Merge pull request #1205 from Luap99/v1.14

[v1.14] Release 1.14.1
2026-02-05 06:45:56 +01:00 · 2025-03-18 14:09:57 +00:00
parent 2af90449f3 8711e83883
commit 0d623ce702
9 changed files with 59 additions and 19 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -22,6 +22,7 @@ env:
    AARDVARK_DNS_URL: "https://api.cirrus-ci.com/v1/artifact/github/containers/aardvark-dns/success/binary.zip?branch=${AARDVARK_DNS_BRANCH}"
    FEDORA_NETAVARK_AARCH64_AMI: "fedora-netavark-aws-arm64-${IMAGE_SUFFIX}"
    EC2_INST_TYPE: "t4g.xlarge"
+    NETAVARK_UPSTREAM: "1"


 gcp_credentials: ENCRYPTED[d6efdb7d6d4c61e3831df2193ca6348bb02f26cd931695f69d41930b1965f7dab72a838ca0902f6ed8cde66c7deddae2]
@@ -257,10 +258,8 @@ success_task:
    API_URL_BASE: "https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID}"
    EXP_BINS: >-
        netavark
-        netavark.debug
        netavark.info
        netavark.aarch64-unknown-linux-gnu
-        netavark.debug.aarch64-unknown-linux-gnu
        netavark.info.aarch64-unknown-linux-gnu
  clone_script: *noop
  bin_cache: *ro_bin_cache
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1433,7 +1433,7 @@ checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03"

 [[package]]
 name = "netavark"
-version = "1.14.0"
+version = "1.14.1"
 dependencies = [
 "anyhow",
 "chrono",
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "netavark"
-version = "1.14.0"
+version = "1.14.1"
 edition = "2021"
 authors = ["github.com/containers"]
 license = "Apache-2.0"
--- a/20
+++ b/20
@@ -29,6 +29,8 @@ CARGO ?= cargo
 CARGO_TARGET_DIR ?= targets
 export CARGO_TARGET_DIR  # 'cargo' is sensitive to this env. var. value.

+SOURCES = src/** Cargo.toml Cargo.lock
+
 ifdef debug
 $(info debug is $(debug))
  # These affect both $(CARGO_TARGET_DIR) layout and contents
@@ -41,7 +43,7 @@ else
 endif

 .PHONY: all
-all: build
+all: build docs

 bin:
 	mkdir -p $@
@@ -50,12 +52,13 @@ $(CARGO_TARGET_DIR):
 	mkdir -p $@

 .PHONY: build
-build: build_netavark build_proxy_client
+build: bin/netavark

-.PHONY: build_netavark
-build_netavark: bin $(CARGO_TARGET_DIR)
+bin/netavark: $(SOURCES) bin $(CARGO_TARGET_DIR)
 	$(CARGO) build $(release)
-	cp $(CARGO_TARGET_DIR)/$(profile)/netavark bin/netavark$(if $(debug),.debug,)
+	cp $(CARGO_TARGET_DIR)/$(profile)/netavark bin/netavark
+	cp $(CARGO_TARGET_DIR)/$(profile)/netavark-dhcp-proxy-client bin/netavark-dhcp-proxy-client
+

 .PHONY: examples
 examples: bin $(CARGO_TARGET_DIR)
@@ -104,10 +107,12 @@ install: $(NV_UNIT_FILES)

 .PHONY: uninstall
 uninstall:
+	$(MAKE) -C docs uninstall
 	rm -f $(DESTDIR)$(LIBEXECPODMAN)/netavark
 	rm -f $(PREFIX)/share/man/man1/netavark*.1
 	rm -f ${DESTDIR}${SYSTEMDDIR}/netavark-dhcp-proxy.service
 	rm -f ${DESTDIR}${SYSTEMDDIR}/netavark-dhcp-proxy.socket
+	rm -f ${DESTDIR}${SYSTEMDDIR}/netavark-firewalld-reload.service

 .PHONY: test
 test: unit integration
@@ -152,8 +157,3 @@ mock-rpm:
 .PHONY: help
 help:
 	@echo "usage: make $(prog) [debug=1]"
-
-.PHONY: build_proxy_client
-build_proxy_client: bin $(CARGO_TARGET_DIR)
-	$(CARGO) build --bin netavark-dhcp-proxy-client $(release)
-	cp $(CARGO_TARGET_DIR)/$(profile)/netavark-dhcp-proxy-client bin/netavark-dhcp-proxy-client$(if $(debug),.debug,)
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,5 +1,11 @@
 # Release Notes

