NetworkManager/system-connections/.keep* # bug #383765, upstream bug #754594
+
+	# Allow users in plugdev group to modify system connections
+	insinto /usr/share/polkit-1/rules.d/
+	doins "${FILESDIR}/01-org.freedesktop.NetworkManager.settings.modify.system.rules"
+}
+
+pkg_postinst() {
+	gnome2_pkg_postinst
+	! use systemd && readme.gentoo_print_elog
+
+	if [[ -e "${EROOT}etc/NetworkManager/nm-system-settings.conf" ]]; then
+		ewarn "The ${PN} system configuration file has moved to a new location."
+		ewarn "You must migrate your settings from ${EROOT}/etc/NetworkManager/nm-system-settings.conf"
+		ewarn "to ${EROOT}etc/NetworkManager/NetworkManager.conf"
+		ewarn
+		ewarn "After doing so, you can remove ${EROOT}etc/NetworkManager/nm-system-settings.conf"
+	fi
+
+	# The polkit rules file moved to /usr/share
+	old_rules="${EROOT}etc/polkit-1/rules.d/01-org.freedesktop.NetworkManager.settings.modify.system.rules"
+	if [[ -f "${old_rules}" ]]; then
+		case "$(md5sum ${old_rules})" in
+		  574d0cfa7e911b1f7792077003060240* )
+			# Automatically delete the old rules.d file if the user did not change it
+			elog
+			elog "Removing old ${old_rules} ..."
+			rm -f "${old_rules}" || eerror "Failed, please remove ${old_rules} manually"
+			;;
+		  * )
+			elog "The ${old_rules}"
+			elog "file moved to /usr/share/polkit-1/rules.d/ in >=networkmanager-0.9.4.0-r4"
+			elog "If you edited ${old_rules}"
+			elog "without changing its behavior, you may want to remove it."
+			;;
+		esac
+	fi
+
+	# ifnet plugin was disabled for systemd users with 0.9.8.6 version
+	# and for all people with 0.9.10.0-r1 (see ChangeLog for full explanations)
+	if use systemd; then
+		if ! version_is_at_least 0.9.8.6 ${REPLACING_VERSIONS}; then
+			ewarn "Ifnet plugin won't be used with systemd support enabled"
+			ewarn "as it is meant to be used with openRC and can cause collisions"
+			ewarn "(like bug #485658)."
+			ewarn "Because of this, you will likely need to reconfigure some of"
+			ewarn "your networks. To do this you can rely on Gnome control center,"
+			ewarn "nm-connection-editor or nmtui tools for example once updated"
+			ewarn "NetworkManager version is installed."
+		fi
+	else
+		if ! version_is_at_least 0.9.10.0-r1 ${REPLACING_VERSIONS}; then
+			ewarn "Ifnet plugin is now disabled because of it being unattended"
+			ewarn "and unmaintained for a long time, leading to some unfixed bugs"
+			ewarn "and new problems appearing. We will now use upstream 'keyfile'"
+			ewarn "plugin."
+			ewarn "Because of this, you will likely need to reconfigure some of"
+			ewarn "your networks. To do this you can rely on Gnome control center,"
+			ewarn "nm-connection-editor or nmtui tools for example once updated"
+			ewarn "NetworkManager version is installed."
+		fi
+	fi
+
+	# NM fallbacks to plugin specified at compile time (upstream bug #738611)
+	# but still show a warning to remember people to have cleaner config file
+	if [[ -e "${EROOT}etc/NetworkManager/NetworkManager.conf" ]]; then
+		if grep plugins "${EROOT}etc/NetworkManager/NetworkManager.conf" | grep -q ifnet; then
+			ewarn
+			ewarn "You seem to use 'ifnet' plugin in ${EROOT}etc/NetworkManager/NetworkManager.conf"
+			ewarn "Since it won't be used, you will need to stop setting ifnet plugin there."
+			ewarn
+		fi
+	fi
+
+	# NM shows lots of errors making nmcli neither unusable, bug #528748 upstream bug #690457
+	if grep -r "psk-flags=1" "${EROOT}"/etc/NetworkManager/; then
+		ewarn "You have psk-flags=1 setting in above files, you will need to"
+		ewarn "either reconfigure affected networks or, at least, set the flag"
+		ewarn "value to '0'."
+	fi
+}