Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2021-06-25 15:00:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall" Fri Jun 25 15:00:39 2021 rev:92 rq:901305 version:4.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2021-05-02 18:36:12.376924735 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new.2625/yast2-firewall.changes 2021-06-25 15:01:06.968135343 +0200 @@ -1,0 +2,6 @@ +Wed Jun 16 12:33:45 UTC 2021 - Jos?? Iv??n L??pez Gonz??lez <[email protected]> + +- Use Installation::SecuritySettings (related to jsc#PM-2620). +- 4.4.1 + +------------------------------------------------------------------- Old: ---- yast2-firewall-4.4.0.tar.bz2 New: ---- yast2-firewall-4.4.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.Bowklc/_old 2021-06-25 15:01:07.416135889 +0200 +++ /var/tmp/diff_new_pack.Bowklc/_new 2021-06-25 15:01:07.420135894 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.4.0 +Version: 4.4.1 Release: 0 Summary: YaST2 - Firewall Configuration License: GPL-2.0-only ++++++ yast2-firewall-4.4.0.tar.bz2 -> yast2-firewall-4.4.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/package/yast2-firewall.changes new/yast2-firewall-4.4.1/package/yast2-firewall.changes --- old/yast2-firewall-4.4.0/package/yast2-firewall.changes 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/package/yast2-firewall.changes 2021-06-22 11:13:15.000000000 +0200 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Wed Jun 16 12:33:45 UTC 2021 - Jos?? Iv??n L??pez Gonz??lez <[email protected]> + +- Use Installation::SecuritySettings (related to jsc#PM-2620). +- 4.4.1 + +------------------------------------------------------------------- Tue Apr 20 13:51:55 UTC 2021 - Ladislav Slez??k <[email protected]> - 4.4.0 (bsc#1185510) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/package/yast2-firewall.spec new/yast2-firewall-4.4.1/package/yast2-firewall.spec --- old/yast2-firewall-4.4.0/package/yast2-firewall.spec 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/package/yast2-firewall.spec 2021-06-22 11:13:15.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.4.0 +Version: 4.4.1 Release: 0 Summary: YaST2 - Firewall Configuration Group: System/YaST diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/src/clients/firewall_finish.rb new/yast2-firewall-4.4.1/src/clients/firewall_finish.rb --- old/yast2-firewall-4.4.0/src/clients/firewall_finish.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/src/clients/firewall_finish.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,22 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require "y2firewall/clients/installation_finish" - -Y2Firewall::Clients::InstallationFinish.run diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/src/clients/firewall_proposal.rb new/yast2-firewall-4.4.1/src/clients/firewall_proposal.rb --- old/yast2-firewall-4.4.0/src/clients/firewall_proposal.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/src/clients/firewall_proposal.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,22 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require "y2firewall/clients/proposal" - -Y2Firewall::Clients::Proposal.new.run diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/src/lib/y2firewall/clients/auto.rb new/yast2-firewall-4.4.1/src/lib/y2firewall/clients/auto.rb --- old/yast2-firewall-4.4.0/src/lib/y2firewall/clients/auto.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/src/lib/y2firewall/clients/auto.rb 2021-06-22 11:13:15.000000000 +0200 @@ -20,7 +20,7 @@ require "yast" require "y2firewall/firewalld" require "y2firewall/autoyast" -require "y2firewall/proposal_settings" +require "installation/security_settings" require "y2firewall/summary_presenter" require "y2firewall/dialogs/main" require "y2firewall/autoinst_profile/firewall_section" @@ -235,9 +235,9 @@ Firewalld.instance end - # @return [Y2Firewall::ProposalSettings] + # @return [::Installation::SecuritySettings] def settings - ProposalSettings.instance + ::Installation::SecuritySettings.instance end # Set that the firewall has to be enabled when writing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/src/lib/y2firewall/clients/installation_finish.rb new/yast2-firewall-4.4.1/src/lib/y2firewall/clients/installation_finish.rb --- old/yast2-firewall-4.4.0/src/lib/y2firewall/clients/installation_finish.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/src/lib/y2firewall/clients/installation_finish.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,114 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require "yast" -require "y2firewall/firewalld" -require "y2firewall/proposal_settings" -require "y2firewall/clients/auto" -require "installation/finish_client" - -Yast.import "Mode" - -module Y2Firewall - module Clients - # This is a step of base installation finish and it is responsible of write - # the firewall proposal configuration for installation and autoinstallation - # modes. - class InstallationFinish < ::Installation::FinishClient - include Yast::I18n - include Yast::Logger - - # Y2Firewall::ProposalSettings instance - attr_accessor :settings - # Y2Firewall::Firewalld instance - attr_accessor :firewalld - - # Constuctor - def initialize - textdomain "firewall" - @settings = ProposalSettings.instance - @firewalld = Firewalld.instance - end - - def title - _("Writing Firewall Configuration...") - end - - def modes - [:installation, :autoinst] - end - - def write - # If the profile is missing then firewall section is not present at all. - # The firewall will be configured according to product proposals then. - if Yast::Mode.auto && Y2Firewall::Clients::Auto.profile - log.info("Firewall: running configuration according to the AY profile") - - return Y2Firewall::Clients::Auto.new.write - end - - Service.Enable("sshd") if @settings.enable_sshd - configure_firewall if @firewalld.installed? - true - end - - private - - # Modifies the configuration of the firewall according to the current - # settings - def configure_firewall - configure_firewall_service - configure_ssh - configure_vnc - end - - # Convenience method to enable / disable the firewalld service depending - # on the proposal settings - def configure_firewall_service - # and also only installation, not upgrade one. NOTE: installation mode include auto - return unless Yast::Mode.installation - - @settings.enable_firewall ? @firewalld.enable! : @firewalld.disable! - end - - # Convenience method to open the ssh ports in firewalld depending on the - # proposal settings - def configure_ssh - if @settings.open_ssh - @firewalld.api.add_service(@settings.default_zone, "ssh") - else - @firewalld.api.remove_service(@settings.default_zone, "ssh") - end - end - - # Convenience method to open the vnc ports in firewalld depending on the - # proposal settings - def configure_vnc - return unless @settings.open_vnc - - if @firewalld.api.service_supported?("tigervnc") - @firewalld.api.add_service(@settings.default_zone, "tigervnc") - @firewalld.api.add_service(@settings.default_zone, "tigervnc-https") - else - log.error "tigervnc service definition is not available" - end - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/src/lib/y2firewall/clients/proposal.rb new/yast2-firewall-4.4.1/src/lib/y2firewall/clients/proposal.rb --- old/yast2-firewall-4.4.0/src/lib/y2firewall/clients/proposal.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/src/lib/y2firewall/clients/proposal.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,233 +0,0 @@ -#!/usr/bin/env ruby -# -# encoding: utf-8 - -# Copyright (c) [2017] SUSE LLC -# -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of version 2 of the GNU General Public License as published -# by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, contact SUSE LLC. -# -# To contact SUSE LLC about this file by physical or electronic mail, you may -# find current contact information at www.suse.com. - -require "yast" -require "erb" -require "y2firewall/firewalld/api" -require "y2firewall/proposal_settings" -require "y2firewall/dialogs/proposal" -require "installation/proposal_client" - -module Y2Firewall - module Clients - # Firewall and SSH installation proposal client - class Proposal < ::Installation::ProposalClient - include Yast::I18n - include Yast::Logger - - # [Y2Firwall::ProposalSettings] Stores the proposal settings - attr_accessor :settings - - SERVICES_LINKS = [ - LINK_ENABLE_FIREWALL = "firewall--enable_firewall".freeze, - LINK_DISABLE_FIREWALL = "firewall--disable_firewall".freeze, - LINK_OPEN_SSH_PORT = "firewall--open_ssh".freeze, - LINK_BLOCK_SSH_PORT = "firewall--close_ssh".freeze, - LINK_ENABLE_SSHD = "firewall--enable_sshd".freeze, - LINK_DISABLE_SSHD = "firewall--disable_sshd".freeze, - LINK_OPEN_VNC = "firewall--open_vnc".freeze, - LINK_CLOSE_VNC = "firewall--close_vnc".freeze, - LINK_CPU_MITIGATIONS = "firewall--cpu_mitigations".freeze - ].freeze - - LINK_FIREWALL_DIALOG = "firewall".freeze - - # Constructor - def initialize - Yast.import "UI" - Yast.import "HTML" - textdomain "firewall" - - @settings ||= ProposalSettings.instance - end - - def description - # TODO: temporary dgettext only to avoid new translation - { - # Proposal title - "rich_text_title" => Yast::Builtins.dgettext("security", "Security"), - # Menu entry label - "menu_title" => Yast::Builtins.dgettext("ncurses-pkg", "&Security"), - "id" => LINK_FIREWALL_DIALOG - } - end - - def make_proposal(_attrs) - { - "preformatted_proposal" => preformatted_proposal, - "warning_level" => :warning, - "links" => SERVICES_LINKS, - "warning" => warning - } - end - - def preformatted_proposal - Yast::HTML.List(proposals) - end - - def warning - return nil unless @settings.access_problem? - - # TRANSLATORS: proposal warning text preventing the user to block - # the root login by error. - _("The 'root' user uses only SSH key-based authentication. <br>" \ - "With the current settings the user might not be allowed to login.") - end - - def ask_user(param) - chosen_link = param["chosen_id"] - result = :next - log.info "User clicked #{chosen_link}" - - if SERVICES_LINKS.include?