Accepting request 1325359 from GNOME:Factory

- Use tmpfiles to create /var/lib/NetworkManager/ (PED-14769). (forwarded request 1325256 from JonathanKang)

OBS-URL: https://build.opensuse.org/request/show/1325359
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/NetworkManager?expand=0&rev=290

00-server.conf

@@ -0,0 +1,7 @@
+# This configuration file disables automatic (DHCP/SLAAC) configuration
+# on ethernet devices with no other matching connections.
+#
+# See "man NetworkManager.conf" for more information about this key.
+
+[main]
+no-auto-default=*

0001-Coerce-connectivity-LIMITED-to-NONE-when-device-is-d.patch

@@ -12,11 +12,11 @@ Fixes #138
  src/devices/nm-device.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
-Index: NetworkManager-1.44.0/src/core/devices/nm-device.c
+Index: NetworkManager-1.54.0/src/core/devices/nm-device.c
 ===================================================================
---- NetworkManager-1.44.0.orig/src/core/devices/nm-device.c
-+++ NetworkManager-1.44.0/src/core/devices/nm-device.c
-@@ -5945,7 +5945,8 @@ concheck_update_state(NMDevice
+--- NetworkManager-1.54.0.orig/src/core/devices/nm-device.c
++++ NetworkManager-1.54.0/src/core/devices/nm-device.c
+@@ -6604,7 +6604,8 @@ concheck_update_state(NMDevice
                  state = NM_CONNECTIVITY_LIMITED;
          } else
              state = NM_CONNECTIVITY_NONE;

0001-man-document-static-ip-setup-differences-to-dracut-n.patch

@@ -0,0 +1,35 @@
+From b2abb374a7e1500df73db4f6a93fa178c426db0a Mon Sep 17 00:00:00 2001
+From: Thomas Blume <Thomas.Blume@suse.com>
+Date: Wed, 11 Jun 2025 07:35:46 +0200
+Subject: [PATCH] man: document static ip setup differences to dracut
+ network-legacy
+
+---
+ man/nm-initrd-generator.xml | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/man/nm-initrd-generator.xml b/man/nm-initrd-generator.xml
+index 312edff2ee..c4ea8baf8f 100644
+--- a/man/nm-initrd-generator.xml
++++ b/man/nm-initrd-generator.xml
+@@ -193,6 +193,18 @@
+         NetworkManager doesn't.</para>
+       </listitem>
+ 
++      <listitem>
++        <para>When an interface is configured with a static address,
++        there is no need to disable autoconf via parameters.
++        The netmask can be give either in four digit dot separated
++        notation or as decimal number network prefix length.
++        For example:
++        <literal>ip=192.168.100.99::192.168.100.222:255.255.255.0:myhost:ens10</literal>,
++        <literal>ip=192.168.100.99::192.168.100.222:24:myhost:ens10</literal>,
++        <literal>ip=[2001:DB8:2::99]::[2001:DB8:2::1]:8:myhost:ens10</literal>.
++        </para>
++      </listitem>
++
+       <listitem>
+         <para>network-legacy configures interfaces one by one in the
+         order in which they are announced by udev. If multiple
+-- 
+2.49.0

