Hello community,
here is the log from the commit of package yast2-firewall for openSUSE:Factory
checked in at 2018-02-16 21:41:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old)
and /work/SRC/openSUSE:Factory/.yast2-firewall.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall"
Fri Feb 16 21:41:30 2018 rev:60 rq:577067 version:4.0.14
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes
2018-02-12 10:09:11.198540076 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes
2018-02-16 21:41:31.429900615 +0100
@@ -1,0 +2,17 @@
+Thu Feb 15 10:58:14 UTC 2018 - mfi...@suse.com
+
+- fate#323460
+ - updated summary in autoyast client to work with new firewalld
+ api
+- 4.0.14
+
+-------------------------------------------------------------------
+Wed Feb 14 17:23:32 UTC 2018 - knut.anders...@suse.com
+
+- AutoYaST: added 'enable_firewall', 'start_firewall' and
+ 'FW_LOG_DROP_CRIT' to the list of supported properties for
+ SuSEFirewall2 profiles and fixed a typo with 'FW_LOG_DROP_ALL'
+ (fate#323460).
+- 4.0.13
+
+-------------------------------------------------------------------
Old:
----
yast2-firewall-4.0.12.tar.bz2
New:
----
yast2-firewall-4.0.14.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-firewall.spec ++++++
--- /var/tmp/diff_new_pack.95rjIK/_old 2018-02-16 21:41:31.917883017 +0100
+++ /var/tmp/diff_new_pack.95rjIK/_new 2018-02-16 21:41:31.921882873 +0100
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.0.12
+Version: 4.0.14
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -33,8 +33,8 @@
BuildRequires: rubygem(%rb_default_ruby_abi:rspec)
BuildRequires: rubygem(%rb_default_ruby_abi:yast-rake)
-# Firewalld read?
-Requires: yast2 >= 4.0.45
+# Firewalld - extended API
+Requires: yast2 >= 4.0.49
# ButtonBox widget
Conflicts: yast2-ycp-ui-bindings < 2.17.3
++++++ yast2-firewall-4.0.12.tar.bz2 -> yast2-firewall-4.0.14.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.0.12/package/yast2-firewall.changes
new/yast2-firewall-4.0.14/package/yast2-firewall.changes
--- old/yast2-firewall-4.0.12/package/yast2-firewall.changes 2018-02-08
09:41:07.000000000 +0100
+++ new/yast2-firewall-4.0.14/package/yast2-firewall.changes 2018-02-15
17:35:58.000000000 +0100
@@ -1,4 +1,21 @@
-------------------------------------------------------------------
+Thu Feb 15 10:58:14 UTC 2018 - mfi...@suse.com
+
+- fate#323460
+ - updated summary in autoyast client to work with new firewalld
+ api
+- 4.0.14
+
+-------------------------------------------------------------------
+Wed Feb 14 17:23:32 UTC 2018 - knut.anders...@suse.com
+
+- AutoYaST: added 'enable_firewall', 'start_firewall' and
+ 'FW_LOG_DROP_CRIT' to the list of supported properties for
+ SuSEFirewall2 profiles and fixed a typo with 'FW_LOG_DROP_ALL'
+ (fate#323460).
+- 4.0.13
+
+-------------------------------------------------------------------
Mon Feb 6 13:46:40 UTC 2018 - gso...@suse.com
- When firewall is called on ncurses or command line, an error
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.0.12/package/yast2-firewall.spec
new/yast2-firewall-4.0.14/package/yast2-firewall.spec
--- old/yast2-firewall-4.0.12/package/yast2-firewall.spec 2018-02-08
09:41:07.000000000 +0100
+++ new/yast2-firewall-4.0.14/package/yast2-firewall.spec 2018-02-15
17:35:58.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.0.12
+Version: 4.0.14
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -33,8 +33,8 @@
BuildRequires: rubygem(%rb_default_ruby_abi:yast-rake)
BuildRequires: rubygem(%rb_default_ruby_abi:rspec)
-# Firewalld read?
