Hello community,

here is the log from the commit of package yast2 for openSUSE:Factory checked 
in at 2015-05-26 13:28:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2 (Old)
 and      /work/SRC/openSUSE:Factory/.yast2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "yast2"

Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2/yast2.changes      2015-05-23 
12:56:36.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2.new/yast2.changes 2015-05-26 
13:28:22.000000000 +0200
@@ -1,0 +2,7 @@
+Mon May 25 14:04:51 CEST 2015 - loci...@suse.com
+
+- Fixed proposal to open fallback ports for services (bsc#916376)
+- Removed opening iSCSI ports from firewall proposal (bsc#916376)
+- 3.1.125
+
+-------------------------------------------------------------------

Old:
----
  yast2-3.1.124.tar.bz2

New:
----
  yast2-3.1.125.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ yast2.spec ++++++
--- /var/tmp/diff_new_pack.0vI1Vh/_old  2015-05-26 13:28:23.000000000 +0200
+++ /var/tmp/diff_new_pack.0vI1Vh/_new  2015-05-26 13:28:23.000000000 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           yast2
-Version:        3.1.124
+Version:        3.1.125
 Release:        0
 Url:            https://github.com/yast/yast-yast2
 

++++++ yast2-3.1.124.tar.bz2 -> yast2-3.1.125.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-3.1.124/library/network/src/modules/SuSEFirewallProposal.rb 
new/yast2-3.1.125/library/network/src/modules/SuSEFirewallProposal.rb
--- old/yast2-3.1.124/library/network/src/modules/SuSEFirewallProposal.rb       
2015-05-22 15:51:11.000000000 +0200
+++ new/yast2-3.1.125/library/network/src/modules/SuSEFirewallProposal.rb       
2015-05-25 15:36:08.000000000 +0200
@@ -64,10 +64,6 @@
       @vnc_service = "service:xorg-x11-server"
 
       @ssh_service = "service:sshd"
-
-      @iscsi_target_service = "service:iscsitarget"
-
-      @iscsi_target_fallback_ports = ["iscsi-target"]
     end
 
     # <!-- SuSEFirewall LOCAL VARIABLES //-->
@@ -234,16 +230,13 @@
     # @param list <string> fallback TCP ports
     # @param [Array<String>] zones
     def EnableFallbackPorts(fallback_ports, zones)
-      fallback_ports = deep_copy(fallback_ports)
-      zones = deep_copy(zones)
-      Builtins.y2warning(
-        "Enabling fallback ports: %1 in zones: %2",
-        fallback_ports,
-        zones
-      )
-
-      Builtins.foreach(zones) do |one_zone|
-        Builtins.foreach(fallback_ports) do |one_port|
+      known_zones = SuSEFirewall.GetKnownFirewallZones()
+      unknown_zones = zones - known_zones
+      raise "Unknown firewall zones #{unknown_zones}" unless 
unknown_zones.empty?
+
+      log.info "Enabling fallback ports: #{fallback_ports} in zones: #{zones}"
+      zones.each do |one_zone|
+        fallback_ports.each do |one_port|
           SuSEFirewall.AddService(one_port, "TCP", one_zone)
         end
       end
@@ -253,6 +246,7 @@
 
     # Function opens service for network interfaces given as the third 
parameter.
     # Fallback ports are used if the given service is uknown.
+    # If interfaces are not assigned to any firewall zone, all zones will be 
used.
     #
     # @see OpenServiceOnNonDialUpInterfaces for more info.
     #
@@ -264,19 +258,15 @@
       interfaces = deep_copy(interfaces)
       zones = SuSEFirewall.GetZonesOfInterfaces(interfaces)
 
+      # Interfaces might not be assigned to any zone yet, use all zones
+      zones = SuSEFirewall.GetKnownFirewallZones() if zones.empty?
+
       if SuSEFirewallServices.IsKnownService(service)
-        Builtins.y2milestone(
-          "Opening service %1 on interfaces %2 (zones %3)",
-          service,
-          interfaces,
-          zones
-        )
+        log.info "Opening service #{service} on interfaces #{interfaces} 
(zones #{zones})"
         SuSEFirewall.SetServicesForZones([service], zones, true)
-      end
-
-      if SuSEFirewallServices.IsKnownService(service) != true ||
-          ServiceEnabled(service, interfaces) != true
-        EnableFallbackPorts(fallback_ports, interfaces)
+      else
+        log.warn "Unknown service #{service}, enabling fallback ports"
+        EnableFallbackPorts(fallback_ports, zones)
       end
 
       nil
@@ -456,8 +446,6 @@
         SuSEFirewall.AddXenSupport
       end
 
-      # BNC #766300 - Automatically propose opening iscsi-target port
-      # when installing with withiscsi=1
       propose_iscsi if Linuxrc.useiscsi
 