2298.patch

@@ -0,0 +1,268 @@
+From c312390932d1f1198baacca0de3c6a01811728a8 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Tue, 14 Oct 2025 10:41:26 +0200
+Subject: [PATCH 1/2] libnm-glib-aux: add temp name argument to
+ nm_utils_file_set_contents()
+
+In some cases it's useful to specify the name of the temporary file to
+be used.
+---
+ src/core/devices/wifi/nm-iwd-manager.c         |  2 +-
+ src/core/main-utils.c                          |  2 +-
+ src/core/nm-core-utils.c                       |  1 +
+ src/core/platform/tests/monitor.c              |  1 +
+ .../plugins/ifcfg-rh/nms-ifcfg-rh-writer.c     |  1 +
+ .../plugins/keyfile/nms-keyfile-utils.c        |  1 +
+ .../plugins/keyfile/nms-keyfile-writer.c       | 10 +++++++++-
+ src/libnm-glib-aux/nm-io-utils.c               | 18 +++++++++++++-----
+ src/libnm-glib-aux/nm-io-utils.h               |  1 +
+ src/nm-initrd-generator/nm-initrd-generator.c  |  2 +-
+ 10 files changed, 30 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/devices/wifi/nm-iwd-manager.c b/src/core/devices/wifi/nm-iwd-manager.c
+index 76a342e206c..bb2e056d39c 100644
+--- a/src/core/devices/wifi/nm-iwd-manager.c
++++ b/src/core/devices/wifi/nm-iwd-manager.c
+@@ -684,7 +684,7 @@ iwd_config_write(GKeyFile              *config,
+      * in the last few filename characters -- it cannot end in .open, .psk
+      * or .8021x.
+      */
+-    return nm_utils_file_set_contents(filepath, data, length, 0600, times, NULL, error);
++    return nm_utils_file_set_contents(filepath, data, length, 0600, times, NULL, NULL, error);
+ }
+ 
+ static const char *
+diff --git a/src/core/main-utils.c b/src/core/main-utils.c
+index 0f62da29024..d1be6814875 100644
+--- a/src/core/main-utils.c
++++ b/src/core/main-utils.c
+@@ -81,7 +81,7 @@ nm_main_utils_write_pidfile(const char *pidfile)
+     char                  pid[16];
+ 
+     nm_sprintf_buf(pid, "%lld", (long long) getpid());
+-    if (!nm_utils_file_set_contents(pidfile, pid, -1, 00644, NULL, NULL, &error)) {
++    if (!nm_utils_file_set_contents(pidfile, pid, -1, 00644, NULL, NULL, NULL, &error)) {
+         fprintf(stderr, _("Writing to %s failed: %s\n"), pidfile, error->message);
+         return FALSE;
+     }
+diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
+index 8b7ee1ddf67..33f53a06358 100644
+--- a/src/core/nm-core-utils.c
++++ b/src/core/nm-core-utils.c
+@@ -2865,6 +2865,7 @@ _host_id_read(guint8 **out_host_id, gsize *out_host_id_len)
+                                                0600,
+                                                NULL,
+                                                NULL,
++                                               NULL,
+                                                &error)) {
+             nm_log_warn(
+                 LOGD_CORE,
+diff --git a/src/core/platform/tests/monitor.c b/src/core/platform/tests/monitor.c
+index c83192bbc92..f413facfcdc 100644
+--- a/src/core/platform/tests/monitor.c
++++ b/src/core/platform/tests/monitor.c
+@@ -186,6 +186,7 @@ ip_again:
+                                00644,
+                                NULL,
+                                NULL,
++                               NULL,
+                                NULL);
+ 
+     nm_log_dbg(LOGD_PLATFORM, "dump to file complete");
+diff --git a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+index 42675cf222e..21908090f73 100644
+--- a/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
++++ b/src/core/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+@@ -320,6 +320,7 @@ write_blobs(GHashTable *blobs, GError **error)
+                                         0600,
+                                         NULL,
+                                         NULL,
++                                        NULL,
+                                         &write_error)) {
+             g_set_error(error,
+                         NM_SETTINGS_ERROR,
+diff --git a/src/core/settings/plugins/keyfile/nms-keyfile-utils.c b/src/core/settings/plugins/keyfile/nms-keyfile-utils.c
+index 7c0e329e2d6..26fb34418d5 100644
+--- a/src/core/settings/plugins/keyfile/nms-keyfile-utils.c
++++ b/src/core/settings/plugins/keyfile/nms-keyfile-utils.c
+@@ -280,6 +280,7 @@ nms_keyfile_nmmeta_write(const char *dirname,
+                                         length,
+                                         0600,
+                                         NULL,
++                                        NULL,
+                                         &errsv,
+                                         NULL)) {
+             NM_SET_OUT(out_full_filename, g_steal_pointer(&full_filename_tmp));
+diff --git a/src/core/settings/plugins/keyfile/nms-keyfile-writer.c b/src/core/settings/plugins/keyfile/nms-keyfile-writer.c
+index b1dd2e446fd..c7c88260790 100644
+--- a/src/core/settings/plugins/keyfile/nms-keyfile-writer.c
++++ b/src/core/settings/plugins/keyfile/nms-keyfile-writer.c
+@@ -133,6 +133,7 @@ cert_writer(NMConnection                     *connection,
+                                              0600,
+                                              NULL,
+                                              NULL,
++                                             NULL,
+                                              &local);
+         if (success) {
+             /* Write the path value to the keyfile.
+@@ -384,7 +385,14 @@ _internal_write_connection(NMConnection                   *connection,
+         }
+     }
+ 
+-    nm_utils_file_set_contents(path, kf_content_buf, kf_content_len, 0600, NULL, NULL, &local_err);
++    nm_utils_file_set_contents(path,
++                               kf_content_buf,
++                               kf_content_len,
++                               0600,
++                               NULL,
++                               NULL,
++                               NULL,
++                               &local_err);
+     if (local_err) {
+         g_set_error(error,
+                     NM_SETTINGS_ERROR,
+diff --git a/src/libnm-glib-aux/nm-io-utils.c b/src/libnm-glib-aux/nm-io-utils.c
+index 9443172b46b..d26ecee4f05 100644
+--- a/src/libnm-glib-aux/nm-io-utils.c
++++ b/src/libnm-glib-aux/nm-io-utils.c