(chosen_link) - call_proposal_action_for(chosen_link) - elsif chosen_link == LINK_FIREWALL_DIALOG - result = Y2Firewall::Dialogs::Proposal.new(@settings).run - else - raise "INTERNAL ERROR: unknown action '#{chosen_link}' for proposal client" - end - - { "workflow_sequence" => result } - end - - def write - { "success" => true } - end - - private - - # Obtain and call the corresponding method for the clicked link. - def call_proposal_action_for(link) - action = link.gsub("firewall--", "") - if action == "cpu_mitigations" - bootloader_dialog - else - @settings.public_send("#{action}!") - end - end - - # Array with the available proposal descriptions. - # - # @return [Array<String>] services and ports descriptions - def proposals - # Filter proposals with content - [cpu_mitigations_proposal, firewall_proposal, sshd_proposal, - ssh_port_proposal, vnc_fw_proposal].compact - end - - # Returns the cpu mitigation part of the bootloader proposal description - # Returns nil if this part should be skipped - # @return [String] proposal html text - def cpu_mitigations_proposal - require "bootloader/bootloader_factory" - bl = ::Bootloader::BootloaderFactory.current - return nil if bl.name == "none" - - mitigations = bl.cpu_mitigations - - res = _("CPU Mitigations: ") + "<a href=\"#{LINK_CPU_MITIGATIONS}\">" + - ERB::Util.html_escape(mitigations.to_human_string) + "</a>" - log.info "mitigations output #{res.inspect}" - res - end - - def bootloader_dialog - require "bootloader/config_dialog" - Yast.import "Bootloader" - - begin - # do it in own dialog window - Yast::Wizard.CreateDialog - dialog = ::Bootloader::ConfigDialog.new(initial_tab: :kernel) - settings = Yast::Bootloader.Export - result = dialog.run - if result != :next - Yast::Bootloader.Import(settings) - else - Yast::Bootloader.proposed_cfg_changed = true - end - ensure - Yast::Wizard.CloseDialog - end - end - - # Returns the VNC-port part of the firewall proposal description - # Returns nil if this part should be skipped - # @return [String] proposal html text - def vnc_fw_proposal - # It only makes sense to show the blocked ports if firewall is - # enabled (bnc#886554) - return nil unless @settings.enable_firewall - # Show VNC port only if installing over VNC - return nil unless Linuxrc.vnc - - if @settings.open_vnc - _("VNC ports will be open (<a href=\"%s\">block</a>)") % LINK_CLOSE_VNC - else - _("VNC ports will be blocked (<a href=\"%s\">open</a>)") % LINK_OPEN_VNC - end - end - - # Returns the SSH-port part of the firewall proposal description - # Returns nil if this part should be skipped - # @return [String] proposal html text - def ssh_port_proposal - return nil unless @settings.enable_firewall - - if @settings.open_ssh - _("SSH port will be open (<a href=\"%s\">block</a>)") % LINK_BLOCK_SSH_PORT - else - _("SSH port will be blocked (<a href=\"%s\">open</a>)") % LINK_OPEN_SSH_PORT - end - end - - # Returns the Firewalld service part of the firewall proposal description - # @return [String] proposal html text - def firewall_proposal - if @settings.enable_firewall - _( - "Firewall will be enabled (<a href=\"%s\">disable</a>)" - ) % LINK_DISABLE_FIREWALL - else - _( - "Firewall will be disabled (<a href=\"%s\">enable</a>)" - ) % LINK_ENABLE_FIREWALL - end - end - - # Returns the SSH service part of the firewall proposal description - # @return [String] proposal html text - def sshd_proposal - if @settings.enable_sshd - _( - "SSH service will be enabled (<a href=\"%s\">disable</a>)" - ) % LINK_DISABLE_SSHD - else - _( - "SSH service will be disabled (<a href=\"%s\">enable</a>)" - ) % LINK_ENABLE_SSHD - end - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/src/lib/y2firewall/dialogs/proposal.rb new/yast2-firewall-4.4.1/src/lib/y2firewall/dialogs/proposal.rb --- old/yast2-firewall-4.4.0/src/lib/y2firewall/dialogs/proposal.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/src/lib/y2firewall/dialogs/proposal.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,92 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require "yast" -require "cwm/dialog" -require "y2firewall/widgets/proposal" - -Yast.import "Hostname" -Yast.import "Mode" - -module Y2Firewall - module Dialogs - # Dialog for firewall and ssh proposal configuration - class Proposal < CWM::Dialog - def initialize(settings) - textdomain "firewall" - - @settings = settings - end - - def title - _("Basic Firewall and SSH Configuration") - end - - def contents - VBox( - Frame( - _("Firewall and SSH service"), - HSquash( - MarginBox( - 0.5, - 0.5, - VBox( - Widgets::FirewallSSHProposal.new(@settings) - ) - ) - ) - ) - ) - end - - def abort_button - "" - end - - def back_button - # do not show back button when running on running system. See CWM::Dialog.back_button - Yast::Mode.installation ? nil : "" - end - - def next_button - Yast::Mode.installation ? Yast::Label.OKButton : Yast::Label.FinishButton - end - - def disable_buttons - [:abort] - end - - protected - - # Hostname of the current system. - # - # Getting the hostname is sometimes a little bit slow, so the value is - # cached to be reused in every dialog redraw - # - # @return [String] - def hostname - @hostname ||= Yast::Hostname.CurrentHostname - end - - def should_open_dialog? - true - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/src/lib/y2firewall/proposal_settings.rb new/yast2-firewall-4.4.1/src/lib/y2firewall/proposal_settings.rb --- old/yast2-firewall-4.4.0/src/lib/y2firewall/proposal_settings.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/src/lib/y2firewall/proposal_settings.