+## v1.14.1
+
+* Fixed an issue where the Makefile did not install the `netavark-firewalld(7)` man page. ([#1179](https://github.com/containers/netavark/issues/1179))
+* Fixed the detection of Firewalld's StrictForwardPorts property.
+* Upstream tests no longer check for the commit sha in the version output by default so downstream tests on packaged versions without the commit info can pass.
+
 ## v1.14.0

 * bridge: Add support for a new option called `mode`. When set to `unmanaged` only the veth pair and ip addresses are setup. The bridge must exist and no firewall or sysctl setting will be configured in this mode. ([#1090](https://github.com/containers/netavark/issues/1090))
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -19,9 +19,9 @@ _run_noarg() {
 _run_build() {
    # Assume we're on a fast VM, compile everything needed by the
    # rest of CI since subsequent tasks may have limited resources.
-    make all debug=1
    make build_unit  # reuses some debug binaries
    make all  # optimized/non-debug binaries
+    make examples # build the examples binaries needed by the integration tests
    # This will get scooped up and become part of the artifact archive.
    # Identify where the binary came from to benefit downstream consumers.
    cat | tee bin/netavark.info << EOF
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -17,12 +17,17 @@ docs: $(patsubst %.md,%,$(wildcard *.[0-9].md))
 	$(GO) install github.com/cpuguy83/go-md2man/v2@latest

 .PHONY: install
-install:
+install: docs
 	install -d ${DESTDIR}/${MANDIR}/man1
 	install -m 0644 *.1 ${DESTDIR}/${MANDIR}/man1
 	install -d ${DESTDIR}/${MANDIR}/man7
 	install -m 0644 *.7 ${DESTDIR}/${MANDIR}/man7

+.PHONY: uninstall
+uninstall:
+	rm -f ${DESTDIR}/${MANDIR}/man1/*.1
+	rm -f ${DESTDIR}/${MANDIR}/man7/*.7
+
 .PHONY: clean
 clean:
-	$(RM) *.1
+	$(RM) *.1 *.7
--- a/src/firewall/firewalld.rs
+++ b/src/firewall/firewalld.rs
@@ -1062,7 +1062,35 @@ pub fn is_firewalld_strict_forward_enabled(dbus_con: &Option<Connection>) -> boo
        "Get",
        &("org.fedoraproject.FirewallD1.config", "StrictForwardPorts"),
    ) {
-        Ok(b) => b.body().deserialize().unwrap_or(false),
+        Ok(b) => {
+            let variant_str: String = match b.body().deserialize::<Value>() {
+                Ok(v) => match v.downcast::<String>() {
+                    Ok(s) => s,
+                    Err(e) => {
+                        warn!(
+                            "couldn't downcast StrictForwardPorts value to string: {}",
+                            e
+                        );
+                        return false;
+                    }
+                },
+                Err(e) => {
+                    warn!("couldn't retrieve StrictForwardPorts property: {}", e);
+                    return false;
+                }
+            };
+            match variant_str.to_lowercase().as_str() {
+                "yes" => true,
+                "no" => false,
+                other => {
+                    warn!(
+                        "unexpected value from StrictForwardPorts property: {}",
+                        other
+                    );
+                    false
+                }
+            }
+        }
        Err(_) => {
            // Assume any error is related to the property not existing
            // (As it will not on older firewalld versions)
--- a/test/001-basic.bats
+++ b/test/001-basic.bats
@@ -12,7 +12,9 @@ load helpers
    run_netavark version
    json="$output"
    assert_json "$json" ".version" =~ "^1\.[0-9]+\.[0-9]+(-rc[0-9]|-dev)?" "correct version"
-    assert_json "$json" ".commit" =~ "[0-9a-f]{40}" "shows commit sha"
+    if [ -n "$NETAVARK_UPSTREAM" ]; then
+        assert_json "$json" ".commit" =~ "[0-9a-f]{40}" "shows commit sha"
+    fi
    assert_json "$json" ".build_time" =~ "20.*" "show build date"
    assert_json "$json" ".target" =~ ".*" "contains target string"
 }