[meta-networking][PATCH 0/5] networkmanager modemmanager updates

[meta-networking][PATCH 0/5] networkmanager modemmanager updates

[Adrian Freihofer]

Update NetworkManager to 1.38
- Fix some dependencies between plugins and related services
- Make it more flexible and easier to use only some packages

The patch "networkmanager: improve dependency handling" should go to
kirkstone and to master

Adrian Freihofer (5):
  networkmanager: improve dependency handling
  networkmanager: simplify selective installation
  networkmanager: use nftables by default
  networkmanager: udpate to 1.38.0
  modemmanager: update to 1.18.8

 ...t-add-dependency-libnm_client_public.patch |  34 -----
 ...ger_1.36.2.bb => networkmanager_1.38.0.bb} | 136 ++++++++++++------
 ...-shell-scripts-to-use-bin-sh-for-use.patch |  42 +++---
 ...-Make-scripts-POSIX-shell-compatible.patch | 100 -------------
 ...nager_1.18.6.bb => modemmanager_1.18.8.bb} |   5 +-
 5 files changed, 117 insertions(+), 200 deletions(-)
 delete mode 100644 meta-networking/recipes-connectivity/networkmanager/networkmanager/0001-libnm-client-test-add-dependency-libnm_client_public.patch
 rename meta-networking/recipes-connectivity/networkmanager/{networkmanager_1.36.2.bb => networkmanager_1.38.0.bb} (69%)
 delete mode 100644 meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
 rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.18.6.bb => modemmanager_1.18.8.bb} (92%)

-- 
2.35.3

[meta-networking][PATCH 1/5] networkmanager: improve dependency handling

[Adrian Freihofer]

Plugins of networkmanager redpends on related services. If for example
modemmanager or wpa-supplicant is not installed but the related
networkmanager plugin is, the plugin writes error messages to the
syslog.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
 .../networkmanager/networkmanager_1.36.2.bb   | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
index 6c665d53bb..ab8fc136a9 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
@@ -83,7 +83,7 @@ PACKAGECONFIG[bluez5] = "-Dbluez5_dun=true,-Dbluez5_dun=false,bluez5"
 # consolekit is not picked by shlibs, so add it to RDEPENDS too
 PACKAGECONFIG[consolekit] = "-Dsession_tracking_consolekit=true,-Dsession_tracking_consolekit=false,consolekit,consolekit"
 PACKAGECONFIG[modemmanager] = "-Dmodem_manager=true,-Dmodem_manager=false,modemmanager mobile-broadband-provider-info"
-PACKAGECONFIG[ppp] = "-Dppp=true,-Dppp=false,ppp,ppp"
+PACKAGECONFIG[ppp] = "-Dppp=true,-Dppp=false,ppp"
 PACKAGECONFIG[dnsmasq] = "-Ddnsmasq=${bindir}/dnsmasq"
 PACKAGECONFIG[nss] = "-Dcrypto=nss,,nss"
 PACKAGECONFIG[resolvconf] = "-Dresolvconf=${base_sbindir}/resolvconf,-Dresolvconf=no,,resolvconf"
@@ -153,12 +153,26 @@ FILES:${PN}-nmtui-doc = " \
     ${mandir}/man1/nmtui* \
 "
 
-FILES:${PN}-wifi = "${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-wifi.so"
+FILES:${PN}-wifi = "\
+    ${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-wifi.so \
+    ${libdir}/NetworkManager/conf.d/enable-iwd.conf \
+"
+def get_wifi_deps(d):
+    packageconfig = (d.getVar('PACKAGECONFIG') or "").split()
+    if 'wifi' in packageconfig:
+        if 'iwd' in packageconfig:
+            return 'iwd'
+        else:
+            return 'wpa-supplicant'
+    else:
+        return ''
+RRECOMMENDS:${PN}-wifi += "${@get_wifi_deps(d)}"
 
 FILES:${PN}-wwan = "\
     ${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-wwan.so \
     ${NETWORKMANAGER_PLUGINDIR}/libnm-wwan.so \
 "
+RRECOMMENDS:${PN}-wwan += "${@bb.utils.contains('PACKAGECONFIG','modemmanager','modemmanager','',d)}"
 
 FILES:${PN}-ovs = "\
     ${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-ovs.so \
@@ -173,6 +187,7 @@ FILES:${PN}-ppp = "\
     ${NETWORKMANAGER_PLUGINDIR}/libnm-ppp-plugin.so \
     ${libdir}/pppd/*/nm-pppd-plugin.so \
 "
+RRECOMMENDS:${PN}-ppp += "${@bb.utils.contains('PACKAGECONFIG','ppp','ppp','',d)}"
 
 FILES:${PN}-dev += " \
     ${libdir}/pppd/*/*.la \
-- 
2.35.3

[meta-networking][PATCH 2/5] networkmanager: simplify selective installation

[Adrian Freihofer]

The main motivation for this rework is to support compiling the
NetworkManager with many plugins, but to install only a few of them in
a firmware image. This is advantageous when different products with
different network interfaces should be supported by only one binary
distribution. This is more in line with the way NetworkManager is
designed and used by other binary Linux distributions. Basically this
is already supported since the last rework of the networkmanager recipe.
However, the rrecomments from networkmanager to all available plugins is
not straight forward to be used in such a scenario. Installing only a
subset of the compiled plugins required to override the rrecommends
from networkmanager to the plugins in some way. To simplify the usage
the networkmanager package is now an empty meta package and
networkmanager itself gets moved to a new networkmanager-daemon package.
This allows to keep backward compatibility: Installing the
networkmanager package still adds all compiled plugins to the firmware.
But with the new package splitting it's also possible to install for
example only the networkmanager-wifi but not the networkmanager-wwan
package even if networkamanger has been compiled with the modemmanager
PACAKGECONFIG flag enabled as well.

