commit yast2-firewall for openSUSE:Factory

root Sat, 10 Nov 2018 07:48:48 -0800

Hello community,

here is the log from the commit of package yast2-firewall for openSUSE:Factory 
checked in at 2018-11-10 16:48:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old)
 and      /work/SRC/openSUSE:Factory/.yast2-firewall.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "yast2-firewall"

Sat Nov 10 16:48:30 2018 rev:70 rq:646464 version:4.0.34

Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes    
2018-11-01 19:01:21.434000656 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes       
2018-11-10 16:48:35.268553244 +0100
@@ -1,0 +2,7 @@
+Fri Nov  2 10:04:07 UTC 2018 - igonzalezs...@suse.com
+
+- Enable and open the SSH port when only public key authentication
+  is available for the root user (fate#324690).
+- 4.0.34
+
+-------------------------------------------------------------------

Old:
----
  yast2-firewall-4.0.33.tar.bz2

New:
----
  yast2-firewall-4.0.34.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-firewall.spec ++++++
--- /var/tmp/diff_new_pack.15fiNd/_old  2018-11-10 16:48:35.660552747 +0100
+++ /var/tmp/diff_new_pack.15fiNd/_new  2018-11-10 16:48:35.664552742 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.0.33
+Version:        4.0.34
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

++++++ yast2-firewall-4.0.33.tar.bz2 -> yast2-firewall-4.0.34.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-firewall-4.0.33/package/yast2-firewall.changes 
new/yast2-firewall-4.0.34/package/yast2-firewall.changes
--- old/yast2-firewall-4.0.33/package/yast2-firewall.changes    2018-10-17 
14:29:15.000000000 +0200
+++ new/yast2-firewall-4.0.34/package/yast2-firewall.changes    2018-11-05 
17:14:13.000000000 +0100
@@ -1,4 +1,11 @@
 -------------------------------------------------------------------
+Fri Nov  2 10:04:07 UTC 2018 - igonzalezs...@suse.com
+
+- Enable and open the SSH port when only public key authentication
+  is available for the root user (fate#324690).
+- 4.0.34
+
+-------------------------------------------------------------------
 Wed Oct 17 10:48:42 UTC 2018 - knut.anders...@suse.com
 
 - Added missing interfaces helpers requirement (fate#324662)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-firewall-4.0.33/package/yast2-firewall.spec 
new/yast2-firewall-4.0.34/package/yast2-firewall.spec
--- old/yast2-firewall-4.0.33/package/yast2-firewall.spec       2018-10-17 
14:29:15.000000000 +0200
+++ new/yast2-firewall-4.0.34/package/yast2-firewall.spec       2018-11-05 
17:14:13.000000000 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.0.33
+Version:        4.0.34
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-firewall-4.0.33/src/lib/y2firewall/proposal_settings.rb 
new/yast2-firewall-4.0.34/src/lib/y2firewall/proposal_settings.rb
--- old/yast2-firewall-4.0.33/src/lib/y2firewall/proposal_settings.rb   
2018-10-17 14:29:15.000000000 +0200
+++ new/yast2-firewall-4.0.34/src/lib/y2firewall/proposal_settings.rb   
2018-11-05 17:14:13.000000000 +0100
@@ -21,6 +21,8 @@
 
 require "yast"
 
+Yast.import "UsersSimple"
+
 module Y2Firewall
   # Class that stores the proposal settings for firewalld during installation.
   class ProposalSettings
@@ -46,9 +48,9 @@
 
       load_features
       enable_firewall! if @enable_firewall
-      enable_sshd! if Yast::Linuxrc.usessh || @enable_sshd
-      open_ssh! if Yast::Linuxrc.usessh || @open_ssh
-      open_vnc! if Yast::Linuxrc.vnc
+      enable_sshd! if wanted_enable_sshd?
+      open_ssh! if wanted_open_ssh?
+      open_vnc! if wanted_open_vnc?
       # FIXME: obtain from Y2Firewall::Firewalld, control file or allow to
       # chose a different one in the proposal
       @default_zone = "public"
@@ -131,6 +133,27 @@
       Yast::ProductFeatures.GetSection("globals")
     end
 
