Hello community, here is the log from the commit of package yast2-bootloader for openSUSE:Factory checked in at 2015-07-22 09:19:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-bootloader (Old) and /work/SRC/openSUSE:Factory/.yast2-bootloader.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-bootloader" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-bootloader/yast2-bootloader.changes 2015-06-06 09:49:56.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-bootloader.new/yast2-bootloader.changes 2015-07-22 09:19:14.000000000 +0200 @@ -1,0 +2,36 @@ +Thu Jul 9 08:54:10 UTC 2015 - [email protected] + +- fix crash when aborting during initial screen (bnc#910343) +- 3.1.138 + +------------------------------------------------------------------- +Tue Jul 7 12:20:21 UTC 2015 - [email protected] + +- skip MBR update on s390 (bnc#937015) +- 3.1.137 + +------------------------------------------------------------------- +Mon Jun 29 12:46:58 UTC 2015 - [email protected] + +- set only proper boot flags ("boot" for DOS partition table and + legacy_boot for GPT partition table), otherwise it can confuse + some firmware and cause booting problems (bnc#930903) +- 3.1.136 + +------------------------------------------------------------------- +Mon Jun 22 11:01:16 UTC 2015 - [email protected] + +- Let password protection be configurable between a restricted mode + (cannot boot at all without password, default GRUB2 behavior) + and an unrestricted mode (can boot but cannot edit entries, GRUB1 + behavior) (FATE#318574). +- 3.1.135 + +------------------------------------------------------------------- +Tue Jun 16 15:13:10 UTC 2015 - [email protected] + +- Stop adding 'Failsafe' entry to bootloader menu unless user + manually add it (fate#317016) +- 3.1.134 + +------------------------------------------------------------------- Old: ---- yast2-bootloader-3.1.133.tar.bz2 New: ---- yast2-bootloader-3.1.138.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-bootloader.spec ++++++ --- /var/tmp/diff_new_pack.g0tQ5x/_old 2015-07-22 09:19:15.000000000 +0200 +++ /var/tmp/diff_new_pack.g0tQ5x/_new 2015-07-22 09:19:15.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-bootloader -Version: 3.1.133 +Version: 3.1.138 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-bootloader-3.1.133.tar.bz2 -> yast2-bootloader-3.1.138.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/.rubocop.yml new/yast2-bootloader-3.1.138/.rubocop.yml --- old/yast2-bootloader-3.1.133/.rubocop.yml 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/.rubocop.yml 2015-07-09 11:32:37.000000000 +0200 @@ -36,7 +36,7 @@ # Configuration parameters: CountComments. Metrics/ClassLength: - Max: 176 # TODO this should be lower for new code + Max: 200 # TODO this should be lower for new code Include: - 'src/lib/**/*.rb' # be more strict for new code in lib @@ -46,7 +46,7 @@ - 'src/lib/**/*.rb' # be more strict for new code in lib Metrics/CyclomaticComplexity: - Max: 12 # TODO this should be lower for new code + Max: 13 # TODO this should be lower for new code Include: - 'src/lib/**/*.rb' # be more strict for new code in lib @@ -80,7 +80,7 @@ - 'src/lib/**/*.rb' # be more strict for new code in lib Metrics/PerceivedComplexity: - Max: 13 # TODO this should be lower for new code + Max: 14 # TODO this should be lower for new code Include: - 'src/lib/**/*.rb' # be more strict for new code in lib diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/package/yast2-bootloader.changes new/yast2-bootloader-3.1.138/package/yast2-bootloader.changes --- old/yast2-bootloader-3.1.133/package/yast2-bootloader.changes 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/package/yast2-bootloader.changes 2015-07-09 11:32:37.000000000 +0200 @@ -1,4 +1,40 @@ ------------------------------------------------------------------- +Thu Jul 9 08:54:10 UTC 2015 - [email protected] + +- fix crash when aborting during initial screen (bnc#910343) +- 3.1.138 + +------------------------------------------------------------------- +Tue Jul 7 12:20:21 UTC 2015 - [email protected] + +- skip MBR update on s390 (bnc#937015) +- 3.1.137 + +------------------------------------------------------------------- +Mon Jun 29 12:46:58 UTC 2015 - [email protected] + +- set only proper boot flags ("boot" for DOS partition table and + legacy_boot for GPT partition table), otherwise it can confuse + some firmware and cause booting problems (bnc#930903) +- 3.1.136 + +------------------------------------------------------------------- +Mon Jun 22 11:01:16 UTC 2015 - [email protected] + +- Let password protection be configurable between a restricted mode + (cannot boot at all without password, default GRUB2 behavior) + and an unrestricted mode (can boot but cannot edit entries, GRUB1 + behavior) (FATE#318574). +- 3.1.135 + +------------------------------------------------------------------- +Tue Jun 16 15:13:10 UTC 2015 - [email protected] + +- Stop adding 'Failsafe' entry to bootloader menu unless user + manually add it (fate#317016) +- 3.1.134 + +------------------------------------------------------------------- Wed Jun 3 14:42:59 UTC 2015 - [email protected] - do not crash in offline update in bootloader proposal(bnc#931021) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/package/yast2-bootloader.spec new/yast2-bootloader-3.1.138/package/yast2-bootloader.spec --- old/yast2-bootloader-3.1.133/package/yast2-bootloader.spec 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/package/yast2-bootloader.spec 2015-07-09 11:32:37.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-bootloader -Version: 3.1.133 +Version: 3.1.138 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/grub/helps.rb new/yast2-bootloader-3.1.138/src/include/bootloader/grub/helps.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/grub/helps.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/grub/helps.rb 2015-07-09 11:32:37.000000000 +0200 @@ -80,8 +80,12 @@ ), "password" => _( "<p><b>Protect Boot Loader with Password</b><br>\n" \ - "Define the password that will be required to access the boot menu. YaST will only accept the password if you repeat\n" \ - "it in <b>Retype Password</b>.</p>" + "At boot time, modifying or even booting any entry will require the" \ + " password. If <b>Protect Entry Modification Only</b> is checked then " \ + "booting any entry is not restricted but modifying entries requires " \ + "the password (which is the way GRUB 1 behaved).<br>" \ + "YaST will only accept the password if you repeat it in " \ + "<b>Retype Password</b>.