Merge branch 'main' of https://github.com/davidekete/netplan into Fix-docs-directory-structure-to-reflect-Diátaxis

Author: davidekete

.github/workflows/autopkgtest.yml

@@ -48,6 +48,7 @@ jobs:
           cp -r netplan.io-*/debian .
           rm -r debian/patches/  # clear any distro patches
           sed -i 's|iproute2,|iproute2, ethtool,|' debian/control  # add ethtool as a dependency of netplan.io temporarily
+          sed -i 's|systemd (>= 257.2-3ubuntu1~),|systemd (>= 248~),|g' debian/control  # see https://github.com/canonical/netplan/pull/535
           TAG=$(git describe --tags $(git rev-list --tags --max-count=1))  # find latest (stable) tag
           REV=$(git rev-parse --short HEAD)  # get current git revision
           VER="$TAG+git~$REV"
@@ -57,4 +58,5 @@ jobs:
           autopkgtest . -U \
             --env=DPKG_GENSYMBOLS_CHECK_LEVEL=0 \
             --env=NETPLAN_PARSER_IGNORE_ERRORS=1 \
-            -- lxd autopkgtest/ubuntu/noble/amd64
+            -- lxd autopkgtest/ubuntu/noble/amd64 \
+            || test $? -eq 2  # allow wifi test to be skipped (exit code = 2)

.github/workflows/network-manager.yml

@@ -41,6 +41,7 @@ jobs:
           pull-lp-source netplan.io
           cp -r netplan.io-*/debian .
           rm -r debian/patches/  # clear any distro patches
+          sed -i 's|systemd (>= 257.2-3ubuntu1~),|systemd (>= 248~),|g' debian/control  # see https://github.com/canonical/netplan/pull/535
           echo "3.0 (native)" > debian/source/format  # force native build
           TAG=$(git describe --tags $(git rev-list --tags --max-count=1))  # find latest (stable) tag
           REV=$(git rev-parse --short HEAD)  # get current git revision

.github/workflows/rpmbuild.yml

@@ -34,4 +34,4 @@ jobs:
           dnf -y builddep rpm/netplan.spec
           adduser test
           chown -R test:test .
-          su test -c 'rpmbuild -bi --build-in-place rpm/netplan.spec'
+          su test -c 'rpmbuild -bi -D "debug_package %{nil}" --build-in-place rpm/netplan.spec'

.github/workflows/spread.yml

@@ -18,11 +18,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Install spread
         run: |
-          # TODO: Once Spread PR #179 is merged, go back to:
-          # go install github.com/snapcore/spread/cmd/spread@latest
-          git clone --depth 1 --branch thp https://github.com/thp-canonical/spread spread-fork
-          cd spread-fork && go install ./cmd/spread
-          cd .. && rm -r spread-fork
+          go install github.com/snapcore/spread/cmd/spread@latest
       - name: Run the spread test inside LXD
         run: |
           ~/go/bin/spread -v lxd:

doc/reference/netplan-yaml.md

@@ -462,7 +462,7 @@ Match devices by MAC when setting options like: `wakeonlan` or `*-offload`.
 
 - **`gateway4`**, **`gateway6`** (scalar)
 
-  > Deprecated, see `Default routes`.
+  > Deprecated, see [Default routes](#default-routes).
   > Set default gateway for IPv4/6, for manual address configuration. This
   > requires setting `addresses` too. Gateway IP addresses must be in a form
   > recognised by **`inet_pton`**(3). There should only be a single gateway
@@ -879,6 +879,9 @@ network:
     > Specify a priority for the routing policy rule, to influence the order
     > in which routing rules are processed. A higher number means lower
     > priority: rules are processed in order by increasing priority number.
+    > Specifying an explicit, unique, priority for each routing policy rule
+    > is strongly recommended and is mandatory on the `NetworkManager`
+    > back-end.
 
