Hello community,
here is the log from the commit of package yast2-firewall for openSUSE:Factory
checked in at 2018-02-07 18:18:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old)
and /work/SRC/openSUSE:Factory/.yast2-firewall.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall"
Wed Feb 7 18:18:04 2018 rev:58 rq:573225 version:4.0.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes
2018-02-02 22:18:51.959444736 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes
2018-02-07 18:18:22.220961320 +0100
@@ -1,0 +2,8 @@
+Mon Feb 5 21:02:57 UTC 2018 - knut.anders...@suse.com
+
+- AutoYaST: When a profile using the SuSEFirewall2 schema is used,
+ the user is reported with an error if some property is not
+ supported or with a warning in other case. (fate#323460)
+- 4.0.11
+
+-------------------------------------------------------------------
Old:
----
yast2-firewall-4.0.10.tar.bz2
New:
----
yast2-firewall-4.0.11.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-firewall.spec ++++++
--- /var/tmp/diff_new_pack.YkoGfg/_old 2018-02-07 18:18:22.704938643 +0100
+++ /var/tmp/diff_new_pack.YkoGfg/_new 2018-02-07 18:18:22.704938643 +0100
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.0.10
+Version: 4.0.11
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-firewall-4.0.10.tar.bz2 -> yast2-firewall-4.0.11.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.0.10/package/yast2-firewall.changes
new/yast2-firewall-4.0.11/package/yast2-firewall.changes
--- old/yast2-firewall-4.0.10/package/yast2-firewall.changes 2018-02-02
11:16:34.000000000 +0100
+++ new/yast2-firewall-4.0.11/package/yast2-firewall.changes 2018-02-06
09:27:57.000000000 +0100
@@ -1,4 +1,12 @@
-------------------------------------------------------------------
+Mon Feb 5 21:02:57 UTC 2018 - knut.anders...@suse.com
+
+- AutoYaST: When a profile using the SuSEFirewall2 schema is used,
+ the user is reported with an error if some property is not
+ supported or with a warning in other case. (fate#323460)
+- 4.0.11
+
+-------------------------------------------------------------------
Wed Jan 31 07:41:26 UTC 2018 - knut.anders...@suse.com
- AutoYaST: (fate#323460)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.0.10/package/yast2-firewall.spec
new/yast2-firewall-4.0.11/package/yast2-firewall.spec
--- old/yast2-firewall-4.0.10/package/yast2-firewall.spec 2018-02-02
11:16:34.000000000 +0100
+++ new/yast2-firewall-4.0.11/package/yast2-firewall.spec 2018-02-06
09:27:57.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.0.10
+Version: 4.0.11
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.10/src/lib/y2firewall/importer_strategies/suse_firewall.rb
new/yast2-firewall-4.0.11/src/lib/y2firewall/importer_strategies/suse_firewall.rb
---
old/yast2-firewall-4.0.10/src/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-02 11:16:34.000000000 +0100
+++
new/yast2-firewall-4.0.11/src/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-06 09:27:57.000000000 +0100
@@ -19,7 +19,9 @@
# current contact information at www.suse.com.
#
------------------------------------------------------------------------------
+require "yast"
require "y2firewall/firewalld"
+require "ui/text_helpers"