</p>" ), # help text 1/5 "disk_order" => _( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/grub/options.rb new/yast2-bootloader-3.1.138/src/include/bootloader/grub/options.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/grub/options.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/grub/options.rb 2015-07-09 11:32:37.000000000 +0200 @@ -40,6 +40,7 @@ event = deep_copy(event) if Ops.get(event, "ID") == :use_pas enabled = Convert.to_boolean(UI.QueryWidget(Id(:use_pas), :Value)) + UI.ChangeWidget(Id(:unrestricted_pw), :Enabled, enabled) UI.ChangeWidget(Id(:pw1), :Enabled, enabled) UI.ChangeWidget(Id(:pw2), :Enabled, enabled) end @@ -71,14 +72,22 @@ Id(:use_pas), _("Prot&ect Boot Loader with Password"), true, - HBox( - HSpacing(2), - # text entry - Password(Id(:pw1), Opt(:hstretch), _("&Password")), - # text entry - HSpacing(2), - Password(Id(:pw2), Opt(:hstretch), _("Re&type Password")), - HStretch() + VBox( + HBox( + HSpacing(2), + # TRANSLATORS: checkbox entry + CheckBox(Id(:unrestricted_pw), _("P&rotect Entry Modification Only")), + HStretch() + ), + HBox( + HSpacing(2), + # text entry + Password(Id(:pw1), Opt(:hstretch), _("&Password")), + # text entry + HSpacing(2), + Password(Id(:pw2), Opt(:hstretch), _("Re&type Password")), + HStretch() + ) ) ) ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/grub2/dialogs.rb new/yast2-bootloader-3.1.138/src/include/bootloader/grub2/dialogs.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/grub2/dialogs.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/grub2/dialogs.rb 2015-07-09 11:32:37.000000000 +0200 @@ -74,7 +74,7 @@ end def kernel_tab - widgets = ["vgamode", "append", "append_failsafe", "console"] + widgets = ["vgamode", "append", "console"] widgets.delete("console") if Arch.s390 # there is no console on s390 (bnc#868909) widgets.delete("vgamode") if Arch.s390 # there is no graphic adapter on s390 (bnc#874010) @@ -87,7 +87,6 @@ VSpacing(1), MarginBox(1, 0.5, "vgamode"), MarginBox(1, 0.5, "append"), - MarginBox(1, 0.5, "append_failsafe"), MarginBox(1, 0.5, "console"), VStretch() ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/grub2/helps.rb new/yast2-bootloader-3.1.138/src/include/bootloader/grub2/helps.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/grub2/helps.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/grub2/helps.rb 2015-07-09 11:32:37.000000000 +0200 @@ -20,33 +20,29 @@ textdomain "bootloader" @grub2_help_messages = { - "append" => _( + "append" => _( "<p><b>Optional Kernel Command Line Parameter</b> lets you define additional parameters to pass to the kernel.</p>" ), - "vgamode" => _( + "vgamode" => _( "<p><b>Vga Mode</b> defines the VGA mode the kernel should set the <i>console</i> to when booting.</p>" ), - "append_failsafe" => _( - "<p><b>Failsafe Kernel Command Line Parameter</b> lets you define failsafe parameters to pass to the kernel.</p>" - ), - "os_prober" => _( + "os_prober" => _( "<p><b>Probe Foreign OS</b> by means of os-prober for multiboot with other foreign distribution </p>" ), - "pmbr" => _( + "pmbr" => _( "<p><b>Protective MBR flag</b> is expert only settings, that is needed only on exotic hardware. For details see Protective MBR in GPT disks. Do not touch if you are not sure.</p>" ), - "distribution" => _( + "distribution" => _( "<p><b>Distributor</b> specifies name of distributor of kernel used to create boot entry name. </p>" ) } @grub2_descriptions = { - "append" => _("O&ptional Kernel Command Line Parameter"), - "distributor" => _("D&istributor"), - "vgamode" => _("&Vga Mode"), - "append_failsafe" => _("&Failsafe Kernel Command Line Parameter"), - "os_prober" => _("Probe Foreign OS"), - "pmbr" => _("Protective MBR flag") + "append" => _("O&ptional Kernel Command Line Parameter"), + "distributor" => _("D&istributor"), + "vgamode" => _("&Vga Mode"), + "os_prober" => _("Probe Foreign OS"), + "pmbr" => _("Protective MBR flag") } end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/grub2/options.rb new/yast2-bootloader-3.1.138/src/include/bootloader/grub2/options.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/grub2/options.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/grub2/options.rb 2015-07-09 11:32:37.000000000 +0200 @@ -309,62 +309,61 @@ def grub2_pwd_store(_key, _event) usepass = UI.QueryWidget(Id(:use_pas), :Value) if !usepass - # we are in proper module that can store password - self.password = nil + password.used = false return end + password.used = true + value = UI.QueryWidget(Id(:pw1), :Value) # special value as we do not know password, so it mean user do not change it - if value == MASKED_PASSWORD - self.password = "" - else - self.password = value - end + password.password = value if value != MASKED_PASSWORD + + value = UI.QueryWidget(Id(:unrestricted_pw), :Value) + password.unrestricted = value end def grub2_pwd_init(_widget) + enabled = password.used? # read state on disk only if not already set by user (bnc#900026) - password_used = password == "" ? GRUB2Pwd.new.used? : password - value = password_used ? MASKED_PASSWORD : "" - UI.ChangeWidget(Id(:use_pas), :Value, password_used) - UI.ChangeWidget(Id(:pw1), :Enabled, password_used) + value = enabled && password.password? ? MASKED_PASSWORD : "" + + UI.ChangeWidget(Id(:use_pas), :Value, enabled) + UI.ChangeWidget(Id(:pw1), :Enabled, enabled) UI.ChangeWidget(Id(:pw1), :Value, value) - UI.ChangeWidget(Id(:pw2), :Enabled, password_used) + UI.ChangeWidget(Id(:pw2), :Enabled, enabled) UI.ChangeWidget(Id(:pw2), :Value, value) + UI.ChangeWidget(Id(:unrestricted_pw), :Enabled, enabled) + UI.ChangeWidget(Id(:unrestricted_pw), :Value, password.unrestricted?) end def Grub2Options grub2_specific = { - "distributor" => CommonInputFieldWidget( + "distributor" => CommonInputFieldWidget( Ops.get(@grub2_descriptions, "distributor", "Distributor"), Ops.get(@grub2_help_messages, "distributor", "") ), - "activate" => CommonCheckboxWidget( + "activate" => CommonCheckboxWidget( Ops.get(@grub_descriptions, "activate", "activate"), Ops.get(@grub_help_messages, "activate", "") ), - "generic_mbr" => CommonCheckboxWidget( + "generic_mbr" => CommonCheckboxWidget( Ops.get(@grub_descriptions, "generic_mbr", "generic mbr"), Ops.get(@grub_help_messages, "generic_mbr", "") ), - "hiddenmenu" => CommonCheckboxWidget( + "hiddenmenu" => CommonCheckboxWidget( Ops.get(@grub_descriptions, "hiddenmenu", "hidden