Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2018-04-26 13:30:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall" Thu Apr 26 13:30:56 2018 rev:66 rq:600112 version:4.0.24 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2018-04-07 20:50:58.703591143 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes 2018-04-26 13:30:58.131607201 +0200 @@ -1,0 +2,14 @@ +Sat Apr 21 07:35:42 UTC 2018 - knut.anders...@suse.com + +- During installation, open services defined by (Tigervnc) instead + of the 'vnc-server' service that is shipped with (firewalld) + (bsc#1081952). +- 4.0.24 + +------------------------------------------------------------------- +Tue Apr 17 11:55:47 CEST 2018 - snw...@suse.de + +- consistent wording (open/block) also for VNC ports (bsc#1089789) +- 4.0.23 + +------------------------------------------------------------------- Old: ---- yast2-firewall-4.0.22.tar.bz2 New: ---- yast2-firewall-4.0.24.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.8YZDIm/_old 2018-04-26 13:30:58.619589326 +0200 +++ /var/tmp/diff_new_pack.8YZDIm/_new 2018-04-26 13:30:58.619589326 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.0.22 +Version: 4.0.24 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-firewall-4.0.22.tar.bz2 -> yast2-firewall-4.0.24.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.22/package/yast2-firewall.changes new/yast2-firewall-4.0.24/package/yast2-firewall.changes --- old/yast2-firewall-4.0.22/package/yast2-firewall.changes 2018-03-27 14:19:20.000000000 +0200 +++ new/yast2-firewall-4.0.24/package/yast2-firewall.changes 2018-04-23 17:57:11.000000000 +0200 @@ -1,4 +1,18 @@ ------------------------------------------------------------------- +Sat Apr 21 07:35:42 UTC 2018 - knut.anders...@suse.com + +- During installation, open services defined by (Tigervnc) instead + of the 'vnc-server' service that is shipped with (firewalld) + (bsc#1081952). +- 4.0.24 + +------------------------------------------------------------------- +Tue Apr 17 11:55:47 CEST 2018 - snw...@suse.de + +- consistent wording (open/block) also for VNC ports (bsc#1089789) +- 4.0.23 + +------------------------------------------------------------------- Tue Mar 27 12:02:55 UTC 2018 - knut.anders...@suse.com - Translate the installation finish client title (bsc#1084136) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.22/package/yast2-firewall.spec new/yast2-firewall-4.0.24/package/yast2-firewall.spec --- old/yast2-firewall-4.0.22/package/yast2-firewall.spec 2018-03-27 14:19:20.000000000 +0200 +++ new/yast2-firewall-4.0.24/package/yast2-firewall.spec 2018-04-23 17:57:11.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.0.22 +Version: 4.0.24 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/installation_finish.rb new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/installation_finish.rb --- old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/installation_finish.rb 2018-03-27 14:19:20.000000000 +0200 +++ new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/installation_finish.rb 2018-04-23 17:57:11.000000000 +0200 @@ -54,9 +54,15 @@ def write Service.Enable("sshd") if @settings.enable_sshd + configure_firewall if @firewalld.installed? + true + end - return true if !@firewalld.installed? + private + # Modifies the configuration of the firewall according to the current + # settings + def configure_firewall @settings.enable_firewall ? @firewalld.enable! : @firewalld.disable! if @settings.open_ssh @@ -65,9 +71,14 @@ @firewalld.api.remove_service(@settings.default_zone, "ssh") end - @firewalld.api.add_service(@settings.default_zone, "vnc-server") if @settings.open_vnc - - true + if @settings.open_vnc + if @firewalld.api.service_supported?("tigervnc") + @firewalld.api.add_service(@settings.default_zone, "tigervnc") + @firewalld.api.add_service(@settings.default_zone, "tigervnc-https") + else + log.error "tigervnc service definition is not available" + end + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/proposal.rb new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/proposal.rb --- old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/proposal.rb 2018-03-27 14:19:20.000000000 +0200 +++ new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/proposal.rb 2018-04-23 17:57:11.000000000 +0200 @@ -128,7 +128,7 @@ return nil unless Linuxrc.vnc if @settings.open_vnc - _("VNC ports will be open (<a href=\"%s\">close</a>)") % LINK_CLOSE_VNC + _("VNC ports will be open (<a href=\"%s\">block</a>)") % LINK_CLOSE_VNC else _("VNC ports will be blocked (<a href=\"%s\">open</a>)") % LINK_OPEN_VNC end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.22/src/lib/y2firewall/importer_strategies/firewalld.rb new/yast2-firewall-4.0.24/src/lib/y2firewall/importer_strategies/firewalld.rb --- old/yast2-firewall-4.0.22/src/lib/y2firewall/importer_strategies/firewalld.rb 2018-03-27 14:19:20.000000000 +0200 +++ new/yast2-firewall-4.0.24/src/lib/y2firewall/importer_strategies/firewalld.rb 2018-04-23 17:57:11.000000000 +0200 @@ -19,6 +19,7 @@ # current contact information at www.suse.com. # ------------------------------------------------------------------------------ +require "yast" require "y2firewall/firewalld" module Y2Firewall @@ -27,6 +28,7 @@ # firewalld schema is used configuring the Y2Firewall::Firewalld instance # according to it. class Firewalld + include Yast::Logger # [Hash] AutoYaST profile firewall's section attr_reader :profile @@ -45,6 +47,7 @@ def import return true if profile.empty? profile.fetch("zones", []).each