Hello community,

here is the log from the commit of package yast2-sudo for openSUSE:Factory 
checked in at 2020-10-18 16:20:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-sudo (Old)
 and      /work/SRC/openSUSE:Factory/.yast2-sudo.new.3486 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "yast2-sudo"

Sun Oct 18 16:20:28 2020 rev:42 rq:840425 version:4.3.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-sudo/yast2-sudo.changes    2020-03-01 
21:26:55.436423616 +0100
+++ /work/SRC/openSUSE:Factory/.yast2-sudo.new.3486/yast2-sudo.changes  
2020-10-18 16:20:35.156468516 +0200
@@ -1,0 +2,10 @@
+Thu Oct  8 14:43:17 UTC 2020 - Josef Reidinger <jreidin...@suse.com>
+
+- Support @include(-dir) directives
+- Support alternative name Cmd_Alias
+- report properly if yast2-sudo cannot read some configuration
+- improve error report if syntax failed after write
+  (related to bsc#1156929)
+- 4.3.0
+
+-------------------------------------------------------------------

Old:
----
  yast2-sudo-4.2.3.tar.bz2

New:
----
  yast2-sudo-4.3.0.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2-sudo.spec ++++++
--- /var/tmp/diff_new_pack.FP7wxh/_old  2020-10-18 16:20:35.696468756 +0200
+++ /var/tmp/diff_new_pack.FP7wxh/_new  2020-10-18 16:20:35.700468758 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package yast2-sudo
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -20,9 +20,9 @@
 Summary:        YaST2 - Sudo configuration
 License:        GPL-2.0-only
 Group:          System/YaST
-Version:        4.2.3
+Version:        4.3.0
 Release:        0
-Url:            https://github.com/yast/yast-sudo
+URL:            https://github.com/yast/yast-sudo
 
 Source0:        %{name}-%{version}.tar.bz2
 
@@ -35,7 +35,8 @@
 BuildRequires:  yast2
 BuildRequires:  yast2-devtools >= 4.2.2
 BuildRequires:  yast2-users
-BuildRequires:  rubygem(yast-rake)
+BuildRequires:  rubygem(%rb_default_ruby_abi:rspec)
+BuildRequires:  rubygem(%rb_default_ruby_abi:yast-rake)
 
