Bug 2061693 - Unable to load VPN connection editor for SSH
Summary: Unable to load VPN connection editor for SSH
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: NetworkManager-ssh
Version: 37
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Dan Fruehauf
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: RejectedBlocker AcceptedFreezeExcepti...
Depends On:
Blocks: F36FinalFreezeException
TreeView+ depends on / blocked
 
Reported: 2022-03-08 10:50 UTC by Michel Le Bihan
Modified: 2022-08-17 00:27 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description Michel Le Bihan 2022-03-08 10:50:39 UTC
Description of problem:


Version-Release number of selected component (if applicable): 42~beta-9.fc37


How reproducible:


Steps to Reproduce:
1. Open Settings
2. Open Network tab
3. Click on + under VPN
4. In the Add VPN dialog choose OpenVPN
5. Notice the error `unable to load VPN connection editor`

Actual results:
`unable to load VPN connection editor` error
Impossible to configure the VPN connection

Expected results:
The VPN connection editor should open

Additional info:
Relevant installed packages:
NetworkManager-openvpn 1.8.16-1.fc36.1
NetworkManager-openvpn-gnome 1.8.16-1.fc36.1
openvpn 2.5.5-4.fc36

Comment 1 ukrsasha 2022-04-10 14:07:21 UTC
This bug now applies only to SSH, OpenVPN can load editor

Comment 2 Fedora Blocker Bugs Application 2022-04-10 14:11:06 UTC
Proposed as a Blocker for 36-final by Fedora user sasha using the blocker tracking app because:

 This bug can make access to the Internet or certain network services impossible or insecure for some users.

Comment 3 Brandon Nielsen 2022-04-10 23:47:01 UTC
There's a PR open for the SSH plugin upstream[0].

It can't just be pulled in as a simple patch because it generates a GTK4 compatible ui file during generation of the tarball instead of simply adding a ui file to the source tree and modifying the Makefile.

Option 1 would be to pester upstream to cut a new release with the PR incorporated. Option 2 would be to run `gtk4-builder-tool simplify --3to4` like the Makefile does and include the result as a patch.

Either way, component should be changed to NetworkManager-ssh.

[0] - https://github.com/danfruehauf/NetworkManager-ssh/pull/110

Comment 4 Kamil Páral 2022-04-11 12:03:24 UTC
Bug confirmed in latest F36.

Comment 5 František Zatloukal 2022-04-11 16:41:43 UTC
Discussed during the 2022-04-11 blocker review meeting: [1]

The decision to classify this bug as an RejectedBlocker and AcceptedFreezeException was made:

"We believe that ssh-based VPN is not widely used enough to warrant a blocker status, however we do see this as bad and grant it FE status."

[1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2022-04-11/f36-blocker-review.2022-04-11-16.00.log.txt

Comment 6 Flo 2022-05-03 12:24:36 UTC
NetworkManager-strongswan plugin has the same issue in F36, I filed https://bugzilla.redhat.com/show_bug.cgi?id=2081321

Comment 7 Douglas Kosovic 2022-05-10 22:03:32 UTC
This bug is for adding or editing a SSH VPN connection with the gtk4 based gnome-control-center, the gtk3 based nm-connection-editor (from the nm-connection-editor RPM) still works and can be used as a workaround to add or edit a SSH VPN connection.

A pre-built gtk4 ui file doesn't need to be bundled with the tarball, it isn't with NetworkManager-l2tp. For the other VPN clients that were released earlier, they had to bundle a pre-built gtk4 ui file as a workaround for 'gtk4-builder-tool simplify --3to4' needing a display in the build environment to work. The 'gtk4-builder-tool' no longer needs a display for the 'simplify' subcommand as described in the following merge request (which corresponds to gtk4-builder >= 4.6.2) :
   https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/4415

Comment 8 Douglas Kosovic 2022-05-10 22:23:57 UTC
I think that github PR could directly be incorporated as a patch, but the following two lines would need to be run before the %configure line :

autoreconf -fi
intltoolize


So that the autoconf related files that are generated and normally added to the source tarball are regenerated after the patch is applied.

Comment 9 Douglas Kosovic 2022-05-10 22:30:59 UTC
Sorry forgot to mention, the PR patch would be :
https://patch-diff.githubusercontent.com/raw/danfruehauf/NetworkManager-ssh/pull/110.patch

Comment 10 Adam Williamson 2022-05-10 23:17:57 UTC
"For the other VPN clients that were released earlier, they had to bundle a pre-built gtk4 ui file as a workaround for 'gtk4-builder-tool simplify --3to4' needing a display in the build environment to work. The 'gtk4-builder-tool' no longer needs a display for the 'simplify' subcommand"

This is true, but GTK devs still say that this is not how you're supposed to do things. They do not recommend generating a gtk4 file on-the-fly from one intended for gtk3. The tool is meant to be used one time and the output reviewed and tweaked by a human, then maintained.

Comment 11 Douglas Kosovic 2022-05-11 00:17:59 UTC
> This is true, but GTK devs still say that this is not how you're supposed to
> do things. They do not recommend generating a gtk4 file on-the-fly from one
> intended for gtk3. The tool is meant to be used one time and the output
> reviewed and tweaked by a human, then maintained.

Yet the GTK devs relented and allowed the tool to not need a display using a different approach which they committed and is in gtk4-builder >= 4.6.2.