menu"), Ops.get(@grub_help_messages, "hiddenmenu", "") ), - "os_prober" => CommonCheckboxWidget( + "os_prober" => CommonCheckboxWidget( Ops.get(@grub2_descriptions, "os_prober", "os_prober"), Ops.get(@grub2_help_messages, "os_prober", "") ), - "append" => CommonInputFieldWidget( + "append" => CommonInputFieldWidget( Ops.get(@grub2_descriptions, "append", "append"), Ops.get(@grub2_help_messages, "append", "") ), - "append_failsafe" => CommonInputFieldWidget( - Ops.get(@grub2_descriptions, "append_failsafe", "append_failsafe"), - Ops.get(@grub2_help_messages, "append_failsafe", "") - ), - "vgamode" => { + "vgamode" => { "widget" => :combobox, "label" => Ops.get(@grub2_descriptions, "vgamode", "vgamode"), "opt" => [:editable, :hstretch], @@ -372,7 +371,7 @@ "store" => fun_ref(method(:StoreGlobalStr), "void (string, map)"), "help" => Ops.get(@grub2_help_messages, "vgamode", "") }, - "pmbr" => { + "pmbr" => { "widget" => :combobox, "label" => @grub2_descriptions["pmbr"], "opt" => [], @@ -380,7 +379,7 @@ "store" => fun_ref(method(:StorePMBR), "void (string, map)"), "help" => @grub2_help_messages["pmbr"] }, - "default" => { + "default" => { "widget" => :combobox, "label" => Ops.get(@grub_descriptions, "default", "default"), "opt" => [:editable, :hstretch], @@ -388,7 +387,7 @@ "store" => fun_ref(method(:StoreGlobalStr), "void (string, map)"), "help" => Ops.get(@grub_help_messages, "default", "") }, - "console" => { + "console" => { "widget" => :custom, "custom_widget" => ConsoleContent(), "init" => fun_ref(method(:ConsoleInit), "void (string)"), @@ -403,7 +402,7 @@ "handle_events" => [:browsegfx], "help" => Ops.get(@grub_help_messages, "serial", "") }, - "password" => { + "password" => { "widget" => :custom, "custom_widget" => passwd_content, "init" => fun_ref( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/routines/dialogs.rb new/yast2-bootloader-3.1.138/src/include/bootloader/routines/dialogs.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/routines/dialogs.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/routines/dialogs.rb 2015-07-09 11:32:37.000000000 +0200 @@ -40,11 +40,8 @@ # @return true if abort was pressed def testAbort return false if Mode.commandline - if :abort == UI.PollInput - UI.CloseDialog if !Stage.initial - return true - end - false + + UI.PollInput == :abort end # Read settings dialog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/routines/misc.rb new/yast2-bootloader-3.1.138/src/include/bootloader/routines/misc.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/routines/misc.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/routines/misc.rb 2015-07-09 11:32:37.000000000 +0200 @@ -247,27 +247,6 @@ nil end - # Get additional kernel parameters - # @return additional kernel parameters - def GetAdditionalFailsafeParams - if Stage.initial - nopcmcia = SCR.Read(path(".etc.install_inf.NoPCMCIA")) == "1" - @additional_failsafe_params = nopcmcia ? " NOPCMCIA " : "" - else - saved_params = Convert.convert( - SCR.Read(path(".target.ycp"), "/var/lib/YaST2/bootloader.ycp"), - :from => "any", - :to => "map <string, any>" - ) - @additional_failsafe_params = Ops.get_string( - saved_params, - "additional_failsafe_params", - "" - ) - end - @additional_failsafe_params - end - # Check if the bootloader can be installed at all with current configuration # @return [Boolean] true if it can def BootloaderInstallable diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/include/bootloader/routines/wizards.rb new/yast2-bootloader-3.1.138/src/include/bootloader/routines/wizards.rb --- old/yast2-bootloader-3.1.133/src/include/bootloader/routines/wizards.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/include/bootloader/routines/wizards.rb 2015-07-09 11:32:37.000000000 +0200 @@ -114,7 +114,7 @@ ) ret = Sequencer.Run(my_aliases, sequence) - UI.CloseDialog + Wizard.CloseDialog ret end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/lib/bootloader/grub2base.rb new/yast2-bootloader-3.1.138/src/lib/bootloader/grub2base.rb --- old/yast2-bootloader-3.1.133/src/lib/bootloader/grub2base.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/lib/bootloader/grub2base.rb 2015-07-09 11:32:37.000000000 +0200 @@ -6,6 +6,10 @@ module Yast # Common base for GRUB2 specialized classes class GRUB2Base < Module + # @!attribute password + # @return [::Bootloader::GRUB2Pwd] stored password configuration object + attr_reader :password + def main Yast.import "UI" @@ -30,11 +34,7 @@ # for simplified widgets than other Yast.include self, "bootloader/grub2/dialogs.rb" - # password can have three states - # 1. nil -> remove password - # 2. "" -> do not change it - # 3. "something" -> set password to this value - @password = "" + @password = ::Bootloader::GRUB2Pwd.new end # general functions @@ -122,7 +122,7 @@ end BootCommon.globals["append"] ||= BootArch.DefaultKernelParams(resume) - BootCommon.globals["append_failsafe"] ||= BootArch.FailsafeKernelParams + BootCommon.globals["failsafe_disabled"] = "true" if BootCommon.globals["failsafe_disabled"].nil? # long name doesn't fit 800x600 GRUB screens, using short name by default # (bnc#873675) BootCommon.globals["distributor"] ||= Product.short_name @@ -146,14 +146,7 @@ # overwrite Save to allow generation of modification scripts def Save(clean, init, flush) - case @password - when nil - GRUB2Pwd.new.disable - when "" - # do nothing - else - GRUB2Pwd.new.enable @password - end + @password.write BootCommon.Save(clean, init, flush) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/lib/bootloader/grub2pwd.rb new/yast2-bootloader-3.1.138/src/lib/bootloader/grub2pwd.rb --- old/yast2-bootloader-3.1.133/src/lib/bootloader/grub2pwd.