 BuildArch:      noarch
 

++++++ yast2-sudo-4.2.3.tar.bz2 -> yast2-sudo-4.3.0.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/.coveralls.yml 
new/yast2-sudo-4.3.0/.coveralls.yml
--- old/yast2-sudo-4.2.3/.coveralls.yml 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/.coveralls.yml 2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1 @@
+service_name: travis-ci
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/.travis.yml 
new/yast2-sudo-4.3.0/.travis.yml
--- old/yast2-sudo-4.2.3/.travis.yml    1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/.travis.yml    2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1,11 @@
+sudo: required
+language: bash
+services:
+  - docker
+
+before_install:
+  - docker build -t yast-sudo-image .
+script:
+  # the "yast-travis-ruby" script is included in the base yastdevel/ruby image
+  # see https://github.com/yast/docker-yast-ruby/blob/master/yast-travis-ruby
+  - docker run -it -e TRAVIS=1 -e TRAVIS_JOB_ID="$TRAVIS_JOB_ID" 
yast-sudo-image yast-travis-ruby
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/CONTRIBUTING.md 
new/yast2-sudo-4.3.0/CONTRIBUTING.md
--- old/yast2-sudo-4.2.3/CONTRIBUTING.md        2020-02-19 10:51:08.000000000 
+0100
+++ new/yast2-sudo-4.3.0/CONTRIBUTING.md        1970-01-01 01:00:00.000000000 
+0100
@@ -1,89 +0,0 @@
-YaST Contribution Guidelines
-============================
-
-YaST is an open source project and as such it welcomes all kinds of
-contributions. If you decide to contribute, please follow these guidelines to
-ensure the process is effective and pleasant both for you and the YaST 
maintainers.
-
-There are two main forms of contribution: reporting bugs and performing code
-changes.
-
-Bug Reports
------------
-
-If you find a problem, please report it either using
-[Bugzilla](https://bugzilla.suse.com/enter_bug.cgi?format=guided&product=openSUSE+Factory&component=YaST2)
-or [GitHub issues](../../issues). (For Bugzilla, use the [simplified
-registration](https://secure-www.novell.com/selfreg/jsp/createSimpleAccount.jsp)
-if you don't have an account yet.)
-
-When creating a bug report, please follow our [bug reporting
-guidelines](http://en.opensuse.org/openSUSE:Report_a_YaST_bug).
-
-We can't guarantee that every bug will be fixed, but we'll try.
-
-Code Changes
-------------
-
-We welcome all kinds of code contributions, from simple bug fixes to 
significant
-refactorings and implementation of new features. However, before making any
-non-trivial contribution, get in touch with us first — this can prevent wasted
-effort on both sides. Also, have a look at our [development
-documentation](http://en.opensuse.org/openSUSE:YaST_development).
-
-To send us your code change, use GitHub pull requests. The workflow is as
-follows:
-
-  1. Fork the project.
-
-  2. Create a topic branch based on `master`.
-
-  3. Implement your change, including tests (if possible). Make sure you adhere
-     to the [Ruby style
-     guide](https://github.com/SUSE/style-guides/blob/master/Ruby.md).
-
-  4. Update the package version (in `packages/*.spec`, usually by
-     `rake version:bump`) and add a new entry to the `package/*.changes` file
-     (by `osc vc package`).  
-     For bigger changes or changes which need longer discussion it is advised 
to
-     add this as a separate last commit so it can be easily updated when 
another
-     change is merged in the meantime.
-
-  5. Make sure your change didn't break anything by building the RPM package
-     (`rake osc:build`). The build process includes running the full testsuite.
-
-  6. Publish the branch and create a pull request.
-
-  7. YaST developers will review your change and possibly point out issues.
-     Adapt the code under their guidance until they are all resolved.
-
-  8. Finally, the pull request will get merged or rejected.
-
-See also [GitHub's guide on
-contributing](https://help.github.com/articles/fork-a-repo).
-
-If you want to do multiple unrelated changes, use separate branches and pull
-requests.
-
-### Commits
-
-Each commit in the pull request should do only one thing, which is clearly
-described by its commit message. Especially avoid mixing formatting changes and
-functional changes into one commit. When writing commit messages, adhere to
-[widely used
-conventions](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
-
-If your commit is related to a bug in Bugzilla or an issue on GitHub, make sure
-you mention it in the commit message for cross-reference. Use format like
-bnc#775814 or gh#yast/yast-foo#42. See also [GitHub
-autolinking](https://help.github.com/articles/github-flavored-markdown#references)
-and [openSUSE abbreviation
-reference](http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines#Current_set_of_abbreviations).
-
-Additional Information
-----------------------
-
-If you have any question, feel free to ask at the [development mailing
-list](http://lists.opensuse.org/yast-devel/) or at the
-[#yast](http://webchat.freenode.net/?channels=%23yast) IRC channel on freenode.
-We'll do our best to provide a timely and accurate answer.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/Dockerfile 
new/yast2-sudo-4.3.0/Dockerfile
--- old/yast2-sudo-4.2.3/Dockerfile     1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/Dockerfile     2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1,2 @@
+FROM registry.opensuse.org/yast/head/containers/yast-ruby:latest
+COPY . /usr/src/app
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/README.md 
new/yast2-sudo-4.3.0/README.md
--- old/yast2-sudo-4.2.3/README.md      1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/README.md      2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1,22 @@
+## YaST - Sudo Configuration
+
+The intention of this module is to provide a User Interface for configuring
+`sudo`.
+
+### Known Limitations
+
+- It uses a handcrafter Perl parser that has some limitations, especially when
+  it comes to deal with new `sudo` features or complex configuration.
+  Alternatives like Augeas lenses are more up-to-date. For specific limitations
+  see below.
+- Support for `@include` and `@includedir` directive is limited. It just shows
+  them in rules section, but nothing more. Also duplicated alias detection does
+  not work across included files.
+- `sudo` configuration does not support multitags in rules, which leads to
+  refuse to work with error message.
+- `sudo` configuration does not support command specific tags in rules, which 
leads to
+  refuse to work with error message.
+- The module does not allow to see/edit the global configuration of `sudo` (key
+  `Defaults`).
+- No support for commands digest feature. If found then it refuses to work.
+- It can only work with `/etc/sudoers`.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/package/yast2-sudo.changes 
new/yast2-sudo-4.3.0/package/yast2-sudo.changes
--- old/yast2-sudo-4.2.3/package/yast2-sudo.changes     2020-02-19 
10:51:08.000000000 +0100
+++ new/yast2-sudo-4.3.0/package/yast2-sudo.changes     2020-10-09 
14:26:03.000000000 +0200
@@ -1,4 +1,14 @@
 -------------------------------------------------------------------
+Thu Oct  8 14:43:17 UTC 2020 - Josef Reidinger <jreidin...@suse.com>
+
+- Support @include(-dir) directives
+- Support alternative name Cmd_Alias
+- report properly if yast2-sudo cannot read some configuration
+- improve error report if syntax failed after write
+  (related to bsc#1156929)
+- 4.3.0
+
+-------------------------------------------------------------------
 Tue Feb 18 14:40:08 UTC 2020 - Stefan Hundhammer <shundham...@suse.com>
 
 - Fixed user-visible messages (bsc#1084015)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/package/yast2-sudo.spec 
new/yast2-sudo-4.3.0/package/yast2-sudo.spec
--- old/yast2-sudo-4.2.3/package/yast2-sudo.spec        2020-02-19 
10:51:08.000000000 +0100
+++ new/yast2-sudo-4.3.0/package/yast2-sudo.spec        2020-10-09 
14:26:03.000000000 +0200
@@ -18,7 +18,7 @@
 
 Name:           yast2-sudo
 Summary:        YaST2 - Sudo configuration
-Version:        4.2.3
+Version:        4.3.0
 Release:        0
 Url:            https://github.com/yast/yast-sudo
 Group:          System/YaST
@@ -33,7 +33,8 @@
 