+@@ -415,8 +415,10 @@ nm_utils_file_get_contents(int                         dirfd,
+ 
+ /*
+  * Copied from GLib's g_file_set_contents() et al., but allows
+- * specifying a mode for the new file and optionally the last access
+- * and last modification times.
++ * specifying:
++ * - the file mode (@mode)
++ * - optionally, the last access and modification times (@times)
++ * - optionally, a fixed name for the temporary file (@tmp_name)
+  */
+ gboolean
+ nm_utils_file_set_contents(const char            *filename,
+@@ -424,10 +426,11 @@ nm_utils_file_set_contents(const char            *filename,
+                            gssize                 length,
+                            mode_t                 mode,
+                            const struct timespec *times,
++                           const char            *tmp_name,
+                            int                   *out_errsv,
+                            GError               **error)
+ {
+-    gs_free char *tmp_name = NULL;
++    gs_free char *tmp_name_free = NULL;
+     struct stat   statbuf;
+     int           errsv;
+     gssize        s;
+@@ -442,8 +445,13 @@ nm_utils_file_set_contents(const char            *filename,
+     if (length == -1)
+         length = strlen(contents);
+ 
+-    tmp_name = g_strdup_printf("%s.XXXXXX", filename);
+-    fd       = g_mkstemp_full(tmp_name, O_RDWR | O_CLOEXEC, mode);
++    if (tmp_name) {
++        fd = open(tmp_name, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, mode);
++    } else {
++        tmp_name_free = g_strdup_printf("%s.XXXXXX", filename);
++        tmp_name      = tmp_name_free;
++        fd            = g_mkstemp_full(tmp_name_free, O_RDWR | O_CLOEXEC, mode);
++    }
+     if (fd < 0) {
+         return _get_contents_error_errno(error, out_errsv, "failed to create file %s", tmp_name);
+     }
+diff --git a/src/libnm-glib-aux/nm-io-utils.h b/src/libnm-glib-aux/nm-io-utils.h
+index 0021138f464..ff02ecb108a 100644
+--- a/src/libnm-glib-aux/nm-io-utils.h
++++ b/src/libnm-glib-aux/nm-io-utils.h
+@@ -55,6 +55,7 @@ gboolean nm_utils_file_set_contents(const char            *filename,
+                                     gssize                 length,
+                                     mode_t                 mode,
+                                     const struct timespec *times,
++                                    const char            *tmp_name,
+                                     int                   *out_errsv,
+                                     GError               **error);
+ 
+diff --git a/src/nm-initrd-generator/nm-initrd-generator.c b/src/nm-initrd-generator/nm-initrd-generator.c
+index b89b4e413f5..68993c002f3 100644
+--- a/src/nm-initrd-generator/nm-initrd-generator.c
++++ b/src/nm-initrd-generator/nm-initrd-generator.c
+@@ -78,7 +78,7 @@ output_conn(gpointer key, gpointer value, gpointer user_data)
+         filename      = nm_keyfile_utils_create_filename(basename, TRUE);
+         full_filename = g_build_filename(connections_dir, filename, NULL);
+ 
+-        if (!nm_utils_file_set_contents(full_filename, data, len, 0600, NULL, NULL, &error))
++        if (!nm_utils_file_set_contents(full_filename, data, len, 0600, NULL, NULL, NULL, &error))
+             goto err_out;
+     } else
+         g_print("\n*** Connection '%s' ***\n\n%s", basename, data);
+-- 
+GitLab
+
+
+From 2d438ebef840cc003e423d3d0ad10e5832b5b49a Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Tue, 14 Oct 2025 10:42:53 +0200
+Subject: [PATCH 2/2] dns: specify a temporary file name when writing
+ no-stub-resolv.conf
+
+Using g_file_set_contents() makes it impossible to write a proper
+SELinux policy because the function creates a file with a random
+suffix, and SELinux file transitions can't match on wildcards.
+
+Use a fixed temporary file name. In this case it's fine because
+/run/NetworkManager is only writable by root and NetworkManager is the
+only process writing into it.
+---
+ src/core/dns/nm-dns-manager.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/src/core/dns/nm-dns-manager.c b/src/core/dns/nm-dns-manager.c
+index 57e732264cf..c746e714972 100644
+--- a/src/core/dns/nm-dns-manager.c
++++ b/src/core/dns/nm-dns-manager.c
+@@ -26,6 +26,7 @@
+ 
+ #include "libnm-core-intern/nm-core-internal.h"
+ #include "libnm-glib-aux/nm-str-buf.h"
++#include "libnm-glib-aux/nm-io-utils.h"
+ 
+ #include "NetworkManagerUtils.h"
+ #include "devices/nm-device.h"
+@@ -1006,7 +1007,8 @@ _read_link_cached(const char *path, gboolean *is_cached, char **cached)
+ #define MY_RESOLV_CONF_TMP MY_RESOLV_CONF ".tmp"
+ #define RESOLV_CONF_TMP    "/etc/.resolv.conf.NetworkManager"
+ 
+-#define NO_STUB_RESOLV_CONF NMRUNDIR "/no-stub-resolv.conf"
++#define NO_STUB_RESOLV_CONF     NMRUNDIR "/no-stub-resolv.conf"
++#define NO_STUB_RESOLV_CONF_TMP NMRUNDIR "/no-stub-resolv.conf.tmp"
+ 
+ static void
+ update_resolv_conf_no_stub(NMDnsManager      *self,
+@@ -1019,7 +1021,14 @@ update_resolv_conf_no_stub(NMDnsManager      *self,
+ 
+     content = create_resolv_conf(searches, nameservers, options);
+ 
+-    if (!g_file_set_contents(NO_STUB_RESOLV_CONF, content, -1, &local)) {
++    if (!nm_utils_file_set_contents(NO_STUB_RESOLV_CONF,
++                                    content,
++                                    -1,
++                                    0644,
++                                    NULL,
++                                    NO_STUB_RESOLV_CONF_TMP,
++                                    NULL,
++                                    &local)) {
+         _LOGD("update-resolv-no-stub: failure to write file: %s", local->message);
+         g_error_free(local);
+         return;
+-- 
+GitLab
+
+diff --git a/src/libnm-core-impl/nm-utils.c b/src/libnm-core-impl/nm-utils.c
+index 9a78e9471c..d935e63978 100644
+--- a/src/libnm-core-impl/nm-utils.c
++++ b/src/libnm-core-impl/nm-utils.c
+@@ -6444,6 +6444,7 @@ nm_utils_copy_cert_as_user(const char *filename, const char *user, GError **erro
+                                     0600,
+                                     NULL,
+                                     NULL,
++                                    NULL,
+                                     error)) {
+         return NULL;
+     }