The relation from plugins to services is now a stronger rdepends which
reflects better how NetworkManager is supposed to be used. If a plugin
is installed but the required service is not the plugin periodically
tries to connect to the service and reports error messages to the syslog
if the service is not available. Therefore it's better to make the
installation of the plugin optional but not the installation of the
services.

The bash-completion package adds support for the nmcli command line
utility. This change also moves the bash completion configuration to a
new package networkmanager-nmcli-bash-completion. This is more
consistent anyway but gets even more important when the networkmanager
package gets optional.

To simplify the usage of all these packages a SUMMARY:${PN}-.. for each
packages has been added.
The separation of the doc packages has been removed.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
 .../networkmanager/networkmanager_1.36.2.bb   | 115 +++++++++++-------
 1 file changed, 73 insertions(+), 42 deletions(-)

diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
index ab8fc136a9..9fc43dceb5 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
@@ -19,6 +19,7 @@ DEPENDS = " \
     curl \
     dbus \
 "
+DEPENDS:append:class-target = " bash-completion"
 
 GNOMEBASEBUILDCLASS = "meson"
 inherit gnomebase gettext update-rc.d systemd gobject-introspection gtk-doc update-alternatives upstream-version-is-even
@@ -71,7 +72,6 @@ PACKAGECONFIG ??= "readline nss ifupdown dnsmasq nmcli vala \
     ${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux audit', '', d)} \
 "
 
-inherit ${@bb.utils.contains('PACKAGECONFIG', 'nmcli', 'bash-completion', '', d)}
 inherit ${@bb.utils.contains('PACKAGECONFIG', 'vala', 'vala', '', d)}
 
 PACKAGECONFIG[systemd] = "\
@@ -105,25 +105,42 @@ PACKAGECONFIG[concheck] = "-Dconcheck=true,-Dconcheck=false"
 
 
 PACKAGES =+ " \
+    libnm \
     ${PN}-adsl \
     ${PN}-bluetooth \
     ${PN}-cloud-setup \
-    ${PN}-nmcli ${PN}-nmcli-doc \
-    ${PN}-nmtui ${PN}-nmtui-doc \
+    ${PN}-nmcli \
+    ${PN}-nmcli-bash-completion \
+    ${PN}-nmtui \
     ${PN}-wifi \
     ${PN}-wwan \
-    ${PN}-ovs ${PN}-ovs-doc \
+    ${PN}-ovs \
     ${PN}-ppp \
+    ${PN}-daemon \
 "
 
-SYSTEMD_PACKAGES = "${PN} ${PN}-cloud-setup"
+SYSTEMD_PACKAGES = "${PN}-daemon ${PN}-cloud-setup"
+INITSCRIPT_PACKAGES = "${PN}-daemon"
 
 NETWORKMANAGER_PLUGINDIR = "${libdir}/NetworkManager/${PV}"
+NETWORKMANAGER_DISPATCHERDIR = "${nonarch_libdir}/NetworkManager/dispatcher.d"
 
+
+SUMMARY:libnm = "Libraries for adding NetworkManager support to applications"
+FILES:libnm = "\
+    ${libdir}/libnm.so.* \
+    ${libdir}/girepository-1.0/NM-1.0.typelib \
+"
+
+SUMMARY:${PN}-adsl = "ADSL device plugin for NetworkManager"
 FILES:${PN}-adsl = "${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-adsl.so"
+RDEPENDS:${PN}-adsl += "${PN}-daemon"
 
+SUMMARY:${PN}-bluetooth = "Bluetooth device plugin for NetworkManager"
 FILES:${PN}-bluetooth = "${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-bluetooth.so"
+RDEPENDS:${PN}-bluetooth += "${PN}-daemon ${@bb.utils.contains('PACKAGECONFIG', 'bluez5', '${PN}-wwan bluez5', '', d)}"
 
+SUMMARY:${PN}-cloud-setup = "Automatically configure NetworkManager in cloud"
 FILES:${PN}-cloud-setup = " \
     ${libexecdir}/nm-cloud-setup \
     ${systemd_system_unitdir}/nm-cloud-setup.service \
@@ -131,28 +148,30 @@ FILES:${PN}-cloud-setup = " \
     ${libdir}/NetworkManager/dispatcher.d/90-nm-cloud-setup.sh \
     ${libdir}/NetworkManager/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh \
 "
+RDEPENDS:${PN}-cloud-setup += "${PN}-daemon"
 ALLOW_EMPTY:${PN}-cloud-setup = "1"
 SYSTEMD_SERVICE:${PN}-cloud-setup = "${@bb.utils.contains('PACKAGECONFIG', 'cloud-setup', 'nm-cloud-setup.service nm-cloud-setup.timer', '', d)}"
 
+SUMMARY:${PN}-nmcli = "NetworkManager command line client"
 FILES:${PN}-nmcli = " \
     ${bindir}/nmcli \
 "
+RDEPENDS:${PN}-nmcli += "${PN}-daemon"
 
-FILES:${PN}-nmcli-doc = " \
-    ${mandir}/man1/nmcli* \
-"
+SUMMARY:${PN}-nmcli-bash-completion = "NetworkManager command line client bash completion"
+FILES:${PN}-nmcli-bash-completion = "${datadir}/bash-completion/completions/nmcli"
+RDEPENDS:${PN}-nmcli-bash-completion = "bash-completion"
 
