commit yast2 for openSUSE:Factory
Hello community, here is the log from the commit of package yast2 for openSUSE:Factory checked in at 2015-05-26 13:28:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2 (Old) and /work/SRC/openSUSE:Factory/.yast2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2/yast2.changes 2015-05-23 12:56:36.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2.new/yast2.changes 2015-05-26 13:28:22.000000000 +0200 @@ -1,0 +2,7 @@ +Mon May 25 14:04:51 CEST 2015 - locilka@suse.com + +- Fixed proposal to open fallback ports for services (bsc#916376) +- Removed opening iSCSI ports from firewall proposal (bsc#916376) +- 3.1.125 + +------------------------------------------------------------------- Old: ---- yast2-3.1.124.tar.bz2 New: ---- yast2-3.1.125.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2.spec ++++++ --- /var/tmp/diff_new_pack.0vI1Vh/_old 2015-05-26 13:28:23.000000000 +0200 +++ /var/tmp/diff_new_pack.0vI1Vh/_new 2015-05-26 13:28:23.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2 -Version: 3.1.124 +Version: 3.1.125 Release: 0 Url: https://github.com/yast/yast-yast2 ++++++ yast2-3.1.124.tar.bz2 -> yast2-3.1.125.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.124/library/network/src/modules/SuSEFirewallProposal.rb new/yast2-3.1.125/library/network/src/modules/SuSEFirewallProposal.rb --- old/yast2-3.1.124/library/network/src/modules/SuSEFirewallProposal.rb 2015-05-22 15:51:11.000000000 +0200 +++ new/yast2-3.1.125/library/network/src/modules/SuSEFirewallProposal.rb 2015-05-25 15:36:08.000000000 +0200 @@ -64,10 +64,6 @@ @vnc_service = "service:xorg-x11-server" @ssh_service = "service:sshd" - - @iscsi_target_service = "service:iscsitarget" - - @iscsi_target_fallback_ports = ["iscsi-target"] end # <!-- SuSEFirewall LOCAL VARIABLES //--> @@ -234,16 +230,13 @@ # @param list <string> fallback TCP ports # @param [Array<String>] zones def EnableFallbackPorts(fallback_ports, zones) - fallback_ports = deep_copy(fallback_ports) - zones = deep_copy(zones) - Builtins.y2warning( - "Enabling fallback ports: %1 in zones: %2", - fallback_ports, - zones - ) - - Builtins.foreach(zones) do |one_zone| - Builtins.foreach(fallback_ports) do |one_port| + known_zones = SuSEFirewall.GetKnownFirewallZones() + unknown_zones = zones - known_zones + raise "Unknown firewall zones #{unknown_zones}" unless unknown_zones.empty? + + log.info "Enabling fallback ports: #{fallback_ports} in zones: #{zones}" + zones.each do |one_zone| + fallback_ports.each do |one_port| SuSEFirewall.AddService(one_port, "TCP", one_zone) end end @@ -253,6 +246,7 @@ # Function opens service for network interfaces given as the third parameter. # Fallback ports are used if the given service is uknown. + # If interfaces are not assigned to any firewall zone, all zones will be used. # # @see OpenServiceOnNonDialUpInterfaces for more info. # @@ -264,19 +258,15 @@ interfaces = deep_copy(interfaces) zones = SuSEFirewall.GetZonesOfInterfaces(interfaces) + # Interfaces might not be assigned to any zone yet, use all zones + zones = SuSEFirewall.GetKnownFirewallZones() if zones.empty? + if SuSEFirewallServices.IsKnownService(service) - Builtins.y2milestone( - "Opening service %1 on interfaces %2 (zones %3)", - service, - interfaces, - zones - ) + log.info "Opening service #{service} on interfaces #{interfaces} (zones #{zones})" SuSEFirewall.SetServicesForZones([service], zones, true) - end - - if SuSEFirewallServices.IsKnownService(service) != true || - ServiceEnabled(service, interfaces) != true - EnableFallbackPorts(fallback_ports, interfaces) + else + log.warn "Unknown service #{service}, enabling fallback ports" + EnableFallbackPorts(fallback_ports, zones) end nil @@ -456,8 +446,6 @@ SuSEFirewall.AddXenSupport end - # BNC #766300 - Automatically propose opening iscsi-target port - # when installing with withiscsi=1 propose_iscsi if Linuxrc.useiscsi SetKnownInterfaces(SuSEFirewall.GetListOfKnownInterfaces) @@ -773,9 +761,7 @@ # Proposes firewall settings for iSCSI def propose_iscsi - log.info "iSCSI has been used during installation, opening #{@iscsi_target_service} service" - - OpenServiceOnNonDialUpInterfaces(@iscsi_target_service, @iscsi_target_fallback_ports) + log.info "iSCSI has been used during installation, proposing FW full_init_on_boot" # bsc#916376: ports need to be open already during boot SuSEFirewall.full_init_on_boot(true) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.124/library/network/test/susefirewall_proposal_test.rb new/yast2-3.1.125/library/network/test/susefirewall_proposal_test.rb --- old/yast2-3.1.124/library/network/test/susefirewall_proposal_test.rb 2015-05-22 15:51:11.000000000 +0200 +++ new/yast2-3.1.125/library/network/test/susefirewall_proposal_test.rb 2015-05-25 15:36:08.000000000 +0200 @@ -8,39 +8,102 @@ Yast.import "Linuxrc" describe Yast::SuSEFirewallProposal do + subject { Yast::SuSEFirewallProposal } + describe "#ProposeFunctions" do context "when iscsi is used" do it "calls the iscsi proposal" do allow(Yast::Linuxrc).to receive(:useiscsi).and_return(true) - expect(Yast::SuSEFirewallProposal).to receive(:propose_iscsi).and_return(nil) + expect(subject).to receive(:propose_iscsi).and_return(nil) - Yast::SuSEFirewallProposal.ProposeFunctions + subject.ProposeFunctions end end context "when iscsi is not used" do it "does not call the iscsi proposal" do allow(Yast::Linuxrc).to receive(:useiscsi).and_return(false) - expect(Yast::SuSEFirewallProposal).not_to receive(:propose_iscsi) + expect(subject).not_to receive(:propose_iscsi) - Yast::SuSEFirewallProposal.ProposeFunctions + subject.ProposeFunctions end end end describe "#propose_iscsi" do + it "proposes full firewall initialization on boot" do + expect(Yast::SuSEFirewall).to receive(:full_init_on_boot).and_return(true) + + subject.propose_iscsi + end + end + + describe "#EnableFallbackPorts" do + let(:fallback_ports) { ["port1", "port2"] } + before(:each) do - allow(Yast::SuSEFirewall).to receive(:GetAllNonDialUpInterfaces).and_return(["eth44", "eth55"]) - allow(Yast::SuSEFirewall).to receive(:GetZonesOfInterfaces).and_return(["EXT"]) + allow(Yast::SuSEFirewall).to receive(:GetKnownFirewallZones).and_return(["EXT", "INT", "DMZ"]) + end + + context "when opening ports in known firewall zones" do + it "opens given ports in firewall in given zones" do + expect(Yast::SuSEFirewall).to receive(:AddService).with(/port.*/, "TCP", /(EXT|DMZ)/).exactly(4).times + + subject.EnableFallbackPorts(fallback_ports, ["EXT", "DMZ"]) + end + end + + context "when opening ports in unknown firewall zones" do + it "throws an exception" do + method_call = proc { subject.EnableFallbackPorts(fallback_ports, ["UNKNOWN_ZONE1", "UZ2"]) } + expect { method_call.call }.to raise_error(/UNKNOWN_ZONE1.