Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2018-11-10 16:48:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall" Sat Nov 10 16:48:30 2018 rev:70 rq:646464 version:4.0.34 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2018-11-01 19:01:21.434000656 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new/yast2-firewall.changes 2018-11-10 16:48:35.268553244 +0100 @@ -1,0 +2,7 @@ +Fri Nov 2 10:04:07 UTC 2018 - igonzalezs...@suse.com + +- Enable and open the SSH port when only public key authentication + is available for the root user (fate#324690). +- 4.0.34 + +------------------------------------------------------------------- Old: ---- yast2-firewall-4.0.33.tar.bz2 New: ---- yast2-firewall-4.0.34.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.15fiNd/_old 2018-11-10 16:48:35.660552747 +0100 +++ /var/tmp/diff_new_pack.15fiNd/_new 2018-11-10 16:48:35.664552742 +0100 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.0.33 +Version: 4.0.34 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-firewall-4.0.33.tar.bz2 -> yast2-firewall-4.0.34.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.33/package/yast2-firewall.changes new/yast2-firewall-4.0.34/package/yast2-firewall.changes --- old/yast2-firewall-4.0.33/package/yast2-firewall.changes 2018-10-17 14:29:15.000000000 +0200 +++ new/yast2-firewall-4.0.34/package/yast2-firewall.changes 2018-11-05 17:14:13.000000000 +0100 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Fri Nov 2 10:04:07 UTC 2018 - igonzalezs...@suse.com + +- Enable and open the SSH port when only public key authentication + is available for the root user (fate#324690). +- 4.0.34 + +------------------------------------------------------------------- Wed Oct 17 10:48:42 UTC 2018 - knut.anders...@suse.com - Added missing interfaces helpers requirement (fate#324662) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.33/package/yast2-firewall.spec new/yast2-firewall-4.0.34/package/yast2-firewall.spec --- old/yast2-firewall-4.0.33/package/yast2-firewall.spec 2018-10-17 14:29:15.000000000 +0200 +++ new/yast2-firewall-4.0.34/package/yast2-firewall.spec 2018-11-05 17:14:13.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.0.33 +Version: 4.0.34 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.33/src/lib/y2firewall/proposal_settings.rb new/yast2-firewall-4.0.34/src/lib/y2firewall/proposal_settings.rb --- old/yast2-firewall-4.0.33/src/lib/y2firewall/proposal_settings.rb 2018-10-17 14:29:15.000000000 +0200 +++ new/yast2-firewall-4.0.34/src/lib/y2firewall/proposal_settings.rb 2018-11-05 17:14:13.000000000 +0100 @@ -21,6 +21,8 @@ require "yast" +Yast.import "UsersSimple" + module Y2Firewall # Class that stores the proposal settings for firewalld during installation. class ProposalSettings @@ -46,9 +48,9 @@ load_features enable_firewall! if @enable_firewall - enable_sshd! if Yast::Linuxrc.usessh || @enable_sshd - open_ssh! if Yast::Linuxrc.usessh || @open_ssh - open_vnc! if Yast::Linuxrc.vnc + enable_sshd! if wanted_enable_sshd? + open_ssh! if wanted_open_ssh? + open_vnc! if wanted_open_vnc? # FIXME: obtain from Y2Firewall::Firewalld, control file or allow to # chose a different one in the proposal @default_zone = "public" @@ -131,6 +133,27 @@ Yast::ProductFeatures.GetSection("globals") end + def wanted_enable_sshd? + Yast::Linuxrc.usessh || only_public_key_auth || @enable_sshd + end + + def wanted_open_ssh? + Yast::Linuxrc.usessh || only_public_key_auth || @open_ssh + end + + def wanted_open_vnc? + Yast::Linuxrc.vnc + end + + # Determines whether only public key authentication is supported + # + # @note If the root user does not have a password, we assume that we will use a public + # key in order to log into the system. In such a case, we need to enable the SSH + # service (including opening the port). + def only_public_key_auth + Yast::UsersSimple.GetRootPassword.empty? + end + class << self def run instance.run diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.33/test/lib/y2firewall/proposal_settings_test.rb new/yast2-firewall-4.0.34/test/lib/y2firewall/proposal_settings_test.rb --- old/yast2-firewall-4.0.33/test/lib/y2firewall/proposal_settings_test.rb 2018-10-17 14:29:15.000000000 +0200 +++ new/yast2-firewall-4.0.34/test/lib/y2firewall/proposal_settings_test.rb 2018-11-05 17:14:13.000000000 +0100 @@ -36,10 +36,12 @@ end let(:use_vnc) { false } let(:use_ssh) { false } + let(:root_password) { "secret" } before do allow(Yast::Linuxrc).to receive(:vnc).and_return(use_vnc) allow(Yast::Linuxrc).to receive(:usessh).and_return(use_ssh) + allow(Yast::UsersSimple).to receive(:GetRootPassword).and_return(root_password) allow(Yast::ProductFeatures).to receive("GetSection") .with("globals").and_return(global_section) @@ -86,6 +88,21 @@ described_class.create_instance end + end + + context "when no root password was set" do + before do + allow(Yast::Linuxrc).to receive(:usessh).and_return(false) + allow(Yast::UsersSimple).to receive(:GetRootPassword) + .and_return("") + end + + it "opens SSH to allow public key authentication" do + expect_any_instance_of(described_class).to receive(:enable_sshd!) + expect_any_instance_of(described_class).to receive(:open_ssh!) + + described_class.create_instance + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.0.33/test/test_helper.rb new/yast2-firewall-4.0.34/test/test_helper.rb --- old/yast2-firewall-4.0.33/test/test_helper.rb 2018-10-17 14:29:15.000000000 +0200 +++ new/yast2-firewall-4.0.34/test/test_helper.rb 2018-11-05 17:14:13.000000000 +0100 @@ -29,12 +29,16 @@ # stub module to prevent its Import # Useful for modules from different yast packages, to avoid build dependencies -def stub_module(name) - Yast.const_set name.to_sym, Class.new { def self.fake_method; end } +def stub_module(name, fake_class = nil) + fake_class = Class.new { def self.fake_method; end } if fake_class.nil? + Yast.const_set name.to_sym, fake_class end # stub classes from other modules to speed up a build stub_module("AutoInstall") +# rubocop:disable Style/SingleLineMethods +# rubocop:disable Style/MethodName +stub_module("UsersSimple", Class.new { def self.GetRootPassword; "secret"; end }) # some tests have translatable messages ENV["LANG"] = "en_US.UTF-8"