Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2019-01-24 14:01:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall" Thu Jan 24 14:01:21 2019 rev:74 rq:668113 version:4.1.10 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2019-01-10 15:16:04.914762208 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new.28833/yast2-firewall.changes 2019-01-24 14:01:25.804187345 +0100 @@ -1,0 +2,35 @@ +Wed Jan 23 09:52:51 UTC 2019 - [email protected] + +- Autoyast: do not overwrite imported configuration when editing + and fixed check for not configured summary (fate#324662) +- 4.1.10 + +------------------------------------------------------------------- +Thu Jan 17 12:53:20 UTC 2019 - [email protected] + +- Propose to reload the firewalld service after writing instead of + restarting it as in other case it will unload kernel modules and + terminate existing connections (bsc#1114673, bsc#1121277) +- 4.1.9 + +------------------------------------------------------------------- +Wed Jan 16 12:02:14 UTC 2019 - [email protected] + +- Autoyast: remove unused options, move export to own class, + add support for custom zones in autoyast profile (fate#324662) +- 4.1.8 + +------------------------------------------------------------------- +Fri Jan 11 16:25:41 UTC 2019 - [email protected] + +- Fixed text domain names (bsc#1121643) +- 4.1.7 + +------------------------------------------------------------------- +Thu Jan 10 12:53:49 UTC 2019 - Josef Reidinger <[email protected]> + +- Ensure that custom zones use unique name (fate#324662) +- Explicitly mention that masquerade is IPv4 only (fate#324662) +- 4.1.6 + +------------------------------------------------------------------- Old: ---- yast2-firewall-4.1.5.tar.bz2 New: ---- yast2-firewall-4.1.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.41f0mH/_old 2019-01-24 14:01:26.276186807 +0100 +++ /var/tmp/diff_new_pack.41f0mH/_new 2019-01-24 14:01:26.280186802 +0100 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.1.5 +Version: 4.1.10 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -28,13 +28,13 @@ BuildRequires: yast2-devtools >= 3.1.10 BuildRequires: yast2-testsuite -# Y2Firewall::Firewalld#reset -BuildRequires: yast2 >= 4.1.21 +# reduced relations +BuildRequires: yast2 >= 4.1.51 BuildRequires: rubygem(%rb_default_ruby_abi:rspec) BuildRequires: rubygem(%rb_default_ruby_abi:yast-rake) -# Y2Firewall::Firewalld#reset -Requires: yast2 >= 4.1.21 +# reduced relations +Requires: yast2 >= 4.1.51 # ButtonBox widget Conflicts: yast2-ycp-ui-bindings < 2.17.3 ++++++ yast2-firewall-4.1.5.tar.bz2 -> yast2-firewall-4.1.10.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/package/yast2-firewall.changes new/yast2-firewall-4.1.10/package/yast2-firewall.changes --- old/yast2-firewall-4.1.5/package/yast2-firewall.changes 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/package/yast2-firewall.changes 2019-01-23 16:16:06.000000000 +0100 @@ -1,4 +1,39 @@ ------------------------------------------------------------------- +Wed Jan 23 09:52:51 UTC 2019 - [email protected] + +- Autoyast: do not overwrite imported configuration when editing + and fixed check for not configured summary (fate#324662) +- 4.1.10 + +------------------------------------------------------------------- +Thu Jan 17 12:53:20 UTC 2019 - [email protected] + +- Propose to reload the firewalld service after writing instead of + restarting it as in other case it will unload kernel modules and + terminate existing connections (bsc#1114673, bsc#1121277) +- 4.1.9 + +------------------------------------------------------------------- +Wed Jan 16 12:02:14 UTC 2019 - [email protected] + +- Autoyast: remove unused options, move export to own class, + add support for custom zones in autoyast profile (fate#324662) +- 4.1.8 + +------------------------------------------------------------------- +Fri Jan 11 16:25:41 UTC 2019 - [email protected] + +- Fixed text domain names (bsc#1121643) +- 4.1.7 + +------------------------------------------------------------------- +Thu Jan 10 12:53:49 UTC 2019 - Josef Reidinger <[email protected]> + +- Ensure that custom zones use unique name (fate#324662) +- Explicitly mention that masquerade is IPv4 only (fate#324662) +- 4.1.6 + +------------------------------------------------------------------- Tue Jan 8 13:22:25 CET 2019 - [email protected] - Restart running firewalld service if data has been changed. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/package/yast2-firewall.spec new/yast2-firewall-4.1.10/package/yast2-firewall.spec --- old/yast2-firewall-4.1.5/package/yast2-firewall.spec 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/package/yast2-firewall.spec 2019-01-23 16:16:06.000000000 +0100 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.1.5 +Version: 4.1.10 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -28,13 +28,13 @@ BuildRequires: perl-XML-Writer update-desktop-files yast2-testsuite BuildRequires: yast2-devtools >= 3.1.10 -# Y2Firewall::Firewalld#reset -BuildRequires: yast2 >= 4.1.21 +# reduced relations +BuildRequires: yast2 >= 4.1.51 BuildRequires: rubygem(%rb_default_ruby_abi:yast-rake) BuildRequires: rubygem(%rb_default_ruby_abi:rspec) -# Y2Firewall::Firewalld#reset -Requires: yast2 >= 4.1.21 +# reduced relations +Requires: yast2 >= 4.1.51 # ButtonBox widget Conflicts: yast2-ycp-ui-bindings < 2.17.3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/autoyast-rnc/firewall.rnc new/yast2-firewall-4.1.10/src/autoyast-rnc/firewall.rnc --- old/yast2-firewall-4.1.5/src/autoyast-rnc/firewall.rnc 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/autoyast-rnc/firewall.rnc 2019-01-23 16:16:06.000000000 +0100 @@ -129,14 +129,10 @@ zone_short? & zone_description? & zone_target? & - fwd_forward_ports? & fwd_interfaces? & fwd_ports? & fwd_protocols? & - fwd_rich_rules? & fwd_services? & - fwd_source_ports? & - fwd_sources? & masquerade? }* } @@ -165,30 +161,6 @@ element (protocol | listentry) {text}* } -fwd_sources = - element sources { - LIST, - element (source | listentry) {text}* - } - -fwd_rich_rules = - element rich_rules { - LIST, - element (rich_rule | litentry) {text}* - } - -fwd_source_ports = - element source_ports { - LIST, - element (souce_port | litentry) {text}* - } - -fwd_forward_ports = - element forward_ports { - LIST, - element (forward_port | litentry) {text}* - } - zone_name = element name { text } zone_short = element short { text } zone_description = element description { text } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/autoyast.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/autoyast.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/autoyast.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/autoyast.rb 2019-01-23 16:16:06.000000000 +0100 @@ -0,0 +1,104 @@ +# encoding: utf-8 + +# ------------------------------------------------------------------------------ +# Copyright (c) 2017 SUSE LLC +# +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of version 2 of the GNU General Public License as published by the +# Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, contact SUSE. +# +# To contact SUSE about this file by physical or electronic mail, you may find +# current contact information at www.suse.com. +# ------------------------------------------------------------------------------ + +require "yast" +require "y2firewall/firewalld" +require "y2firewall/importer_strategies/suse_firewall" +require "y2firewall/importer_strategies/firewalld" + +module Y2Firewall + # This class is responsible for exporting/importing firewalld AutoYaST configuration + # supporting the new firewalld schema but also the SuSEFirewall one (for import). + class Autoyast + include Yast::Logger + # Import the given configuration + # + # @param profile [Hash] AutoYaST profile firewall's section + # @return [true,nil] return true if success; return nil if the given + # profile is empty + def import(profile) + return if profile.empty? + + strategy_for(profile).new(profile).import + + true + end + + # Return a map with current firewalld settings. + # + # @return [Hash] dump firewalld settings + def export + return {} unless firewalld.installed? + + { + "enable_firewall" => firewalld.enabled?, + "start_firewall" => firewalld.running?, + "default_zone" => firewalld.default_zone, + "log_denied_packets" => firewalld.log_denied_packets, + "zones" => firewalld.zones.map { |z| export_zone(z) } + } + end + + private + + def export_zone(zone) + (zone.attributes + zone.relations) + .each_with_object({}) do |field, profile| + profile[field.to_s] = zone.public_send(field) unless zone.public_send(field).nil? + end + end + + # Return an instance of Y2Firewall::Firewalld + # + # @return [Y2Firewall::Firewalld] a firewalld instance + def firewalld + Y2Firewall::Firewalld.instance + end + + # Given a profile defines the importer stragegy to be used. + # + # @example Given SuSEFirewall's profile format + # + # profile = { "FW_DEV_EXT" => "eth0 eth1" } + # importer.strategy_for(profile) #=> Y2Firewall::ImporterStrategies::SuseFirewall + # + # @example Given the new firewalld profile format + # + # profile = + # { + # "zones" => [ + # { "name" => "public", "interfaces" => ["eth0", "eth1"] }, + # { "name" => "external", "services" => ["dhcp", "dhcpv6", "ssh"] } + # ] + # } + # + # importer.strategy_for(profile) #=> Y2Firewall::ImporterStrategies::Firewalld + # + # @param profile [Hash] AutoYaST profile firewall's section + # @return [ImporterStrategies::SuseFirewall,ImporterStrategies::Firewalld] + # the importer strategy to be used for importing. + def strategy_for(profile) + return ImporterStrategies::SuseFirewall if profile.any? { |k, _v| k.start_with?("FW_") } + + ImporterStrategies::Firewalld + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/clients/auto.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/clients/auto.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/clients/auto.