do |zone| + log.debug "Proccesing zone: #{zone.inspect}" process_zone(zone) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.22/test/lib/y2firewall/clients/installation_finish_test.rb new/yast2-firewall-4.0.24/test/lib/y2firewall/clients/installation_finish_test.rb --- old/yast2-firewall-4.0.22/test/lib/y2firewall/clients/installation_finish_test.rb 2018-03-27 14:19:20.000000000 +0200 +++ new/yast2-firewall-4.0.24/test/lib/y2firewall/clients/installation_finish_test.rb 2018-04-23 17:57:11.000000000 +0200 @@ -6,6 +6,9 @@ Yast.import "Service" describe Y2Firewall::Clients::InstallationFinish do + let(:proposal_settings) { Y2Firewall::ProposalSettings.instance } + let(:firewalld) { Y2Firewall::Firewalld.instance } + describe "#title" do it "returns translated string" do expect(subject.title).to be_a(::String) @@ -19,21 +22,13 @@ end describe "#write" do - let(:proposal_settings) { Y2Firewall::ProposalSettings.instance } - let(:api) do - instance_double(Y2Firewall::Firewalld::Api, remove_service: true, add_service: true) - end - let(:firewalld) { Y2Firewall::Firewalld.instance } let(:enable_sshd) { false } - let(:enable_firewall) { false } let(:installed) { true } before do - allow(proposal_settings).to receive("enable_sshd").and_return enable_sshd - allow(proposal_settings).to receive("enable_firewall").and_return enable_firewall - allow(firewalld).to receive("api").and_return api - allow(firewalld).to receive("installed?").and_return installed - allow(proposal_settings).to receive("open_ssh").and_return false + allow(proposal_settings).to receive("enable_sshd").and_return(enable_sshd) + allow(firewalld).to receive("installed?").and_return(installed) + allow(proposal_settings).to receive("open_ssh").and_return(false) end it "enables the sshd service if enabled in the proposal" do @@ -47,48 +42,90 @@ let(:installed) { false } it "returns true" do + expect(subject).to_not receive(:configure_firewall) expect(subject.write).to eq true end end context "when firewalld is installed" do - it "enables the firewalld service if enabled in the proposal" do - allow(proposal_settings).to receive("enable_firewall").and_return(true) - expect(firewalld).to receive("enable!") + it "configures the firewall according to the proposal settings" do + expect(subject).to receive(:configure_firewall) subject.write end - it "disables the firewalld service if disabled in the proposal" do - expect(firewalld).to receive("disable!") - - subject.write + it "returns true" do + expect(subject.write).to eq true end + end + end - it "adds the ssh service to the public zone if opened in the proposal" do - expect(proposal_settings).to receive("open_ssh").and_return(true) - expect(firewalld.api).to receive(:add_service).with("public", "ssh") + describe "#configure_firewall" do + let(:enable_firewall) { false } + let(:api) do + instance_double(Y2Firewall::Firewalld::Api, remove_service: true, add_service: true) + end - subject.write - end + before do + allow(proposal_settings).to receive("enable_firewall").and_return(enable_firewall) + allow(firewalld).to receive("api").and_return(api) + allow(firewalld).to receive("enable!") + allow(firewalld).to receive("disable!") + allow(proposal_settings).to receive("open_ssh").and_return(false) + end - it "removes the ssh service from the public zone if blocked in the proposal" do - expect(firewalld.api).to receive(:remove_service).with("public", "ssh") + it "enables the firewalld service if enabled in the proposal" do + allow(proposal_settings).to receive("enable_firewall").and_return(true) + expect(firewalld).to receive("enable!") - subject.write + subject.send(:configure_firewall) + end + + it "disables the firewalld service if disabled in the proposal" do + expect(firewalld).to receive("disable!") + + subject.send(:configure_firewall) + end + + it "adds the ssh service to the default zone if opened in the proposal" do + expect(proposal_settings).to receive("open_ssh").and_return(true) + expect(api).to receive(:add_service).with(proposal_settings.default_zone, "ssh") + + subject.send(:configure_firewall) + end + + it "removes the ssh service from the default zone if blocked in the proposal" do + expect(api).to receive(:remove_service).with(proposal_settings.default_zone, "ssh") + + subject.send(:configure_firewall) + end + + context "when vnc is proposed to be open" do + let(:service_available) { true } + + before do + allow(proposal_settings).to receive("open_vnc").and_return(true) + allow(api).to receive(:service_supported?).with("tigervnc").and_return(service_available) end - it "adds the vnc service to the public zone if opened in the proposal" do - allow(proposal_settings).to receive("open_vnc").and_return true - expect(firewalld.api).to receive(:add_service).with("public", "vnc-server") + context "and the tigervnc service definition is available" do + it "adds the tigervnc and the tigervnc-https services to the default zone" do + expect(api).to receive(:add_service).with(proposal_settings.default_zone, "tigervnc") + expect(api).to receive(:add_service) + .with(proposal_settings.default_zone, "tigervnc-https") - subject.write + subject.send(:configure_firewall) + end end - it "returns true" do - expect(subject.write).to eq true + context "and the tigervnc service definition is not available" do + let(:service_available) { false } + it "logs the error" do + expect(subject.log).to receive(:error).with(/service definition is not available/) + + subject.send(:configure_firewall) + end end end - end end