   - **`mark`** (scalar)
 
@@ -907,7 +910,8 @@ interfaces, as well as individual Wi-Fi networks, by means of the `auth` block.
   - **`key-management`** (scalar)
 
     > The supported key management modes are `none` (no key management);
-    > `psk` (WPA with pre-shared key, common for home Wi-Fi); `eap` (WPA
+    > `psk` (WPA with pre-shared key, common for home Wi-Fi); `psk-sha256`
+    > (WPA2 with pre-shared key, common for home Wi-Fi); `eap` (WPA
     > with EAP, common for enterprise Wi-Fi); `eap-sha256` (used with WPA3-Enterprise);
     > `eap-suite-b-192` (used with WPA3-Enterprise); `sae` (used by WPA3);
     > and `802.1x` (used primarily for wired Ethernet connections).

netplan_cli/cli/commands/apply.py

@@ -252,7 +252,13 @@ def command_apply(self, run_generate=True, sync=False, exit_on_error=True, state
                                       stderr=subprocess.DEVNULL)
 
         subprocess.check_call(['udevadm', 'control', '--reload'])
-        subprocess.check_call(['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle'])
+
+        try:
+            subprocess.check_call(['udevadm', 'trigger', '--action=move', '--subsystem-match=net', '--settle'])
+        except subprocess.CalledProcessError as e:
+            # udevadm trigger returns 1 if it cannot trigger devices since
+            # systemd v248, e.g. in containers (LP: #2095203)
+            logging.warning('Ignoring device trigger error: {}'.format(e))
 
         # apply any SR-IOV related changes, if applicable
         NetplanApply.process_sriov_config(config_manager, exit_on_error)

src/abi.h

@@ -145,6 +145,7 @@ typedef enum {
     NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSUITE_B_192,
     NETPLAN_AUTH_KEY_MANAGEMENT_8021X,
     NETPLAN_AUTH_KEY_MANAGEMENT_WPA_SAE,
+    NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256,
     NETPLAN_AUTH_KEY_MANAGEMENT_MAX,
 } NetplanAuthKeyManagementType;
 

src/names.c

@@ -59,6 +59,7 @@ static const char* const
 netplan_auth_key_management_type_to_str[NETPLAN_AUTH_KEY_MANAGEMENT_MAX] = {
     [NETPLAN_AUTH_KEY_MANAGEMENT_NONE] = "none",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK] = "psk",
+    [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256] = "psk-sha256",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP] = "eap",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSHA256] = "eap-sha256",
     [NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAPSUITE_B_192] = "eap-suite-b-192",

src/networkd.c

@@ -1188,6 +1188,10 @@ append_wpa_auth_conf(GString* s, const NetplanAuthenticationSettings* auth, cons
                 g_string_append(s, "  key_mgmt=WPA-PSK\n");
             break;
 
+        case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256:
+            g_string_append(s, "  key_mgmt=WPA-PSK WPA-PSK-SHA256\n");
+            break;
+
         case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP:
             g_string_append(s, "  key_mgmt=WPA-EAP\n");
             break;