 BuildRequires:  yast2 yast2-users
 BuildRequires:  yast2-devtools >= 4.2.2
-BuildRequires:  rubygem(yast-rake)
+BuildRequires:  rubygem(%rb_default_ruby_abi:rspec)
+BuildRequires:  rubygem(%rb_default_ruby_abi:yast-rake)
 BuildRequires:  update-desktop-files
 
 BuildArch:      noarch
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/src/modules/Sudo.rb 
new/yast2-sudo-4.3.0/src/modules/Sudo.rb
--- old/yast2-sudo-4.2.3/src/modules/Sudo.rb    2020-02-19 10:51:08.000000000 
+0100
+++ new/yast2-sudo-4.3.0/src/modules/Sudo.rb    2020-10-09 14:26:03.000000000 
+0200
@@ -31,6 +31,17 @@
 require "yast"
 
 module Yast
+
+  class UnsupportedSudoConfig < RuntimeError
+    attr_reader :line
+
+    def initialize(msg, line)
+      super(msg)
+
+      @line = line
+    end
+  end
+
   class SudoClass < Module
     def main
       Yast.import "UI"
@@ -118,7 +129,7 @@
                 "mem"  => lst
               }
             )
-          when "Cmnd_Alias"
+          when "Cmnd_Alias", "Cmd_Alias"
             lst = Builtins.maplist(
               Builtins.splitstring(Ops.get_string(line, 3, ""), ",")
             ) do |s|
@@ -149,6 +160,11 @@
             if Builtins.regexpmatch(type, "^Defaults.*$")
               #do nothing, keep defaults untouched
               @defaults = Builtins.add(@defaults, line)
+            elsif type =~ /^sha\d+:/
+              raise UnsupportedSudoConfig.new(
+                _("Rules with digest are not supported."),
+                "#{type} #{Ops.get_string(line, 2, "")} #{Ops.get_string(line, 
3, "")}"
+              )
             else
               m = {}
               cmd = []
@@ -176,6 +192,14 @@
                   Ops.get_string(line, 3, ""),
                   "NOPASSWD:|SETENV:|NOEXEC:"
                 )
+                rest = Ops.get_string(line, 3, "")
+                # remove from rest runas as it can also contain ":"
+                if rest.gsub(/\([^\)]*\)/, "").count(":") > 1
+                  raise UnsupportedSudoConfig.new(
+                    _("Multiple tags on single line are not supported."),
+                    "#{type} #{m["host"]} = #{Ops.get_string(line, 3, "")}"
+                  )
+                end
                 Ops.set(
                   m,
                   "tag",
@@ -334,8 +358,7 @@
 
       Builtins.y2milestone("Sudo settings %1", set)
 
-      return SCR.Write(path(".sudo"), nil) if SCR.Write(path(".sudo"), set)
-      true
+      SCR.Write(path(".sudo"), set) && SCR.Write(path(".sudo"), nil)
     end
 
     def SetItem(i)
@@ -566,7 +589,16 @@
     def Read
       return false if !Confirm.MustBeRoot
 
-      Report.Error(Message.CannotReadCurrentSettings) if !ReadSudoSettings2()
+      begin
+        Report.Error(Message.CannotReadCurrentSettings) if !ReadSudoSettings2()
+      rescue UnsupportedSudoConfig => e
+        msg = _("Unsupported configuration found. YaST will now exit to 
prevent from breaking the system.")
+        msg += "\n" + _("Issue: ") + e.message
+        msg += "\n" + _("Line content: ") + e.line
+        Report.Error(msg)
+
+        return false
+      end
 
       # Error message
       if !ReadLocalUsers()
@@ -635,7 +667,12 @@
       Progress.NextStage
       # Error message
       if !WriteSudoSettings2()
-        Report.Error(_("Cannot write settings."))
+        msg = _("Cannot write settings.")
+        if ::File.exists?("/etc/sudoers.YaST2.new") # if file exists it is 
invalid syntax
+          res = SCR.Execute(path(".target.bash_output"), "/usr/sbin/visudo -cf 
/etc/sudoers.YaST2.new")
+          msg += _("\nSyntax error in target file. See 
/etc/sudoers.YaST2.new.\nDetails: ") + res["stdout"]
+        end
+        Report.Error(msg)
         ret = false
       end
       Builtins.sleep(sl)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/src/servers_non_y2/ag_etc_sudoers 
new/yast2-sudo-4.3.0/src/servers_non_y2/ag_etc_sudoers
--- old/yast2-sudo-4.2.3/src/servers_non_y2/ag_etc_sudoers      2020-02-19 
10:51:08.000000000 +0100
+++ new/yast2-sudo-4.3.0/src/servers_non_y2/ag_etc_sudoers      2020-10-09 
14:26:03.000000000 +0200
@@ -103,7 +103,8 @@
         print OUTFILE $previous_content;
     }
 