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/clients/auto.rb 2019-01-23 16:16:06.000000000 +0100 @@ -21,7 +21,7 @@ require "yast" require "y2firewall/firewalld" -require "y2firewall/importer" +require "y2firewall/autoyast" require "y2firewall/proposal_settings" require "y2firewall/summary_presenter" require "y2firewall/dialogs/main" @@ -69,7 +69,7 @@ def summary presenter = Y2Firewall::SummaryPresenter.new(firewalld) return presenter.not_installed if !firewalld.installed? - return presenter.not_configured if !modified? + return presenter.not_configured if !firewalld.read? && !firewalld.modified? presenter.create end @@ -85,7 +85,7 @@ # Obtains the default from the control file (settings) if not present. enable if profile.fetch("enable_firewall", settings.enable_firewall) start if profile.fetch("start_firewall", false) - importer.import(profile) + autoyast.import(profile) check_profile_for_errors imported end @@ -94,7 +94,7 @@ # # @return [Hash] with the current firewalld configuration def export - firewalld.export + autoyast.export end # Reset the current firewalld configuration. @@ -107,7 +107,8 @@ end def change - self.class.imported = false + read_keeping_configuration + result = Dialogs::Main.new.run case result when :next, :finish, :ok, :accept @@ -162,9 +163,22 @@ private + # Read the minimal configuration from firewalld, w/o dropping available configuration + # + # Useful to preserve the already imported, but not written yet, configuration (if any) + def read_keeping_configuration + return unless firewalld.installed? + return if firewalld.read? + + self.class.profile = export + firewalld.reset + firewalld.read(minimal: true) + import(self.class.profile, false) + end + def import_if_needed if ay_config? - self.class.profile = firewalld.export + self.class.profile = export self.class.imported = false end @@ -180,7 +194,7 @@ # Problems will be stored in AutoInstall.issues_list. def check_profile_for_errors # Checking if an interface has been defined for different zones - zones = firewalld.export["zones"] || [] + zones = export["zones"] || [] all_interfaces = zones.flat_map { |zone| zone["interfaces"] || [] } double_entries = all_interfaces.select { |i| all_interfaces.count(i) > 1 }.uniq unless double_entries.empty? @@ -197,11 +211,11 @@ start? ? firewalld.start : firewalld.stop end - # Return a firewall importer + # Return a firewall autoyast object # - # @return [Y2Firewall::Importer] - def importer - @importer ||= Importer.new + # @return [Y2Firewall::Autoyast] + def autoyast + @autoyast ||= Autoyast.new end # Return a firewalld singleton instance diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/clients/proposal.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/clients/proposal.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/clients/proposal.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/clients/proposal.rb 2019-01-23 16:16:06.000000000 +0100 @@ -54,7 +54,7 @@ def initialize Yast.import "UI" Yast.import "HTML" - textdomain "installation" + textdomain "firewall" @settings ||= ProposalSettings.instance end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/dialogs/main.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/dialogs/main.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/dialogs/main.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/dialogs/main.rb 2019-01-23 16:16:06.000000000 +0100 @@ -36,12 +36,14 @@ Yast.import "NetworkInterfaces" textdomain "firewall" - if Yast::Mode.config - fw.read(minimal: true) unless fw.read? - else + unless Yast::Mode.config Yast::NetworkInterfaces.Read fw.read unless fw.read? end + # For applying the changes to the running configuration a reload or + # restart need to be applied. + # Proposed a service reload by default (bsc#1114673, bsc#1121277) + fw.system_service.reload if fw.system_service && fw.system_service.running? end def should_open_dialog? @@ -69,7 +71,6 @@ loop do result = super - swap_api if result == :swap_mode break unless continue_running?(result) end @@ -110,7 +111,7 @@ # # @return [Boolean] true in case of a dialog redraw or an api change def continue_running?(result) - result == :redraw || result == :swap_mode + result == :redraw end # Convenience method which return an instance of Y2Firewall::Firewalld @@ -120,27 +121,10 @@ Y2Firewall::Firewalld.instance end - # Modify the firewalld API instance in case the systemd service state has - # changed. - def swap_api - fw.api = Y2Firewall::Firewalld::Api.new - end - # Writes down the firewall configuration and the systemd service # modifications def apply_changes return false if Yast::Mode.config - # Firewall settings will be written into the permanent configurations only. - # So the running firewalld service will not be changed. Even a reload does - # not help (see man pages). So the running firewalld service has to be - # restarted. - # Set a flag only. Restarting will be done by system_service.save. - if fw.modified? && # Data has been changed by user - fw.system_service.running? && # The service is already running - fw.system_service.action != :stop # and will not be stopped by the user - fw.system_service.restart - end - fw.write_only fw.system_service.save end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/dialogs/zone.