Hello community,
here is the log from the commit of package yast2-security for openSUSE:Factory checked in at 2015-07-05 17:51:15
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-security (Old)
and /work/SRC/openSUSE:Factory/.yast2-security.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-security"
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-security/yast2-security.changes 2015-06-18 06:37:10.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.yast2-security.new/yast2-security.changes 2015-07-05 17:51:17.000000000 +0200
@@ -1,0 +2,7 @@
+Fri Jun 19 15:26:45 UTC 2015 - ancor@suse.com
+
+- Settings of security levels moved to YAML files
+- Redefined security levels (last part of fate#318425)
+- 3.1.10
+
+-------------------------------------------------------------------
Old:
----
yast2-security-3.1.9.tar.bz2
New:
----
yast2-security-3.1.10.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-security.spec ++++++
--- /var/tmp/diff_new_pack.mxpcmz/_old 2015-07-05 17:51:17.000000000 +0200
+++ /var/tmp/diff_new_pack.mxpcmz/_new 2015-07-05 17:51:17.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-security
-Version: 3.1.9
+Version: 3.1.10
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ yast2-security-3.1.9.tar.bz2 -> yast2-security-3.1.10.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/package/yast2-security.changes new/yast2-security-3.1.10/package/yast2-security.changes
--- old/yast2-security-3.1.9/package/yast2-security.changes 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/package/yast2-security.changes 2015-06-22 10:41:26.000000000 +0200
@@ -1,4 +1,11 @@
-------------------------------------------------------------------
+Fri Jun 19 15:26:45 UTC 2015 - ancor@suse.com
+
+- Settings of security levels moved to YAML files
+- Redefined security levels (last part of fate#318425)
+- 3.1.10
+
+-------------------------------------------------------------------
Mon Jun 15 15:22:38 UTC 2015 - ancor@suse.com
- Updated list of mandatory and optional services (part of
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/package/yast2-security.spec new/yast2-security-3.1.10/package/yast2-security.spec
--- old/yast2-security-3.1.9/package/yast2-security.spec 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/package/yast2-security.spec 2015-06-22 10:41:26.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-security
-Version: 3.1.9
+Version: 3.1.10
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/Makefile.am new/yast2-security-3.1.10/src/Makefile.am
--- old/yast2-security-3.1.9/src/Makefile.am 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/src/Makefile.am 2015-06-22 10:41:26.000000000 +0200
@@ -30,7 +30,10 @@
ydatadir = @ydatadir@/security
ydata_DATA = \
- data/security/services.yml
+ data/security/services.yml \
+ data/security/level1.yml \
+ data/security/level2.yml \
+ data/security/level3.yml
desktop_DATA = \
desktop/security.desktop
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/clients/security.rb new/yast2-security-3.1.10/src/clients/security.rb
--- old/yast2-security-3.1.9/src/clients/security.rb 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/src/clients/security.rb 2015-06-22 10:41:26.000000000 +0200
@@ -55,7 +55,7 @@
# the command line description map
@cmdline = {
"id" => "security",
- # translators: command line help text for Securoty module
+ # translators: command line help text for Security module
"help" => _(
"Security configuration module"
),
@@ -89,16 +89,16 @@