-    if ($members) {
+    # do not break include directives
+    if ($members && $type !~ /^\@include/ ) {
         print OUTFILE $type, "\t", $name, " = ", $members, "\n";
     } else {
         print OUTFILE $type, "\t", $name, "\n";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-sudo-4.2.3/test/data/associated_tag_example/sudoers 
new/yast2-sudo-4.3.0/test/data/associated_tag_example/sudoers
--- old/yast2-sudo-4.2.3/test/data/associated_tag_example/sudoers       
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/associated_tag_example/sudoers       
2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1 @@
+myuser ALL = (root) NOPASSWD: /usr/bin/vim, PASSWD: /sbin/halt, /sbin/reboot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/test/data/cmd_alias_config/sudoers 
new/yast2-sudo-4.3.0/test/data/cmd_alias_config/sudoers
--- old/yast2-sudo-4.2.3/test/data/cmd_alias_config/sudoers     1970-01-01 
01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/cmd_alias_config/sudoers     2020-10-09 
14:26:03.000000000 +0200
@@ -0,0 +1,23 @@
+# Sample /etc/sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the sudoers man page for the details on how to write a sudoers file.
+#
+
+##
+# Cmnd alias specification
+##
+Cmnd_Alias     DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+                       /usr/sbin/rrestore, /usr/bin/mt
+Cmnd_Alias     KILL = /usr/bin/kill
+Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
+Cmnd_Alias     HALT = /usr/sbin/halt
+Cmnd_Alias     REBOOT = /usr/sbin/reboot
+Cmnd_Alias     SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+                        /usr/local/bin/tcsh, /usr/bin/rsh, \
+                        /usr/local/bin/zsh
+Cmd_Alias      SU = /usr/bin/su
+Cmd_Alias      VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+                      /usr/bin/chfn
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/test/data/default_config/sudoers 
new/yast2-sudo-4.3.0/test/data/default_config/sudoers
--- old/yast2-sudo-4.2.3/test/data/default_config/sudoers       1970-01-01 
01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/default_config/sudoers       2020-10-09 
14:26:03.000000000 +0200
@@ -0,0 +1,87 @@
+## sudoers file.
+##
+## This file MUST be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+##
+
+##
+## Host alias specification
+##
+## Groups of machines. These may include host names (optionally with 
wildcards),
+## IP addresses, network numbers or netgroups.
+# Host_Alias   WEBSERVERS = www1, www2, www3
+
+##
+## User alias specification
+##
+## Groups of users.  These may consist of user names, uids, Unix groups,
+## or netgroups.
+# User_Alias   ADMINS = millert, dowdy, mikef
+
+##
+## Cmnd alias specification
+##
+## Groups of commands.  Often used to group related commands together.
+# Cmnd_Alias   PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
+#                          /usr/bin/pkill, /usr/bin/top
+# Cmnd_Alias   REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
+
+##
+## Defaults specification
+##
+## Prevent environment variables from influencing programs in an
+## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
+Defaults always_set_home
+## Path that will be used for every command run from sudo
+Defaults 
secure_path="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/usr/local/sbin"
+Defaults env_reset
+## Change env_reset to !env_reset in previous line to keep all environment 
variables
+## Following list will no longer be necessary after this change
+Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE 
LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
+## Comment out the preceding line and uncomment the following one if you need
+## to use special input methods. This may allow users to compromise the root
+## account if they are allowed to run commands without authentication.
+#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE 
LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
+
+## Do not insult users when they enter an incorrect password.
+Defaults !insults
+
+## Uncomment to use a hard-coded PATH instead of the user's to find commands
+# Defaults 
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+##
+## Uncomment to send mail if the user does not enter the correct password.
+# Defaults mail_badpass
+##
+## Uncomment to enable logging of a command's output, except for
+## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
+# Defaults log_output
+# Defaults!/usr/bin/sudoreplay !log_output
+# Defaults!REBOOT !log_output
+
+## In the default (unconfigured) configuration, sudo asks for the root 
password.
+## This allows use of an ordinary user account for administration of a freshly
+## installed system. When configuring sudo, delete the two
+## following lines:
+Defaults targetpw   # ask for the password of the target user i.e. root
+ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults 
targetpw'!
+
+##
+## Runas alias specification
+##
+
+##
+## User privilege specification
+##
+root ALL=(ALL) ALL
+
+## Uncomment to allow members of group wheel to execute any command
+# %wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+## Read drop-in files from /etc/sudoers.d
+@includedir sudoers.d
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/test/data/digest_example/sudoers 