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,192 +0,0 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require "yast" - -Yast.import "UsersSimple" - -module Y2Firewall - # Class that stores the proposal settings for firewalld during installation. - class ProposalSettings - include Yast::Logger - include Yast::I18n - - # [Boolean] Whether the firewalld service will be enable - attr_accessor :enable_firewall - # [Boolean] Whether the sshd service will be enable - attr_accessor :enable_sshd - # [Boolean] Whether the ssh port will be opened - attr_accessor :open_ssh - # [Boolean] Whether the vnc port will be opened - attr_accessor :open_vnc - # [String] Name of the default zone where perform the changes - attr_accessor :default_zone - - # Constructor - def initialize - Yast.import "PackagesProposal" - Yast.import "ProductFeatures" - Yast.import "Linuxrc" - - load_features - enable_firewall! if @enable_firewall - enable_sshd! if wanted_enable_sshd? - open_ssh! if wanted_open_ssh? - open_vnc! if wanted_open_vnc? - # FIXME: obtain from Y2Firewall::Firewalld, control file or allow to - # chose a different one in the proposal - @default_zone = "public" - end - - # Load the default values defined in the control file - def load_features - load_feature(:enable_firewall, :enable_firewall) - load_feature(:firewall_enable_ssh, :open_ssh) - load_feature(:enable_sshd, :enable_sshd) - end - - # Services - - # Add the firewall package to be installed and sets the firewalld service - # to be enabled - def enable_firewall! - Yast::PackagesProposal.AddResolvables("firewall", :package, ["firewalld"]) - - log.info "Enabling Firewall" - self.enable_firewall = true - end - - # Remove the firewalld package from being installed and sets the firewalld - # service to be disabled - def disable_firewall! - Yast::PackagesProposal.RemoveResolvables("firewall", :package, ["firewalld"]) - log.info "Disabling Firewall" - self.enable_firewall = false - end - - # Add the openssh package to be installed and sets the sshd service - # to be enabled - def enable_sshd! - Yast::PackagesProposal.AddResolvables("firewall", :package, ["openssh"]) - log.info "Enabling SSHD" - self.enable_sshd = true - end - - # Remove the openssh package from being installed and sets the sshd service - # to be disabled - def disable_sshd! - Yast::PackagesProposal.RemoveResolvables("firewall", :package, ["openssh"]) - log.info "Disabling SSHD" - self.enable_sshd = false - end - - # Set the ssh port to be opened - def open_ssh! - log.info "Opening SSH port" - self.open_ssh = true - end - - # Set the ssh port to be closed - def close_ssh! - log.info "Opening SSH port" - self.open_ssh = false - end - - # Set the vnc port to be opened - def open_vnc! - log.info "Close VNC port" - self.open_vnc = true - end - - # Set the vnc port to be closed - def close_vnc! - log.info "Close VNC port" - self.open_vnc = false - end - - # Return whether the current settings could be a problem for the user to - # login - # - # @return [Boolean] true if the root user uses only public key - # authentication and the system is not accesible through ssh - def access_problem? - # public key is not the only way - return false unless only_public_key_auth - - # without running sshd it is useless - return true unless @enable_sshd - - # firewall is up and port for ssh is not open - @enable_firewall && !@open_ssh - end - - private - - def load_feature(feature, to, source: global_section) - value = Yast::Ops.get(source, feature.to_s) - public_send("#{to}=", value) unless value.nil? - end - - def global_section - Yast::ProductFeatures.GetSection("globals") - end - - def wanted_enable_sshd? - Yast::Linuxrc.usessh || only_public_key_auth || @enable_sshd - end - - def wanted_open_ssh? - Yast::Linuxrc.usessh || only_public_key_auth || @open_ssh - end - - def wanted_open_vnc? - Yast::Linuxrc.vnc - end - - # Determines whether only public key authentication is supported - # - # @note If the root user does not have a password, we assume that we will use a public - # key in order to log into the system. In such a case, we need to enable the SSH - # service (including opening the port). - def only_public_key_auth - Yast::UsersSimple.GetRootPassword.empty? - end - - class << self - def run - instance.run - end - - # Singleton instance - def instance - create_instance unless @instance - @instance - end - - # Enforce a new clean instance - def create_instance - @instance = new - end - - # Make sure only .instance and .create_instance can be used to - # create objects - private :new, :allocate - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/test/lib/y2firewall/clients/auto_test.rb new/yast2-firewall-4.4.1/test/lib/y2firewall/clients/auto_test.rb --- old/yast2-firewall-4.4.0/test/lib/y2firewall/clients/auto_test.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/test/lib/y2firewall/clients/auto_test.rb 2021-06-22 11:13:15.000000000 +0200 @@ -1,23 +1,23 @@ #!/usr/bin/env rspec -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC +# Copyright (c) [2017-2021] SUSE LLC # +# All Rights Reserved. # -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as published +# by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. # -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. +# You should have received a copy of the GNU General Public License along +# with this program; if not, contact SUSE LLC. # -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ +# To contact SUSE LLC about this file by physical or electronic mail, you may +# find current contact information at www.suse.com. require_relative "../../../test_helper" require "y2firewall/dialogs/main" @@ -36,8 +36,12 @@ allow(firewalld).to receive(:installed?).and_return(installed) allow(subject).to receive(:autoyast).and_return(autoyast) allow_any_instance_of(Y2Firewall::Firewalld::Api).to receive(:running?).and_return(false) + + allow(subject).to receive(:settings).and_return(security_settings) end + let(:security_settings) { double("::Installation::SecuritySettings", enable_firewall: false) } + describe "#summary" do let(:installed) { false } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/test/lib/y2firewall/clients/installation_finish_test.rb new/yast2-firewall-4.4.1/test/lib/y2firewall/clients/installation_finish_test.rb --- old/yast2-firewall-4.4.0/test/lib/y2firewall/clients/installation_finish_test.