Hello community,
here is the log from the commit of package yast2-firewall for openSUSE:Factory
checked in at 2018-04-26 13:30:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old)
and /work/SRC/openSUSE:Factory/.yast2-firewall.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall"
Thu Apr 26 13:30:56 2018 rev:66 rq:600112 version:4.0.24
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes
2018-04-07 20:50:58.703591143 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes
2018-04-26 13:30:58.131607201 +0200
@@ -1,0 +2,14 @@
+Sat Apr 21 07:35:42 UTC 2018 - knut.anders...@suse.com
+
+- During installation, open services defined by (Tigervnc) instead
+ of the 'vnc-server' service that is shipped with (firewalld)
+ (bsc#1081952).
+- 4.0.24
+
+-------------------------------------------------------------------
+Tue Apr 17 11:55:47 CEST 2018 - snw...@suse.de
+
+- consistent wording (open/block) also for VNC ports (bsc#1089789)
+- 4.0.23
+
+-------------------------------------------------------------------
Old:
----
yast2-firewall-4.0.22.tar.bz2
New:
----
yast2-firewall-4.0.24.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-firewall.spec ++++++
--- /var/tmp/diff_new_pack.8YZDIm/_old 2018-04-26 13:30:58.619589326 +0200
+++ /var/tmp/diff_new_pack.8YZDIm/_new 2018-04-26 13:30:58.619589326 +0200
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.0.22
+Version: 4.0.24
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-firewall-4.0.22.tar.bz2 -> yast2-firewall-4.0.24.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.0.22/package/yast2-firewall.changes
new/yast2-firewall-4.0.24/package/yast2-firewall.changes
--- old/yast2-firewall-4.0.22/package/yast2-firewall.changes 2018-03-27
14:19:20.000000000 +0200
+++ new/yast2-firewall-4.0.24/package/yast2-firewall.changes 2018-04-23
17:57:11.000000000 +0200
@@ -1,4 +1,18 @@
-------------------------------------------------------------------
+Sat Apr 21 07:35:42 UTC 2018 - knut.anders...@suse.com
+
+- During installation, open services defined by (Tigervnc) instead
+ of the 'vnc-server' service that is shipped with (firewalld)
+ (bsc#1081952).
+- 4.0.24
+
+-------------------------------------------------------------------
+Tue Apr 17 11:55:47 CEST 2018 - snw...@suse.de
+
+- consistent wording (open/block) also for VNC ports (bsc#1089789)
+- 4.0.23
+
+-------------------------------------------------------------------
Tue Mar 27 12:02:55 UTC 2018 - knut.anders...@suse.com
- Translate the installation finish client title (bsc#1084136)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-firewall-4.0.22/package/yast2-firewall.spec
new/yast2-firewall-4.0.24/package/yast2-firewall.spec
--- old/yast2-firewall-4.0.22/package/yast2-firewall.spec 2018-03-27
14:19:20.000000000 +0200
+++ new/yast2-firewall-4.0.24/package/yast2-firewall.spec 2018-04-23
17:57:11.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-firewall
-Version: 4.0.22
+Version: 4.0.24
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/installation_finish.rb
new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/installation_finish.rb
--- old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/installation_finish.rb
2018-03-27 14:19:20.000000000 +0200
+++ new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/installation_finish.rb
2018-04-23 17:57:11.000000000 +0200
@@ -54,9 +54,15 @@
def write
Service.Enable("sshd") if @settings.enable_sshd
+ configure_firewall if @firewalld.installed?
+ true
+ end
- return true if !@firewalld.installed?