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/dialogs/zone.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/dialogs/zone.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/dialogs/zone.rb 2019-01-23 16:16:06.000000000 +0100 @@ -29,10 +29,13 @@ # @param zone [Y2Firewall::Firewalld::Zone] holder for configuration or # existing zone # @param new_zone [Boolean] if it creates new zone or edit existing - def initialize(zone, new_zone = false) + # @param existing_names [Array<String>] names have to be unique, so pass existing ones + # which cannot be used. + def initialize(zone, new_zone: false, existing_names: []) textdomain "firewall" @zone = zone @new_zone = new_zone + @existing_names = existing_names end def title @@ -43,7 +46,7 @@ MinWidth(70, VBox( # do not allow to change name for already created zone - Left(NameWidget.new(@zone, disabled: !@new_zone)), + Left(NameWidget.new(@zone, disabled: !@new_zone, existing_names: @existing_names)), VSpacing(1), Left(ShortWidget.new(@zone)), VSpacing(1), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/importer.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/importer.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/importer.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/importer.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,82 +0,0 @@ -# encoding: utf-8 - -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require "yast" -require "y2firewall/firewalld" -require "y2firewall/importer_strategies/suse_firewall" -require "y2firewall/importer_strategies/firewalld" - -module Y2Firewall - # This class is responsible for importing firewalld AutoYaST configuration - # supporting the new firewalld schema but also the SuSEFirewall one. - class Importer - include Yast::Logger - # Import the given configuration - # - # @param profile [Hash] AutoYaST profile firewall's section - # @return [true,nil] return true if success; return nil if the given - # profile is empty - def import(profile) - return if profile.empty? - - strategy_for(profile).new(profile).import - - true - end - - # Given a profile defines the importer stragegy to be used. - # - # @example Given SuSEFirewall's profile format - # - # profile = { "FW_DEV_EXT" => "eth0 eth1" } - # importer.strategy_for(profile) #=> Y2Firewall::ImporterStrategies::SuseFirewall - # - # @example Given the new firewalld profile format - # - # profile = - # { - # "zones" => [ - # { "name" => "public", "interfaces" => ["eth0", "eth1"] }, - # { "name" => "external", "services" => ["dhcp", "dhcpv6", "ssh"] } - # ] - # } - # - # importer.strategy_for(profile) #=> Y2Firewall::ImporterStrategies::Firewalld - # - # @param profile [Hash] AutoYaST profile firewall's section - # @return [ImporterStrategies::SuseFirewall,ImporterStrategies::Firewalld] - # the importer strategy to be used for importing. - def strategy_for(profile) - return ImporterStrategies::SuseFirewall if profile.any? { |k, _v| k.start_with?("FW_") } - - ImporterStrategies::Firewalld - end - - private - - # Return an instance of Y2Firewall::Firewalld - # - # @return [Y2Firewall::Firewalld] a firewalld instance - def firewalld - Y2Firewall::Firewalld.instance - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/importer_strategies/firewalld.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/importer_strategies/firewalld.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/importer_strategies/firewalld.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/importer_strategies/firewalld.rb 2019-01-23 16:16:06.000000000 +0100 @@ -60,20 +60,30 @@ private - ZONE_ATTRIBUTES = ["services", "interfaces", "protocols", "ports", "masquerade"].freeze + IGNORED_ATTRIBUTES = ["name", "short", "description"].freeze # Configures Y2Firewall::Firewalld::Zone that correspond with the # profile's firewall zone definition # # @param zone_definition [Hash] AutoYaST profile firewall's section - # @return [Boolean] true if the zone exist; nil otherwise def process_zone(zone_definition) - zone = firewalld.find_zone(zone_definition["name"]) - return unless zone - ZONE_ATTRIBUTES.each do |attr| - zone.public_send("#{attr}=", zone_definition[attr]) if zone_definition[attr] + name = zone_definition["name"] + zone = firewalld.find_zone(name) + zone = create_zone(zone_definition) if !zone + (zone.attributes + zone.relations).each do |key| + next if IGNORED_ATTRIBUTES.include?(key.to_s) + zone.public_send("#{key}=", zone_definition[key.to_s]) if zone_definition[key.to_s] end - true + end + + def create_zone(definition) + name = definition["name"] + zone = Y2Firewall::Firewalld::Zone.new(name: name) + zone.short = definition["short"] || name + zone.description = definition["description"] || name + firewalld.zones << zone + + zone end # Convenience method which return an instance of Y2Firewall::Firewalld diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/widgets/pages/zones.