2312.patch

@@ -0,0 +1,243 @@
+From 636fb5ef24640856515584977174fa44a986e374 Mon Sep 17 00:00:00 2001
+From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
+Date: Fri, 14 Nov 2025 16:46:57 +0100
+Subject: [PATCH] systemd: install initrd services using a generator
+
+Since both `NetworkManager.service` and `NetworkManager-initrd.service` are
+allocated for the same bus name (`org.freedesktop.NetworkManager`) and this is
+not allowed, the best option is to use a systemd generator to install them only
+in the initrd, instead of setting fixed Install sections.
+
+Fixes #1814
+---
+ contrib/fedora/rpm/NetworkManager.spec        |  2 +
+ contrib/fedora/rpm/configure-for-system.sh    |  1 +
+ data/NetworkManager-config-initrd.service.in  |  5 +-
+ data/NetworkManager-initrd.service.in         | 10 +---
+ ...tworkManager-wait-online-initrd.service.in |  5 +-
+ meson.build                                   |  9 ++++
+ meson_options.txt                             |  1 +
+ src/nm-initrd-generator/meson.build           |  7 +++
+ .../nm-initrd-generator.sh                    | 50 +++++++++++++++++++
+ 9 files changed, 73 insertions(+), 17 deletions(-)
+ create mode 100755 src/nm-initrd-generator/nm-initrd-generator.sh
+
+diff --git a/contrib/fedora/rpm/NetworkManager.spec b/contrib/fedora/rpm/NetworkManager.spec
+index 0732fb495f2..820cfda607a 100644
+--- a/contrib/fedora/rpm/NetworkManager.spec
++++ b/contrib/fedora/rpm/NetworkManager.spec
+@@ -675,6 +675,7 @@ Preferably use nmcli instead.
+ 	-Dsession_tracking=systemd \
+ 	-Dsuspend_resume=systemd \
+ 	-Dsystemdsystemunitdir=%{_unitdir} \
++	-Dsystemdsystemgeneratordir=%{_systemdgeneratordir} \
+ 	-Dsystem_ca_path=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
+ 	-Ddbus_conf_dir=%{dbus_sys_dir} \
+ 	-Dtests=yes \
+@@ -747,6 +748,7 @@ rm -f %{buildroot}%{_libdir}/pppd/%{ppp_version}/*.la
+ rm -f %{buildroot}%{nmplugindir}/*.la
+ 
+ # Don't use the *-initrd.service files yet, wait dracut to support them
++rm -f %{buildroot}%{_systemdgeneratordir}/nm-initrd-generator.sh
+ rm -f %{buildroot}%{_unitdir}/NetworkManager-config-initrd.service
+ rm -f %{buildroot}%{_unitdir}/NetworkManager-initrd.service
+ rm -f %{buildroot}%{_unitdir}/NetworkManager-wait-online-initrd.service
+diff --git a/contrib/fedora/rpm/configure-for-system.sh b/contrib/fedora/rpm/configure-for-system.sh
+index 6bdf66825ab..bcf619c645a 100755
+--- a/contrib/fedora/rpm/configure-for-system.sh
++++ b/contrib/fedora/rpm/configure-for-system.sh
+@@ -398,6 +398,7 @@ meson setup\
+     -Dsession_tracking=systemd \
+     -Dsuspend_resume=systemd \
+     -Dsystemdsystemunitdir=/usr/lib/systemd/system \
++    -Dsystemdsystemgeneratordir=/usr/lib/systemd/system-generators \
+     -Dsystem_ca_path=/etc/pki/tls/cert.pem \
+     -Ddbus_conf_dir="$P_DBUS_SYS_DIR" \
+     -Dtests=yes \
+diff --git a/data/NetworkManager-config-initrd.service.in b/data/NetworkManager-config-initrd.service.in
+index 4baf0f648ec..4f038036589 100644
+--- a/data/NetworkManager-config-initrd.service.in
++++ b/data/NetworkManager-config-initrd.service.in
+@@ -1,10 +1,10 @@
+ [Unit]
+ Description=NetworkManager Configuration (initrd)
++AssertPathExists=/etc/initrd-release
+ DefaultDependencies=no
+ Wants=systemd-journald.socket
+ After=systemd-journald.socket
+ Before=systemd-udevd.service systemd-udev-trigger.service
+-ConditionPathExists=/etc/initrd-release
+ 
+ [Service]
+ Type=oneshot
+@@ -22,6 +22,3 @@ ExecStartPost=/bin/sh -c ' \
+     fi \
+ '
+ RemainAfterExit=yes
+-
+-[Install]
+-WantedBy=initrd.target
+diff --git a/data/NetworkManager-initrd.service.in b/data/NetworkManager-initrd.service.in
+index aef73a571da..f936ffd2380 100644
+--- a/data/NetworkManager-initrd.service.in
++++ b/data/NetworkManager-initrd.service.in
+@@ -1,11 +1,11 @@
+ [Unit]
+ Description=NetworkManager (initrd)
++AssertPathExists=/etc/initrd-release
+ DefaultDependencies=no
+ Wants=systemd-udev-trigger.service network.target
+ After=systemd-udev-trigger.service network-pre.target dbus.service NetworkManager-config-initrd.service
+ Before=network.target
+ BindsTo=dbus.service
+-ConditionPathExists=/etc/initrd-release
+ ConditionPathExists=/run/NetworkManager/initrd/neednet
+ ConditionPathExistsGlob=|/usr/lib/NetworkManager/system-connections/*
+ ConditionPathExistsGlob=|/run/NetworkManager/system-connections/*
+@@ -22,11 +22,3 @@ Environment=NM_CONFIG_ENABLE_TAG=initrd
+ Restart=on-failure
+ ProtectSystem=true
+ ProtectHome=read-only
+-
+-[Install]
+-WantedBy=initrd.target
+-# We want to enable NetworkManager-wait-online-initrd.service whenever this
+-# service is enabled. NetworkManager-wait-online-initrd.service has
+-# WantedBy=network-online.target, so enabling it only has an effect if
+-# network-online.target itself is enabled or pulled in by some other unit.
+-Also=NetworkManager-config-initrd.service NetworkManager-wait-online-initrd.service
+diff --git a/data/NetworkManager-wait-online-initrd.service.in b/data/NetworkManager-wait-online-initrd.service.in
+index da4a2522340..b89aa816578 100644
+--- a/data/NetworkManager-wait-online-initrd.service.in
++++ b/data/NetworkManager-wait-online-initrd.service.in
+@@ -1,10 +1,10 @@
+ [Unit]
+ Description=NetworkManager Wait Online (initrd)
++AssertPathExists=/etc/initrd-release
+ DefaultDependencies=no
+ Requires=NetworkManager-initrd.service
+ After=NetworkManager-initrd.service
+ Before=network-online.target
+-ConditionPathExists=/etc/initrd-release
+ ConditionPathExists=/run/NetworkManager/initrd/neednet
+ 
+ [Service]
+@@ -21,6 +21,3 @@ Type=oneshot
+ ExecStart=@bindir@/nm-online -s -q
+ RemainAfterExit=yes
+ Environment=NM_ONLINE_TIMEOUT=3600
+-
+-[Install]
+-WantedBy=initrd.target network-online.target
+diff --git a/meson.build b/meson.build
+index 2f9ab5c299a..56bbe281632 100644
+--- a/meson.build
++++ b/meson.build
+@@ -383,6 +383,14 @@ if install_systemdunitdir and systemd_systemdsystemunitdir == ''
+   systemd_systemdsystemunitdir = systemd_dep.get_variable(pkgconfig: 'systemdsystemunitdir', pkgconfig_define: ['rootprefix', nm_prefix])
+ endif
+ 
++systemd_systemdsystemgeneratordir = get_option('systemdsystemgeneratordir')
++install_systemdgeneratordir = (systemd_systemdsystemgeneratordir != 'no')
++
++if install_systemdgeneratordir and systemd_systemdsystemgeneratordir == ''
++  assert(systemd_dep.found(), 'systemd required but not found, please provide a valid systemd user generator dir or disable it')
++  systemd_systemdsystemgeneratordir = systemd_dep.get_variable(pkgconfig: 'systemdsystemgeneratordir', pkgconfig_define: ['rootprefix', nm_prefix])
++endif
++
+ enable_systemd_journal = get_option('systemd_journal')
+ if enable_systemd_journal
+   assert(libsystemd_dep.found(), 'Missing systemd-journald support')
+@@ -1059,6 +1067,7 @@ output = '\nSystem paths:\n'
+ output += '  prefix: ' + nm_prefix + '\n'
+ output += '  exec_prefix: ' + nm_prefix + '\n'
+ output += '  systemdunitdir: ' + systemd_systemdsystemunitdir + '\n'
++output += '  systemdgeneratordir: ' + systemd_systemdsystemgeneratordir + '\n'
+ output += '  udev_dir: ' + udev_udevdir + '\n'
+ output += '  nmbinary: ' + nm_pkgsbindir + '\n'
+ output += '  nmconfdir: ' + nm_pkgconfdir + '\n'
+diff --git a/meson_options.txt b/meson_options.txt
+index d28cc76fc89..8ec68a46bd3 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -1,5 +1,6 @@
+ # system paths
+ option('systemdsystemunitdir', type: 'string', value: '', description: 'Directory for systemd service files')
++option('systemdsystemgeneratordir', type: 'string', value: '', description: 'Directory for systemd generator files')
+ option('system_ca_path', type: 'string', value: '/etc/ssl/certs', description: 'path to system CA certificates')
+ option('udev_dir', type: 'string', value: '', description: 'Absolute path of the udev base directory. Set to \'no\' not to install the udev rule')
+ option('dbus_conf_dir', type: 'string', value: '', description: 'where D-Bus system.d directory is')
+diff --git a/src/nm-initrd-generator/meson.build b/src/nm-initrd-generator/meson.build
+index 6b02e0668df..2315ebe4f29 100644
+--- a/src/nm-initrd-generator/meson.build
++++ b/src/nm-initrd-generator/meson.build
+@@ -46,3 +46,10 @@ executable(
+   install: true,
+   install_dir: nm_libexecdir,
+ )
++
++if install_systemdgeneratordir
++  install_data(
++    'nm-initrd-generator.sh',
++    install_dir: systemd_systemdsystemgeneratordir,
++  )
++endif
+diff --git a/src/nm-initrd-generator/nm-initrd-generator.sh b/src/nm-initrd-generator/nm-initrd-generator.sh
+new file mode 100755
+index 00000000000..20ff78cca5f
+--- /dev/null
++++ b/src/nm-initrd-generator/nm-initrd-generator.sh
+@@ -0,0 +1,50 @@
++#!/bin/bash
++# SPDX-License-Identifier: LGPL-2.1-or-later
++
++# initrd-specific units
++initrd_units=(
++    NetworkManager-config-initrd.service
++    NetworkManager-initrd.service
++    NetworkManager-wait-online-initrd.service
++)
++
++# host-specific units
++host_units=(
++    NetworkManager.service
++    NetworkManager-dispatcher.service
++    NetworkManager-wait-online.service
++)
++
++# Get generator normal directory
++normal_dir=$1
++
++# Since NetworkManager-initrd.service and NetworkManager.service are allocated
++# for the same bus name org.freedesktop.NetworkManager, we should mask one of
++# them depending on if we are in the initrd or on the host.
++if [ "$SYSTEMD_IN_INITRD" != 1 ]; then
++    # Mask initrd units in the host
++    for unit in "${initrd_units[@]}"; do
++        ln -s /dev/null "$normal_dir"/"$unit" 2> /dev/null
++    done
++    # Nothing else to do
++    exit 0
++fi
++
++# Mask host units in the initrd
++for unit in "${host_units[@]}"; do
++    ln -s /dev/null "$normal_dir"/"$unit" 2> /dev/null
++done
++
++# Install initrd units in the unit file hierarchy
++mkdir -p "$normal_dir"/initrd.target.wants
++mkdir -p "$normal_dir"/network-online.target.wants
++for unit in "${initrd_units[@]}"; do
++    ln -s /usr/lib/systemd/system/"$unit" \
++        "$normal_dir"/initrd.target.wants/"$unit"
++    if [ "$unit" = "NetworkManager-wait-online-initrd.service" ]; then
++        ln -s /usr/lib/systemd/system/"$unit" \
++            "$normal_dir"/network-online.target.wants/"$unit"
++    fi
++done
++
++exit 0
+-- 
+GitLab
+