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/test/lib/y2firewall/clients/installation_finish_test.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,167 +0,0 @@ -#!/usr/bin/env rspec - -require_relative "../../../test_helper" -require "y2firewall/clients/installation_finish" - -Yast.import "Service" - -describe Y2Firewall::Clients::InstallationFinish do - before do - allow_any_instance_of(Y2Firewall::Firewalld::Api).to receive(:running?).and_return(false) - end - - let(:proposal_settings) { Y2Firewall::ProposalSettings.instance } - let(:firewalld) { Y2Firewall::Firewalld.instance } - - describe "#title" do - it "returns translated string" do - expect(subject.title).to be_a(::String) - end - end - - describe "#modes" do - it "runs on installation and autoinstallation" do - expect(subject.modes).to eq([:installation, :autoinst]) - end - end - - describe "#write" do - let(:enable_sshd) { false } - let(:installed) { true } - - before do - allow(proposal_settings).to receive(:enable_sshd).and_return(enable_sshd) - allow(firewalld).to receive(:installed?).and_return(installed) - allow(proposal_settings).to receive(:open_ssh).and_return(false) - allow(subject).to receive(:configure_firewall) - end - - it "enables the sshd service if enabled in the proposal" do - allow(proposal_settings).to receive(:enable_sshd).and_return(true) - expect(Yast::Service).to receive(:Enable).with("sshd") - - subject.write - end - - context "when firewalld is not installed" do - let(:installed) { false } - - it "returns true" do - expect(subject).to_not receive(:configure_firewall) - expect(subject.write).to eq true - end - end - - context "when firewalld is installed" do - it "configures the firewall according to the proposal settings" do - expect(subject).to receive(:configure_firewall) - - subject.write - end - - it "returns true" do - expect(subject.write).to eq true - end - end - - context "when running in AutoYaST" do - before(:each) do - allow(Y2Firewall::Clients::Auto).to receive(:profile).and_return(profile) - allow(Yast::Mode).to receive(:auto).and_return(true) - end - - context "when firewall section is present" do - let(:profile) { { "enable_firewall" => true } } - - it "calls AY client write" do - expect_any_instance_of(Y2Firewall::Clients::Auto).to receive(:write) - - subject.write - end - end - - context "when firewall section is not present" do - let(:profile) { nil } - - it "configures firewall according to product settings" do - expect(subject).to receive(:configure_firewall) - - subject.write - end - end - end - end - - describe "#configure_firewall" do - let(:enable_firewall) { false } - let(:api) do - instance_double(Y2Firewall::Firewalld::Api, remove_service: true, add_service: true) - end - let(:installation) { true } - - before do - allow(proposal_settings).to receive(:enable_firewall).and_return(enable_firewall) - allow(firewalld).to receive(:api).and_return(api) - allow(firewalld).to receive(:enable!) - allow(firewalld).to receive(:disable!) - allow(Yast::Mode).to receive(:installation).and_return(installation) - allow(proposal_settings).to receive(:open_ssh).and_return(false) - end - - context "during an installation" do - it "enables the firewalld service if enabled in the proposal" do - allow(proposal_settings).to receive(:enable_firewall).and_return(true) - expect(firewalld).to receive(:enable!) - - subject.send(:configure_firewall) - end - - it "disables the firewalld service if disabled in the proposal" do - expect(firewalld).to receive(:disable!) - - subject.send(:configure_firewall) - end - end - - it "adds the ssh service to the default zone if opened in the proposal" do - expect(proposal_settings).to receive(:open_ssh).and_return(true) - expect(api).to receive(:add_service).with(proposal_settings.default_zone, "ssh") - - subject.send(:configure_firewall) - end - - it "removes the ssh service from the default zone if blocked in the proposal" do - expect(api).to receive(:remove_service).with(proposal_settings.default_zone, "ssh") - - subject.send(:configure_firewall) - end - - context "when vnc is proposed to be open" do - let(:service_available) { true } - - before do - allow(proposal_settings).to receive(:open_vnc).and_return(true) - allow(api).to receive(:service_supported?).with("tigervnc").and_return(service_available) - end - - context "and the tigervnc service definition is available" do - it "adds the tigervnc and the tigervnc-https services to the default zone" do - expect(api).to receive(:add_service).with(proposal_settings.default_zone, "tigervnc") - expect(api).to receive(:add_service) - .with(proposal_settings.default_zone, "tigervnc-https") - - subject.send(:configure_firewall) - end - end - - context "and the tigervnc service definition is not available" do - let(:service_available) { false } - it "logs the error" do - expect(subject.log).to receive(:error).with(/service definition is not available/) - - subject.send(:configure_firewall) - end - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/test/lib/y2firewall/clients/proposal_test.rb new/yast2-firewall-4.4.1/test/lib/y2firewall/clients/proposal_test.rb --- old/yast2-firewall-4.4.0/test/lib/y2firewall/clients/proposal_test.