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/widgets/pages/zones.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/widgets/pages/zones.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/widgets/pages/zones.rb 2019-01-23 16:16:06.000000000 +0100 @@ -76,7 +76,8 @@ def handle zone = Y2Firewall::Firewalld::Zone.new(name: "draft") - result = Dialogs::Zone.run(zone, true) + result = Dialogs::Zone.run(zone, new_zone: true, + existing_names: firewall.zones.map(&:name)) if result == :ok zone.relations.map { |r| zone.send("#{r}=", []) } firewall.zones << zone diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/src/lib/y2firewall/widgets/zone.rb new/yast2-firewall-4.1.10/src/lib/y2firewall/widgets/zone.rb --- old/yast2-firewall-4.1.5/src/lib/y2firewall/widgets/zone.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/src/lib/y2firewall/widgets/zone.rb 2019-01-23 16:16:06.000000000 +0100 @@ -28,14 +28,15 @@ class NameWidget < CWM::InputField include Yast::I18n - def initialize(zone, disabled: false) - textdomain "textdomain" + def initialize(zone, disabled: false, existing_names: []) + textdomain "firewall" @zone = zone @disabled = disabled + @existing_names = existing_names end def init - self.value = @zone.name + self.value = @zone.name || "" @disabled ? disable : enable end @@ -44,21 +45,22 @@ end def validate - return true if value.to_s.match?(/^\w+$/) - - Yast::Report.Error(_("Please, provide a valid alphanumeric name for the zone")) - focus - false + if !value.to_s.match?(/^\w+$/) + Yast::Report.Error(_("Please, provide a valid alphanumeric name for the zone")) + focus + false + elsif @existing_names.include?(value.to_s) + Yast::Report.Error(_("Name is already used. Please choose different name.")) + focus + false + else + true + end end def store @zone.name = value end - - # Sets the focus into this widget - def focus - Yast::UI.SetFocus(Id(widget_id)) - end end # short name of zone. @@ -71,7 +73,7 @@ end def init - self.value = @zone.short + self.value = @zone.short || "" end def label @@ -89,12 +91,6 @@ def store @zone.short = value end - - # Sets the focus into this widget - # TODO: move to CWM itself - def focus - Yast::UI.SetFocus(Id(widget_id)) - end end # textual description of widget @@ -108,7 +104,7 @@ end def init - self.value = @zone.description + self.value = @zone.description || "" end def label @@ -126,12 +122,6 @@ def store @zone.description = value end - - # Sets the focus into this widget - # TODO: move to CWM itself - def focus - Yast::UI.SetFocus(Id(widget_id)) - end end # target of zone @@ -167,7 +157,7 @@ end def label - _("Masquerade") + _("IPv4 Masquerade") end def init @@ -177,6 +167,17 @@ def store @zone.masquerade = value end + + def help + format(_( + "<b>%s</b> sets masquerade for given zone. Option is for IPv4 only." \ + "For IPv6 command line tool firewall-cmd and rich rules needs to be used." \ + "IP Masquerade, also called IPMASQ or MASQ, allows one or more computers in " \ + "a network without assigned IP addresses to communicate using server’s" \ + "assigned IP address." + ), + label) + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/lib/y2firewall/autoyast_test.rb new/yast2-firewall-4.1.10/test/lib/y2firewall/autoyast_test.rb --- old/yast2-firewall-4.1.5/test/lib/y2firewall/autoyast_test.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/lib/y2firewall/autoyast_test.rb 2019-01-23 16:16:06.000000000 +0100 @@ -0,0 +1,133 @@ +#!/usr/bin/env rspec + +# ------------------------------------------------------------------------------ +# Copyright (c) 2017 SUSE LLC +# +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of version 2 of the GNU General Public License as published by the +# Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, contact SUSE. +# +# To contact SUSE about this file by physical or electronic mail, you may find +# current contact information at www.suse.com. +# ------------------------------------------------------------------------------ + +require_relative "../../test_helper.rb" +require "y2firewall/autoyast" + +describe Y2Firewall::Autoyast do + let(:profile) { { "FW_DEV_EXT" => "eth0" } } + + describe "#import" do + context "when the given profile uses a SuSEFirewall2 schema" do + it "imports the given profile using the SuSEFirewall strategy" do + expect(subject).to receive(:strategy_for).with(profile).and_call_original + expect_any_instance_of(Y2Firewall::ImporterStrategies::SuseFirewall).to receive(:import) + + subject.import(profile) + end + end + + context "when the given profile does not use a SuSEFirewall2 schema" do + let(:profile) { { "zones" => [{ "name" => "public", "interfaces" => "eth0" }] } } + + it "imports the given profile using the Firewalld strategy" do + expect(subject).to