+SUMMARY:${PN}-nmtui = "NetworkManager curses-based UI"
 FILES:${PN}-nmtui = " \
     ${bindir}/nmtui \
     ${bindir}/nmtui-edit \
     ${bindir}/nmtui-connect \
     ${bindir}/nmtui-hostname \
 "
+RDEPENDS:${PN}-nmtui += "${PN}-daemon"
 
-FILES:${PN}-nmtui-doc = " \
-    ${mandir}/man1/nmtui* \
-"
-
+SUMMARY:${PN}-wifi = "Wifi plugin for NetworkManager"
 FILES:${PN}-wifi = "\
     ${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-wifi.so \
     ${libdir}/NetworkManager/conf.d/enable-iwd.conf \
@@ -166,55 +185,80 @@ def get_wifi_deps(d):
             return 'wpa-supplicant'
     else:
         return ''
-RRECOMMENDS:${PN}-wifi += "${@get_wifi_deps(d)}"
+RDEPENDS:${PN}-wifi += "${PN}-daemon ${@get_wifi_deps(d)}"
 
+SUMMARY:${PN}-wwan = "Mobile broadband device plugin for NetworkManager"
 FILES:${PN}-wwan = "\
     ${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-wwan.so \
     ${NETWORKMANAGER_PLUGINDIR}/libnm-wwan.so \
 "
-RRECOMMENDS:${PN}-wwan += "${@bb.utils.contains('PACKAGECONFIG','modemmanager','modemmanager','',d)}"
+RDEPENDS:${PN}-wwan += "${PN}-daemon ${@bb.utils.contains('PACKAGECONFIG','modemmanager','modemmanager','',d)}"
 
+SUMMARY:${PN}-ovs = "Open vSwitch device plugin for NetworkManager"
 FILES:${PN}-ovs = "\
     ${NETWORKMANAGER_PLUGINDIR}/libnm-device-plugin-ovs.so \
     ${systemd_system_unitdir}/NetworkManager.service.d/NetworkManager-ovs.conf \
 "
+RDEPENDS:${PN}-ovs += "${PN}-daemon"
 
-FILES:${PN}-ovs-doc = "\
-    ${mandir}/man7/nm-openvswitch.7* \
-"
-
+SUMMARY:${PN}-ppp = "PPP plugin for NetworkManager"
 FILES:${PN}-ppp = "\
     ${NETWORKMANAGER_PLUGINDIR}/libnm-ppp-plugin.so \
     ${libdir}/pppd/*/nm-pppd-plugin.so \
 "
-RRECOMMENDS:${PN}-ppp += "${@bb.utils.contains('PACKAGECONFIG','ppp','ppp','',d)}"
+RDEPENDS:${PN}-ppp += "${PN}-daemon ${@bb.utils.contains('PACKAGECONFIG','ppp','ppp','',d)}"
 
 FILES:${PN}-dev += " \
     ${libdir}/pppd/*/*.la \
     ${libdir}/NetworkManager/*.la \
     ${NETWORKMANAGER_PLUGINDIR}/*.la \
+    ${datadir}/dbus-1/interfaces/*.xml \
 "
 
-FILES:${PN} += " \
-    ${libexecdir} \
+SUMMARY:${PN}-daemon += "The NetworkManager daemon"
+FILES:${PN}-daemon += " \
+    ${bindir}/nm-online \
+    ${datadir}/dbus-1 \
+    ${datadir}/polkit-1 \
     ${libdir}/NetworkManager \
-    ${nonarch_libdir}/firewalld/zones \
+    ${libexecdir} \
+    ${localstatedir}/lib/NetworkManager \
+    ${NETWORKMANAGER_DISPATCHERDIR} \
+    ${nonarch_base_libdir}/udev/* \
+    ${nonarch_libdir}/firewalld \
     ${nonarch_libdir}/NetworkManager/conf.d \
-    ${nonarch_libdir}/NetworkManager/dispatcher.d \
     ${nonarch_libdir}/NetworkManager/dispatcher.d/pre-down.d \
     ${nonarch_libdir}/NetworkManager/dispatcher.d/pre-up.d \
     ${nonarch_libdir}/NetworkManager/dispatcher.d/no-wait.d \
-    ${nonarch_libdir}/NetworkManager/VPN \
     ${nonarch_libdir}/NetworkManager/system-connections \
-    ${datadir}/polkit-1 \
-    ${datadir}/dbus-1 \
-    ${nonarch_base_libdir}/udev/* \
+    ${nonarch_libdir}/NetworkManager/VPN \
+    ${sbindir}/NetworkManager \
+    ${sysconfdir}/init.d/network-manager \
+    ${sysconfdir}/NetworkManager \
     ${systemd_system_unitdir} \
 "
-
-RRECOMMENDS:${PN} += "\
+RRECOMMENDS:${PN}-daemon += "\
     iptables \
     ${@bb.utils.filter('PACKAGECONFIG', 'dnsmasq', d)} \
+"
+INITSCRIPT_NAME:${PN}-daemon = "network-manager"
+SYSTEMD_SERVICE:${PN}-daemon = "\
+    NetworkManager.service \
+    NetworkManager-dispatcher.service \
+"
+RCONFLICTS:${PN}-daemon += "connman"
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE:${PN}-daemon = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
+ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
+ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
+
+
+# The networkmanager package is an empty meta package which weakly depends on all the compiled features.
+# Install this package to get all plugins and related dependencies installed. Alternatively just install
+# plugins and related dependencies e.g. by installing networkmanager-wifi or networkmanager-wwan
+# packages to the firmware.
+ALLOW_EMPTY:${PN} = "1"
+RRECOMMENDS:${PN} += "\
     ${@bb.utils.contains('PACKAGECONFIG','adsl','${PN}-adsl','',d)} \
     ${@bb.utils.contains('PACKAGECONFIG','bluez5','${PN}-bluetooth','',d)} \
     ${@bb.utils.contains('PACKAGECONFIG','cloud-setup','${PN}-cloud-setup','',d)} \
@@ -225,19 +269,6 @@ RRECOMMENDS:${PN} += "\
     ${@bb.utils.contains('PACKAGECONFIG','ovs','${PN}-ovs','',d)} \
     ${@bb.utils.contains('PACKAGECONFIG','ppp','${PN}-ppp','',d)} \
 "
-RCONFLICTS:${PN} = "connman"
-
-
-INITSCRIPT_NAME = "network-manager"
-SYSTEMD_SERVICE:${PN} = "\
-    NetworkManager.service \
-    NetworkManager-dispatcher.service \
-"
-
-ALTERNATIVE_PRIORITY = "100"
-ALTERNATIVE:${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','resolv-conf','',d)}"
-ALTERNATIVE_TARGET[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv-conf.NetworkManager','',d)}"
-ALTERNATIVE_LINK_NAME[resolv-conf] = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${sysconfdir}/resolv.conf','',d)}"
 