What the GTK dev says makes sense for a GTK4 standalone application, but for VPN editor plugins that are used by both gtk3 and gtk4 applications it really doesn't make much sense to manually maintain separate gtk3 and gtk4 ui files. This situation with 2 separate ui files will have to remain until all the applications using the NM plugins have been ported to gtk4.

All the NetworkManager VPN (gtk3) ui files have been manually modified to replace or remove items not compatible with gtk4 and gtk4-builder-tool.

Comment 12 Didier G 2022-05-22 12:18:54 UTC
I opened https://bugzilla.redhat.com/show_bug.cgi?id=2086928 and I assume my problem is relative to this one.

After upgrade from 35 to 36 I can open VPN connection editor but with my old user who worked fine in 35 I get garbage in displayed panel.

If I create a new user, VPN connection editor works fine and displayed panel is correct.

Comment 13 Douglas Kosovic 2022-05-25 11:11:17 UTC
I've created Fedora 36 NetworkManager-ssh 1.2.12 RPMs built with the NetworkManager-ssh GTK4 pull request and put them up on this COPR repository:

    https://copr.fedorainfracloud.org/coprs/dkosovic/NetworkManager-ssh-gtk4/

Please test them by editing (or adding) SSH VPN connections with gtk4 based gnome-control-center and gtk3 based nm-connection-editor.

You can view what I changed in NetworkManager-ssh.spec file by looking at : 
    https://github.com/dkosovic/NetworkManager-ssh-gtk4/commit/26f634dce636380e2c00a06f4426d57bf9d7d38c

Regarding the NetworkManager-ssh GTK4 pull request, https://github.com/danfruehauf/NetworkManager-ssh/pull/110, the actual patch I used unmodified was:

    https://github.com/danfruehauf/NetworkManager-ssh/pull/110.diff

instead of using the following patch which is a concatenation of commit patches :

    https://github.com/danfruehauf/NetworkManager-ssh/pull/110.patch

as there was an issue applying the latter patch due to one of the files being renamed and subsequently modified in multiple commits.



If you want to avoid adding the above COPR repository, the NetworkManager-ssh-1.2.12-4.fc36.x86_64.rpm and NetworkManager-ssh-gnome-1.2.12-4.fc36.x86_64.rpm files can be downloaded directly from :

https://download.copr.fedorainfracloud.org/results/dkosovic/NetworkManager-ssh-gtk4/fedora-36-x86_64/04441640-NetworkManager-ssh/

and then installed with

   sudo rpm -Uvh NetworkManager-ssh-1.2.12-4.fc36.x86_64.rpm NetworkManager-ssh-gnome-1.2.12-4.fc36.x86_64.rpm

Comment 14 Douglas Kosovic 2022-06-05 00:39:13 UTC
(In reply to Didier G from comment #12)
> I opened https://bugzilla.redhat.com/show_bug.cgi?id=2086928 and I assume my
> problem is relative to this one.

I don't think the issues are related, this issue is about not having a gtk4 ssh vpn plugin, that issues is about the gtk4 openvpn vpn plugin causing an unresponsive spinning wheel when a connection from an older version is loaded.

Comment 15 Douglas Kosovic 2022-06-05 00:57:44 UTC
There was one issue I discovered with the NetworkManager-ssh RPM package I created, the main package still had a stray gtk3 requires dependency which is not ideal for KDE plasma-nm or command-line nmcli users where pulling down gtk3 and its dependencies is not required. The auxiliary NetworkManager-ssh-gnome RPM package is the one that will pull down gtk3/gtk4 and GNOME dependencies.

My latest NetworkManager-ssh RPM spec file is :
https://raw.githubusercontent.com/dkosovic/NetworkManager-ssh-gtk4/main/NetworkManager-ssh.spec

and the corresponding NetworkManager-ssh-1.2.12-gtk4.patch file is still :
https://github.com/danfruehauf/NetworkManager-ssh/pull/110.diff

I didn't bother creating new RPM binary files on COPR as the functionality hasn't changed for the gtk4 based gnome-control-center.

Comment 16 Ben Cotton 2022-08-09 13:13:38 UTC
This bug appears to have been reported against 'rawhide' during the Fedora Linux 37 development cycle.
Changing version to 37.

Comment 17 Erwin Baeyens 2022-08-16 13:15:52 UTC
This is also the case for the fortisslvpn plugin
can we get a quick an simple workaround?

Comment 18 Douglas Kosovic 2022-08-17 00:27:52 UTC
(In reply to comment #17)
> This is also the case for the fortisslvpn plugin
> can we get a quick an simple workaround?

Extract from the NetworkManager-fortisslvpn-1.4.0 NEWS file :

https://gitlab.gnome.org/GNOME/NetworkManager-fortisslvpn/-/blob/1.4.0/NEWS

    Notable changes include:

    * Gtk4 version of the editor plugin is now available (for use with
      Control Center of GNOME 42 or later).

This issue is about the NetworkManager-ssh 1.2.12 RPM not including a Gtk4 version of the editor plugin.

I believe the Fedora 36 NetworkManager-fortisslvpn 1.4.0 RPM is built with Gtk4 support :
https://src.fedoraproject.org/rpms/NetworkManager-fortisslvpn/blob/f36/f/NetworkManager-fortisslvpn.spec

So I suspect you have a different issue to the one here.


Note You need to log in before you can comment on or make changes to this bug.