receive(:strategy_for).with(profile).and_call_original + expect_any_instance_of(Y2Firewall::ImporterStrategies::Firewalld).to receive(:import) + + subject.import(profile) + end + end + + end + + describe "#export" do + let(:zones_definition) do + ["dmz", + " target: default", + " interfaces: ", + " ports: ", + " protocols:", + " sources:", + "", + "external (active)", + " target: default", + " interfaces: eth0", + " services: ssh samba", + " ports: 5901/tcp 5901/udp", + " protocols: esp", + " sources:"] + end + + let(:known_zones) { %w(dmz drop external home internal public trusted work) } + let(:known_services) { %w(http https samba ssh) } + + let(:api) do + instance_double(Y2Firewall::Firewalld::Api, + log_denied_packets: "all", + default_zone: "work", + list_all_zones: zones_definition, + zones: known_zones, + services: known_services) + end + + let(:firewalld) { Y2Firewall::Firewalld.instance } + + before do + firewalld.reset + allow(firewalld).to receive("api").and_return api + allow(firewalld).to receive("running?").and_return true + allow(firewalld).to receive("enabled?").and_return false + allow(firewalld).to receive("installed?").and_return true + firewalld.read + end + + it "returns a hash with the current firewalld config" do + config = subject.export + + expect(config).to be_a(Hash) + expect(config["enable_firewall"]).to eq(false) + expect(config["start_firewall"]).to eq(true) + expect(config["log_denied_packets"]).to eq("all") + expect(config["default_zone"]).to eq("work") + + external = config["zones"].find { |z| z["name"] == "external" } + + expect(external["interfaces"]).to eq(["eth0"]) + expect(external["ports"]).to eq(["5901/tcp", "5901/udp"]) + expect(external["protocols"]).to eq(["esp"]) + end + + it "returned hash is valid for later import" do + config = subject.export + expect { subject.import(config) }.to_not raise_error + end + end + + describe "#strategy_for" do + context "when the given profile uses a SuSEFirewall2 schema" do + it "returns Y2Firewall::ImporterStrategies::SuSEFirewall" do + expect(subject.send(:strategy_for, profile)).to( + eq(Y2Firewall::ImporterStrategies::SuseFirewall) + ) + end + end + + context "when the given profile does not use a SuSEFirewall2 schema" do + let(:profile) { { "zones" => [{ "name" => "public", "interfaces" => "eth0" }] } } + + it "returns Y2Firewall::ImporterStrategies::Firewalld" do + expect(subject.send(:strategy_for, profile)).to( + eq(Y2Firewall::ImporterStrategies::Firewalld) + ) + end + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/lib/y2firewall/clients/auto_test.rb new/yast2-firewall-4.1.10/test/lib/y2firewall/clients/auto_test.rb --- old/yast2-firewall-4.1.5/test/lib/y2firewall/clients/auto_test.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/lib/y2firewall/clients/auto_test.rb 2019-01-23 16:16:06.000000000 +0100 @@ -20,27 +20,26 @@ # ------------------------------------------------------------------------------ require_relative "../../../test_helper" +require "y2firewall/dialogs/main" require "y2firewall/clients/auto" describe Y2Firewall::Clients::Auto do let(:firewalld) { Y2Firewall::Firewalld.instance } - let(:importer) { double("Y2Firewall::Importer", import: true) } + let(:installed) { true } + let(:autoyast) { double("Y2Firewall::Autoyast", import: true, export: {}) } before do - allow_any_instance_of(Y2Firewall::Firewalld::Api).to receive(:running?).and_return(false) subject.class.imported = false + allow(firewalld).to receive(:read) - allow(firewalld).to receive(:installed?).and_return(true) - allow(subject).to receive(:importer).and_return(importer) + allow(firewalld).to receive(:installed?).and_return(installed) + allow(subject).to receive(:autoyast).and_return(autoyast) + allow_any_instance_of(Y2Firewall::Firewalld::Api).to receive(:running?).and_return(false) end describe "#summary" do let(:installed) { false } - before do - allow(firewalld).to receive(:installed?).and_return(installed) - end - context "when firewalld is not installed" do it "reports when firewalld is not available" do expect(subject.summary).to match(/not available/) @@ -173,7 +172,7 @@ context "once the current configuration has been set" do it "imports the given profile" do - expect(importer).to receive(:import).with(arguments) + expect(autoyast).to receive(:import).with(arguments) subject.import(arguments, false) end @@ -188,7 +187,7 @@ end it "reports that an interface has been defined twice in zones" do - expect(firewalld).to receive(:export) + expect(autoyast).to receive(:export) .and_return("zones" => [{ "interfaces" => ["eth0"], "name" => "public" }, { "interfaces" => ["eth0", "eth0"], "name" => "trusted" }]) expect(i_list).to receive(:add) @@ -202,7 +201,7 @@ describe "#export" do before do - allow(firewalld).to receive(:export) + allow(autoyast).to receive(:export) .and_return("zones" => {}, "default_zone" => "public", "log_denied_packets" => "unicast") end @@ -229,6 +228,90 @@ end end + describe "#change" do + let(:result) { :ok } + let(:already_read) { false } + let(:main_dialog) { instance_double("Dialog::Main", run: result) } + + before do + allow(Y2Firewall::Dialogs::Main).to receive(:new).and_return(main_dialog) + allow(firewalld).to receive(:read?).and_return(already_read) + end + + context "when the configuration is accepted" do + [:next, :finish, :ok, :accept].each do |dialog_result| + let(:result) { dialog_result } + + it "sets autoyast config" do + expect(subject.class).to receive(:ay_config=).with(true) + + subject.change + end + end + end + + context "when the configuration is aborted" do + [:back, :abort, :cancel].each do |dialog_result| + let(:result) { dialog_result } + + it "does not set autoyast config" do + expect(subject.class).to_not receive(:ay_config=) + + subject.change + end + end + end + + context "when firewalld is not installed yet" do + let(:installed) { false } + + it "does not read its configuration" do + expect(firewalld).to_not receive(:read) + + subject.change + end + end + + context "when firewalld is installed" do + context "and its configuration was already read" do + let(:already_read) { true } + + it "does not read it again" do + expect(firewalld).to_not receive(:read) + + subject.change + end + end + + context "but its configuration has not been read" do + let(:example_zone) do + { "name" => "example", "services" => ["http", "https", "ssh"] } + end + + let(:imported_zones) do + { "zones" => [example_zone] } + end + + before do + allow(subject).to receive(:autoyast).and_call_original + subject.import(imported_zones, false) + end + + it "reads the minimal configuration" do + expect(firewalld).to receive(:read).with(minimal: true) + + subject.change + end + + it "keeps the configuration previously imported" do + subject.change + + expect(subject.export["zones"]).to include(hash_including(example_zone)) + end + end + end + end + describe "#write" do let(:arguments) do { "FW_MASQUERADE" => "yes", "enable_firewall" => false, "start_firewall" => false } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/lib/y2firewall/dialogs/main_test.rb new/yast2-firewall-4.1.10/test/lib/y2firewall/dialogs/main_test.rb --- old/yast2-firewall-4.1.5/test/lib/y2firewall/dialogs/main_test.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/lib/y2firewall/dialogs/main_test.rb 2019-01-23 16:16:06.000000000 +0100 @@ -28,6 +28,7 @@ let(:firewall) { Y2Firewall::Firewalld.instance } before do + firewall.reset allow(firewall).to receive(:read) allow_any_instance_of(Y2Firewall::Widgets::OverviewTreePager) .to receive(:items).and_return([]) @@ -60,7 +61,8 @@ save: true, running?: true, restart: nil, - action: action) + action: action, + reload: nil) end before do @@ -69,6 +71,12 @@ allow(firewall).to receive(:modified?).and_return(true) end + it "proposes to reload the service by default if it is running" do + expect(firewall_service).to receive(:reload) + + subject.run + end + context "when the user accepts the changes" do it "writes the firewall configuration" do expect(firewall).to receive(:write_only) @@ -82,16 +90,6 @@ subject.run end - context "user has not changed the service running state" do - let(:action) { nil } - - it "restart the running firewalld systemd service" do - expect(firewall.system_service).to receive(:restart) - - subject.run - end - end - context "service has been stopped by the user" do let(:action) { :stop } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/lib/y2firewall/dialogs/zone_test.rb new/yast2-firewall-4.1.10/test/lib/y2firewall/dialogs/zone_test.rb --- old/yast2-firewall-4.1.5/test/lib/y2firewall/dialogs/zone_test.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/lib/y2firewall/dialogs/zone_test.rb 2019-01-23 16:16:06.000000000 +0100 @@ -30,5 +30,5 @@ include_examples "CWM::Dialog" let(:zone) { Y2Firewall::Firewalld::Zone.new(name: "test") } - subject { described_class.new(zone, false) } + subject { described_class.new(zone) } end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/lib/y2firewall/importer_strategies/firewalld_test.rb new/yast2-firewall-4.1.10/test/lib/y2firewall/importer_strategies/firewalld_test.rb --- old/yast2-firewall-4.1.5/test/lib/y2firewall/importer_strategies/firewalld_test.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/lib/y2firewall/importer_strategies/firewalld_test.rb 2019-01-23 16:16:06.000000000 +0100 @@ -41,7 +41,10 @@ "zones" => [ { "name" => "dmz", "interfaces" => ["eth0.12"], "services" => ["samba"] }, { "name" => "external", "interfaces" => ["eth0"], "services" => ["dhcp"] }, - { "name" => "internal", "interfaces" => ["eth1"], "protocols" => ["icmp"] } + { "name" => "internal", "interfaces" => ["eth1"], "protocols" => ["icmp"] }, + { "name" => "newzone", "short" => "new zone", + "description" => "nice new zone with fance protection", + "interfaces" => ["eth666"], "protocols" => ["icmp"], "target" => "ACCEPT" } ] } end @@ -61,6 +64,7 @@ dmz = firewalld.find_zone("dmz") external = firewalld.find_zone("external") internal = firewalld.find_zone("internal") + new_zone = firewalld.find_zone("newzone") expect(dmz.interfaces).to eq(["eth0.12"]) expect(external.interfaces).to eq(["eth0"]) @@ -68,6 +72,7 @@ expect(external.services).to eq(["dhcp"]) expect(internal.protocols).to eq(["icmp"]) expect(firewalld.default_zone).to eq("dmz") + expect(new_zone.target).to eq "ACCEPT" end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/lib/y2firewall/importer_test.rb new/yast2-firewall-4.1.10/test/lib/y2firewall/importer_test.rb --- old/yast2-firewall-4.1.5/test/lib/y2firewall/importer_test.