       SetKnownInterfaces(SuSEFirewall.GetListOfKnownInterfaces)
@@ -773,9 +761,7 @@
 
     # Proposes firewall settings for iSCSI
     def propose_iscsi
-      log.info "iSCSI has been used during installation, opening 
#{@iscsi_target_service} service"
-
-      OpenServiceOnNonDialUpInterfaces(@iscsi_target_service, 
@iscsi_target_fallback_ports)
+      log.info "iSCSI has been used during installation, proposing FW 
full_init_on_boot"
 
       # bsc#916376: ports need to be open already during boot
       SuSEFirewall.full_init_on_boot(true)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/yast2-3.1.124/library/network/test/susefirewall_proposal_test.rb 
new/yast2-3.1.125/library/network/test/susefirewall_proposal_test.rb
--- old/yast2-3.1.124/library/network/test/susefirewall_proposal_test.rb        
2015-05-22 15:51:11.000000000 +0200
+++ new/yast2-3.1.125/library/network/test/susefirewall_proposal_test.rb        
2015-05-25 15:36:08.000000000 +0200
@@ -8,39 +8,102 @@
 Yast.import "Linuxrc"
 
 describe Yast::SuSEFirewallProposal do
+  subject { Yast::SuSEFirewallProposal }
+
   describe "#ProposeFunctions" do
     context "when iscsi is used" do
       it "calls the iscsi proposal" do
         allow(Yast::Linuxrc).to receive(:useiscsi).and_return(true)
-        expect(Yast::SuSEFirewallProposal).to 
receive(:propose_iscsi).and_return(nil)
+        expect(subject).to receive(:propose_iscsi).and_return(nil)
 
-        Yast::SuSEFirewallProposal.ProposeFunctions
+        subject.ProposeFunctions
       end
     end
 
     context "when iscsi is not used" do
       it "does not call the iscsi proposal" do
         allow(Yast::Linuxrc).to receive(:useiscsi).and_return(false)
-        expect(Yast::SuSEFirewallProposal).not_to receive(:propose_iscsi)
+        expect(subject).not_to receive(:propose_iscsi)
 
-        Yast::SuSEFirewallProposal.ProposeFunctions
+        subject.ProposeFunctions
       end
     end
   end
 
   describe "#propose_iscsi" do
+    it "proposes full firewall initialization on boot" do
+      expect(Yast::SuSEFirewall).to 
receive(:full_init_on_boot).and_return(true)
+
+      subject.propose_iscsi
+    end
+  end
+
+  describe "#EnableFallbackPorts" do
+    let(:fallback_ports) { ["port1", "port2"] }
+
     before(:each) do
-      allow(Yast::SuSEFirewall).to 
receive(:GetAllNonDialUpInterfaces).and_return(["eth44", "eth55"])
-      allow(Yast::SuSEFirewall).to 
receive(:GetZonesOfInterfaces).and_return(["EXT"])
+      allow(Yast::SuSEFirewall).to 
receive(:GetKnownFirewallZones).and_return(["EXT", "INT", "DMZ"])
+    end
+
+    context "when opening ports in known firewall zones" do
+      it "opens given ports in firewall in given zones" do
+        expect(Yast::SuSEFirewall).to receive(:AddService).with(/port.*/, 
"TCP", /(EXT|DMZ)/).exactly(4).times
+
+        subject.EnableFallbackPorts(fallback_ports, ["EXT", "DMZ"])
+      end
+    end
+
+    context "when opening ports in unknown firewall zones" do
+      it "throws an exception" do
+        method_call = proc { subject.EnableFallbackPorts(fallback_ports, 
["UNKNOWN_ZONE1", "UZ2"]) }
+        expect { method_call.call }.to raise_error(/UNKNOWN_ZONE1.*UZ2/)
+      end
+    end
+  end
+
+  describe "#OpenServiceInInterfaces" do
+    let(:network_interfaces) { ["eth-x", "eth-y"] }
+    let(:interfaces_zones) { ["ZONE1", "ZONE2"] }
+    let(:all_zones) { ["ZONE1", "ZONE2", "ZONE3"] }
+    let(:firewall_service) { "service:fw_service_x" }
+    let(:fallback_ports) { ["p1", "p2", "p3"] }
+
+    before(:each) do
+      # Default behavior: Interfaces are assigned to zones, there are more 
known zones,
+      # given firewall service exists
+      allow(Yast::SuSEFirewall).to 
receive(:GetZonesOfInterfaces).and_return(interfaces_zones)
+      allow(Yast::SuSEFirewall).to 
receive(:GetKnownFirewallZones).and_return(all_zones)
       allow(Yast::SuSEFirewallServices).to 
receive(:IsKnownService).and_return(true)
-      allow(Yast::SuSEFirewallProposal).to 
receive(:ServiceEnabled).and_return(true)
     end
 