new/yast2-sudo-4.3.0/test/data/digest_example/sudoers
--- old/yast2-sudo-4.2.3/test/data/digest_example/sudoers       1970-01-01 
01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/digest_example/sudoers       2020-10-09 
14:26:03.000000000 +0200
@@ -0,0 +1 @@
+sha256:865d0fc47d0aa1fe198e2d9b0cd5b27e35838dc8f73b6629adc646d3cc2d9c94 myuser 
ALL = (root) /sbin/reboot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-sudo-4.2.3/test/data/multitag_single_line/sudoers 
new/yast2-sudo-4.3.0/test/data/multitag_single_line/sudoers
--- old/yast2-sudo-4.2.3/test/data/multitag_single_line/sudoers 1970-01-01 
01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/multitag_single_line/sudoers 2020-10-09 
14:26:03.000000000 +0200
@@ -0,0 +1 @@
+myuser ALL = (root) NOPASSWD:NOEXEC: /usr/bin/vim, /sbin/halt, /sbin/reboot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-sudo-4.2.3/test/data/nested_include_config/sudoers 
new/yast2-sudo-4.3.0/test/data/nested_include_config/sudoers
--- old/yast2-sudo-4.2.3/test/data/nested_include_config/sudoers        
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/nested_include_config/sudoers        
2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1,75 @@
+## sudoers file.
+##
+## This file MUST be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+##
+
+##
+## Host alias specification
+##
+## Groups of machines. These may include host names (optionally with 
wildcards),
+## IP addresses, network numbers or netgroups.
+# Host_Alias   WEBSERVERS = www1, www2, www3
+
+##
+## User alias specification
+##
+## Groups of users.  These may consist of user names, uids, Unix groups,
+## or netgroups.
+# User_Alias   ADMINS = millert, dowdy, mikef
+
+##
+## Cmnd alias specification
+##
+## Groups of commands.  Often used to group related commands together.
+# Cmnd_Alias   PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
+#                          /usr/bin/pkill, /usr/bin/top
+# Cmnd_Alias   REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
+
+##
+## Defaults specification
+##
+## Prevent environment variables from influencing programs in an
+## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
+Defaults always_set_home
+## Path that will be used for every command run from sudo
+Defaults 
secure_path="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/usr/local/sbin"
+Defaults env_reset
+## Uncomment to use a hard-coded PATH instead of the user's to find commands
+# Defaults 
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+##
+## Uncomment to send mail if the user does not enter the correct password.
+# Defaults mail_badpass
+##
+## Uncomment to enable logging of a command's output, except for
+## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
+# Defaults log_output
+# Defaults!/usr/bin/sudoreplay !log_output
+# Defaults!REBOOT !log_output
+
+## In the default (unconfigured) configuration, sudo asks for the root 
password.
+## This allows use of an ordinary user account for administration of a freshly
+## installed system. When configuring sudo, delete the two
+## following lines:
+Defaults targetpw   # ask for the password of the target user i.e. root
+ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults 
targetpw'!
+
+##
+## Runas alias specification
+##
+
+##
+## User privilege specification
+##
+root ALL=(ALL) ALL
+
+## Uncomment to allow members of group wheel to execute any command
+# %wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+@include sudoers2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-sudo-4.2.3/test/data/nested_include_config/sudoers2 
new/yast2-sudo-4.3.0/test/data/nested_include_config/sudoers2
--- old/yast2-sudo-4.2.3/test/data/nested_include_config/sudoers2       
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/nested_include_config/sudoers2       
2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1,4 @@
+## Do not insult users when they enter an incorrect password.
+Defaults !insults
+
+@include sudoers3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-sudo-4.2.3/test/data/nested_include_config/sudoers3 
new/yast2-sudo-4.3.0/test/data/nested_include_config/sudoers3
--- old/yast2-sudo-4.2.3/test/data/nested_include_config/sudoers3       
1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/nested_include_config/sudoers3       
2020-10-09 14:26:03.000000000 +0200
@@ -0,0 +1,6 @@
+## Change env_reset to !env_reset in previous line to keep all environment 
variables
+## Following list will no longer be necessary after this change
+Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE 
LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
+
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/test/data/old_includedir/sudoers 
new/yast2-sudo-4.3.0/test/data/old_includedir/sudoers
--- old/yast2-sudo-4.2.3/test/data/old_includedir/sudoers       1970-01-01 
01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/old_includedir/sudoers       2020-10-09 
14:26:03.000000000 +0200
@@ -0,0 +1,87 @@
+## sudoers file.
+##
+## This file MUST be edited with the 'visudo' command as root.
+## Failure to use 'visudo' may result in syntax or file permission errors
+## that prevent sudo from running.
+##
+## See the sudoers man page for the details on how to write a sudoers file.