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/lib/y2firewall/importer_test.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,66 +0,0 @@ -#!/usr/bin/env rspec - -# ------------------------------------------------------------------------------ -# Copyright (c) 2017 SUSE LLC -# -# -# This program is free software; you can redistribute it and/or modify it under -# the terms of version 2 of the GNU General Public License as published by the -# Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along with -# this program; if not, contact SUSE. -# -# To contact SUSE about this file by physical or electronic mail, you may find -# current contact information at www.suse.com. -# ------------------------------------------------------------------------------ - -require_relative "../../test_helper.rb" -require "y2firewall/importer" - -describe Y2Firewall::Importer do - let(:profile) { { "FW_DEV_EXT" => "eth0" } } - - describe "#import" do - context "when the given profile uses a SuSEFirewall2 schema" do - it "imports the given profile using the SuSEFirewall strategy" do - expect(subject).to receive(:strategy_for).with(profile).and_call_original - expect_any_instance_of(Y2Firewall::ImporterStrategies::SuseFirewall).to receive(:import) - - subject.import(profile) - end - end - - context "when the given profile does not use a SuSEFirewall2 schema" do - let(:profile) { { "zones" => [{ "name" => "public", "interfaces" => "eth0" }] } } - - it "imports the given profile using the Firewalld strategy" do - expect(subject).to receive(:strategy_for).with(profile).and_call_original - expect_any_instance_of(Y2Firewall::ImporterStrategies::Firewalld).to receive(:import) - - subject.import(profile) - end - end - - end - - describe "#strategy_for" do - context "when the given profile uses a SuSEFirewall2 schema" do - it "returns Y2Firewall::ImporterStrategies::SuSEFirewall" do - expect(subject.strategy_for(profile)).to eq(Y2Firewall::ImporterStrategies::SuseFirewall) - end - end - - context "when the given profile does not use a SuSEFirewall2 schema" do - let(:profile) { { "zones" => [{ "name" => "public", "interfaces" => "eth0" }] } } - - it "returns Y2Firewall::ImporterStrategies::Firewalld" do - expect(subject.strategy_for(profile)).to eq(Y2Firewall::ImporterStrategies::Firewalld) - end - end - end -end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/lib/y2firewall/widgets/zone_test.rb new/yast2-firewall-4.1.10/test/lib/y2firewall/widgets/zone_test.rb --- old/yast2-firewall-4.1.5/test/lib/y2firewall/widgets/zone_test.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/lib/y2firewall/widgets/zone_test.rb 2019-01-23 16:16:06.000000000 +0100 @@ -0,0 +1,56 @@ +#!/usr/bin/env rspec +# encoding: utf-8 + +# Copyright (c) [2018] SUSE LLC +# +# All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as published +# by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, contact SUSE LLC. +# +# To contact SUSE LLC about this file by physical or electronic mail, you may +# find current contact information at www.suse.com. + +require_relative "../../../test_helper" + +require "cwm/rspec" +require "y2firewall/widgets/zone" + +describe Y2Firewall::Dialogs::NameWidget do + subject { described_class.new(double(name: "test")) } + + include_examples "CWM::AbstractWidget" +end + +describe Y2Firewall::Dialogs::ShortWidget do + subject { described_class.new(double(short: "test")) } + + include_examples "CWM::AbstractWidget" +end + +describe Y2Firewall::Dialogs::DescriptionWidget do + subject { described_class.new(double(description: "test")) } + + include_examples "CWM::AbstractWidget" +end + +describe Y2Firewall::Dialogs::TargetWidget do + subject { described_class.new(double(target: "default")) } + + include_examples "CWM::ComboBox" +end + +describe Y2Firewall::Dialogs::MasqueradeWidget do + subject { described_class.new(double(masquerade: false)) } + + include_examples "CWM::CheckBox" +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.1.5/test/test_helper.rb new/yast2-firewall-4.1.10/test/test_helper.rb --- old/yast2-firewall-4.1.5/test/test_helper.rb 2019-01-08 16:34:03.000000000 +0100 +++ new/yast2-firewall-4.1.10/test/test_helper.rb 2019-01-23 16:16:06.000000000 +0100 @@ -42,6 +42,7 @@ # some tests have translatable messages ENV["LANG"] = "en_US.UTF-8" +ENV["LC_ALL"] = "en_US.UTF-8" if ENV["COVERAGE"] require "simplecov"