-    it "proposes opening iscsi-target firewall service and full firewall 
initialization on boot" do
-      expect(Yast::SuSEFirewall).to 
receive(:full_init_on_boot).and_return(true)
-      expect(Yast::SuSEFirewall).to 
receive(:SetServicesForZones).with(["service:iscsitarget"], ["EXT"], 
true).and_return(true)
+    context "when network interfaces are assigned to some zone(s)" do
+      it "open service in firewall in zones that include given interfaces" do
+        expect(Yast::SuSEFirewall).to 
receive(:SetServicesForZones).with([firewall_service], interfaces_zones, true)
+        subject.OpenServiceInInterfaces(firewall_service, fallback_ports, 
network_interfaces)
+      end
+    end
 
-      Yast::SuSEFirewallProposal.propose_iscsi
+    context "when network interfaces are not assigned to any zone" do
+      it "opens service in firewall in all zones" do
+        allow(Yast::SuSEFirewall).to 
receive(:GetZonesOfInterfaces).and_return([])
+        expect(Yast::SuSEFirewall).to 
receive(:SetServicesForZones).with([firewall_service], all_zones, true)
+        subject.OpenServiceInInterfaces(firewall_service, fallback_ports, 
network_interfaces)
+      end
+    end
+
+    context "when given firewall service is known" do
+      it "opens service in firewall in zones that include given interfaces" do
+        expect(Yast::SuSEFirewall).to 
receive(:SetServicesForZones).with([firewall_service], interfaces_zones, true)
+        subject.OpenServiceInInterfaces(firewall_service, fallback_ports, 
network_interfaces)
+      end
+    end
+
+    context "when given service is unknown" do
+      it "opens given fallback ports in zones that include given interfaces" do
+        allow(Yast::SuSEFirewallServices).to 
receive(:IsKnownService).and_return(false)
+        expect(subject).to receive(:EnableFallbackPorts).with(fallback_ports, 
interfaces_zones)
+        subject.OpenServiceInInterfaces(firewall_service, fallback_ports, 
network_interfaces)
+      end
     end
   end
 end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-3.1.124/package/yast2.changes 
new/yast2-3.1.125/package/yast2.changes
--- old/yast2-3.1.124/package/yast2.changes     2015-05-22 15:51:11.000000000 
+0200
+++ new/yast2-3.1.125/package/yast2.changes     2015-05-25 15:36:08.000000000 
+0200
@@ -1,4 +1,11 @@
 -------------------------------------------------------------------
+Mon May 25 14:04:51 CEST 2015 - loci...@suse.com
+
+- Fixed proposal to open fallback ports for services (bsc#916376)
+- Removed opening iSCSI ports from firewall proposal (bsc#916376)
+- 3.1.125
+
+-------------------------------------------------------------------
 Fri May 22 12:32:27 UTC 2015 - jreidin...@suse.com
 
 - InstExtensionImage: add block variant for loading extension
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/yast2-3.1.124/package/yast2.spec 
new/yast2-3.1.125/package/yast2.spec
--- old/yast2-3.1.124/package/yast2.spec        2015-05-22 15:51:11.000000000 
+0200
+++ new/yast2-3.1.125/package/yast2.spec        2015-05-25 15:36:08.000000000 
+0200
@@ -17,7 +17,7 @@
 
 
 Name:           yast2
-Version:        3.1.124
+Version:        3.1.125
 Release:        0
 URL:            https://github.com/yast/yast-yast2
 


Reply via email to