+##
+
+##
+## Host alias specification
+##
+## Groups of machines. These may include host names (optionally with 
wildcards),
+## IP addresses, network numbers or netgroups.
+# Host_Alias   WEBSERVERS = www1, www2, www3
+
+##
+## User alias specification
+##
+## Groups of users.  These may consist of user names, uids, Unix groups,
+## or netgroups.
+# User_Alias   ADMINS = millert, dowdy, mikef
+
+##
+## Cmnd alias specification
+##
+## Groups of commands.  Often used to group related commands together.
+# Cmnd_Alias   PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
+#                          /usr/bin/pkill, /usr/bin/top
+# Cmnd_Alias   REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
+
+##
+## Defaults specification
+##
+## Prevent environment variables from influencing programs in an
+## unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
+Defaults always_set_home
+## Path that will be used for every command run from sudo
+Defaults 
secure_path="/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin:/usr/local/sbin"
+Defaults env_reset
+## Change env_reset to !env_reset in previous line to keep all environment 
variables
+## Following list will no longer be necessary after this change
+Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE 
LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
+## Comment out the preceding line and uncomment the following one if you need
+## to use special input methods. This may allow users to compromise the root
+## account if they are allowed to run commands without authentication.
+#Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION 
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE 
LC_ATIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
+
+## Do not insult users when they enter an incorrect password.
+Defaults !insults
+
+## Uncomment to use a hard-coded PATH instead of the user's to find commands
+# Defaults 
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+##
+## Uncomment to send mail if the user does not enter the correct password.
+# Defaults mail_badpass
+##
+## Uncomment to enable logging of a command's output, except for
+## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
+# Defaults log_output
+# Defaults!/usr/bin/sudoreplay !log_output
+# Defaults!REBOOT !log_output
+
+## In the default (unconfigured) configuration, sudo asks for the root 
password.
+## This allows use of an ordinary user account for administration of a freshly
+## installed system. When configuring sudo, delete the two
+## following lines:
+Defaults targetpw   # ask for the password of the target user i.e. root
+ALL   ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults 
targetpw'!
+
+##
+## Runas alias specification
+##
+
+##
+## User privilege specification
+##
+root ALL=(ALL) ALL
+
+## Uncomment to allow members of group wheel to execute any command
+# %wheel ALL=(ALL) ALL
+
+## Same thing without a password
+# %wheel ALL=(ALL) NOPASSWD: ALL
+
+## Read drop-in files from /etc/sudoers.d
+#includedir sudoers.d
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/test/data/richful_example/sudoers 
new/yast2-sudo-4.3.0/test/data/richful_example/sudoers
--- old/yast2-sudo-4.2.3/test/data/richful_example/sudoers      1970-01-01 
01:00:00.000000000 +0100
+++ new/yast2-sudo-4.3.0/test/data/richful_example/sudoers      2020-10-09 
14:26:03.000000000 +0200
@@ -0,0 +1,129 @@
+# Sample /etc/sudoers file.
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# See the sudoers man page for the details on how to write a sudoers file.
+#
+
+##
+# User alias specification
+##
+User_Alias     FULLTIMERS = millert, mikef, dowdy
+User_Alias     PARTTIMERS = bostley, jwfox, crawl
+User_Alias     WEBMASTERS = will, wendy, wim
+
+##
+# Runas alias specification
+##
+Runas_Alias    OP = root, operator
+Runas_Alias    DB = oracle, sybase
+
+##
+# Host alias specification
+##
+Host_Alias     SPARC = bigtime, eclipse, moet, anchor:\
+               SGI = grolsch, dandelion, black:\
+               ALPHA = widget, thalamus, foobar:\
+               HPPA = boa, nag, python
+Host_Alias     CUNETS = 128.138.0.0/255.255.0.0
+Host_Alias     CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
+Host_Alias     SERVERS = master, mail, www, ns
+Host_Alias     CDROM = orion, perseus, hercules
+
+##
+# Cmnd alias specification
+##
+Cmnd_Alias     DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
+                       /usr/sbin/rrestore, /usr/bin/mt
+Cmnd_Alias     KILL = /usr/bin/kill
+Cmnd_Alias     PRINTING = /usr/sbin/lpc, /usr/bin/lprm
+Cmnd_Alias     SHUTDOWN = /usr/sbin/shutdown
+Cmnd_Alias     HALT = /usr/sbin/halt
+Cmnd_Alias     REBOOT = /usr/sbin/reboot
+Cmnd_Alias     SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
+                        /usr/local/bin/tcsh, /usr/bin/rsh, \
+                        /usr/local/bin/zsh
+Cmnd_Alias     SU = /usr/bin/su
+Cmnd_Alias     VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
+                      /usr/bin/chfn
+
+##
+# Override built-in defaults
+##
+Defaults               syslog=auth
+Defaults>root          !set_logname
+Defaults:FULLTIMERS    !lecture
+Defaults:millert       !authenticate
+Defaults@SERVERS       log_year, logfile=/var/log/sudo.log
+
+##
+# User specification