NetworkManager-1.10.6-netconfig.patch

@@ -1,8 +1,8 @@
-Index: NetworkManager-1.44.0/src/core/dns/nm-dns-manager.c
+Index: NetworkManager-1.54.0/src/core/dns/nm-dns-manager.c
 ===================================================================
---- NetworkManager-1.44.0.orig/src/core/dns/nm-dns-manager.c
-+++ NetworkManager-1.44.0/src/core/dns/nm-dns-manager.c
-@@ -733,6 +733,14 @@ dispatch_netconfig(NMDnsManager      *se
+--- NetworkManager-1.54.0.orig/src/core/dns/nm-dns-manager.c
++++ NetworkManager-1.54.0/src/core/dns/nm-dns-manager.c
+@@ -734,6 +734,14 @@ dispatch_netconfig(NMDnsManager      *se
      gssize                        l;
      nm_auto_free_gstring GString *str = NULL;
  

NetworkManager-1.48.8.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:90a092afc87c0d3a7bc58d2c6ee97b9972bab0a5662cd66c76b89ef3e89a9ed2
-size 64824846

NetworkManager-1.54.3.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6ec8a65bf3bbaec350e5eb79b75c372252119e049cafaffbc303b3fe222ce6fb
+size 65617934

NetworkManager-tmpfiles.conf

@@ -0,0 +1 @@
+d /var/lib/NetworkManager 0700 root root -

NetworkManager.changes

@@ -1,3 +1,272 @@
+-------------------------------------------------------------------
+Wed Dec 31 08:18:49 UTC 2025 - Jonathan Kang <songchuan.kang@suse.com>
+
+- Use tmpfiles to create /var/lib/NetworkManager/ (PED-14769).
+
+-------------------------------------------------------------------
+Mon Dec 29 11:45:09 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 1.54.3:
+  + For private connections (the ones that specify a user in the
+    "connection.permissions" property), verify that the user can
+    access the 802.1X certificates and keys set in the connection.
+  + Introduce a libnm function that can be used by VPN plugins to
+    check user permissions on certificate and keys.
+- Changes from version 1.54.2:
+  + Support reapplying the "sriov.vfs" property as long as
+    "sriov.total-vfs" is not changed.
+  + Support configuring the HSR protocol version via the
+    "hsr.protocol-version" property.
+  + Support configuring the HSR interlink port via the
+    "hsr.interlink" property.
+- Rebase 2298.patch
+
+-------------------------------------------------------------------
+Tue Nov 25 09:35:12 UTC 2025 - Antonio Feijoo <antonio.feijoo@suse.com>
+
+- Add patch 2312.patch to fix upstream issue
+  https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1814,
+  already fixed upstream for the next release via
+  https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2312
+
+-------------------------------------------------------------------
+Fri Oct 31 10:05:44 UTC 2025 - Johannes Segitz <jsegitz@suse.com>
+
+- Add patch 2298.patch to fix issue with SELinux labeling. Is already
+  upstream via 
+  https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2298
+  and can be removed next release (bsc#1248136)
+
+-------------------------------------------------------------------
+Sat Sep 27 11:18:43 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.54.1:
+  + Make that global-dns configuration overwrites DNS searches and
+    options from connections, instead of merging all together.
+  + Add support for a new rd.net.dhcp.client-id option in
+    nm-initrd-generator.
+  + Minor bug fixes.
+
+-------------------------------------------------------------------
+Mon Sep 22 01:25:54 UTC 2025 - Jonathan Kang <songchuan.kang@suse.com>
+
+- Move dispatcher.d/pre-up.d/90-nm-cloud-setup.sh to cloud-setup
+  subpackage(bsc#1250086).
+
+-------------------------------------------------------------------
+Thu Aug  7 19:29:33 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.54.0:
+  + Add support for configuring per-device IPv4 forwarding via the
+    "ipv4.forwarding" connection property.
+  + Add a new "prefix-delegation" setting containing a "subnet-id"
+    property that specifies the subnet to choose on the downstream
+    interface when using IPv6 prefix delegation.
+  + Support OCI baremetal in nm-cloud-setup
+  + When activating a WireGuard connection to an IPv6 endpoint, now
+    NetworkManager creates firewall rules to ensure that the
+    incoming packets are not dropped by kernel reverse path
+    filtering.
+  + Add support for configuring the loopback interface in nmtui.
+  + Most of the properties of ovs-bridge and ovs-port connections
+    can now be reapplied at runtime without bringing the connection
+    down.
+  + Add a new "sriov.preserve-on-down" property that controls
+    whether NetworkManager preserves the SR-IOV parameters set on
+    the device when the connection is deactivated, or whether it
+    resets them to their default value.
+  + Introduce a new "ovs-dpdk.lsc-interrupt" property to configure
+    the Link State Change (LSC) detection mode for OVS DPDK
+    interfaces.
+  + The initrd-generator now can parse the NVMe Boot Firmware Table
+    (NBFT) to configure networking during early boot.
+  + Add systemd services to provide networking in the initrd.
+- Drop 2069.patch: Fixed in an alternative way upstream.
+- Rebase patches with quilt.
+- Add pkgconfig(libnvme) BuildRequires: New dependency.
+
+-------------------------------------------------------------------
+Thu Aug  7 19:17:10 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.52.1:
+  + Fail early if we cannot get current FEC (Forward Error
+    Correction) value.
+  + Allow reapplying ovs-bridge and ovs-port properties.
+  + When activating a WireGuard connection to an IPv6 endpoint, now
+    NetworkManager creates firewall rules to ensure that the
+    incoming packets are not dropped by kernel reverse path
+    filtering.
+
+-------------------------------------------------------------------
+Wed Jun 11 06:59:12 UTC 2025 - Thomas Blume <thomas.blume@suse.com>
+
+- document static ip setup on boot (bsc#1244072)
+  add 0001-man-document-static-ip-setup-differences-to-dracut-n.patch
+
+-------------------------------------------------------------------
+Mon May 26 09:15:36 UTC 2025 - Callum Farmer <gmbr3@opensuse.org>
+
+- Stop relying on the UsrMerge symlinks and ensure we look directly
+  in /usr:
+  + Use _firmwaredir for kernel_firmware_dir
+  + Use /usr/sbin/modprobe (was /sbin/modprobe)
+
+-------------------------------------------------------------------
+Wed Apr  9 02:42:56 UTC 2025 - Jonathan Kang <songchuan.kang@suse.com>
+
+- Remove '-Dhostname_persist=suse' compile option, as it's not
+  needed anymore. The behaviours of this option are mainly:
+  1. stores hostname in /etc/HOSTNAME instead of /etc/hostname.
+  2. checks DHCLIENT_SET_HOSTNAME value in /etc/sysconfig/netowrk/dhcp
+     to know whether the hostname is valid.
+  These are not desired haviours anymore.
+
+-------------------------------------------------------------------
+Tue Mar 11 13:09:26 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Add 2069.patch: Fix build against girepository-2.0 (pygobject
+  3.52).
+
+-------------------------------------------------------------------
+Fri Feb 28 21:32:31 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.52.0:
+  + Store interactive history in `$XDG_CACHE_HOME/nmcli-history`
+    instead of `~/.nmcli-history`
+  + Add new ipv4.link-local=fallback to set an IPv4 link-local
+    address when no other IPv4 is set.
+  + Remove support for building with Autotools
+  + Add IPVLAN interface support
+  + Allow to manually configure the authentication of LTE's initial
+    EPS Bearer.
+  + Add support for the "IPv6-only preferred" DHCPv4 option (RFC
+    8925), used to indicate that a host supports an IPv6-only mode
+    and is willing to forgo obtaining an IPv4 address if the
+    network provides IPv6 connectivity.
+  + Support automatically adding routes to DNS servers via the
+    ipv4.routed-dns and ipv6.routed-dns properties; when enabled,
+    each name server is reached only via the device that specifies
+    it.
+  + Support OCI in nm-cloud-setup
+  + Added support for ethtool FEC mode
+  + Add new ipv4.shared-dhcp-range and ipv4.shared-dhcp-lease-time,
+    which allows you to customize the DHCP range and lease time
+    offered by DHCP server in `shared` connection method.
+  + DNS servers can now be specified with a URI-like syntax which
+    supports DNS over TLS name servers.
+  + The initrd-generator understands the "rd.net.dns" option to
+    configure global name servers.
+  + Drop support for the "dhcpcanon" DHCP client.
+  + global-dns configuration section now has 2 additional keys:
+    "resolve-mode" and "certification-authority".
+  + Dnsconfd plugin can now be used for configuration of
+    system-wide DNS caching resolver. If dnsconfd plugin is enabled
+    and ipvX.routed-dns is set to -1 then adding routes is by
+    default enabled.
+  + Add "shared" method to the IPv6 configuration options in nmtui.
+  + Fix a bug that prevented the activation of bond and bridge's
+    ports in some cases.
+  + Fix a bug that prevented the activation of OVS interfaces in
+    some cases.
+  + Fix MTPCP endpoint creation for IPv4 with DAD and IPv6
+    tentative addresses.
+  + Fix some VPN routes not being added to the table specified in
+    ipv4/6.routing-table. This fix allow to use policy routing to
+    mitigate Tunnelvision attacks.
+- Stop passing dhcpcanon=no to meson setup, no longer recognized,
+  nor needed.
+
+-------------------------------------------------------------------
+Fri Feb 28 21:18:28 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.50.3:
+  + Wait configuring MPTCP endpoints until DAD has completed.
+  + Properly autoconnect OVS ports at boot.
+  + Allow configuring "shared" IPv6 method in nmtui.
+- Changes from version 1.50.2:
+  + Fix potential crash when the property "ipv4.dhcp-send-release"
+    is enabled.
+  + Support routing rules for VPN connections.
+  + Place the route to the VPN gateway into the table defined by
+    the "ipv{4,6}.route-table" properties-
+  + Fix error handling rp_filter when kernel don't support MPTCP.
+  + Fix configuration of VLAN QoS mappings.
+- Changes from version 1.50.1:
+  + nmcli: fix handling of connection.down-on-poweroff property
+  + sriov: only validate sriov capacity when enabled
+  + wwan: fix crash with IPv4 and method=auto
+  + dns: fix deleting internal global DNS configuration
+  + wifi: fix list corruption when scanning with explicit SSID
+  + bonding: steer IGMP queries to the active bond balance-slb
+    primary port
+  + Remove routes added by NM on reapply
+  + Never retry ACD on NOARP interfaces
+  + Support IPv6 EUI64 link-local address for ipv6 tunnels
+
+-------------------------------------------------------------------
+Thu Jan 23 06:14:32 UTC 2025 - Jonathan Kang <songchuan.kang@suse.com>
+
+- Add config-server subpackage (bsc#1224868).
+
+-------------------------------------------------------------------
+Thu Oct  3 06:25:07 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.50.0:
+  + The support for "dhclient" has been deprecated, not built
+    unless explicitely enabled, and will be removed in a future
+    release. The internal DHCP client should be used instead and
+    has been the default since version 1.20 (1.12 when built with
+    meson).
+  + Support matching a OVS system interface by MAC address.
+  + Add a timeout option to connectivity checking.
+  + Support configuring veth interfaces in nmtui.
+  + When looking up the system hostname from the reverse DNS lookup
+    of addresses configured on interfaces, NetworkManager now takes
+    into account the content of /etc/hosts.
+  + Revert to using sysctl ipv6.conf.default for ip6-privacy.
+  + Allow specifying a system OVS interface by MAC address.
+  + ndisc: Support multiple gateways for a single network.
+  + wifi: Support configuring channel-width in AP mode.
+  + keyfile: Stop writing offensive terms into keyfiles.
+  + Support reapplying the VLANs on bridge ports.
+  + Fix crash caused by malformed LLDP package if debug log is
+    enabled.
+  + Retry hostname resolution when it fails.
+- Drop NetworkManager-dont-enforce-ip-cleanup-on-device-deactivating.patch:
+  Fixed upstream.
+- Rebase patches with quilt.
+
+-------------------------------------------------------------------
+Mon Aug 26 09:45:32 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.48.10:
+  + nmcli/edit: fix memory leak in extract_setting_and_property
+  + autotools: fix another filename that was renamed
+  + gitlab: fix helper scripts to support DNF5
+  + CI: update the imported templates_sha
+  + autotools: fix filename that was renamed
+  + format: run nm-code-format
+  + policy: retry hostname resolution when it fails
+  + platform: add small backoff time before resync
+  + bridge: reapply port VLANs only when necessary
+  + platform: add nmp_utils_bridge_normalized_vlans_equal()
+  + platform: support reading bridge VLANs
+  + device: support reapplying bridge-port VLANs
+  + bridge: change the signature for
+    nm_platform_link_set_bridge_vlans()
+  + platform: add define for IFLA_BOND_SLAVE_PRIO
+  + lldp: fix multiple access to argument in logging macro
+  + lldp: fix crash dereferencing NULL pointer during debug logging
+  + policy: unblock the autoconnect for children when parent is
+    available
+
+-------------------------------------------------------------------
+Thu Aug 22 06:07:45 UTC 2024 - Jonathan Kang <songchuan.kang@suse.com>
+
+- Add NetworkManager-dont-enforce-ip-cleanup-on-device-deactivating.patch:
+  device: don't enforce IP cleanup on deactivating state
+  (bsc#1228154, glfd#NetworkManager/NetworkManager!2016).
+
 -------------------------------------------------------------------
 Fri Aug  9 15:39:55 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
 

NetworkManager.obsinfo

@@ -1,4 +1,4 @@
 name: NetworkManager
-version: 1.48.8
-mtime: 1723216466
-commit: 575134dd6732f1e1fe685bbc9af92c5553797c0c
+version: 1.54.3
+mtime: 1765553045
+commit: 8caccc6bed0b56528ef3d880af1c217bb8d24419

NetworkManager.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package NetworkManager
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -64,7 +64,7 @@
 %endif
 