+ private
+ # Modifies the configuration of the firewall according to the current
+ # settings
+ def configure_firewall
@settings.enable_firewall ? @firewalld.enable! : @firewalld.disable!
if @settings.open_ssh
@@ -65,9 +71,14 @@
@firewalld.api.remove_service(@settings.default_zone, "ssh")
end
- @firewalld.api.add_service(@settings.default_zone, "vnc-server") if
@settings.open_vnc
-
- true
+ if @settings.open_vnc
+ if @firewalld.api.service_supported?("tigervnc")
+ @firewalld.api.add_service(@settings.default_zone, "tigervnc")
+ @firewalld.api.add_service(@settings.default_zone,
"tigervnc-https")
+ else
+ log.error "tigervnc service definition is not available"
+ end
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/proposal.rb
new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/proposal.rb
--- old/yast2-firewall-4.0.22/src/lib/y2firewall/clients/proposal.rb
2018-03-27 14:19:20.000000000 +0200
+++ new/yast2-firewall-4.0.24/src/lib/y2firewall/clients/proposal.rb
2018-04-23 17:57:11.000000000 +0200
@@ -128,7 +128,7 @@
return nil unless Linuxrc.vnc
if @settings.open_vnc
- _("VNC ports will be open (<a href=\"%s\">close</a>)") %
LINK_CLOSE_VNC
+ _("VNC ports will be open (<a href=\"%s\">block</a>)") %
LINK_CLOSE_VNC
else
_("VNC ports will be blocked (<a href=\"%s\">open</a>)") %
LINK_OPEN_VNC
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.22/src/lib/y2firewall/importer_strategies/firewalld.rb
new/yast2-firewall-4.0.24/src/lib/y2firewall/importer_strategies/firewalld.rb
---
old/yast2-firewall-4.0.22/src/lib/y2firewall/importer_strategies/firewalld.rb
2018-03-27 14:19:20.000000000 +0200
+++
new/yast2-firewall-4.0.24/src/lib/y2firewall/importer_strategies/firewalld.rb
2018-04-23 17:57:11.000000000 +0200
@@ -19,6 +19,7 @@
# current contact information at www.suse.com.
#
------------------------------------------------------------------------------
+require "yast"
require "y2firewall/firewalld"
module Y2Firewall
@@ -27,6 +28,7 @@
# firewalld schema is used configuring the Y2Firewall::Firewalld instance
# according to it.
class Firewalld
+ include Yast::Logger
# [Hash] AutoYaST profile firewall's section
attr_reader :profile
@@ -45,6 +47,7 @@
def import
return true if profile.empty?
profile.fetch("zones", []).each do |zone|
+ log.debug "Proccesing zone: #{zone.inspect}"
process_zone(zone)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-firewall-4.0.22/test/lib/y2firewall/clients/installation_finish_test.rb
new/yast2-firewall-4.0.24/test/lib/y2firewall/clients/installation_finish_test.rb
---
old/yast2-firewall-4.0.22/test/lib/y2firewall/clients/installation_finish_test.rb
2018-03-27 14:19:20.000000000 +0200
+++
new/yast2-firewall-4.0.24/test/lib/y2firewall/clients/installation_finish_test.rb
2018-04-23 17:57:11.000000000 +0200
@@ -6,6 +6,9 @@
Yast.import "Service"
describe Y2Firewall::Clients::InstallationFinish do
+ let(:proposal_settings) { Y2Firewall::ProposalSettings.instance }
+ let(:firewalld) { Y2Firewall::Firewalld.instance }
+
describe "#title" do
it "returns translated string" do
expect(subject.title).to be_a(::String)
@@ -19,21 +22,13 @@
end
describe "#write" do
- let(:proposal_settings) { Y2Firewall::ProposalSettings.instance }
- let(:api) do
- instance_double(Y2Firewall::Firewalld::Api, remove_service: true,
add_service: true)
- end
- let(:firewalld) { Y2Firewall::Firewalld.instance }
let(:enable_sshd) { false }
- let(:enable_firewall) { false }
let(:installed) { true }
before do
- allow(proposal_settings).to receive("enable_sshd").and_return enable_sshd
- allow(proposal_settings).to receive("enable_firewall").and_return
enable_firewall
- allow(firewalld).to receive("api").and_return api
- allow(firewalld).to receive("installed?").and_return installed
- allow(proposal_settings).to receive("open_ssh").and_return false
+ allow(proposal_settings).to
receive("enable_sshd").and_return(enable_sshd)
+ allow(firewalld).to receive("installed?").and_return(installed)
+ allow(proposal_settings).to receive("open_ssh").and_return(false)
end
it "enables the sshd service if enabled in the proposal" do
@@ -47,48 +42,90 @@
let(:installed) { false }
it "returns true" do
+ expect(subject).to_not receive(:configure_firewall)
expect(subject.write).to eq true
end
end
context "when firewalld is installed" do
- it "enables the firewalld service if enabled in the proposal" do
- allow(proposal_settings).to receive("enable_firewall").and_return(true)
- expect(firewalld).to receive("enable!")