-Requires: yast2 >= 4.0.45
+# Firewalld - extended API
+Requires: yast2 >= 4.0.49
# ButtonBox widget
Conflicts: yast2-ycp-ui-bindings < 2.17.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.12/src/lib/y2firewall/clients/auto.rb
new/yast2-firewall-4.0.14/src/lib/y2firewall/clients/auto.rb
--- old/yast2-firewall-4.0.12/src/lib/y2firewall/clients/auto.rb
2018-02-08 09:41:07.000000000 +0100
+++ new/yast2-firewall-4.0.14/src/lib/y2firewall/clients/auto.rb
2018-02-15 17:35:58.000000000 +0100
@@ -32,6 +32,9 @@
# Does not do any changes to the configuration.
class Auto < ::Installation::AutoClient
include Yast::Logger
+
+ Yast.import "HTML"
+
class << self
# @return [Boolean] whether the AutoYaST configuration has been
# modified or not
@@ -58,9 +61,19 @@
#
# @return [String]
def summary
- return "" if !firewalld.installed?
+ return Yast::HTML.Para(_("Firewalld is not available")) if
!firewalld.installed?
+
+ firewalld.read if !firewalld.read?
+
+ # general overview
+ summary = general_summary
+
+ # per zone details
+ firewalld.zones.each do |zone|
+ summary << zone_summary(zone)
+ end
- firewalld.api.list_all_zones.join("\n")
+ summary
end
# Import the firewall configuration
@@ -198,6 +211,55 @@
def imported?
!!self.class.imported
end
+
+ # Creates a piece for summary for zone detail
+ #
+ # See has_many (@see Y2Firewall::Firewalld::Relations#has_many) in
+ # Y2Firewall::Firewalld::Zone for known detail / relations
+ #
+ # @param [String] relation is name of relation (used as a caption for
generated blob)
+ # @param [Array<String>] names details to be formated
+ # @return [<String>] A string formated using Yast::HTML methods
+ def zone_detail_summary(relation, names)
+ return "" if names.nil? || names.empty?
+
+ Yast::HTML.Bold("#{relation.capitalize}:") + Yast::HTML.List(names)
+ end
+
+ # Creates a summary for the given zone
+ #
+ # @param [Firewalld::Zone] zone object defining a zone
+ # @return [String] HTML formated zone description
+ def zone_summary(zone)
+ raise ArgumentError, "zone parameter has to be defined" if zone.nil?
+
+ desc = zone.relations.map do |relation|
+ zone_detail_summary(relation, zone.send(relation))
+ end.delete_if(&:empty?)
+ return "" if desc.empty?
+
+ summary = Yast::HTML.Heading(zone.name)
+ summary << Yast::HTML.List(desc)
+ end
+
+ # Creates a general summary for firewalld
+ #
+ # @return [String] HTML formated firewall description
+ # rubocop:disable Metrics/AbcSize
+ def general_summary
+ html = Yast::HTML
+ running = " " + (firewalld.running? ? _("yes") : _("no"))
+ enabled = " " + (firewalld.enabled? ? _("yes") : _("no"))
+
+ summary = html.Bold(_("Running:")) + running + html.Newline
+ summary << html.Bold(_("Enabled:")) + enabled + html.Newline
+ summary << html.Bold(_("Default zone:")) + " " +
firewalld.default_zone + html.Newline
+ summary << html.Bold(_("Defined zones:"))
+ summary << html.List(firewalld.zones.map(&:name))
+
+ html.Para(summary)
+ end
+ # rubocop:enable Metrics/AbcSize
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.12/src/lib/y2firewall/importer_strategies/suse_firewall.rb
new/yast2-firewall-4.0.14/src/lib/y2firewall/importer_strategies/suse_firewall.rb
---
old/yast2-firewall-4.0.12/src/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-08 09:41:07.000000000 +0100
+++
new/yast2-firewall-4.0.14/src/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-15 17:35:58.000000000 +0100
@@ -57,6 +57,8 @@
}.freeze
SUPPORTED_PROPERTIES = [
+ "enable_firewall",
+ "start_firewall",
"FW_CONFIGURATIONS_DMZ",
"FW_CONFIGURATIONS_EXT",
"FW_CONFIGURATIONS_INT",
@@ -73,7 +75,8 @@
"FW_SERVICES_EXT_IP",
"FW_SERVICES_INT_IP",
"FW_LOG_ACCEPT_CRIT",
- "FW_LOG_DROPT_ALL",
+ "FW_LOG_DROP_CRIT",
+ "FW_LOG_DROP_ALL",
"FW_MASQUERADE"
].freeze
@@ -309,8 +312,8 @@