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/test/lib/y2firewall/clients/proposal_test.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,162 +0,0 @@ -#!/usr/bin/env rspec -# Copyright (c) [2017] SUSE LLC -# -# All Rights Reserved. -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of version 2 of the GNU General Public License as published -# by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, contact SUSE LLC. -# -# To contact SUSE LLC about this file by physical or electronic mail, you may -# find current contact information at www.suse.com. - -require_relative "../../../test_helper.rb" -require "y2firewall/clients/proposal" - -describe Y2Firewall::Clients::Proposal do - subject(:client) { described_class.new } - let(:proposal_settings) { Y2Firewall::ProposalSettings.instance } - - before do - # skip bootloader proposal to avoid build dependency on it - allow(subject).to receive(:cpu_mitigations_proposal) - end - - describe "#initialize" do - it "instantiates a new proposal settings" do - expect(Y2Firewall::ProposalSettings).to receive(:instance) - - described_class.new - end - end - - describe "#description" do - it "returns a hash with 'id', 'rich_text_title' and 'menu_title'" do - description = client.description - expect(description).to be_a Hash - expect(description).to include("id", "menu_title", "rich_text_title") - end - end - - describe "#ask_user" do - let(:param) { { "chosen_id" => action } } - let(:dialog) { instance_double(Y2Firewall::Dialogs::Proposal) } - - before do - allow(Y2Firewall::Dialogs::Proposal).to receive(:new).and_return(dialog) - end - - context "when 'chosen_id' is equal to the description id" do - let(:action) { client.description["id"] } - - it "runs the proposal dialog" do - expect(dialog).to receive(:run) - - client.ask_user(param) - end - - it "returns a hash with the proposal dialog result for 'workflow_sequence' key" do - allow(dialog).to receive(:run).and_return(:result) - - result = client.ask_user(param) - expect(result).to be_a(Hash) - expect(result["workflow_sequence"]).to eq :result - end - end - - context "when 'chosen_id' corresponds to some of the services links" do - let(:action) { Y2Firewall::Clients::Proposal::SERVICES_LINKS.first } - - it "calls the corresponding action for the chosen link" do - expect(client).to receive("call_proposal_action_for").with(action) - - client.ask_user(param) - end - - it "returns a hash with :next for 'workflow_sequence' key" do - result = client.ask_user(param) - expect(result).to be_a(Hash) - expect(result["workflow_sequence"]).to eq :next - end - end - end - - describe "#make_proposal" do - let(:firewall_enabled) { false } - - before do - allow(proposal_settings).to receive("enable_firewall").and_return(firewall_enabled) - end - - it "returns a hash with 'preformatted_proposal', 'links', 'warning_level' and 'warning'" do - allow(Yast::HTML).to receive("List").and_return("<ul><li>Proposal link</li></ul>") - - proposal = client.make_proposal({}) - expect(proposal).to be_a Hash - expect(proposal).to include("preformatted_proposal", "links", "warning_level") - end - - context "when firewalld is disabled" do - it "returns the 'preformatted_proposal' without links to open/close ports" do - proposal = client.make_proposal({}) - - expect(proposal["preformatted_proposal"]).to_not include("port") - end - end - - context "when firewalld is enabled" do - let(:firewall_enabled) { true } - - it "returns the 'preformatted_proposal' with links to open/close ports" do - proposal = client.make_proposal({}) - - expect(proposal["preformatted_proposal"]).to include("port") - end - end - - context "when the user uses only SSH key based authentication" do - let(:ssh_enabled) { true } - let(:ssh_open) { true } - - before do - allow(proposal_settings).to receive(:only_public_key_auth).and_return(true) - proposal_settings.enable_sshd = ssh_enabled - proposal_settings.open_ssh = ssh_open - end - - context "and the SSH service is enabled" do - context "and the SSH port is open" do - it "the 'proposal' does not contain a warning message" do - proposal = client.make_proposal({}) - expect(proposal["warning"]).to be_nil - end - end - context "and the SSH port is close" do - let(:ssh_open) { false } - - it "returns the proposal warning about the situation" do - proposal = client.make_proposal({}) - expect(proposal["warning"]).to include("might not be allowed") - end - end - end - - context "and the SSH is disabled" do - let(:ssh_enabled) { false } - - it "returns the proposal warning about the situation" do - proposal = client.make_proposal({}) - expect(proposal["warning"]).to include("might not be allowed") - end - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/test/lib/y2firewall/dialogs/proposal_test.rb new/yast2-firewall-4.4.1/test/lib/y2firewall/dialogs/proposal_test.rb --- old/yast2-firewall-4.4.0/test/lib/y2firewall/dialogs/proposal_test.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/test/lib/y2firewall/dialogs/proposal_test.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,33 +0,0 @@ -#!