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/lib/bootloader/grub2pwd.rb 2015-07-09 11:32:37.000000000 +0200 @@ -1,63 +1,145 @@ require "yast" -# class is responsible for detection, encryption and writing of grub2 password protection -class GRUB2Pwd - YAST_BASH_PATH = Yast::Path.new(".target.bash_output") - PWD_ENCRYPTION_FILE = "/etc/grub.d/42_password" +Yast.import "Stage" - def used? - Yast.import "FileUtils" +module Bootloader + # class is responsible for detection, encryption and writing of grub2 password protection + class GRUB2Pwd + # @!attribute used + # @return [Boolean] specifies if password protection enabled + # + # @!attribute unrestricted + # @return [Boolean] specifies if unrestricted password protection should be used (see fate#318574) + attr_accessor :used, :unrestricted + alias_method :used?, :used + alias_method :unrestricted?, :unrestricted + + # Reads or proposes configuration depending on stage + def initialize + if Yast::Stage.initial + propose + else + read + end + end - Yast::FileUtils.Exists PWD_ENCRYPTION_FILE - end + # writes configuration to disk + def write + if used? + enable + else + disable + end + end - def enable(password) - enc_passwd = encrypt(password) + # Sets password in encrypted form + # @param [String] value plain text password + def password=(value) + @encrypted_password = encrypt(value) + end - file_content = "#! /bin/sh\n" \ - "exec tail -n +3 $0\n" \ - "# File created by YaST and next password change in YaST will overwrite it\n" \ - "set superusers=\"root\"\n" \ - "password_pbkdf2 root #{enc_passwd}\n" \ - "export superusers" - - Yast::SCR.Write( - Yast::Path.new(".target.string"), - [PWD_ENCRYPTION_FILE, 0700], - file_content - ) - end + # Gets if password is specified + # Rationale for this method is that in some cases it is possible + # to disable password configuration, but still keep old configuration in + # object, so after enabling it again it use old configuration + def password? + !@encrypted_password.nil? + end - def disable - return unless used? + private - Yast::SCR.Execute(YAST_BASH_PATH, "rm '#{PWD_ENCRYPTION_FILE}'") - end + YAST_BASH_PATH = Yast::Path.new(".local.bash_output") + PWD_ENCRYPTION_FILE = "/etc/grub.d/42_password" -private + def propose + @used = false + @unrestricted = true + @encrypted_password = nil # not set by default + end - def encrypt(password) - Yast.import "String" + def read + if !used_on_target? + propose + return + end + + @used = true + content = Yast::SCR.Read( + Yast::Path.new(".target.string"), + PWD_ENCRYPTION_FILE + ) + + unrestricted_lines = content.lines.grep(/unrestricted_menu\s*=\s*\"y\"\s*/) + @unrestricted = !unrestricted_lines.empty? + + pwd_line = content.lines.grep(/password_pbkdf2 root/).first + + if !pwd_line + raise "Cannot find encrypted password, YaST2 password generator in /etc/grub.d is probably modified." + end - quoted_password = Yast::String.Quote(password) - result = Yast::WFM.Execute(YAST_BASH_PATH, - "echo '#{quoted_password}\n#{quoted_password}\n' | LANG=C grub2-mkpasswd-pbkdf2" - ) + @encrypted_password = pwd_line[/password_pbkdf2 root (\S+)/, 1] + end + + def used_on_target? + Yast.import "FileUtils" - if result["exit"] != 0 - raise "Failed to create encrypted password for grub2. Command output: #{result["stderr"]}" + Yast::FileUtils.Exists PWD_ENCRYPTION_FILE end - pwd_line = result["stdout"].split("\n").grep(/password is/).first - if !pwd_line - raise "INTERNAL ERROR: output do not contain encrypted password. Output: #{result["stdout"]}" + def enable + raise "Wrong code: password not written" unless @encrypted_password + + # The files in /etc/grub.d are programs that write GRUB 2 programs on their stdout. + # So 'exec tail' is a way of saying "just echo the rest of this program as its output". + file_content = "#! /bin/sh\n" \ + "exec tail -n +3 $0\n" \ + "# File created by YaST and next YaST run probably overwrite it\n" \ + "set superusers=\"root\"\n" \ + "password_pbkdf2 root #{@encrypted_password}\n" \ + "export superusers\n" + + if @unrestricted + file_content << "set unrestricted_menu=\"y\"\n" \ + "export unrestricted_menu\n" + end + + Yast::SCR.Write( + Yast::Path.new(".target.string"), + [PWD_ENCRYPTION_FILE, 0700], + file_content + ) end - ret = pwd_line[/^.*password is\s*(\S+)/, 1] - if !ret - raise "INTERNAL ERROR: output do not contain encrypted password. Output: #{result["stdout"]}" + def disable + return unless used_on_target? + + Yast::SCR.Execute(YAST_BASH_PATH, "rm '#{PWD_ENCRYPTION_FILE}'") end - ret + def encrypt(password) + Yast.import "String" + + quoted_password = Yast::String.Quote(password) + result = Yast::WFM.Execute(YAST_BASH_PATH, + "echo '#{quoted_password}\n#{quoted_password}\n' | LANG=C grub2-mkpasswd-pbkdf2" + ) + + if result["exit"] != 0 + raise "Failed to create encrypted password for grub2. Command output: #{result["stderr"]}" + end + + pwd_line = result["stdout"].split("\n").grep(/password is/).first + if !pwd_line + raise "INTERNAL ERROR: output do not contain encrypted password. Output: #{result["stdout"]}" + end + + ret = pwd_line[/^.*password is\s*(\S+)/, 1] + if !ret + raise "INTERNAL ERROR: output do not contain encrypted password. Output: #{result["stdout"]}" + end + + ret + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/lib/bootloader/mbr_update.rb new/yast2-bootloader-3.1.138/src/lib/bootloader/mbr_update.rb --- old/yast2-bootloader-3.1.133/src/lib/bootloader/mbr_update.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/lib/bootloader/mbr_update.rb 2015-07-09 11:32:37.000000000 +0200 @@ -19,6 +19,9 @@ # Update contents of MBR (active partition and booting code) # @return [Boolean] true on success def run + # s390 do not use MBR at all, so nothing to do + return true if Yast::Arch.s390 + activate = Yast::BootCommon.globals["activate"] == "true" generic_mbr = Yast::BootCommon.globals["generic_mbr"] == "true" @@ -136,11 +139,13 @@ next unless can_activate_partition?(num) log.info "Activating partition #{num} on #{mbr_dev}" - # this is needed only on gpt disks but we run it always - # anyway; parted just fails, then - set_parted_flag(mbr_dev, num, "legacy_boot") + # set corresponding flag only bnc#930903 + if mbr_is_gpt? + out = set_parted_flag(mbr_dev, num, "legacy_boot") + else + out = set_parted_flag(mbr_dev, num, "boot") + end - out = set_parted_flag(mbr_dev, num, "boot") ret &&= out["exit"].zero? end ret diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/modules/BootArch.rb new/yast2-bootloader-3.1.138/src/modules/BootArch.rb --- old/yast2-bootloader-3.1.133/src/modules/BootArch.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/modules/BootArch.rb 2015-07-09 11:32:37.000000000 +0200 @@ -68,29 +68,6 @@ end end - # Get parameters for the failsafe kernel - # @return [String] parameters for failsafe kernel - def FailsafeKernelParams - if Arch.i386 - ret = "showopts apm=off noresume nosmp maxcpus=0 edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset" - elsif Arch.x86_64 - ret = "showopts apm=off noresume edd=off powersaved=off nohz=off highres=off processor.max_cstate=1 nomodeset" - elsif Arch.s390 - ret = "#{DefaultKernelParams("")} noresume" - else - log.warn "Parameters for Failsafe boot option not defined" - ret = "" - end - if Stage.initial - ret << " NOPCMCIA" if Linuxrc.InstallInf("NOPCMCIA") == "1" - else - saved_params = SCR.Read(path(".target.ycp"), "/var/lib/YaST2/bootloader.ycp") - ret << ((saved_params && saved_params["additional_failsafe_params"]) || "") - end - - ret << " x11failsafe" - end - # Is VGA parameter setting available # @return true if vga= can be set def VgaAvailable @@ -128,7 +105,6 @@ end publish :function => :DefaultKernelParams, :type => "string (string)" - publish :function => :FailsafeKernelParams, :type => "string ()" publish :function => :VgaAvailable, :type => "boolean ()" publish :function => :ResumeAvailable, :type => "boolean ()" publish :function => :StrArch, :type => "string ()" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/modules/BootCommon.rb new/yast2-bootloader-3.1.138/src/modules/BootCommon.rb --- old/yast2-bootloader-3.1.133/src/modules/BootCommon.