+ it "configures the firewall according to the proposal settings" do
+ expect(subject).to receive(:configure_firewall)
subject.write
end
- it "disables the firewalld service if disabled in the proposal" do
- expect(firewalld).to receive("disable!")
-
- subject.write
+ it "returns true" do
+ expect(subject.write).to eq true
end
+ end
+ end
- it "adds the ssh service to the public zone if opened in the proposal" do
- expect(proposal_settings).to receive("open_ssh").and_return(true)
- expect(firewalld.api).to receive(:add_service).with("public", "ssh")
+ describe "#configure_firewall" do
+ let(:enable_firewall) { false }
+ let(:api) do
+ instance_double(Y2Firewall::Firewalld::Api, remove_service: true,
add_service: true)
+ end
- subject.write
- end
+ before do
+ allow(proposal_settings).to
receive("enable_firewall").and_return(enable_firewall)
+ allow(firewalld).to receive("api").and_return(api)
+ allow(firewalld).to receive("enable!")
+ allow(firewalld).to receive("disable!")
+ allow(proposal_settings).to receive("open_ssh").and_return(false)
+ end
- it "removes the ssh service from the public zone if blocked in the
proposal" do
- expect(firewalld.api).to receive(:remove_service).with("public", "ssh")
+ it "enables the firewalld service if enabled in the proposal" do
+ allow(proposal_settings).to receive("enable_firewall").and_return(true)
+ expect(firewalld).to receive("enable!")
- subject.write
+ subject.send(:configure_firewall)
+ end
+
+ it "disables the firewalld service if disabled in the proposal" do
+ expect(firewalld).to receive("disable!")
+
+ subject.send(:configure_firewall)
+ end
+
+ it "adds the ssh service to the default zone if opened in the proposal" do
+ expect(proposal_settings).to receive("open_ssh").and_return(true)
+ expect(api).to
receive(:add_service).with(proposal_settings.default_zone, "ssh")
+
+ subject.send(:configure_firewall)
+ end
+
+ it "removes the ssh service from the default zone if blocked in the
proposal" do
+ expect(api).to
receive(:remove_service).with(proposal_settings.default_zone, "ssh")
+
+ subject.send(:configure_firewall)
+ end
+
+ context "when vnc is proposed to be open" do
+ let(:service_available) { true }
+
+ before do
+ allow(proposal_settings).to receive("open_vnc").and_return(true)
+ allow(api).to
receive(:service_supported?).with("tigervnc").and_return(service_available)
end
- it "adds the vnc service to the public zone if opened in the proposal" do
- allow(proposal_settings).to receive("open_vnc").and_return true
- expect(firewalld.api).to receive(:add_service).with("public",
"vnc-server")
+ context "and the tigervnc service definition is available" do
+ it "adds the tigervnc and the tigervnc-https services to the default
zone" do
+ expect(api).to
receive(:add_service).with(proposal_settings.default_zone, "tigervnc")
+ expect(api).to receive(:add_service)
+ .with(proposal_settings.default_zone, "tigervnc-https")
- subject.write
+ subject.send(:configure_firewall)
+ end
end
- it "returns true" do
- expect(subject.write).to eq true
+ context "and the tigervnc service definition is not available" do
+ let(:service_available) { false }
+ it "logs the error" do
+ expect(subject.log).to receive(:error).with(/service definition is
not available/)
+
+ subject.send(:configure_firewall)
+ end
end
end
-
end
end