/usr/bin/env rspec - -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require_relative "../../../test_helper.rb" - -require "cwm/rspec" -require "y2firewall/dialogs/proposal" - -describe Y2Firewall::Dialogs::Proposal do - let(:settings) { instance_double("Y2Firewall::ProposalSettings") } - - subject { described_class.new(settings) } - - include_examples "CWM::Dialog" -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/test/lib/y2firewall/proposal_settings_test.rb new/yast2-firewall-4.4.1/test/lib/y2firewall/proposal_settings_test.rb --- old/yast2-firewall-4.4.0/test/lib/y2firewall/proposal_settings_test.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/test/lib/y2firewall/proposal_settings_test.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,267 +0,0 @@ -#!/usr/bin/env rspec - -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require_relative "../../test_helper.rb" -require "y2firewall/proposal_settings" - -Yast.import "Linuxrc" -Yast.import "ProductFeatures" - -describe Y2Firewall::ProposalSettings do - subject { described_class.create_instance } - let(:global_section) do - { - "enable_firewall" => false, - "enable_sshd" => false, - "firewall_enable_ssh" => false - } - end - let(:use_vnc) { false } - let(:use_ssh) { false } - let(:root_password) { "secret" } - - before do - allow(Yast::Linuxrc).to receive(:vnc).and_return(use_vnc) - allow(Yast::Linuxrc).to receive(:usessh).and_return(use_ssh) - allow(Yast::UsersSimple).to receive(:GetRootPassword).and_return(root_password) - - allow(Yast::ProductFeatures).to receive("GetSection") - .with("globals").and_return(global_section) - end - - describe "#initialize" do - it "loads the default values from the control file" do - expect_any_instance_of(described_class).to receive(:load_features) - - described_class.create_instance - end - - context "when firewall has been enabled in the control file" do - let(:global_section) { { "enable_firewall" => true, "enable_sshd" => false } } - - it "sets firewalld service to be enabled" do - expect_any_instance_of(described_class).to receive(:enable_firewall!) - - described_class.create_instance - end - end - - context "when ssh has been enable by Linuxrc" do - let(:use_ssh) { true } - - it "sets ssh service to be enabled" do - expect_any_instance_of(described_class).to receive(:enable_sshd!) - - described_class.create_instance - end - - it "sets the ssh port to be opened" do - expect_any_instance_of(described_class).to receive(:open_ssh!) - - described_class.create_instance - end - end - - context "when vnc has been enable by Linuxrc" do - let(:use_vnc) { true } - - it "sets the vnc port to be opened" do - expect_any_instance_of(described_class).to receive(:open_vnc!) - - described_class.create_instance - end - end - - context "when no root password was set" do - before do - allow(Yast::Linuxrc).to receive(:usessh).and_return(false) - allow(Yast::UsersSimple).to receive(:GetRootPassword) - .and_return("") - end - - it "opens SSH to allow public key authentication" do - expect_any_instance_of(described_class).to receive(:enable_sshd!) - expect_any_instance_of(described_class).to receive(:open_ssh!) - - described_class.create_instance - end - end - end - - describe "#enable_firewall!" do - it "sets firewalld service to be enabled" do - allow(Yast::PackagesProposal).to receive("AddResolvables") - .with("firewall", :package, ["firewalld"]) - - expect(subject.enable_firewall).to be(false) - subject.enable_firewall! - expect(subject.enable_firewall).to be(true) - end - - it "adds the firewalld package to be installed" do - expect(Yast::PackagesProposal).to receive("AddResolvables") - .with("firewall", :package, ["firewalld"]) - - subject.enable_firewall! - end - end - - describe "#disable_firewall!" do - it "sets firewalld service to be disabled" do - allow(Yast::PackagesProposal).to receive("RemoveResolvables") - .with("firewall", :package, ["firewalld"]) - - subject.disable_firewall! - expect(subject.enable_firewall).to be(false) - end - - it "removes the firewalld package for current selection" do - expect(Yast::PackagesProposal).to receive("RemoveResolvables") - .with("firewall", :package, ["firewalld"]) - - subject.disable_firewall! - end - end - - describe "#enable_sshd!" do - it "sets sshd service to be enabled" do - allow(Yast::PackagesProposal).to receive("AddResolvables") - .with("firewall", :package, ["openssh"]) - - subject.enable_sshd! - expect(subject.enable_sshd).to be(true) - end - - it "adds the openssh package to be installed" do - expect(Yast::PackagesProposal).to receive("AddResolvables") - .with("firewall", :package, ["openssh"]) - - subject.enable_sshd! - end - end - - describe "#disable_sshd!" do - it "sets sshd service to be disabled" do - allow(Yast::PackagesProposal).to receive("RemoveResolvables") - .with("firewall", :package, ["openssh"]) - - subject.disable_sshd! - expect(subject.enable_sshd).to be(false) - end - - it "removes the openssh package for current selection" do - expect(Yast::PackagesProposal).to receive("RemoveResolvables") - .with("firewall", :package, ["openssh"]) - - subject.disable_sshd! - end - end - - describe "#open_ssh!" do - it "sets the ssh port to be opened" do - subject.open_ssh = false - subject.open_ssh! - expect(subject.open_ssh).to be(true) - end - end - - describe "#close_ssh!" do - it "sets the ssh port to be closed" do - subject.open_ssh = true - subject.close_ssh! - expect(subject.open_ssh).to be(false) - end - end - - describe "#open_vnc!" do - it "sets the vnc port to be opened" do - subject.open_vnc = false - subject.open_vnc! - expect(subject.open_vnc).to be(true) - end - end - - describe "#close_vnc!" do - it "sets the vnc port to be closed" do - subject.open_vnc = true - subject.close_vnc! - expect(subject.open_vnc).to be(false) - end - end - - describe "#access_problem?" do - let(:ssh_enabled) { true } - let(:firewall_enabled) { true } - let(:ssh_open) { true } - let(:only_ssh_key_auth) { true } - - before do - subject.enable_sshd = ssh_enabled - subject.enable_firewall = firewall_enabled - subject.open_ssh = ssh_open - allow(subject).to receive(:only_public_key_auth).and_return(only_ssh_key_auth) - end - - context "when the root user uses only SSH key based authentication" do - context "when sshd is enabled" do - context "and firewall is enabled" do - context "and the SSH port is open" do - it "returns false" do - expect(subject.access_problem?).to eql(false) - end - end - - context "and the SSH port is close" do - let(:ssh_open) { false } - - it "returns true" do - expect(subject.access_problem?).to eql(true) - end - end - end - - context "and firewall is disabled" do - let(:firewall_enabled) { false } - - it "returns false" do - expect(subject.access_problem?).to eql(false) - end - end - end - - context "when sshd is disabled" do - let(:ssh_enabled) { false } - - it "returns true" do - expect(subject.access_problem?).to eql(true) - end - end - end - - context "when the root user uses password authentication" do - let(:only_ssh_key_auth) { false } - - it "returns false" do - expect(subject.access_problem?).to eql(false) - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/test/lib/y2firewall/widgets/proposal_test.rb new/yast2-firewall-4.4.1/test/lib/y2firewall/widgets/proposal_test.rb --- old/yast2-firewall-4.4.0/test/lib/y2firewall/widgets/proposal_test.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/test/lib/y2firewall/widgets/proposal_test.rb 2021-06-22 11:13:15.000000000 +0200 @@ -1,35 +1,32 @@ #!/usr/bin/env rspec -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC +# Copyright (c) [2017-2021] SUSE LLC # +# All Rights Reserved. # -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as published +# by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. # -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. +# You should have received a copy of the GNU General Public License along +# with this program; if not, contact SUSE LLC. # -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ +# To contact SUSE LLC about this file by physical or electronic mail, you may +# find current contact information at www.suse.com. require_relative "../../../test_helper.rb" require "cwm/rspec" require "y2firewall/widgets/proposal" -require "y2firewall/proposal_settings" describe Y2Firewall::Widgets do let(:proposal_settings) do - instance_double( - Y2Firewall::ProposalSettings, enable_firewall: true, enable_sshd: true, - open_ssh: true, open_vnc: true - ) + double("::Installation::SecuritySettings", enable_firewall: true, enable_sshd: true, + open_ssh: true, open_vnc: true) end describe Y2Firewall::Widgets::FirewallSSHProposal do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.4.0/test/test_helper.rb new/yast2-firewall-4.4.1/test/test_helper.rb --- old/yast2-firewall-4.4.0/test/test_helper.rb 2021-04-30 18:15:20.000000000 +0200 +++ new/yast2-firewall-4.4.1/test/test_helper.rb 2021-06-22 11:13:15.000000000 +0200 @@ -1,21 +1,21 @@ -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC +# Copyright (c) [2017-2021] SUSE LLC # +# All Rights Reserved. # -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as published +# by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. # -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. +# You should have received a copy of the GNU General Public License along +# with this program; if not, contact SUSE LLC. # -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ +# To contact SUSE LLC about this file by physical or electronic mail, you may +# find current contact information at www.suse.com. # Set the paths srcdir = File.expand_path("../src", __dir__) @@ -25,6 +25,21 @@ require "yast" require "yast/rspec" +LIBS_TO_SKIP = ["installation/security_settings"].freeze + +# Hack to avoid to require some files +# +# This is here to avoid a cyclic dependency with yast-installation at build time. +# The package yast-firewall does not include a BuildRequires for yast-installation, so the require +# for files defined by that package must be avoided. +module Kernel + alias_method :old_require, :require + + def require(path) + old_require(path) unless LIBS_TO_SKIP.include?(path) + end +end + # stub module to prevent its Import # Useful for modules from different yast packages, to avoid build dependencies def stub_module(name, fake_class = nil) @@ -34,11 +49,8 @@ # stub classes from other modules to speed up a build # rubocop:disable Style/SingleLineMethods -# rubocop:disable Style/MethodName stub_module("AutoInstall", Class.new { def self.issues_list; []; end }) -stub_module("UsersSimple", Class.new { def self.GetRootPassword; "secret"; end }) # rubocop:enable Style/SingleLineMethods -# rubocop:enable Style/MethodName # some tests have translatable messages ENV["LANG"] = "en_US.UTF-8"
