Hello community, here is the log from the commit of package yast2-firewall for openSUSE:Factory checked in at 2020-10-26 16:13:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-firewall (Old) and /work/SRC/openSUSE:Factory/.yast2-firewall.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-firewall" Mon Oct 26 16:13:04 2020 rev:87 rq:843567 version:4.3.8 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-firewall/yast2-firewall.changes 2020-10-22 14:22:44.570775053 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-firewall.new.3463/yast2-firewall.changes 2020-10-26 16:13:36.866788084 +0100 @@ -1,0 +2,8 @@ +Thu Oct 22 20:44:20 UTC 2020 - Josef Reidinger <jreidin...@suse.com> + +- Do not warn user about ssh key only authentication when + ssh port is closed, but firewall is disabled. + (bsc#1177953) +- 4.3.8 + +------------------------------------------------------------------- Old: ---- yast2-firewall-4.3.7.tar.bz2 New: ---- yast2-firewall-4.3.8.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-firewall.spec ++++++ --- /var/tmp/diff_new_pack.cnZDj2/_old 2020-10-26 16:13:38.942789994 +0100 +++ /var/tmp/diff_new_pack.cnZDj2/_new 2020-10-26 16:13:38.950790002 +0100 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.3.7 +Version: 4.3.8 Release: 0 Summary: YaST2 - Firewall Configuration License: GPL-2.0-only ++++++ yast2-firewall-4.3.7.tar.bz2 -> yast2-firewall-4.3.8.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.3.7/package/yast2-firewall.changes new/yast2-firewall-4.3.8/package/yast2-firewall.changes --- old/yast2-firewall-4.3.7/package/yast2-firewall.changes 2020-10-19 10:30:42.000000000 +0200 +++ new/yast2-firewall-4.3.8/package/yast2-firewall.changes 2020-10-23 11:03:18.000000000 +0200 @@ -1,4 +1,12 @@ ------------------------------------------------------------------- +Thu Oct 22 20:44:20 UTC 2020 - Josef Reidinger <jreidin...@suse.com> + +- Do not warn user about ssh key only authentication when + ssh port is closed, but firewall is disabled. + (bsc#1177953) +- 4.3.8 + +------------------------------------------------------------------- Fri Oct 16 15:15:49 UTC 2020 - Josef Reidinger <jreidin...@suse.com> - Do not enable firewall during first stage of AutoYaST diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.3.7/package/yast2-firewall.spec new/yast2-firewall-4.3.8/package/yast2-firewall.spec --- old/yast2-firewall-4.3.7/package/yast2-firewall.spec 2020-10-19 10:30:42.000000000 +0200 +++ new/yast2-firewall-4.3.8/package/yast2-firewall.spec 2020-10-23 11:03:18.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-firewall -Version: 4.3.7 +Version: 4.3.8 Release: 0 Summary: YaST2 - Firewall Configuration Group: System/YaST diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.3.7/src/lib/y2firewall/proposal_settings.rb new/yast2-firewall-4.3.8/src/lib/y2firewall/proposal_settings.rb --- old/yast2-firewall-4.3.7/src/lib/y2firewall/proposal_settings.rb 2020-10-19 10:30:42.000000000 +0200 +++ new/yast2-firewall-4.3.8/src/lib/y2firewall/proposal_settings.rb 2020-10-23 11:03:18.000000000 +0200 @@ -126,9 +126,14 @@ # @return [Boolean] true if the root user uses only public key # authentication and the system is not accesible through ssh def access_problem? + # public key is not the only way return false unless only_public_key_auth - !(@open_ssh && @enable_sshd) + # without running sshd it is useless + return true unless @enable_sshd + + # firewall is up and port for ssh is not open + @enable_firewall && !@open_ssh end private diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-firewall-4.3.7/test/lib/y2firewall/proposal_settings_test.rb new/yast2-firewall-4.3.8/test/lib/y2firewall/proposal_settings_test.rb --- old/yast2-firewall-4.3.7/test/lib/y2firewall/proposal_settings_test.rb 2020-10-19 10:30:42.000000000 +0200 +++ new/yast2-firewall-4.3.8/test/lib/y2firewall/proposal_settings_test.rb 2020-10-23 11:03:18.000000000 +0200 @@ -209,28 +209,40 @@ describe "#access_problem?" do let(:ssh_enabled) { true } + let(:firewall_enabled) { true } let(:ssh_open) { true } let(:only_ssh_key_auth) { true } before do subject.enable_sshd = ssh_enabled + subject.enable_firewall = firewall_enabled subject.open_ssh = ssh_open allow(subject).to receive(:only_public_key_auth).and_return(only_ssh_key_auth) end context "when the root user uses only SSH key based authentication" do context "when sshd is enabled" do - context "and the SSH port is open" do - it "returns false" do - expect(subject.access_problem?).to eql(false) + context "and firewall is enabled" do + context "and the SSH port is open" do + it "returns false" do + expect(subject.access_problem?).to eql(false) + end + end + + context "and the SSH port is close" do + let(:ssh_open) { false } + + it "returns true" do + expect(subject.access_problem?).to eql(true) + end end end - context "and the SSH port is close" do - let(:ssh_open) { false } + context "and firewall is disabled" do + let(:firewall_enabled) { false } - it "returns true" do - expect(subject.access_problem?).to eql(true) + it "returns false" do + expect(subject.access_problem?).to eql(false) end end end