+    def wanted_enable_sshd?
+      Yast::Linuxrc.usessh || only_public_key_auth || @enable_sshd
+    end
+
+    def wanted_open_ssh?
+      Yast::Linuxrc.usessh || only_public_key_auth || @open_ssh
+    end
+
+    def wanted_open_vnc?
+      Yast::Linuxrc.vnc
+    end
+
+    # Determines whether only public key authentication is supported
+    #
+    # @note If the root user does not have a password, we assume that we will 
use a public
+    #   key in order to log into the system. In such a case, we need to enable 
the SSH
+    #   service (including opening the port).
+    def only_public_key_auth
+      Yast::UsersSimple.GetRootPassword.empty?
+    end
+
     class << self
       def run
         instance.run
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-firewall-4.0.33/test/lib/y2firewall/proposal_settings_test.rb 
new/yast2-firewall-4.0.34/test/lib/y2firewall/proposal_settings_test.rb
--- old/yast2-firewall-4.0.33/test/lib/y2firewall/proposal_settings_test.rb     
2018-10-17 14:29:15.000000000 +0200
+++ new/yast2-firewall-4.0.34/test/lib/y2firewall/proposal_settings_test.rb     
2018-11-05 17:14:13.000000000 +0100
@@ -36,10 +36,12 @@
   end
   let(:use_vnc) { false }
   let(:use_ssh) { false }
+  let(:root_password) { "secret" }
 
   before do
     allow(Yast::Linuxrc).to receive(:vnc).and_return(use_vnc)
     allow(Yast::Linuxrc).to receive(:usessh).and_return(use_ssh)
+    allow(Yast::UsersSimple).to 
receive(:GetRootPassword).and_return(root_password)
 
     allow(Yast::ProductFeatures).to receive("GetSection")
       .with("globals").and_return(global_section)
@@ -86,6 +88,21 @@
 
         described_class.create_instance
       end
+    end
+
+    context "when no root password was set" do
+      before do
+        allow(Yast::Linuxrc).to receive(:usessh).and_return(false)
+        allow(Yast::UsersSimple).to receive(:GetRootPassword)
+          .and_return("")
+      end
+
+      it "opens SSH to allow public key authentication" do
+        expect_any_instance_of(described_class).to receive(:enable_sshd!)
+        expect_any_instance_of(described_class).to receive(:open_ssh!)
+
+        described_class.create_instance
+      end
     end
   end
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-firewall-4.0.33/test/test_helper.rb 
new/yast2-firewall-4.0.34/test/test_helper.rb
--- old/yast2-firewall-4.0.33/test/test_helper.rb       2018-10-17 
14:29:15.000000000 +0200
+++ new/yast2-firewall-4.0.34/test/test_helper.rb       2018-11-05 
17:14:13.000000000 +0100
@@ -29,12 +29,16 @@
 
 # stub module to prevent its Import
 # Useful for modules from different yast packages, to avoid build dependencies
-def stub_module(name)
-  Yast.const_set name.to_sym, Class.new { def self.fake_method; end }
+def stub_module(name, fake_class = nil)
+  fake_class = Class.new { def self.fake_method; end } if fake_class.nil?
+  Yast.const_set name.to_sym, fake_class
 end
 
 # stub classes from other modules to speed up a build
 stub_module("AutoInstall")
+# rubocop:disable Style/SingleLineMethods
+# rubocop:disable Style/MethodName
+stub_module("UsersSimple", Class.new { def self.GetRootPassword; "secret"; end 
})
 
 # some tests have translatable messages
 ENV["LANG"] = "en_US.UTF-8"

commit yast2-firewall for openSUSE:Factory

Reply via email to