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/modules/BootCommon.rb 2015-07-09 11:32:37.000000000 +0200 @@ -114,8 +114,6 @@ # map of save mode settings @write_settings = {} - @additional_failsafe_params = "" - # other variables # bootloader installation variables @@ -561,7 +559,6 @@ publish :function => :setKernelParamToLine, :type => "string (string, string, string)" publish :function => :restoreMBR, :type => "boolean (string)" publish :function => :UpdateInstallationKernelParameters, :type => "void ()" - publish :function => :GetAdditionalFailsafeParams, :type => "string ()" publish :function => :BootloaderInstallable, :type => "boolean ()" publish :function => :PartitionInstallable, :type => "boolean ()" publish :function => :getBootDisk, :type => "string ()" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/modules/BootGRUB2.rb new/yast2-bootloader-3.1.138/src/modules/BootGRUB2.rb --- old/yast2-bootloader-3.1.133/src/modules/BootGRUB2.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/modules/BootGRUB2.rb 2015-07-09 11:32:37.000000000 +0200 @@ -85,6 +85,9 @@ end end + # always disable failsafe unless user manually enable it (fate#317016) + BootCommon.globals["failsafe_disabled"] = "true" if BootCommon.globals["failsafe_disabled"].nil? + @orig_globals ||= deep_copy(BootCommon.globals) ret end @@ -345,7 +348,6 @@ publish :variable => :grub_descriptions, :type => "map <string, string>" publish :variable => :grub2_help_messages, :type => "map <string, string>" publish :variable => :grub2_descriptions, :type => "map <string, string>" - publish :variable => :password, :type => "string" publish :function => :askLocationResetPopup, :type => "boolean (string)" publish :function => :grub2Widgets, :type => "map <string, map <string, any>> ()" publish :function => :grub2efiWidgets, :type => "map <string, map <string, any>> ()" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/modules/BootGRUB2EFI.rb new/yast2-bootloader-3.1.138/src/modules/BootGRUB2EFI.rb --- old/yast2-bootloader-3.1.133/src/modules/BootGRUB2EFI.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/modules/BootGRUB2EFI.rb 2015-07-09 11:32:37.000000000 +0200 @@ -43,6 +43,10 @@ BootCommon.Read(false, avoid_reading_device_map) # read status of secure boot to boot common cache (bnc#892032) BootCommon.getSystemSecureBootStatus(reread) + + # always disable failsafe unless user manually enable it (fate#317016) + BootCommon.globals["failsafe_disabled"] = "true" if BootCommon.globals["failsafe_disabled"].nil? + @orig_globals ||= deep_copy(BootCommon.globals) end @@ -159,7 +163,6 @@ publish :variable => :grub_descriptions, :type => "map <string, string>" publish :variable => :grub2_help_messages, :type => "map <string, string>" publish :variable => :grub2_descriptions, :type => "map <string, string>" - publish :variable => :password, :type => "string" publish :function => :askLocationResetPopup, :type => "boolean (string)" publish :function => :grub2Widgets, :type => "map <string, map <string, any>> ()" publish :function => :grub2efiWidgets, :type => "map <string, map <string, any>> ()" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/src/modules/Bootloader.rb new/yast2-bootloader-3.1.138/src/modules/Bootloader.rb --- old/yast2-bootloader-3.1.133/src/modules/Bootloader.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/src/modules/Bootloader.rb 2015-07-09 11:32:37.000000000 +0200 @@ -412,7 +412,6 @@ FLAVOR_KERNEL_LINE_MAP = { :common => "append", - :recovery => "append_failsafe", :xen_guest => "xen_append", :xen_host => "xen_kernel_append" } @@ -427,8 +426,8 @@ # Bootloader.kernel_param(:common, "crashkernel") # => "256M@64B" # - # @example get cio_ignore parameter for recovery kernel when missing - # Bootloader.kernel_param(:recovery, "cio_ignore") + # @example get cio_ignore parameter for xen_host kernel when missing + # Bootloader.kernel_param(:xen_host, "cio_ignore") # => :missing # # @example get verbose parameter for xen_guest which is there @@ -437,6 +436,11 @@ # def kernel_param(flavor, key) + if flavor == :recovery + log.warn "Using deprecated recovery flavor" + return :missing + end + ReadOrProposeIfNeeded() # ensure we have some data kernel_line_key = FLAVOR_KERNEL_LINE_MAP[flavor] @@ -456,21 +460,21 @@ # string value. Other parameters specify which kernel flavors are affected. # Known values are: # - `:common` for non-specific flavor - # - `:recovery` for fallback boot entries + # - `:recovery` DEPRECATED: no longer use # - `:xen_guest` for xen guest kernels # - `:xen_host` for xen host kernels # - # @example add crashkernel parameter to common kernel, xen guest and also recovery - # Bootloader.modify_kernel_params(:common, :recovery, :xen_guest, "crashkernel" => "256M@64M") + # @example add crashkernel parameter to common kernel and xen guest + # Bootloader.modify_kernel_params(:common, :xen_guest, "crashkernel" => "256M@64M") # # @example same as before just with array passing - # targets = [:common, :recovery, :xen_guest] + # targets = [:common, :xen_guest] # Bootloader.modify_kernel_params(targets, "crashkernel" => "256M@64M") # # @example remove cio_ignore parameter for common kernel only # Bootloader.modify_kernel_params("cio_ignore" => :missing) # - # @example add feature_a parameter and remove feature_b from xen host kernel + # @example add cio_ignore parameter for xen host kernel # Bootloader.modify_kernel_params(:xen_host, "cio_ignore" => :present) # def modify_kernel_params(*args) @@ -481,6 +485,11 @@ args = [:common] if args.empty? # by default change common kernels only args = args.first if args.first.is_a? Array # support array like syntax + if args.include?