+##
+
+# root and users in group wheel can run anything on any machine as any user
+root           ALL = (ALL) ALL
+%wheel         ALL = (ALL) ALL
+
+# full time sysadmins can run anything on any machine without a password
+FULLTIMERS     ALL = NOPASSWD: ALL
+
+# part time sysadmins may run anything but need a password
+PARTTIMERS     ALL = ALL
+
+# jack may run anything on machines in CSNETS
+jack           CSNETS = ALL
+
+# lisa may run any command on any host in CUNETS (a class B network)
+lisa           CUNETS = ALL
+
+# operator may run maintenance commands and anything in /usr/oper/bin/
+operator       ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+               sudoedit /etc/printcap, /usr/oper/bin/
+
+# joe may su only to operator
+joe            ALL = /usr/bin/su operator
+
+# pete may change passwords for anyone but root on the hp snakes
+pete           HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
+
+# bob may run anything on the sparc and sgi machines as any user
+# listed in the Runas_Alias "OP" (ie: root and operator)
+bob            SPARC = (OP) ALL : SGI = (OP) ALL
+
+# jim may run anything on machines in the biglab netgroup
+jim            +biglab = ALL
+
+# users in the secretaries netgroup need to help manage the printers
+# as well as add and remove users
++secretaries   ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
+
+# fred can run commands as oracle or sybase without a password
+fred           ALL = (DB) NOPASSWD: ALL
+
+# on the alphas, john may su to anyone but root and flags are not allowed
+john           ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
+
+# jen can run anything on all machines except the ones
+# in the "SERVERS" Host_Alias
+jen            ALL, !SERVERS = ALL
+
+# jill can run any commands in the directory /usr/bin/, except for
+# those in the SU and SHELLS aliases.
+jill           SERVERS = /usr/bin/, !SU, !SHELLS
+
+# steve can run any command in the directory /usr/local/op_commands/
+# as user operator.
+steve          CSNETS = (operator) /usr/local/op_commands/
+
+# matt needs to be able to kill things on his workstation when
+# they get hung.
+matt           valkyrie = KILL
+
+# users in the WEBMASTERS User_Alias (will, wendy, and wim)
+# may run any command as user www (which owns the web pages)
+# or simply su to www.
+WEBMASTERS     www = (www) ALL, (root) /usr/bin/su www
+
+# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
+ALL            CDROM = NOPASSWD: /sbin/umount /CDROM,\
+               /sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/test/sudo_test.rb 
new/yast2-sudo-4.3.0/test/sudo_test.rb
--- old/yast2-sudo-4.2.3/test/sudo_test.rb      1970-01-01 01:00:00.000000000 
+0100
+++ new/yast2-sudo-4.3.0/test/sudo_test.rb      2020-10-09 14:26:03.000000000 
+0200
@@ -0,0 +1,199 @@
+require_relative "test_helper"
+
+Yast.import "Sudo"
+
+describe Yast::Sudo do
+  subject { described_class }
+
+  describe "#ReadSudoSettings2" do
+    before do
+      # reset internal variables as e.g. read just adds new entries
+      # and does not reset old
+      subject.main
+    end
+
+    # @param lines [Array<Hash>] list of hash with keys :comment for
+    #  comments before line, :type for first word on line, :name for the
+    #  second and :rest for rest of line without initial "="
+    def mock_sudo(lines)
+      scr_result = lines.map do |l|
+        [l[:comment] || "", l[:type], l[:name], l[:rest]]
+      end
+      allow(Yast::SCR).to receive(:Read).with(path(".sudo"))
+        .and_return(scr_result)
+    end
+
+    it "parses and set host aliases" do
+      lines = [
+        { type: "Host_Alias", name: "ALIAS1", rest: "test.suse.cz" },
+        { comment: "test\n", type: "Host_Alias", name: "ALIAS2",
+          rest: "test.suse.de, test2.suse.de,\ttest3.suse.de" }
+      ]
+      mock_sudo(lines)
+
+      expected_aliases = [
+        { "c" => "", "name" => "ALIAS1", "mem" => ["test.suse.cz"] },
+        { "c" => "test\n", "name" => "ALIAS2",
+          "mem" => ["test.suse.de", "test2.suse.de", "test3.suse.de"] }
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetHostAliases2).to eq expected_aliases
+    end
+
+    it "parses and set user aliases" do
+      lines = [
+        { type: "User_Alias", name: "ALIAS1", rest: "user1" },
+        { comment: "test\n", type: "User_Alias", name: "ALIAS2",
+          rest: "user2, user3,\tuser4" }
+      ]
+      mock_sudo(lines)
+
+      expected_aliases = [
+        { "c" => "", "name" => "ALIAS1", "mem" => ["user1"] },
+        { "c" => "test\n", "name" => "ALIAS2",
+          "mem" => ["user2", "user3", "user4"] }
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetUserAliases2).to eq expected_aliases
+    end
+
+    it "parses and set command aliases" do
+      lines = [
+        { type: "Cmnd_Alias", name: "ALIAS1", rest: "/bin/cmd" },
+        { comment: "test\n", type: "Cmnd_Alias", name: "ALIAS2",
+          rest: "/bin/cmd1, /bin/cmd2,\t/bin/cmd3" }
+      ]
+      mock_sudo(lines)
+
+      expected_aliases = [
+        { "c" => "", "name" => "ALIAS1", "mem" => ["/bin/cmd"] },
+        { "c" => "test\n", "name" => "ALIAS2",
+          "mem" => ["/bin/cmd1", "/bin/cmd2", "/bin/cmd3"] }
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetCmndAliases2).to eq expected_aliases