}
},
"options" => {
- "home" => {
- # command line help text for 'level home' option
+ "workstation" => {
+ # command line help text for 'level workstation' option
"help" => _(
- "Home Workstation security level (without network)"
+ "Workstation security level"
)
},
- "network" => {
- # command line help text for 'level network' option
+ "roaming" => {
+ # command line help text for 'level roaming' option
"help" => _(
- "Networked Workstation security level"
+ "Roaming Device (e.g. laptop or tablet) security level"
)
},
"server" => {
@@ -141,7 +141,7 @@
},
"mappings" => {
"summary" => [],
- "level" => ["home", "network", "server"],
+ "level" => ["workstation", "roaming", "server"],
#FIXME 1,2,3 aliases
"set" => [
"passwd",
@@ -184,11 +184,11 @@
current = key if level == Security.Settings
end
lvl = ""
- if Builtins.haskey(options, "home")
+ if options.key?("workstation")
lvl = "Level1"
- elsif Builtins.haskey(options, "network")
+ elsif options.key?("roaming")
lvl = "Level2"
- elsif Builtins.haskey(options, "server")
+ elsif options.key?("server")
lvl = "Level3"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/data/security/level1.yml new/yast2-security-3.1.10/src/data/security/level1.yml
--- old/yast2-security-3.1.9/src/data/security/level1.yml 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-security-3.1.10/src/data/security/level1.yml 2015-06-22 10:41:26.000000000 +0200
@@ -0,0 +1,39 @@
+# Level 1: Workstation
+---
+AllowShutdown: Root
+CONSOLE_SHUTDOWN: ignore
+CRACKLIB_DICT_PATH: "/usr/lib/cracklib_dict"
+DISABLE_RESTART_ON_UPDATE: 'no'
+DISABLE_STOP_ON_REMOVAL: 'no'
+DISPLAYMANAGER_REMOTE_ACCESS: 'no'
+DISPLAYMANAGER_ROOT_LOGIN_REMOTE: 'no'
+DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN: 'no'
+FAIL_DELAY: '6'
+GID_MAX: '60000'
+GID_MIN: '1000'
+HIBERNATE_SYSTEM: active_console
+PASSWD_ENCRYPTION: sha512
+PASSWD_REMEMBER_HISTORY: '0'
+PASSWD_USE_CRACKLIB: 'yes'
+PASS_MAX_DAYS: '99999'
+PASS_MIN_DAYS: '1'
+PASS_MIN_LEN: '5'
+PASS_WARN_AGE: '14'
+PERMISSION_SECURITY: easy
+RUN_UPDATEDB_AS: nobody
+SMTPD_LISTEN_REMOTE: 'no'
+SYSLOG_ON_NO_ERROR: 'yes'
+SYSTOHC: 'yes'
+SYS_GID_MAX: '499'
+SYS_GID_MIN: '100'
+SYS_UID_MAX: '499'
+SYS_UID_MIN: '100'
+UID_MAX: '60000'
+UID_MIN: '1000'
+USERADD_CMD: "/usr/sbin/useradd.local"
+USERDEL_POSTCMD: "/usr/sbin/userdel-post.local"
+USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
+kernel.sysrq: '0'
+net.ipv4.ip_forward: '0'
+net.ipv4.tcp_syncookies: '1'
+net.ipv6.conf.all.forwarding: '0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/data/security/level2.yml new/yast2-security-3.1.10/src/data/security/level2.yml
--- old/yast2-security-3.1.9/src/data/security/level2.yml 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-security-3.1.10/src/data/security/level2.yml 2015-06-22 10:41:26.000000000 +0200
@@ -0,0 +1,39 @@
+# Level 2: Roaming Device
+---
+AllowShutdown: Root
+CONSOLE_SHUTDOWN: ignore
+CRACKLIB_DICT_PATH: "/usr/lib/cracklib_dict"
+DISABLE_RESTART_ON_UPDATE: 'no'
+DISABLE_STOP_ON_REMOVAL: 'no'
+DISPLAYMANAGER_REMOTE_ACCESS: 'no'
+DISPLAYMANAGER_ROOT_LOGIN_REMOTE: 'no'
+DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN: 'no'
+FAIL_DELAY: '6'
+GID_MAX: '60000'
+GID_MIN: '1000'
+HIBERNATE_SYSTEM: active_console
+PASSWD_ENCRYPTION: sha512
+PASSWD_REMEMBER_HISTORY: '0'
+PASSWD_USE_CRACKLIB: 'yes'
+PASS_MAX_DAYS: '99999'
+PASS_MIN_DAYS: '1'
+PASS_MIN_LEN: '5'
+PASS_WARN_AGE: '14'
+PERMISSION_SECURITY: easy
+RUN_UPDATEDB_AS: nobody
+SMTPD_LISTEN_REMOTE: 'no'