 do_install:append() {
     install -Dm 0755 ${WORKDIR}/${BPN}.initd ${D}${sysconfdir}/init.d/network-manager
-- 
2.35.3

[meta-networking][PATCH 3/5] networkmanager: use nftables by default

[Adrian Freihofer]

From NEWS file of netowrkmanager 1.32:

firewall: add nftables firewall backend for configuring IPv4 NAT with
shared mode. Now two backends are supported, "iptables" and "nftables".
The default gets detected based on whether /usr/sbin/nft or
/usr/sbin/iptables is installed, with nftables preferred.

With this change nftables is not the prefered backend also with OE. But
it's still possible to set NETWORKMANAGER_FIREWALL_DEFAULT back to
iptables.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
 .../networkmanager/networkmanager_1.36.2.bb                 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
index 9fc43dceb5..55eb3e7024 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
@@ -42,6 +42,10 @@ NETWORKMANAGER_DNS_RC_MANAGER_DEFAULT ??= "auto"
 # ['dhcpcanon', 'dhclient', 'dhcpcd', 'internal', 'nettools']
 NETWORKMANAGER_DHCP_DEFAULT ??= "internal"
 
+# The default gets detected based on whether /usr/sbin/nft or /usr/sbin/iptables is installed, with nftables preferred.
+# ['', 'iptables', 'nftables']
+NETWORKMANAGER_FIREWALL_DEFAULT ??= "nftables"
+
 EXTRA_OEMESON = "\
     -Difcfg_rh=false \
     -Dtests=yes \
@@ -238,7 +242,7 @@ FILES:${PN}-daemon += " \
     ${systemd_system_unitdir} \
 "
 RRECOMMENDS:${PN}-daemon += "\
-    iptables \
+    ${NETWORKMANAGER_FIREWALL_DEFAULT} \
     ${@bb.utils.filter('PACKAGECONFIG', 'dnsmasq', d)} \
 "
 INITSCRIPT_NAME:${PN}-daemon = "network-manager"
-- 
2.35.3

[meta-networking][PATCH 4/5] networkmanager: udpate to 1.38.0

[Adrian Freihofer]

* Add support for route type "throw".
* Fix bug setting priority for IP addresses.
* Static IPv6 addresses from "ipv6.addresses" are now preferred over
  addresses from DHCPv6, which are preferred over addresses from autoconf.
  This affects IPv6 source address selection, if the rules from
  RFC 6724, section 5 don't give a exhaustive match.
* Static IPv6 addresses from "ipv6.addresses" are now interpreted with
  first address being preferred. Their order got inverted. This is now
  consistent with IPv4.
* Wi-Fi hotspots will use a (stable) random channel number unless one is
  chosen manually.
* Don't use unsupported SAE/WPA3 mode for AP mode.
* NetworkManager will no longer advertise frequencies as supported when
  they're disallowed in configured regulatory domain.
* Attempt to connect to WEP-encrypted Wi-Fi network will now fail
  gracefully with a recent version of wpa_supplicant when built
  without WEP support. As long as wpa_supplicant supports WEP,
  NetworkManager will continue to work.
* Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the NIC
  does not support PMF. This is known to cause problems in some setups. It
  is still possible to explicitly configure wifi.key-mgmt=sae for WPA3.
* Add new dummy crypto backend "null" that does nothing. NetworkManager
  uses the crypto library when handling certificates for 802.1x profiles.
* Veth devices with name "eth*" are now managed by default via the
  udev rule. This is to support managing the network in LXD containers.
* The hostname received from DHCP is now shortened to the first dot
  (or to 64 characters, whatever comes first) if it's too long.
* As the insecure WEP encryption for Wi-Fi network is phased out,
  nmcli now discourages its use when activating or modifying a
  profile.
* Fix connectivity checks in case the check endpoint address resolves to
  multiple addresses.
* Workaround libcurl blocking NetworkManager while resolving DNS names.
* nmcli: indicate missing Wi-Fi hardware when showing rfkill setting.
* nmcli: add connection migrate command to move a profile to a specified
  settings plugin. This allows to convert profiles in the deprecated ifcfg-rh
  format to keyfile.
* Set "src" attribute for routes from DHCPv4 to the leased address. This
  helps with source address selection.
* Updated translations.
* Various bugfixes and internal improvements.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
 ...t-add-dependency-libnm_client_public.patch | 34 -------------------
 ...ger_1.36.2.bb => networkmanager_1.38.0.bb} |  4 +--
 2 files changed, 2 insertions(+), 36 deletions(-)
 delete mode 100644 meta-networking/recipes-connectivity/networkmanager/networkmanager/0001-libnm-client-test-add-dependency-libnm_client_public.patch
 rename meta-networking/recipes-connectivity/networkmanager/{networkmanager_1.36.2.bb => networkmanager_1.38.0.bb} (98%)

diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager/0001-libnm-client-test-add-dependency-libnm_client_public.patch b/meta-networking/recipes-connectivity/networkmanager/networkmanager/0001-libnm-client-test-add-dependency-libnm_client_public.patch
deleted file mode 100644
index 6be2d4bed1..0000000000
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager/0001-libnm-client-test-add-dependency-libnm_client_public.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7b5dc04e1fcc28dc653fb7bf0e9dda3700d93218 Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Tue, 3 May 2022 15:30:37 +0800
-Subject: [PATCH] libnm-client-test: add dependency libnm_client_public_dep
-
-Fix parallel build error:
-| In file included from ../NetworkManager-1.36.0/src/libnm-client-test/nm-test-utils-impl.c:10:
-| ../NetworkManager-1.36.0/src/libnm-client-public/NetworkManager.h:47:10: fatal error: nm-enum-types.h: No such file or directory
-|    47 | #include "nm-enum-types.h"
-|       |          ^~~~~~~~~~~~~~~~~
-
-Upstream-Status: Submitted
-[https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1206]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/libnm-client-test/meson.build | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/libnm-client-test/meson.build b/src/libnm-client-test/meson.build
-index 8e2fba1130..bcac437702 100644
---- a/src/libnm-client-test/meson.build
-+++ b/src/libnm-client-test/meson.build
-@@ -13,6 +13,7 @@ libnm_client_test = static_library(
-   ],
-   dependencies: [
-     libnm_core_public_dep,
-+    libnm_client_public_dep,
-     glib_dep,
-   ],
- )
--- 
-2.25.1
-
diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
similarity index 98%
rename from meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
rename to meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
index 55eb3e7024..d52ad6e6ce 100644
--- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
+++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.38.0.bb
@@ -30,9 +30,8 @@ SRC_URI = " \
     file://enable-dhcpcd.conf \
     file://enable-iwd.conf \
     file://0001-do-not-ask-host-for-ifcfg-defaults.patch \
-    file://0001-libnm-client-test-add-dependency-libnm_client_public.patch \
 "
-SRC_URI[sha256sum] = "ab855cbe3b41832e9a3b003810e7c7313dfe19e630d29806d14d87fdd1470cab"
+SRC_URI[sha256sum] = "82a4cf07ddfeb0816787b67c0f5058ae6c50d6259c0b0541a24e35156062b2ef"
 
 S = "${WORKDIR}/NetworkManager-${PV}"
 
@@ -92,6 +91,7 @@ PACKAGECONFIG[dnsmasq] = "-Ddnsmasq=${bindir}/dnsmasq"
 PACKAGECONFIG[nss] = "-Dcrypto=nss,,nss"
 PACKAGECONFIG[resolvconf] = "-Dresolvconf=${base_sbindir}/resolvconf,-Dresolvconf=no,,resolvconf"
 PACKAGECONFIG[gnutls] = "-Dcrypto=gnutls,,gnutls"
+PACKAGECONFIG[crypto-null] = "-Dcrypto=null"
 PACKAGECONFIG[wifi] = "-Dwext=true -Dwifi=true,-Dwext=false -Dwifi=false"
 PACKAGECONFIG[iwd] = "-Diwd=true,-Diwd=false"
 PACKAGECONFIG[ifupdown] = "-Difupdown=true,-Difupdown=false"
-- 
2.35.3

[meta-networking][PATCH 5/5] modemmanager: update to 1.18.8

[Adrian Freihofer]

* A new connection status dispatcher setup is provided, where users can
   provide custom scripts that will be called on bearer connect/disconnect
   events. This dispatcher will make the netifd integration in openwrt work
   much better, as we'll be able to report network-initiated disconnections
   cleanly to netifd.

   There are no default connection status dispatcher scripts installed, but
   it's suggested distributions make sure the following directories exist:
     - ${sysconfdir}/ModemManager/connection.d/
     - ${libdir}/ModemManager/connection.d/

 * API:
   ** Add missing Simple interface definitions in ModemManager-names.h.

 * Build:
   ** meson: fix daemon enums dependencies.
   ** meson: fix port enums includes.
   ** meson: fix 'export_packages' in GIR setup.
   ** meson: fix simtech plugin module name.
   ** systemd: don't run ModemManager in containers.

 * Core:
   ** serial: ensure the port object is valid after BUFFER_FULL handling.
   ** netlink: use unaligned netlink attribute length.
   ** netlink: only change IFF_UP flag.
   ** bearer: match unknown auth to chap in loose comparisons.
   ** charsets: return error if UTF-8 validation fails.
   ** fcc-unlock: make scripts POSIX shell compatible.
   ** modem-helpers: consider minimum ID when choosing best profile.
   ** modem-helpers: fix reading <Act> given in COPS=? responses.
   ** sms: prevent crash if date is out of range.
   ** profile-manager: fix copy-paste error on tags for quarks.

 * QMI:
   ** Ignore slot status indications until initial status is known.
   ** Return error when loading capabilities if none is found.

 * MBIM:
   ** Default initial EPS bearer's auth to chap when unknown.
   ** Update default error when network error is out of range.

 * mmcli:
   ** Fix key length when printing list of items.