(:recovery) + args.delete(:recovery) + log.warn "recovery flavor is deprecated and not set" + end + # remap symbols to something that setKernelParamToLine understand remap_values = { :missing => "false", @@ -559,7 +568,6 @@ def write_proposed_params(params_to_save) return unless Stage.initial - params_to_save["additional_failsafe_params"] = BootCommon.GetAdditionalFailsafeParams params_to_save["installation_kernel_params"] = Kernel.GetCmdLine SCR.Write( path(".target.ycp"), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/test/boot_arch_test.rb new/yast2-bootloader-3.1.138/test/boot_arch_test.rb --- old/yast2-bootloader-3.1.133/test/boot_arch_test.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/test/boot_arch_test.rb 2015-07-09 11:32:37.000000000 +0200 @@ -142,36 +142,4 @@ end end end - - describe ".FailsafeKernelParams" do - it "returns string with failsafe parameters" do - stub_arch("x86_64") - - expect(subject.FailsafeKernelParams).to be_a(::String) - end - - it "returns default parameters with noresume on s390" do - stub_arch("s390_64") - - expect(subject.FailsafeKernelParams).to include("noresume") - end - - it "return NOPCMCIA if installation start with it" do - allow(Yast::Stage).to receive(:initial).and_return(true) - allow(Yast::Linuxrc).to receive(:InstallInf).with("NOPCMCIA").and_return("1") - - expect(subject.FailsafeKernelParams).to include("NOPCMCIA") - end - - it "always set x11failsafe" do - expect(subject.FailsafeKernelParams).to include("x11failsafe") - end - - it "use stored additional parameters on already installed system" do - allow(Yast::Stage).to receive(:initial).and_return(false) - allow(Yast::SCR).to receive(:Read).and_return("additional_failsafe_params" => "ultra_safe=1") - - expect(subject.FailsafeKernelParams).to include("ultra_safe=1") - end - end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/test/grub2pwd_test.rb new/yast2-bootloader-3.1.138/test/grub2pwd_test.rb --- old/yast2-bootloader-3.1.133/test/grub2pwd_test.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/test/grub2pwd_test.rb 2015-07-09 11:32:37.000000000 +0200 @@ -4,8 +4,12 @@ require "bootloader/grub2pwd" -describe GRUB2Pwd do - subject { GRUB2Pwd.new } +describe Bootloader::GRUB2Pwd do + before do + # by default use initial stage to get proposed values + Yast.import "Stage" + allow(Yast::Stage).to receive(:initial).and_return(true) + end def mock_file_presence(exists) Yast.import "FileUtils" @@ -13,39 +17,201 @@ .and_return(exists) end - describe "#used?" do - it "return true if exists file #{GRUB2Pwd::PWD_ENCRYPTION_FILE}" do - mock_file_presence(true) - expect(subject.used?).to eq(true) + ENCRYPTED_PASSWORD = "grub.pbkdf2.sha512.10000.774E325959D6D7BCFB7384A0245674D83D0D540A89C02FEA81E35489F8DE7ADFD93988190AD9857A0FFF363825DDF97C8F4E658D8CC49FC4A22C053B08AB3EFE.6FB19FF26FD03D85C40A33D8BA7C04E72EDE3DD5D7080C177553A4FED370F71C579AF0B15B3B93ECECEA355469A4B6D0560BFB53ED35DDA0B80F5363BFBD54E4" + + FILE_CONTENT_RESTRICTED = "#! /bin/sh\n" \ + "exec tail -n +3 $0\n" \ + "# File created by YaST and next YaST run probably overwrite it\n" \ + "set superusers=\"root\"\n" \ + "password_pbkdf2 root #{ENCRYPTED_PASSWORD}\n" \ + "export superusers\n" + + FILE_CONTENT_UNRESTRICTED = FILE_CONTENT_RESTRICTED + + "set unrestricted_menu=\"y\"\n" \ + "export unrestricted_menu\n" + + FILE_CONTENT_WRONG = "#! /bin/sh\n" \ + "exec tail -n +3 $0\n" \ + "# File created by YaST and next YaST run probably overwrite it\n" \ + + + describe ".new" do + context "in first stage" do + before do + allow(Yast::Stage).to receive(:initial).and_return(true) + end + + it "propose to not use password" do + expect(subject.used?).to eq false + end + + it "propose to use unrestricted mode" do + expect(subject.unrestricted?).to eq true + end + + it "do not have any password used" do + expect(subject.password?).to eq false + end end - end - describe "#disable" do - it "removes file #{GRUB2Pwd::PWD_ENCRYPTION_FILE} when exists" do - mock_file_presence(true) + context "outside of first stage" do + before do + allow(Yast::Stage).to receive(:initial).and_return(false) + end + + context "Grub password generator file do not exists" do + before do + Yast.import "FileUtils" + allow(Yast::FileUtils).to receive(:Exists) + .with(described_class::PWD_ENCRYPTION_FILE) + .and_return(false) + end + + it "sets that password protection is not used" do + expect(subject.used?).to eq false + end + + it "propose to use unrestricted mode" do + expect(subject.unrestricted?).to eq true + end + + it "do not have any password used" do + expect(subject.password?).to eq false + end + end + + context "Grub password generator file exists" do + before do + Yast.import "FileUtils" + allow(Yast::FileUtils).to receive(:Exists) + .with(described_class::PWD_ENCRYPTION_FILE) + .and_return(true) + + allow(Yast::SCR).to receive(:Read) + .with(path(".target.string"), described_class::PWD_ENCRYPTION_FILE) + .and_return(FILE_CONTENT_RESTRICTED) + end + + it "sets that password protection is used" do + expect(subject.used?).to eq true + end + + it "sets that password is specified" do + expect(subject.password?).to eq true + end + + it "sets restricted mode as is specified in file" do + allow(Yast::SCR).to receive(:Read) + .with(path(".target.string"), described_class::PWD_ENCRYPTION_FILE) + .and_return(FILE_CONTENT_RESTRICTED) + + expect(described_class.new.unrestricted?).to eq false + + allow(Yast::SCR).to receive(:Read) + .with(path(".target.string"), described_class::PWD_ENCRYPTION_FILE) + .and_return(FILE_CONTENT_UNRESTRICTED) + + expect(described_class.new.unrestricted?).to eq true + end + + it "raises exception if file content is not correct" do + allow(Yast::SCR).to receive(:Read) + .with(path(".target.string"), described_class::PWD_ENCRYPTION_FILE) + .and_return(FILE_CONTENT_WRONG) + + expect { described_class.new }.to raise_error + end + end + end + end - expect(Yast::SCR).to receive(:Execute).with(kind_of(Yast::Path), "rm '#{GRUB2Pwd::PWD_ENCRYPTION_FILE}'") + describe "#write" do + context "password protection disabled" do + before do + subject.used = false + end + + it "deletes Grub password generator file" do + Yast.import "FileUtils" + allow(Yast::FileUtils).to receive(:Exists) + .with(described_class::PWD_ENCRYPTION_FILE) + .and_return(true) + + expect(Yast::SCR).to receive(:Execute) + .with(described_class::YAST_BASH_PATH, "rm '#{described_class::PWD_ENCRYPTION_FILE}'") + + subject.write + end + + it "does nothing if Grub password generator file does not exist" do + Yast.import "FileUtils" + expect(Yast::FileUtils).to receive(:Exists) + .with(described_class::PWD_ENCRYPTION_FILE) + .and_return(false) - subject.disable + subject.write + end end - it "do nothing if file #{GRUB2Pwd::PWD_ENCRYPTION_FILE} does not exist" do - mock_file_presence(false) - - expect(Yast::SCR).to receive(:Execute).never + context "password protection enabled" do + before do + subject.used = true + subject.unrestricted = false + # set directly encrypted password + subject.instance_variable_set(:@encrypted_password, ENCRYPTED_PASSWORD) + end + + it "writes Grub password generator file" do + expect(Yast::SCR).to receive(:Write) + .with( + path(".target.string"), + [described_class::PWD_ENCRYPTION_FILE, 0700], + FILE_CONTENT_RESTRICTED + ) + + subject.write + end + + it "writes unrestricted generator if unrestricted variable set on" do + subject.unrestricted = true + expect(Yast::SCR).to receive(:Write) + .with( + path(".target.string"), + [described_class::PWD_ENCRYPTION_FILE, 0700], + FILE_CONTENT_UNRESTRICTED + ) + + subject.write + end + + it "writes restricted generator if unrestricted variable set off" do + subject.unrestricted = false + expect(Yast::SCR).to receive(:Write) + .with( + path(".target.string"), + [described_class::PWD_ENCRYPTION_FILE, 0700], + FILE_CONTENT_RESTRICTED + ) + + subject.write + end + + it "raises exception if password configuration is proposed and password not set" do + config = described_class.new + config.used = true - subject.disable + expect { config.write }.to raise_error + end end end - describe "#enabled" do - it "write encrypted password to #{GRUB2Pwd::PWD_ENCRYPTION_FILE} with executable permissions" do - passwd = "grub.pbkdf2.sha512.10000.774E325959D6D7BCFB7384A0245674D83D0D540A89C02FEA81E35489F8DE7ADFD93988190AD9857A0FFF363825DDF97C8F4E658D8CC49FC4A22C053B08AB3EFE.6FB19FF26FD03D85C40A33D8BA7C04E72EDE3DD5D7080C177553A4FED370F71C579AF0B15B3B93ECECEA355469A4B6D0560BFB53ED35DDA0B80F5363BFBD54E4" + describe "#password=" do + it "sets encrypted version of given password" do success_stdout = <<EOF Enter password: Reenter password: - PBKDF2 hash of your password is #{passwd} + PBKDF2 hash of your password is #{ENCRYPTED_PASSWORD} EOF expect(Yast::WFM).to receive(:Execute) @@ -55,52 +221,47 @@ "stderr" => "", "stdout" => success_stdout ) - expect(Yast::SCR).to receive(:Write).with( - kind_of(Yast::Path), - [GRUB2Pwd::PWD_ENCRYPTION_FILE, 0700], - /#{passwd}/ - ) + subject.password = "really strong password" + + expect(subject.instance_variable_get(:@encrypted_password)).to eq ENCRYPTED_PASSWORD + end + end - subject.enable("really strong password") + describe "#password?" do + it "returns false if password configuration is proposed from scratch" do + expect(subject.password?).to eq false end - it "raise exception if grub2-mkpasswd-pbkdf failed" do - expect(Yast::WFM).to receive(:Execute) - .with(kind_of(Yast::Path), /grub2-mkpasswd/) - .and_return( - "exit" => 1, - "stderr" => "bad error", - "stdout" => "" - ) - expect(Yast::SCR).to receive(:Write).never + it "returns false if password is not enabled on disk" do + allow(Yast::Stage).to receive(:initial).and_return(false) + + Yast.import "FileUtils" + allow(Yast::FileUtils).to receive(:Exists) + .with(described_class::PWD_ENCRYPTION_FILE) + .and_return(false) - expect { subject.enable("really strong password") }.to raise_error(RuntimeError, /bad error/) + expect(subject.password?).to eq false end - it "raise exception if grub2-mkpasswd-pbkdf do not provide password" do - expect(Yast::WFM).to receive(:Execute) - .with(kind_of(Yast::Path), /grub2-mkpasswd/) - .and_return( - "exit" => 0, - "stderr" => "", - "stdout" => "bad output" - ) - expect(Yast::SCR).to receive(:Write).never + it "returns true if password configuration exists on disk" do + allow(Yast::Stage).to receive(:initial).and_return(false) + + Yast.import "FileUtils" + allow(Yast::FileUtils).to receive(:Exists) + .with(described_class::PWD_ENCRYPTION_FILE) + .and_return(true) + + allow(Yast::SCR).to receive(:Read) + .with(path(".target.string"), described_class::PWD_ENCRYPTION_FILE) + .and_return(FILE_CONTENT_RESTRICTED) - expect { subject.enable("really strong password") }.to raise_error(RuntimeError, /bad output/) + expect(subject.password?).to eq true end - it "raise exception if grub2-mkpasswd-pbkdf create password line but without password" do - expect(Yast::WFM).to receive(:Execute) - .with(kind_of(Yast::Path), /grub2-mkpasswd/) - .and_return( - "exit" => 0, - "stderr" => "", - "stdout" => "password is" - ) - expect(Yast::SCR).to receive(:Write).never + it "returns true if password explicitly set" do + subject.instance_variable_set(:@encrypted_password, ENCRYPTED_PASSWORD) - expect { subject.enable("really strong password") }.to raise_error(RuntimeError, /password is/) + expect(subject.password?).to eq true end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/test/mbr_update_test.rb new/yast2-bootloader-3.1.138/test/mbr_update_test.rb --- old/yast2-bootloader-3.1.133/test/mbr_update_test.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/test/mbr_update_test.rb 2015-07-09 11:32:37.000000000 +0200 @@ -20,6 +20,9 @@ dev + num.to_s end + # by default common architecture" + allow(Yast::Arch).to receive(:architecture).and_return("x86_64") + # fake query for gpt label allow(Yast::Storage).to receive(:GetTargetMap).and_return( double(:fetch => { "label" => "msdos" }, @@ -28,6 +31,21 @@ ) end + context "on s390" do + before do + allow(Yast::Arch).to receive(:s390).and_return(true) + end + + it "does nothing except returning true" do + expect(Yast::WFM).to_not receive(:Execute) + expect(Yast::SCR).to_not receive(:Execute) + expect_any_instance_of(::Bootloader::BootRecordBackup).to_not( + receive(:write) + ) + expect(subject.run).to eq true + end + end + context "BootCommon.backup_mbr config is not set" do before do Yast::BootCommon.backup_mbr = false @@ -176,112 +194,132 @@ allow(Yast::WFM).to receive(:Execute).and_return("exit" => 0, "stdout" => "") end - it "sets boot flag on all partitions in Bootloader devices" do - allow(Yast::BootCommon).to receive(:GetBootloaderDevices) - .and_return(["/dev/sda1", "/dev/sdb1"]) - - expect(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 1 boot on/) - .and_return("exit" => 0) - subject.run - end - - it "resets all old boot flags on disk before set boot flag" do - allow(Yast::BootCommon).to receive(:GetBootloaderDevices) - .and_return(["/dev/sda1", "/dev/sdb1"]) - - parted_output = "BYT;\n" \ - "/dev/sda:500GB:scsi:512:4096:gpt:ATA WDC WD5000BPKT-7:;\n" \ - "1:1049kB:165MB:164MB:fat16:primary:boot, legacy_boot;\n" \ - "2:165MB:8760MB:8595MB:linux-swap(v1):primary:;\n" \ - "3:8760MB:30.2GB:21.5GB:ext4:primary:boot;\n" \ - "4:30.2GB:500GB:470GB:ext4:primary:legacy_boot;" - - allow(Yast::WFM).to receive(:Execute) - .with(anything, /parted -m \/dev\/sda print/) - .and_return( - "exit" => 0, - "stdout" => parted_output - ) - expect(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 1 boot off/) - .and_return( - "exit" => 0, - "stdout" => parted_output - ) - expect(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 3 boot off/) - .and_return( - "exit" => 0, - "stdout" => parted_output + context "disk label is DOS mbr" do + before do + allow(Yast::Storage).to receive(:GetTargetMap).and_return( + double(:fetch => { "label" => "msdos" }, + :[] => { "label" => "msdos" } + ) ) + end - subject.run - end - - it "returns false if any setting of boot flag failed" do - allow(Yast::BootCommon).to receive(:GetBootloaderDevices) - .and_return(["/dev/sda1", "/dev/sdb1"]) - - allow(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 1 boot on/) - .and_return("exit" => 1) - - expect(subject.run).to be false - end - - it "sets legacy_boot flag on all partitions in Bootloader devices" do - allow(Yast::BootCommon).to receive(:GetBootloaderDevices) - .and_return(["/dev/sda1", "/dev/sdb1"]) - - expect(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 1 legacy_boot on/) - .and_return("exit" => 0) - subject.run - end - - it "resets all old boot flags on disk before set boot flag" do - allow(Yast::BootCommon).to receive(:GetBootloaderDevices) - .and_return(["/dev/sda1", "/dev/sdb1"]) - - parted_output = "BYT;\n" \ - "/dev/sda:500GB:scsi:512:4096:gpt:ATA WDC WD5000BPKT-7:;\n" \ - "1:1049kB:165MB:164MB:fat16:primary:boot, legacy_boot;\n" \ - "2:165MB:8760MB:8595MB:linux-swap(v1):primary:;\n" \ - "3:8760MB:30.2GB:21.5GB:ext4:primary:boot;\n" \ - "4:30.2GB:500GB:470GB:ext4:primary:legacy_boot;" - - allow(Yast::WFM).to receive(:Execute) - .with(anything, /parted -m \/dev\/sda print/) - .and_return( - "exit" => 0, - "stdout" => parted_output - ) - expect(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 1 legacy_boot off/) - .and_return( - "exit" => 0, - "stdout" => parted_output - ) - expect(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 4 legacy_boot off/) - .and_return( - "exit" => 0, - "stdout" => parted_output + it "sets boot flag on all partitions in Bootloader devices" do + allow(Yast::BootCommon).to receive(:GetBootloaderDevices) + .and_return(["/dev/sda1", "/dev/sdb1"]) + + expect(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 1 boot on/) + .and_return("exit" => 0) + subject.run + end + + it "resets all old boot flags on disk before set boot flag" do + allow(Yast::BootCommon).to receive(:GetBootloaderDevices) + .and_return(["/dev/sda1", "/dev/sdb1"]) + + parted_output = "BYT;\n" \ + "/dev/sda:500GB:scsi:512:4096:gpt:ATA WDC WD5000BPKT-7:;\n" \ + "1:1049kB:165MB:164MB:fat16:primary:boot, legacy_boot;\n" \ + "2:165MB:8760MB:8595MB:linux-swap(v1):primary:;\n" \ + "3:8760MB:30.2GB:21.5GB:ext4:primary:boot;\n" \ + "4:30.2GB:500GB:470GB:ext4:primary:legacy_boot;" + + allow(Yast::WFM).to receive(:Execute) + .with(anything, /parted -m \/dev\/sda print/) + .and_return( + "exit" => 0, + "stdout" => parted_output + ) + expect(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 1 boot off/) + .and_return( + "exit" => 0, + "stdout" => parted_output + ) + expect(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 3 boot off/) + .and_return( + "exit" => 0, + "stdout" => parted_output + ) + + subject.run + end + + it "returns false if any setting of boot flag failed" do + allow(Yast::BootCommon).to receive(:GetBootloaderDevices) + .and_return(["/dev/sda1", "/dev/sdb1"]) + + allow(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 1 boot on/) + .and_return("exit" => 1) + + expect(subject.run).to be false + end + end + + context "disk label is GPT" do + before do + allow(Yast::Storage).to receive(:GetTargetMap).and_return( + double(:fetch => { "label" => "gpt" }, + :[] => { "label" => "gpt" } + ) ) + end - subject.run - end - - it "do not return false if setting legacy_boot failed" do - allow(Yast::BootCommon).to receive(:GetBootloaderDevices) - .and_return(["/dev/sda1", "/dev/sdb1"]) - - allow(Yast::WFM).to receive(:Execute) - .with(anything, /parted -s \/dev\/sda set 1 legacy_boot on/) - .and_return("exit" => 1) + it "sets legacy_boot flag on all partitions in Bootloader devices" do + allow(Yast::BootCommon).to receive(:GetBootloaderDevices) + .and_return(["/dev/sda1", "/dev/sdb1"]) + + expect(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 1 legacy_boot on/) + .and_return("exit" => 0) + subject.run + end + + it "resets all old boot flags on disk before set boot flag" do + allow(Yast::BootCommon).to receive(:GetBootloaderDevices) + .and_return(["/dev/sda1", "/dev/sdb1"]) + + parted_output = "BYT;\n" \ + "/dev/sda:500GB:scsi:512:4096:gpt:ATA WDC WD5000BPKT-7:;\n" \ + "1:1049kB:165MB:164MB:fat16:primary:boot, legacy_boot;\n" \ + "2:165MB:8760MB:8595MB:linux-swap(v1):primary:;\n" \ + "3:8760MB:30.2GB:21.5GB:ext4:primary:boot;\n" \ + "4:30.2GB:500GB:470GB:ext4:primary:legacy_boot;" + + allow(Yast::WFM).to receive(:Execute) + .with(anything, /parted -m \/dev\/sda print/) + .and_return( + "exit" => 0, + "stdout" => parted_output + ) + expect(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 1 legacy_boot off/) + .and_return( + "exit" => 0, + "stdout" => parted_output + ) + expect(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 4 legacy_boot off/) + .and_return( + "exit" => 0, + "stdout" => parted_output + ) + + subject.run + end + + it "returns false if setting legacy_boot failed" do + allow(Yast::BootCommon).to receive(:GetBootloaderDevices) + .and_return(["/dev/sda1", "/dev/sdb1"]) + + allow(Yast::WFM).to receive(:Execute) + .with(anything, /parted -s \/dev\/sda set 1 legacy_boot on/) + .and_return("exit" => 1) - expect(subject.run).to be true + expect(subject.run).to be false + end end it "do not set any flag on old DOS MBR for logical partitions" do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-bootloader-3.1.133/test/test_helper.rb new/yast2-bootloader-3.1.138/test/test_helper.rb --- old/yast2-bootloader-3.1.133/test/test_helper.rb 2015-06-04 14:57:08.000000000 +0200 +++ new/yast2-bootloader-3.1.138/test/test_helper.rb 2015-07-09 11:32:37.000000000 +0200 @@ -1,6 +1,7 @@ ENV["Y2DIR"] = File.expand_path("../../src", __FILE__) require "yast" +require "yast/rspec" require "yaml" if ENV["COVERAGE"]