+    end
+
+    it "parses and set command aliases with digest" do
+      lines = [
+        { comment: "test\n", type: "Cmnd_Alias", name: "ALIAS2",
+          rest: "/bin/cmd1, sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== 
/home/cmds/cmd2" }
+      ]
+      mock_sudo(lines)
+
+      expected_aliases = [
+        { "c" => "test\n", "name" => "ALIAS2",
+          "mem" => ["/bin/cmd1", 
"sha224:0GomF8mNN3wlDt1HD9XldjJ3SNgpFdbjO1+NsQ== /home/cmds/cmd2"] }
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetCmndAliases2).to eq expected_aliases
+    end
+
+    it "parses and set command aliases with Cmd_Alias alternative name" do
+      lines = [
+        { comment: "test\n", type: "Cmd_Alias", name: "ALIAS2", rest: 
"/bin/cmd1" }
+      ]
+      mock_sudo(lines)
+
+      expected_aliases = [
+        { "c" => "test\n", "name" => "ALIAS2", "mem" => ["/bin/cmd1"] }
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetCmndAliases2).to eq expected_aliases
+    end
+
+    it "parses and set runas aliases" do
+      lines = [
+        { type: "Runas_Alias", name: "ALIAS1", rest: "user" },
+        { comment: "test\n", type: "Runas_Alias", name: "ALIAS2",
+          rest: "user1, user2,\tuser3" }
+      ]
+      mock_sudo(lines)
+
+      expected_aliases = [
+        { "c" => "", "name" => "ALIAS1", "mem" => ["user"] },
+        { "c" => "test\n", "name" => "ALIAS2",
+          "mem" => ["user1", "user2", "user3"] }
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetRunAsAliases2).to eq expected_aliases
+    end
+
+    it "parses and set rules" do
+      lines = [
+        { type: "user1", name: "ALL", rest: "NOPASSWD: /usr/bin/su operator" },
+        { comment: "test\n", type: "user1", name: "ALL",
+          rest: "/bin/adduser, /bin/rmuser" }
+      ]
+      mock_sudo(lines)
+
+      expected_rules = [
+        { "user" => "user1", "host" => "ALL", "comment" => "",
+          "tag" => "NOPASSWD:", "commands" => ["/usr/bin/su operator"] },
+        { "user" => "user1", "host" => "ALL", "comment" => "test\n",
+          "commands" => ["/bin/adduser", "/bin/rmuser"] }
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetRules).to eq expected_rules
+    end
+
+    it "raises UnsupportedSudoConfig for rules with multiple tags" do
+      lines = [
+        { type: "user1", name: "ALL", rest: "NOPASSWD:NOEXEC: /usr/bin/su 
operator" },
+      ]
+      mock_sudo(lines)
+
+      expect{subject.ReadSudoSettings2}.to 
raise_error(Yast::UnsupportedSudoConfig)
+    end
+
+    it "raises UnsupportedSudoConfig for rules with associated tags" do
+      lines = [
+        { type: "user1", name: "ALL", rest: "NOPASSWD: /usr/bin/su operator, 
PASSWD: /bin/test" },
+      ]
+      mock_sudo(lines)
+
+      expect{subject.ReadSudoSettings2}.to 
raise_error(Yast::UnsupportedSudoConfig)
+    end
+
+    it "parses and set rules with run as specified" do
+      lines = [
+        # (root, bin : operator, system) means can run as root or bin user or 
as operator or system group
+        { type: "user1", name: "ALL", rest: "NOPASSWD: (root, bin : operator, 
system) /bin/test" },
+      ]
+      mock_sudo(lines)
+
+      expected_rules = [
+        { "user" => "user1", "host" => "ALL", "comment" => "", "run_as" => 
"(root, bin : operator, system)",
+          "tag" => "NOPASSWD:", "commands" => ["/bin/test"] },
+      ]
+
+      subject.ReadSudoSettings2
+
+      expect(subject.GetRules).to eq expected_rules
+    end
+
+    it "raises UnsupportedSudoConfig for rules with digest" do
+      lines = [
+        { type: 
"sha256:865d0fc47d0aa1fe198e2d9b0cd5b27e35838dc8f73b6629adc646d3cc2d9c94",
+          name: "user1" },
+      ]
+      mock_sudo(lines)
+
+      expect{subject.ReadSudoSettings2}.to 
raise_error(Yast::UnsupportedSudoConfig)
+    end
+  end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-sudo-4.2.3/test/test_helper.rb 
new/yast2-sudo-4.3.0/test/test_helper.rb
--- old/yast2-sudo-4.2.3/test/test_helper.rb    1970-01-01 01:00:00.000000000 
+0100
+++ new/yast2-sudo-4.3.0/test/test_helper.rb    2020-10-09 14:26:03.000000000 
+0200
@@ -0,0 +1,39 @@
+ENV["Y2DIR"] = File.expand_path("../src", __dir__)
+
+# localization agnostic tests
+ENV["LC_ALL"] = "en_US.utf-8"
+ENV["LANG"] = "en_US.utf-8"
+
+require "yast"
+require "yast/rspec"
+
+RSpec.configure do |config|
+  config.mock_with :rspec do |mocks|
+    # If you misremember a method name both in code and in tests,
+    # will save you.
+    # 
https://relishapp.com/rspec/rspec-mocks/v/3-0/docs/verifying-doubles/partial-doubles
+    #
+    # With graceful degradation for RSpec 2
+    mocks.verify_partial_doubles = true if 
mocks.respond_to?(:verify_partial_doubles=)
+  end
+end
+
+if ENV["COVERAGE"]
+  require "simplecov"
+  SimpleCov.start do
+    add_filter "/test/"
+  end
+
+  src_location = File.expand_path("../src", __dir__)
+  # track all ruby files under src
+  SimpleCov.track_files("#{src_location}/**/*.rb")
+
+  # use coveralls for on-line code coverage reporting at Travis CI
+  if ENV["TRAVIS"]
+    require "coveralls"
+    SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+      SimpleCov::Formatter::HTMLFormatter,
+      Coveralls::SimpleCov::Formatter
+    ]
+  end
+end


Reply via email to