 * Plugins:
   ** linktop: new port type hints.
   ** cinterion: add support for PLSx3w modems
   ** huawei: disable +CPOL based features in Huawei E226

 * Several other minor improvements and fixes.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
 ...-shell-scripts-to-use-bin-sh-for-use.patch |  42 ++++----
 ...-Make-scripts-POSIX-shell-compatible.patch | 100 ------------------
 ...nager_1.18.6.bb => modemmanager_1.18.8.bb} |   5 +-
 3 files changed, 24 insertions(+), 123 deletions(-)
 delete mode 100644 meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
 rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.18.6.bb => modemmanager_1.18.8.bb} (92%)

diff --git a/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch b/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
index 7c3e7750af..914760512a 100644
--- a/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
+++ b/meta-oe/recipes-connectivity/modemmanager/files/0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
@@ -1,42 +1,44 @@
-From f7a3292c1c753b29384e216693f51a4213fea7d0 Mon Sep 17 00:00:00 2001
+From 35173fa04d0116ba30a86dc1a19f859f2be14a24 Mon Sep 17 00:00:00 2001
 From: "Bruce A. Johnson" <waterfordtrack@gmail.com>
 Date: Wed, 22 Dec 2021 14:24:02 -0500
-Subject: [PATCH 1/2] core: switch bash shell scripts to use /bin/sh for use
+Subject: [PATCH] core: switch bash shell scripts to use /bin/sh for use
  w/Busybox.
 
 Fixes https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/483
+
+%% original patch: 0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch
 ---
- data/fcc-unlock/105b           | 2 +-
- data/fcc-unlock/1199           | 2 +-
- data/fcc-unlock/1eac           | 2 +-
- test/mmcli-test-sms            | 2 +-
- tools/tests/test-wrapper.sh.in | 2 +-
+ data/dispatcher-fcc-unlock/105b | 2 +-
+ data/dispatcher-fcc-unlock/1199 | 2 +-
+ data/dispatcher-fcc-unlock/1eac | 2 +-
+ test/mmcli-test-sms             | 2 +-
+ tools/tests/test-wrapper.sh.in  | 2 +-
  5 files changed, 5 insertions(+), 5 deletions(-)
 
-diff --git a/data/fcc-unlock/105b b/data/fcc-unlock/105b
-index 21fe5329..f276050f 100644
---- a/data/fcc-unlock/105b
-+++ b/data/fcc-unlock/105b
+diff --git a/data/dispatcher-fcc-unlock/105b b/data/dispatcher-fcc-unlock/105b
+index 444bd51f..772c90f4 100644
+--- a/data/dispatcher-fcc-unlock/105b
++++ b/data/dispatcher-fcc-unlock/105b
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
  
  # SPDX-License-Identifier: CC0-1.0
  # 2021 Aleksander Morgado <aleksander@aleksander.es>
-diff --git a/data/fcc-unlock/1199 b/data/fcc-unlock/1199
-index 0109c6ab..e1d3804c 100644
---- a/data/fcc-unlock/1199
-+++ b/data/fcc-unlock/1199
+diff --git a/data/dispatcher-fcc-unlock/1199 b/data/dispatcher-fcc-unlock/1199
+index 83ab2c9e..6dbf8d1b 100644
+--- a/data/dispatcher-fcc-unlock/1199
++++ b/data/dispatcher-fcc-unlock/1199
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
  
  # SPDX-License-Identifier: CC0-1.0
  # 2021 Aleksander Morgado <aleksander@aleksander.es>
-diff --git a/data/fcc-unlock/1eac b/data/fcc-unlock/1eac
-index 1068d9c2..d9342852 100644
---- a/data/fcc-unlock/1eac
-+++ b/data/fcc-unlock/1eac
+diff --git a/data/dispatcher-fcc-unlock/1eac b/data/dispatcher-fcc-unlock/1eac
+index 1a048dc8..44ce46d7 100644
+--- a/data/dispatcher-fcc-unlock/1eac
++++ b/data/dispatcher-fcc-unlock/1eac
 @@ -1,4 +1,4 @@
 -#!/bin/bash
 +#!/bin/sh
@@ -64,5 +66,5 @@ index d64ea4cb..fcdb56de 100644
  # For debugging behavior of test-modemmanager-service.py, you can modify
  # this line to add --log-file option
 -- 
-2.34.1
+2.35.3
 