src/nm.c

@@ -254,6 +254,64 @@ write_routes_nm(const NetplanNetDefinition* def, GKeyFile *kf, gint family, GErr
             j++;
         }
     }
+
+    return TRUE;
+}
+
+STATIC gboolean
+write_ip_rules_nm(const NetplanNetDefinition* def, GKeyFile *kf, gint family, GError** error)
+{
+    const gchar* group = NULL;
+    gchar* tmp_key = NULL;
+    GString* tmp_val = NULL;
+
+    if (family == AF_INET)
+        group = "ipv4";
+    else if (family == AF_INET6)
+        group = "ipv6";
+    g_assert(group != NULL);
+
+    if (def->ip_rules != NULL) {
+        for (unsigned i = 0, j = 1; i < def->ip_rules->len; ++i) {
+            const NetplanIPRule *cur_rule = g_array_index(def->ip_rules, NetplanIPRule*, i);
+
+            if (cur_rule->family != family)
+                continue;
+
+            /* NetworkManager requires that priority be specified.  This is
+             * also in-line with the iproute2 guidance that "Each rule should
+             * have an explicitly set unique priority value"[1].
+             * [1]http://www.policyrouting.org/iproute2.doc.html#ss9.6.1 */
+            if (cur_rule->priority == NETPLAN_IP_RULE_PRIO_UNSPEC) {
+                g_set_error(error, NETPLAN_BACKEND_ERROR, NETPLAN_ERROR_UNSUPPORTED,
+                            "ERROR: %s: The priority setting is mandatory for NetworkManager routing-policy\n", def->id);
+                return FALSE;
+            }
+
+            tmp_key = g_strdup_printf("routing-rule%u", j);
+            tmp_val = g_string_sized_new(200);
+
+            g_string_printf(tmp_val, "priority %u", cur_rule->priority);
+
+            if (cur_rule->from)
+                g_string_append_printf(tmp_val, " from %s", cur_rule->from);
+            if (cur_rule->to)
+                g_string_append_printf(tmp_val, " to %s", cur_rule->to);
+            if (cur_rule->tos != NETPLAN_IP_RULE_TOS_UNSPEC)
+                g_string_append_printf(tmp_val, " tos %u", cur_rule->tos);
+            if (cur_rule->fwmark != NETPLAN_IP_RULE_FW_MARK_UNSPEC)
+                g_string_append_printf(tmp_val, " fwmark %u", cur_rule->fwmark);
+            if (cur_rule->table != NETPLAN_ROUTE_TABLE_UNSPEC)
+                g_string_append_printf(tmp_val, " table %u", cur_rule->table);
+
+            g_key_file_set_string(kf, group, tmp_key, tmp_val->str);
+            g_free(tmp_key);
+            g_string_free(tmp_val, TRUE);
+
+            j++;
+        }
+    }
+
     return TRUE;
 }
 
@@ -457,6 +515,7 @@ write_wifi_auth_parameters(const NetplanAuthenticationSettings* auth, GKeyFile *
         case NETPLAN_AUTH_KEY_MANAGEMENT_NONE:
             break;
         case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSK:
+        case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_PSKSHA256:
             g_key_file_set_string(kf, "wifi-security", "key-mgmt", "wpa-psk");
             break;
         case NETPLAN_AUTH_KEY_MANAGEMENT_WPA_EAP:
@@ -716,6 +775,8 @@ write_nm_conf_access_point(const NetplanNetDefinition* def, const char* rootdir,
             g_key_file_set_uint64(kf, "vrf", "table", def->vrf_table);
             if (!write_routes_nm(def, kf, AF_INET, error) || !write_routes_nm(def, kf, AF_INET6, error))
                 return FALSE;
+            if (!write_ip_rules_nm(def, kf, AF_INET, error) || !write_ip_rules_nm(def, kf, AF_INET6, error))
+                return FALSE;
         }
 
         if (def->type == NETPLAN_DEF_TYPE_VETH && def->veth_peer_link) {
@@ -871,6 +932,8 @@ write_nm_conf_access_point(const NetplanNetDefinition* def, const char* rootdir,
         write_search_domains(def, "ipv4", kf);
         if (!write_routes_nm(def, kf, AF_INET, error))
             return FALSE;
+        if (!write_ip_rules_nm(def, kf, AF_INET, error))
+            return FALSE;
     }
 
     if (!def->dhcp4_overrides.use_routes) {
@@ -917,6 +980,9 @@ write_nm_conf_access_point(const NetplanNetDefinition* def, const char* rootdir,
         if (!write_routes_nm(def, kf, AF_INET6, error))
             return FALSE;
 
+        if (!write_ip_rules_nm(def, kf, AF_INET6, error))
+            return FALSE;
+
         if (!def->dhcp6_overrides.use_routes) {
             g_key_file_set_boolean(kf, "ipv6", "ignore-auto-routes", TRUE);
             g_key_file_set_boolean(kf, "ipv6", "never-default", TRUE);