module Y2Firewall
module ImporterStrategies
@@ -27,9 +29,13 @@
# section configuring the Y2Firewall::Firewalld instance according to it.
class SuseFirewall
include Yast::Logger
+ include Yast::I18n
+ include UI::TextHelpers
# @return [Hash] AutoYaST profile firewall's section
attr_accessor :profile
+ Yast.import "Report"
+
# SuSEFirewall2 zones
ZONES = ["DMZ", "INT", "EXT"].freeze
@@ -50,6 +56,27 @@
"samba-server" => ["samba"]
}.freeze
+ SUPPORTED_PROPERTIES = [
+ "FW_CONFIGURATIONS_DMZ",
+ "FW_CONFIGURATIONS_EXT",
+ "FW_CONFIGURATIONS_INT",
+ "FW_DEV_DMZ",
+ "FW_DEV_EXT",
+ "FW_DEV_INT",
+ "FW_SERVICES_DMZ_TCP",
+ "FW_SERVICES_EXT_TCP",
+ "FW_SERVICES_INT_TCP",
+ "FW_SERVICES_DMZ_UDP",
+ "FW_SERVICES_EXT_UDP",
+ "FW_SERVICES_INT_UDP",
+ "FW_SERVICES_DMZ_IP",
+ "FW_SERVICES_EXT_IP",
+ "FW_SERVICES_INT_IP",
+ "FW_LOG_ACCEPT_CRIT",
+ "FW_LOG_DROPT_ALL",
+ "FW_MASQUERADE"
+ ].freeze
+
# @return [Array<string>] list of zones
def zones
ZONES
@@ -62,6 +89,22 @@
@profile = profile
end
+ # Return whether some of the profile properties are not supported
+ #
+ # @return [Boolean] true if all the profiles properties are supported;
+ # false otherwise
+ def completely_supported?
+ unsupported_properties.empty?
+ end
+
+ # Return the list of not supported properties that are defined in the
+ # profile
+ #
+ # @return [Array<String>] not supported properties
+ def unsupported_properties
+ @profile.keys.select { |k| !SUPPORTED_PROPERTIES.include?(k) }
+ end
+
# It processes the profile configuring the firewalld zones that match
# better with the SuSEFirewall2 ones.
def import
@@ -69,6 +112,9 @@
log.info "The profile is empty, there is nothing to import"
return true
end
+
+ completely_supported? ? warn_supported : report_unsupported
+
zones.each { |z| process_zone(z) }
if ipsec_trust_zone
zone = firewalld.find_zone(zone.equivalent(ipsec_trust_zone))
@@ -80,6 +126,32 @@
private
+ # Convenience method for reporting a warning message to the user
+ # recommending the use of firewalld schema.
+ def warn_supported
+ Yast::Report.Warning(
+ _(
+ "The profile in use is based on SuSEFirewall2 configuration.\n\n" \
+ "Although all the declared properties are supported, it is
recommended \n" \
+ "the use of the new 'firewalld' schema. \n\n" \
+ "Please, check carefully the configuration applied once the
installation \n" \
+ "is finished."
+ )
+ )
+ end
+
+ # Convenience method for reporting an error message to the user with the
+ # unsupported SuSEFirewall2 properties.
+ def report_unsupported
+ Yast::Report.Error(
+ _(
+ "Unfortunately, these SuSEFirewall2 properties are not
supported:\n\n%s\n\n" \
+ "Check carefully the configuration applied once the installation
\n" \
+ "is finished."
+ ) % wrap_text(unsupported_properties.join(", "))
+ )
+ end
+
# Given a SuSEFirewall2 zone name it process the profile's configuration
# corresponding to that zone configuring the equivalent firewalld zone
# object.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.10/test/lib/y2firewall/importer_strategies/suse_firewall.rb
new/yast2-firewall-4.0.11/test/lib/y2firewall/importer_strategies/suse_firewall.rb
---
old/yast2-firewall-4.0.10/test/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-02 11:16:34.000000000 +0100
+++
new/yast2-firewall-4.0.11/test/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-06 09:27:57.000000000 +0100
@@ -23,6 +23,8 @@
require "cwm/rspec"
require "y2firewall/importer_strategies/suse_firewall"
+Yast.import "Report"
+
describe Y2Firewall::ImporterStrategies::SuseFirewall do
let(:firewalld) { Y2Firewall::Firewalld.instance }
let(:known_zones) { Y2Firewall::Firewalld::Zone.known_zones.keys }
@@ -98,6 +100,23 @@
expect(external.services).to eq(["dhcp", "ssh", "samba",
"vnc-server"])
end
end
+
+ context "and all the properties can be translated to firewalld" do
+ it "recommends to the user the use of firewalld schema" do
+ expect(Yast::Report).to receive(:Warning)
+
+ subject.import
+ end
+ end
+
+ context "and some of the properties can not be translated to firewalld"
do
+ it "reports to the user an error with all the unsupported properties"
do
+ profile["FW_UNSUPPORTED_PROPERTY"] = true
+ expect(Yast::Report).to receive(:Error)
+
+ subject.import
+ end
+ end
end
end
end