diff --git a/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch b/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
deleted file mode 100644
index d911d54ce4..0000000000
--- a/meta-oe/recipes-connectivity/modemmanager/files/0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From ddf634b92bf96b35f521db6da329628b4525c2eb Mon Sep 17 00:00:00 2001
-From: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
-Date: Fri, 25 Feb 2022 21:37:13 +0100
-Subject: [PATCH 2/2] fcc-unlock: Make scripts POSIX shell compatible
-
-This allows us to not rely on bash which may not be available on
-constrained systems, e.g. Yocto-built embedded systems. The scripts now
-pass shellcheck.
-
-Signed-off-by: Sven Schwermer <sven.schwermer@disruptive-technologies.com>
----
- data/fcc-unlock/105b | 8 ++++----
- data/fcc-unlock/1199 | 6 +++---
- data/fcc-unlock/1eac | 8 ++++----
- 3 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/data/fcc-unlock/105b b/data/fcc-unlock/105b
-index f276050f..772c90f4 100644
---- a/data/fcc-unlock/105b
-+++ b/data/fcc-unlock/105b
-@@ -15,20 +15,20 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
-   # match port type in Linux 5.14 and newer
--  grep -q MBIM /sys/class/wwan/${PORT}/type 2>/dev/null && {
-+  grep -q MBIM "/sys/class/wwan/$PORT/type" 2>/dev/null && {
-     MBIM_PORT=$PORT
-     break
-   }
-   # match port name in Linux 5.13
--  [[ $PORT == *"MBIM"* ]] && {
-+  echo "$PORT" | grep -q MBIM && {
-     MBIM_PORT=$PORT
-     break
-   }
- done
- 
- # fail if no MBIM port exposed
--[ -n "${MBIM_PORT}" ] || exit 2
-+[ -n "$MBIM_PORT" ] || exit 2
- 
- # run qmicli operation over MBIM
--qmicli --device-open-proxy --device=/dev/${MBIM_PORT} --dms-foxconn-set-fcc-authentication=0
-+qmicli --device-open-proxy --device="/dev/$MBIM_PORT" --dms-foxconn-set-fcc-authentication=0
- exit $?
-diff --git a/data/fcc-unlock/1199 b/data/fcc-unlock/1199
-index e1d3804c..6dbf8d1b 100644
---- a/data/fcc-unlock/1199
-+++ b/data/fcc-unlock/1199
-@@ -19,15 +19,15 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
-   # match port name
--  [[ $PORT == *"cdc-wdm"* ]] && {
-+  echo "$PORT" | grep -q cdc-wdm && {
-     CDC_WDM_PORT=$PORT
-     break
-   }
- done
- 
- # fail if no cdc-wdm port exposed
--[ -n "${CDC_WDM_PORT}" ] || exit 2
-+[ -n "$CDC_WDM_PORT" ] || exit 2
- 
- # run qmicli operation
--qmicli --device-open-proxy --device=/dev/${CDC_WDM_PORT} --dms-set-fcc-authentication
-+qmicli --device-open-proxy --device="/dev/$CDC_WDM_PORT" --dms-set-fcc-authentication
- exit $?
-diff --git a/data/fcc-unlock/1eac b/data/fcc-unlock/1eac
-index d9342852..44ce46d7 100644
---- a/data/fcc-unlock/1eac
-+++ b/data/fcc-unlock/1eac
-@@ -15,20 +15,20 @@ shift
- # second and next arguments are control port names
- for PORT in "$@"; do
-   # match port type in Linux 5.14 and newer
--  grep -q MBIM /sys/class/wwan/${PORT}/type 2>/dev/null && {
-+  grep -q MBIM "/sys/class/wwan/$PORT/type" 2>/dev/null && {
-     MBIM_PORT=$PORT
-     break
-   }
-   # match port name in Linux 5.13
--  [[ $PORT == *"MBIM"* ]] && {
-+  echo "$PORT" | grep -q MBIM && {
-     MBIM_PORT=$PORT
-     break
-   }
- done
- 
- # fail if no MBIM port exposed
--[ -n "${MBIM_PORT}" ] || exit 2
-+[ -n "$MBIM_PORT" ] || exit 2
- 
- # run mbimcli operation
--mbimcli --device-open-proxy --device=/dev/${MBIM_PORT} --quectel-set-radio-state=on
-+mbimcli --device-open-proxy --device="/dev/$MBIM_PORT" --quectel-set-radio-state=on
- exit $?
--- 
-2.34.1
-
diff --git a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb
similarity index 92%
rename from meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb
rename to meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb
index 14d9942c02..28f81ba6e5 100644
--- a/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.6.bb
+++ b/meta-oe/recipes-connectivity/modemmanager/modemmanager_1.18.8.bb
@@ -12,13 +12,12 @@ inherit gnomebase gettext systemd gobject-introspection bash-completion
 
 DEPENDS = "glib-2.0 libgudev libxslt-native dbus"
 
-SRCREV ?= "a7bcf2036b34d5043dbc33fee7d98bae5859c4d3"
+SRCREV ?= "0d8b5e93fc62eb0f41e18a2d9d845331d7af36ec"
 
-# Patches 0001, 0002 will be in ModemManager > 1.18.6
+# Patch 0001 will be in ModemManager > 1.19
 SRC_URI = " \
     git://gitlab.freedesktop.org/mobile-broadband/ModemManager.git;protocol=https;branch=mm-1-18 \
     file://0001-core-switch-bash-shell-scripts-to-use-bin-sh-for-use.patch \
-    file://0002-fcc-unlock-Make-scripts-POSIX-shell-compatible.patch \
 "
 
 S = "${WORKDIR}/git"
-- 
2.35.3

Re: [oe] [meta-networking][PATCH 3/5] networkmanager: use nftables by default

[Andreas Müller]

Hi Adrian,

just out of curiosity: Why do you suggest to prefer nftables over iptables?