# @return [String] all, unicast or off depending on the log config
def log_denied_packets
accept_crit = profile.fetch("FW_LOG_ACCEPT_CRIT", "no") == "yes"
- drop_all = profile.fetch("FW_LOG_DROPT_ALL", "no") == "yes"
- drop_crit = profile.fetch("FW_LOG_ACCEPT_CRIT", "no") == "yes"
+ drop_all = profile.fetch("FW_LOG_DROP_ALL", "no") == "yes"
+ drop_crit = profile.fetch("FW_LOG_DROP_CRIT", "no") == "yes"
if drop_all
"all"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.12/test/lib/y2firewall/clients/auto_test.rb
new/yast2-firewall-4.0.14/test/lib/y2firewall/clients/auto_test.rb
--- old/yast2-firewall-4.0.12/test/lib/y2firewall/clients/auto_test.rb
2018-02-08 09:41:07.000000000 +0100
+++ new/yast2-firewall-4.0.14/test/lib/y2firewall/clients/auto_test.rb
2018-02-15 17:35:58.000000000 +0100
@@ -33,11 +33,65 @@
allow(subject).to receive(:importer).and_return(importer)
end
+ describe "#zone_summary" do
+ it "empty zone returns empty description" do
+ summary = subject.send(:zone_summary,
Y2Firewall::Firewalld::Zone.new(name: "test_zone"))
+
+ expect(summary).to be_empty
+ end
+ end
+
describe "#summary" do
- it "returns the summary of all the configured zones" do
- expect(firewalld.api).to receive(:list_all_zones).and_return(["zone1",
"zone2"])
+ context "when firewalld is not installed" do
+ before(:each) do
+ allow(firewalld).to receive(:installed?).and_return(false)
+ end
+
+ it "reports when firewalld is not available" do
+ expect(subject.summary).to match(/not available/)
+ end
+ end
+
+ context "when firewalld is installed" do
+ let(:relations_stub) do
+ {
+ interfaces: ["eth0", "eth1"],
+ services: ["ssh", "ftp"],
+ protocols: ["udp", "tcp"],
+ ports: ["80"]
+ }
+ end
+
+ before(:each) do
+ zones = []
+ relations_stub.each_pair do |relation, values|
+ zone = Y2Firewall::Firewalld::Zone.new(name: "zone_#{relation}")
+ allow(zone).to receive(relation).and_return(values)
+ zones << zone
+ end
+
+ allow(firewalld).to receive(:zones).and_return(zones)
+ end
+
+ it "builds a summary when firewall is installed" do
+ allow(firewalld).to receive(:read).and_return(true)
+
+ expect(firewalld).to receive(:installed?).and_return(true)
+ expect(firewalld).to receive(:default_zone).and_return("public")
+
+ summary = subject.summary
+
+ # general stuff
+ expect(summary).to match(/Running/)
+ expect(summary).to match(/Enabled/)
+ expect(summary).to match(/Default zone/)
+ expect(summary).to match(/Defined zones/)
- expect(subject.summary).to eq("zone1\nzone2")
+ # zone details
+ relations_stub.each_pair do |_relation, values|
+ values.each { |value| expect(summary).to match(/#{value}/) }
+ end
+ end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.12/test/lib/y2firewall/importer_strategies/suse_firewall.rb
new/yast2-firewall-4.0.14/test/lib/y2firewall/importer_strategies/suse_firewall.rb
---
old/yast2-firewall-4.0.12/test/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-08 09:41:07.000000000 +0100
+++
new/yast2-firewall-4.0.14/test/lib/y2firewall/importer_strategies/suse_firewall.rb
2018-02-15 17:35:58.000000000 +0100
@@ -40,6 +40,8 @@
let(:profile) do
{
+ "enable_firewall" => true,
+ "start_firewall" => false,
"FW_DEV_EXT" => "eth0",
"FW_DEV_INT" => "eth1",
"FW_DEV_DMZ" => "eth2 any",
@@ -47,7 +49,10 @@
"FW_SERVICES_EXT_TCP" => "80 443 8080:8084",
"FW_SERVICES_EXT_UDP" => "53",
"FW_SERVICES_EXT_IP" => "esp",
- "FW_MASQUERADE" => masquerade
+ "FW_MASQUERADE" => masquerade,
+ "FW_LOG_DROP_CRIT" => "yes",
+ "FW_LOG_DROP_ALL" => "no",
+ "FW_LOG_ACCEPT_CRIT" => "no"
}
end
@@ -104,6 +109,7 @@
context "and all the properties can be translated to firewalld" do
it "recommends to the user the use of firewalld schema" do
expect(Yast::Report).to receive(:Warning)
+ expect(Yast::Report).to_not receive(:Error)
subject.import
end
