After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 737687 - build: Allow to build without firewalld support
build: Allow to build without firewalld support
Status: RESOLVED WONTFIX
Product: NetworkManager
Classification: Platform
Component: nm-connection-editor
unspecified
Other All
: Normal normal
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2014-09-30 22:33 UTC by Dominique Leuenberger
Modified: 2018-10-19 15:26 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
build: Allow to build without firewalld support (4.00 KB, patch)
2014-09-30 22:33 UTC, Dominique Leuenberger 		none Details | Review

Description Dominique Leuenberger 2014-09-30 22:33:21 UTC 
Not all distributions ship firewalld (e.g. openSUSE). The firewall zone
configuration in nm-connection-editor gives warnings about dbus service
not reachable.

Add a --without-firewalld option to configure to build without those
features. Default, if not specified, is to enable firewalld support,
as-is.
Comment 1 Dominique Leuenberger 2014-09-30 22:33:23 UTC 
Created attachment 287487 [details] [review]
build: Allow to build without firewalld support
Comment 2 Dan Winship 2014-10-01 13:56:59 UTC 
Actually, lots of people disable firewalld even on distros that do support it, so it would be better if we dealt with this better at runtime.
Comment 3 Dominique Leuenberger 2014-10-08 16:37:11 UTC 
(In reply to comment #2)
> Actually, lots of people disable firewalld even on distros that do support it,
> so it would be better if we dealt with this better at runtime.

Runtime detection would of course be even nicer, agreed.
Comment 4 Thomas Haller 2014-10-08 17:07:48 UTC 
Maybe do it similar to polkit authentication?



Usually polkit support is compiled in.

There is a configuration option 
[main]
polkit-auth=yes|no


If you omit the configuration value, the default value is used.
The default value is a configure option:

./configure --enable-polkit=yes (set "yes" as default)
./configure --enable-polkit=no (set "no" as default)

you can also
./configure --enable-polkit=disabled
In this case, some code paths are excluded with #ifs, and trying to enable polkit-auth=yes will have no effect (except a warning in the log file).


Compare: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=4cc3c6ab71cc9d89c3345752bd26262d60f636e4





Replace: s/polkit/firewalld/

If you disable firewalld via config option, NM should not try to do anything with the firewalld DBUS interface, but the user still could enable it.
If you enable it, but there are failures (because firewalld is not running), NM should log an <error> message (as it does now).
Comment 5 Thomas Haller 2018-10-19 15:26:18 UTC 
Note that firewalld support has no additional dependencies. It uses plain D-Bus, so not compiling firewalld support at best saves a few bytes or binary size and runtime memory. I don't think it is worth it, because it doesn't reduce the dependency chain of NetworkManager.

also, it does seem to me that firewalld is the only notable contender for this job. And NetworkManager would need to use it more for a good expirience. Hopefully, adoption of firewalld is increasing further (said, in 2018 :) ).


Similarly, for polkit I removed the option to compile without polkit support, for the same reasons. See https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=41abf9f8e81423eff0ef888d17a5454d0b5750bf


I am closing this as WONTFIX.


Note, that the expirience of NetworkManager and not running firewalld, should be already good as-is.


Please re-open if you disagree and we can discuss it more. Thanks.