Andreas

On Tue, Jun 7, 2022 at 12:01 AM Adrian Freihofer
<adrian.freihofer@gmail.com> wrote:
>
> From NEWS file of netowrkmanager 1.32:
>
> firewall: add nftables firewall backend for configuring IPv4 NAT with
> shared mode. Now two backends are supported, "iptables" and "nftables".
> The default gets detected based on whether /usr/sbin/nft or
> /usr/sbin/iptables is installed, with nftables preferred.
>
> With this change nftables is not the prefered backend also with OE. But
> it's still possible to set NETWORKMANAGER_FIREWALL_DEFAULT back to
> iptables.
>
> Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
> ---
>  .../networkmanager/networkmanager_1.36.2.bb                 | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
> index 9fc43dceb5..55eb3e7024 100644
> --- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
> +++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
> @@ -42,6 +42,10 @@ NETWORKMANAGER_DNS_RC_MANAGER_DEFAULT ??= "auto"
>  # ['dhcpcanon', 'dhclient', 'dhcpcd', 'internal', 'nettools']
>  NETWORKMANAGER_DHCP_DEFAULT ??= "internal"
>
> +# The default gets detected based on whether /usr/sbin/nft or /usr/sbin/iptables is installed, with nftables preferred.
> +# ['', 'iptables', 'nftables']
> +NETWORKMANAGER_FIREWALL_DEFAULT ??= "nftables"
> +
>  EXTRA_OEMESON = "\
>      -Difcfg_rh=false \
>      -Dtests=yes \
> @@ -238,7 +242,7 @@ FILES:${PN}-daemon += " \
>      ${systemd_system_unitdir} \
>  "
>  RRECOMMENDS:${PN}-daemon += "\
> -    iptables \
> +    ${NETWORKMANAGER_FIREWALL_DEFAULT} \
>      ${@bb.utils.filter('PACKAGECONFIG', 'dnsmasq', d)} \
>  "
>  INITSCRIPT_NAME:${PN}-daemon = "network-manager"
> --
> 2.35.3
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#97434): https://lists.openembedded.org/g/openembedded-devel/message/97434
> Mute This Topic: https://lists.openembedded.org/mt/91588569/3617609
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [schnitzeltony@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [oe] [meta-networking][PATCH 3/5] networkmanager: use nftables by default

[Khem Raj]

On Tue, Jun 7, 2022 at 10:26 AM Adrian Freihofer
<adrian.freihofer@gmail.com> wrote:
>
> Hi Andreas
>
> Good question. I changed it back and forth before I sent it to the
> mailing list. I finally changed it to the NetworkManager defaults (they
> changed it a few versions ago). I think it can easily be changed back.
> And after the LTS release, it's a good time to point out that nftables
> should be considered for future builds.

I think if defaults have changed to use nftables then this change is fine.

>
> But there is no strong argument for it. I'm also fine to put it on
> iptables.
>
> Maybe a distro feature to set a preference for iptables or nftables
> would also be useful. There are now various packages that support both
> configurably.
>
> Regards,
> Adrian
>
> On Tue, 2022-06-07 at 09:29 +0200, Andreas Müller wrote:
> > Hi Adrian,
> >
> > just out of curiosity: Why do you suggest to prefer nftables over iptables?
> >
> > Andreas
> >
> > On Tue, Jun 7, 2022 at 12:01 AM Adrian Freihofer
> > <adrian.freihofer@gmail.com> wrote:
> > >
> > > From NEWS file of netowrkmanager 1.32:
> > >
> > > firewall: add nftables firewall backend for configuring IPv4 NAT with
> > > shared mode. Now two backends are supported, "iptables" and "nftables".
> > > The default gets detected based on whether /usr/sbin/nft or
> > > /usr/sbin/iptables is installed, with nftables preferred.
> > >
> > > With this change nftables is not the prefered backend also with OE. But
> > > it's still possible to set NETWORKMANAGER_FIREWALL_DEFAULT back to
> > > iptables.
> > >
> > > Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
> > > ---
> > >  .../networkmanager/networkmanager_1.36.2.bb                 | 6 +++++-
> > >  1 file changed, 5 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
> > > index 9fc43dceb5..55eb3e7024 100644
> > > --- a/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
> > > +++ b/meta-networking/recipes-connectivity/networkmanager/networkmanager_1.36.2.bb
> > > @@ -42,6 +42,10 @@ NETWORKMANAGER_DNS_RC_MANAGER_DEFAULT ??= "auto"
> > >  # ['dhcpcanon', 'dhclient', 'dhcpcd', 'internal', 'nettools']
> > >  NETWORKMANAGER_DHCP_DEFAULT ??= "internal"
> > >
> > > +# The default gets detected based on whether /usr/sbin/nft or /usr/sbin/iptables is installed, with nftables preferred.
> > > +# ['', 'iptables', 'nftables']
> > > +NETWORKMANAGER_FIREWALL_DEFAULT ??= "nftables"
> > > +
> > >  EXTRA_OEMESON = "\
> > >      -Difcfg_rh=false \
> > >      -Dtests=yes \
> > > @@ -238,7 +242,7 @@ FILES:${PN}-daemon += " \
> > >      ${systemd_system_unitdir} \
> > >  "
> > >  RRECOMMENDS:${PN}-daemon += "\
> > > -    iptables \
> > > +    ${NETWORKMANAGER_FIREWALL_DEFAULT} \
> > >      ${@bb.utils.filter('PACKAGECONFIG', 'dnsmasq', d)} \
> > >  "
> > >  INITSCRIPT_NAME:${PN}-daemon = "network-manager"
> > > --
> > > 2.35.3
> > >
> > >
> > >
> > >
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#97441): https://lists.openembedded.org/g/openembedded-devel/message/97441
> Mute This Topic: https://lists.openembedded.org/mt/91588569/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [oe] [meta-networking][PATCH 3/5] networkmanager: use nftables by default

[Andreas Müller]

On Tue, Jun 7, 2022 at 7:26 PM Adrian Freihofer
<adrian.freihofer@gmail.com> wrote:
>
> Hi Andreas
>
> Good question. I changed it back and forth before I sent it to the
> mailing list. I finally changed it to the NetworkManager defaults (they
> changed it a few versions ago). I think it can easily be changed back.
> And after the LTS release, it's a good time to point out that nftables
> should be considered for future builds.
>
> But there is no strong argument for it. I'm also fine to put it on
> iptables.
>
> Maybe a distro feature to set a preference for iptables or nftables
> would also be useful. There are now various packages that support both
> configurably.
>
Thanks for detailed backgrounds and i am fine in following their
suggestion and in case of issues it is simple to undo.

Cheers,

Andreas