 Name:           NetworkManager
-Version:        1.48.8
+Version:        1.54.3
 Release:        0
 Summary:        Standard Linux network configuration tool suite
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later
@@ -75,6 +75,8 @@ Source1:        nfs
 Source2:        NetworkManager.conf
 Source3:        baselibs.conf
 Source4:        conncheck-disabled.conf
+Source5:        00-server.conf
+Source6:        NetworkManager-tmpfiles.conf
 Source98:       macros.NetworkManager
 Source99:       NetworkManager-rpmlintrc
 
@@ -94,6 +96,12 @@ Patch7:         nm-add-CAP_SYS_ADMIN-permission.patch
 Patch8:         python3.6-in-sle.patch
 # PATCH-FIX-SLE NetworkManager-dont-renew-bridge-dhcp-if-no-mac-on-wakeup.patch bsc#1225498, glfd#NetworkManager/NetworkManager#1587 -- manager: don't renew dhcp lease when software devices' MAC is empty
 Patch9:         NetworkManager-dont-renew-bridge-dhcp-if-no-mac-on-wakeup.patch
+# PATCH-FIX-OPENSUSE nm-initrd-generator document static ip setup bsc#1244072
+Patch11:        0001-man-document-static-ip-setup-differences-to-dracut-n.patch
+# PATCH-FIX-UPSTREAM https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2298.patch
+Patch12:        2298.patch
+# PATCH-FIX-UPSTREAM https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2312.patch
+Patch13:        2312.patch
 
 BuildRequires:  c++_compiler
 BuildRequires:  dnsmasq
@@ -119,6 +127,7 @@ BuildRequires:  pkgconfig(libnewt) >= 0.52.15
 BuildRequires:  pkgconfig(libnl-3.0) >= 3.2.8
 BuildRequires:  pkgconfig(libnl-genl-3.0)
 BuildRequires:  pkgconfig(libnl-route-3.0)
+BuildRequires:  pkgconfig(libnvme)
 BuildRequires:  pkgconfig(libpsl) >= 0.1
 BuildRequires:  pkgconfig(libselinux)
 BuildRequires:  pkgconfig(libsystemd) >= 209
@@ -289,6 +298,18 @@ Installs a nm-cloud-setup tool that can automatically configure
 NetworkManager in cloud setups. Currently only EC2 is supported.
 This tool is still experimental.
 
+%package config-server
+Summary:        NetworkManager config file for "server-like" defualts
+Group:          System Environment/Base
+Requires:       %{name} = %{version}
+BuildArch:      noarch
+
+%description config-server
+This package adds a configuration file to disable automatic (DHCP/SLAAC)
+configuration on ethernet devices with no other matching connections.
+
+This package is intended to be installed by default for server deployments.
+
 %lang_package
 
 %prep
@@ -305,6 +326,9 @@ This tool is still experimental.
 %patch -P 8 -p1
 %patch -P 9 -p1
 %endif
+%patch -P 11 -p1
+%patch -P 12 -p1
+%patch -P 13 -p1
 
 # Fix server.conf's location, to end up in %%{_defaultdocdir}/%%{name},
 # rather then %%{_datadir}/doc/%%{name}/examples:
@@ -317,12 +341,14 @@ export CFLAGS="%{optflags} -fno-strict-aliasing -fcommon"
 export PYTHON=%{_bindir}/python3
 %meson \
     -Dsystemdsystemunitdir=%{_unitdir} \
+    -Dsystemdsystemgeneratordir=%{_systemdgeneratordir} \
     -Dudev_dir=%{_udevdir} \
     -Ddbus_conf_dir=%{_dbusconfdir} \
     -Ddnsmasq=%{_sbindir}/dnsmasq \
+    -Dmodprobe=%{_sbindir}/modprobe \
+    -Dkernel_firmware_dir=%{_firmwaredir} \
     -Ddist_version=%{version} \
     -Dpolkit_agent_helper_1=%{_libexecdir}/polkit-1/polkit-agent-helper-1 \
-    -Dhostname_persist=suse \
     -Dlibaudit=%{libaudit_meson_opt} \
     -Diwd=true \
     -Dpppd=%{_sbindir}/pppd \
@@ -335,7 +361,6 @@ export PYTHON=%{_bindir}/python3
     -Dnetconfig=/sbin/netconfig \
 %endif
     -Dconfig_dhcp_default=internal \
-    -Ddhcpcanon=no \
     -Ddhcpcd=no \
     -Ddhclient=%{_sbindir}/dhclient \
     -Ddocs=true \
@@ -360,15 +385,16 @@ export PYTHON=%{_bindir}/python3
 %fdupes %{buildroot}%{_datadir}/gtk-doc/
 mkdir -p %{buildroot}%{_bindir}
 mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/{VPN,conf.d}
-mkdir -p %{buildroot}%{_localstatedir}/log/
-mkdir -p %{buildroot}%{_localstatedir}/lib/NetworkManager/dispatcher.d
 mkdir -p %{buildroot}%{_prefix}/lib/NetworkManager/VPN
-touch %{buildroot}%{_localstatedir}/log/NetworkManager
 mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/system-connections
 install -m 0755 %{SOURCE1} %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/
 install -m 0644 %{SOURCE2} %{buildroot}%{_prefix}/lib/NetworkManager/
 chmod 0644 %{buildroot}%{_prefix}/lib/NetworkManager/NetworkManager.conf
 install -m 0644 %{SOURCE4} %{buildroot}%{_prefix}/lib/NetworkManager/conf.d
+install -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/NetworkManager/conf.d
+# tmpfiles.d
+mkdir -p %{buildroot}%{_tmpfilesdir}
+install -m 0644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
 # Install RPM macros to be consumed by plugins
 mkdir -p %{buildroot}%{_rpmmacrodir}
 install -m 0644 %{SOURCE98} %{buildroot}%{_rpmmacrodir}/
@@ -380,6 +406,7 @@ rm -f %{buildroot}%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkMana
 %service_add_pre NetworkManager.service NetworkManager-dispatcher.service nm-priv-helper.service
 
 %post
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
 %service_add_post NetworkManager.service NetworkManager-dispatcher.service nm-priv-helper.service
 