*UZ2/) + end + end + end + + describe "#OpenServiceInInterfaces" do + let(:network_interfaces) { ["eth-x", "eth-y"] } + let(:interfaces_zones) { ["ZONE1", "ZONE2"] } + let(:all_zones) { ["ZONE1", "ZONE2", "ZONE3"] } + let(:firewall_service) { "service:fw_service_x" } + let(:fallback_ports) { ["p1", "p2", "p3"] } + + before(:each) do + # Default behavior: Interfaces are assigned to zones, there are more known zones, + # given firewall service exists + allow(Yast::SuSEFirewall).to receive(:GetZonesOfInterfaces).and_return(interfaces_zones) + allow(Yast::SuSEFirewall).to receive(:GetKnownFirewallZones).and_return(all_zones) allow(Yast::SuSEFirewallServices).to receive(:IsKnownService).and_return(true) - allow(Yast::SuSEFirewallProposal).to receive(:ServiceEnabled).and_return(true) end - it "proposes opening iscsi-target firewall service and full firewall initialization on boot" do - expect(Yast::SuSEFirewall).to receive(:full_init_on_boot).and_return(true) - expect(Yast::SuSEFirewall).to receive(:SetServicesForZones).with(["service:iscsitarget"], ["EXT"], true).and_return(true) + context "when network interfaces are assigned to some zone(s)" do + it "open service in firewall in zones that include given interfaces" do + expect(Yast::SuSEFirewall).to receive(:SetServicesForZones).with([firewall_service], interfaces_zones, true) + subject.OpenServiceInInterfaces(firewall_service, fallback_ports, network_interfaces) + end + end - Yast::SuSEFirewallProposal.propose_iscsi + context "when network interfaces are not assigned to any zone" do + it "opens service in firewall in all zones" do + allow(Yast::SuSEFirewall).to receive(:GetZonesOfInterfaces).and_return([]) + expect(Yast::SuSEFirewall).to receive(:SetServicesForZones).with([firewall_service], all_zones, true) + subject.OpenServiceInInterfaces(firewall_service, fallback_ports, network_interfaces) + end + end + + context "when given firewall service is known" do + it "opens service in firewall in zones that include given interfaces" do + expect(Yast::SuSEFirewall).to receive(:SetServicesForZones).with([firewall_service], interfaces_zones, true) + subject.OpenServiceInInterfaces(firewall_service, fallback_ports, network_interfaces) + end + end + + context "when given service is unknown" do + it "opens given fallback ports in zones that include given interfaces" do + allow(Yast::SuSEFirewallServices).to receive(:IsKnownService).and_return(false) + expect(subject).to receive(:EnableFallbackPorts).with(fallback_ports, interfaces_zones) + subject.OpenServiceInInterfaces(firewall_service, fallback_ports, network_interfaces) + end end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.124/package/yast2.changes new/yast2-3.1.125/package/yast2.changes --- old/yast2-3.1.124/package/yast2.changes 2015-05-22 15:51:11.000000000 +0200 +++ new/yast2-3.1.125/package/yast2.changes 2015-05-25 15:36:08.000000000 +0200 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Mon May 25 14:04:51 CEST 2015 - locilka@suse.com + +- Fixed proposal to open fallback ports for services (bsc#916376) +- Removed opening iSCSI ports from firewall proposal (bsc#916376) +- 3.1.125 + +------------------------------------------------------------------- Fri May 22 12:32:27 UTC 2015 - jreidinger@suse.com - InstExtensionImage: add block variant for loading extension diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-3.1.124/package/yast2.spec new/yast2-3.1.125/package/yast2.spec --- old/yast2-3.1.124/package/yast2.spec 2015-05-22 15:51:11.000000000 +0200 +++ new/yast2-3.1.125/package/yast2.spec 2015-05-25 15:36:08.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2 -Version: 3.1.124 +Version: 3.1.125 Release: 0 URL: https://github.com/yast/yast-yast2
participants (1)
-
root@hilbert.suse.de