 %preun
@@ -413,7 +440,7 @@ rm -f %{buildroot}%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkMana
 %{_datadir}/dbus-1/system-services/org.freedesktop.nm_dispatcher.service
 %{_datadir}/dbus-1/interfaces/org.freedesktop.NetworkManager.*
 %{_datadir}/polkit-1/actions/org.freedesktop.NetworkManager.policy
-%attr(0700,root,root) %{_localstatedir}/lib/NetworkManager
+%dir %attr(0700,root,root) %ghost %{_localstatedir}/lib/NetworkManager
 %{_mandir}/man1/nm-online.1%{?ext_man}
 %{_mandir}/man1/nmcli.1%{?ext_man}
 %{_mandir}/man5/nm-settings-keyfile.5%{?ext_man}
@@ -434,6 +461,7 @@ rm -f %{buildroot}%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkMana
 %{_libexecdir}/nm-dhcp-helper
 %{_libexecdir}/nm-dispatcher
 %{_libexecdir}/nm-initrd-generator
+%{_libexecdir}/nm-libnm-helper
 %{_libexecdir}/nm-priv-helper
 %dir %{_sysconfdir}/NetworkManager
 %dir %{_sysconfdir}/NetworkManager/VPN
@@ -449,14 +477,14 @@ rm -f %{buildroot}%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkMana
 %{_udevdir}/rules.d/85-nm-unmanaged.rules
 %{_udevdir}/rules.d/90-nm-thunderbolt.rules
 %{_unitdir}/nm-priv-helper.service
-%ghost %config(noreplace) %{_localstatedir}/log/NetworkManager
 %dir %{_prefix}/lib/NetworkManager
 %{_prefix}/lib/NetworkManager/NetworkManager.conf
+%dir %{_tmpfilesdir}
+%{_tmpfilesdir}/%{name}.conf
 %dir %{_prefix}/lib/NetworkManager/conf.d
 %dir %{_prefix}/lib/NetworkManager/dispatcher.d
 %dir %{_prefix}/lib/NetworkManager/dispatcher.d/no-wait.d
 %dir %{_prefix}/lib/NetworkManager/dispatcher.d/pre-up.d
-%{_prefix}/lib/NetworkManager/dispatcher.d/pre-up.d/90-nm-cloud-setup.sh
 %dir %{_prefix}/lib/NetworkManager/dispatcher.d/pre-down.d
 %dir %{_prefix}/lib/NetworkManager/VPN
 %dir %{_prefix}/lib/firewalld
@@ -467,6 +495,11 @@ rm -f %{buildroot}%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkMana
 %{_datadir}/dbus-1/system-services/org.freedesktop.nm_priv_helper.service
 %{_dbusconfdir}/nm-priv-helper.conf
 %{_defaultdocdir}/NetworkManager/server.conf
+%{_unitdir}/NetworkManager-config-initrd.service
+%{_unitdir}/NetworkManager-initrd.service
+%{_unitdir}/NetworkManager-wait-online-initrd.service
+%dir %{_systemdgeneratordir}
+%{_systemdgeneratordir}/nm-initrd-generator.sh
 
 %files devel
 %{_includedir}/libnm/
@@ -522,6 +555,10 @@ rm -f %{buildroot}%{_datadir}/dbus-1/system-services/org.freedesktop.NetworkMana
 %{_unitdir}/nm-cloud-setup.timer
 %{_prefix}/lib/NetworkManager/dispatcher.d/90-nm-cloud-setup.sh
 %{_prefix}/lib/NetworkManager/dispatcher.d/no-wait.d/90-nm-cloud-setup.sh
+%{_prefix}/lib/NetworkManager/dispatcher.d/pre-up.d/90-nm-cloud-setup.sh
 %{_mandir}/man8/nm-cloud-setup.8%{?ext_man}
 
+%files config-server
+%{_prefix}/lib/NetworkManager/conf.d/00-server.conf
+
 %changelog

_service

@@ -3,7 +3,7 @@
   <service name="obs_scm" mode="manual">
     <param name="scm">git</param>
     <param name="url">https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git</param>
-    <param name="revision">1.48.8</param>
+    <param name="revision">1.54.3</param>
     <param name="versionformat">@PARENT_TAG@+@TAG_OFFSET@</param>
     <param name="versionrewrite-pattern">(.*)\+0</param>
     <param name="versionrewrite-replacement">\1</param>

nm-add-CAP_SYS_ADMIN-permission.patch

@@ -1,11 +1,11 @@
-Index: NetworkManager-1.44.0/data/NetworkManager.service.in
+Index: NetworkManager-1.50.0/data/NetworkManager.service.in
 ===================================================================
---- NetworkManager-1.44.0.orig/data/NetworkManager.service.in
-+++ NetworkManager-1.44.0/data/NetworkManager.service.in
-@@ -20,7 +20,7 @@ KillMode=process
+--- NetworkManager-1.50.0.orig/data/NetworkManager.service.in
++++ NetworkManager-1.50.0/data/NetworkManager.service.in
+@@ -19,7 +19,7 @@ KillMode=process
+ # With a huge number of interfaces, starting can take a long time.
  TimeoutStartSec=600
  
- # CAP_DAC_OVERRIDE: required to open /run/openvswitch/db.sock socket.
 -CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT
 +CapabilityBoundingSet=CAP_NET_ADMIN CAP_DAC_OVERRIDE CAP_NET_RAW CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_MODULE CAP_AUDIT_WRITE CAP_KILL CAP_SYS_CHROOT CAP_SYS_ADMIN
  

nm-dont-overwrite-resolv-conf.patch

@@ -1,8 +1,8 @@
-Index: NetworkManager-1.44.0/src/core/dns/nm-dns-manager.c
+Index: NetworkManager-1.54.0/src/core/dns/nm-dns-manager.c
 ===================================================================
---- NetworkManager-1.44.0.orig/src/core/dns/nm-dns-manager.c
-+++ NetworkManager-1.44.0/src/core/dns/nm-dns-manager.c
-@@ -760,7 +760,7 @@ again:
+--- NetworkManager-1.54.0.orig/src/core/dns/nm-dns-manager.c
++++ NetworkManager-1.54.0/src/core/dns/nm-dns-manager.c
+@@ -761,7 +761,7 @@ again:
      /* FIXME: don't write to netconfig synchronously. */
  
      /* Wait until the process exits */

systemd-network-config.patch

@@ -1,7 +1,7 @@
-Index: NetworkManager-1.44.0/data/NetworkManager.service.in
+Index: NetworkManager-1.50.0/data/NetworkManager.service.in
 ===================================================================
---- NetworkManager-1.44.0.orig/data/NetworkManager.service.in
-+++ NetworkManager-1.44.0/data/NetworkManager.service.in
+--- NetworkManager-1.50.0.orig/data/NetworkManager.service.in
++++ NetworkManager-1.50.0/data/NetworkManager.service.in
 @@ -1,7 +1,7 @@
  [Unit]
  Description=Network Manager
@@ -11,7 +11,7 @@ Index: NetworkManager-1.44.0/data/NetworkManager.service.in
  After=network-pre.target dbus.service
  Before=network.target @DISTRO_NETWORK_SERVICE@
  BindsTo=dbus.service
-@@ -31,6 +31,7 @@ LimitNOFILE=65536
+@@ -30,6 +30,7 @@ LimitNOFILE=65536
  
  [Install]
  WantedBy=multi-user.target
@@ -19,10 +19,10 @@ Index: NetworkManager-1.44.0/data/NetworkManager.service.in
  Also=NetworkManager-dispatcher.service
  
  # We want to enable NetworkManager-wait-online.service whenever this service
-Index: NetworkManager-1.44.0/data/NetworkManager-wait-online.service.in
+Index: NetworkManager-1.50.0/data/NetworkManager-wait-online.service.in
 ===================================================================
---- NetworkManager-1.44.0.orig/data/NetworkManager-wait-online.service.in
-+++ NetworkManager-1.44.0/data/NetworkManager-wait-online.service.in
+--- NetworkManager-1.50.0.orig/data/NetworkManager-wait-online.service.in
++++ NetworkManager-1.50.0/data/NetworkManager-wait-online.service.in
 @@ -16,7 +16,9 @@ Before=network-online.target
  # time.