+SYSLOG_ON_NO_ERROR: 'yes'
+SYSTOHC: 'yes'
+SYS_GID_MAX: '499'
+SYS_GID_MIN: '100'
+SYS_UID_MAX: '499'
+SYS_UID_MIN: '100'
+UID_MAX: '60000'
+UID_MIN: '1000'
+USERADD_CMD: "/usr/sbin/useradd.local"
+USERDEL_POSTCMD: "/usr/sbin/userdel-post.local"
+USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
+kernel.sysrq: '0'
+net.ipv4.ip_forward: '0'
+net.ipv4.tcp_syncookies: '1'
+net.ipv6.conf.all.forwarding: '0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/data/security/level3.yml new/yast2-security-3.1.10/src/data/security/level3.yml
--- old/yast2-security-3.1.9/src/data/security/level3.yml 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-security-3.1.10/src/data/security/level3.yml 2015-06-22 10:41:26.000000000 +0200
@@ -0,0 +1,39 @@
+# Level 3: Network server
+---
+AllowShutdown: Root
+CONSOLE_SHUTDOWN: ignore
+CRACKLIB_DICT_PATH: "/usr/lib/cracklib_dict"
+DISABLE_RESTART_ON_UPDATE: 'no'
+DISABLE_STOP_ON_REMOVAL: 'no'
+DISPLAYMANAGER_REMOTE_ACCESS: 'no'
+DISPLAYMANAGER_ROOT_LOGIN_REMOTE: 'no'
+DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN: 'no'
+FAIL_DELAY: '3'
+GID_MAX: '60000'
+GID_MIN: '1000'
+HIBERNATE_SYSTEM: active_console
+PASSWD_ENCRYPTION: sha512
+PASSWD_REMEMBER_HISTORY: '0'
+PASSWD_USE_CRACKLIB: 'yes'
+PASS_MAX_DAYS: '99999'
+PASS_MIN_DAYS: '1'
+PASS_MIN_LEN: '6'
+PASS_WARN_AGE: '14'
+PERMISSION_SECURITY: secure
+RUN_UPDATEDB_AS: nobody
+SMTPD_LISTEN_REMOTE: 'no'
+SYSLOG_ON_NO_ERROR: 'yes'
+SYSTOHC: 'yes'
+SYS_GID_MAX: '499'
+SYS_GID_MIN: '100'
+SYS_UID_MAX: '499'
+SYS_UID_MIN: '100'
+UID_MAX: '60000'
+UID_MIN: '1000'
+USERADD_CMD: "/usr/sbin/useradd.local"
+USERDEL_POSTCMD: "/usr/sbin/userdel-post.local"
+USERDEL_PRECMD: "/usr/sbin/userdel-pre.local"
+kernel.sysrq: '0'
+net.ipv4.ip_forward: '0'
+net.ipv4.tcp_syncookies: '1'
+net.ipv6.conf.all.forwarding: '0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/include/security/helps.rb new/yast2-security-3.1.10/src/include/security/helps.rb
--- old/yast2-security-3.1.9/src/include/security/helps.rb 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/src/include/security/helps.rb 2015-06-22 10:41:26.000000000 +0200
@@ -84,11 +84,11 @@
) +
# Main dialog help 5/8
_(
- "<p><b>Home Workstation</b>: For a home computer not connected to\nany type of a network.</p>"
+ "<p><b>Workstation</b>: For a computer connected\nto any type of network including the Internet.</p>"
) +
# Main dialog help 6/8
_(
- "<p><b>Networked Workstation</b>: For a computer connected\nto any type of network including the Internet.</p>"
+ "<p><b>Roaming Device</b>: For a laptop, tablet or similar device\nthat connects to different networks.</p>"
) +
# Main dialog help 7/8
_(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/include/security/levels.rb new/yast2-security-3.1.10/src/include/security/levels.rb
--- old/yast2-security-3.1.9/src/include/security/levels.rb 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/src/include/security/levels.rb 2015-06-22 10:41:26.000000000 +0200
@@ -39,153 +39,40 @@
# ]
# </pre>
+require "yaml"
+
# @return [Array] all security settings
module Yast
module SecurityLevelsInclude
def initialize_security_levels(include_target)
textdomain "security"
+ Yast.import "Directory"
# Level names definitions
@LevelsNames = {
# level name
- "Level1" => _("Home Workstation"),
+ "Level1" => _("Workstation"),
# level name
- "Level2" => _("Networked Workstation"),
+ "Level2" => _("Roaming Device"),
# level name
"Level3" => _("Network Server")
}
@LevelsLabels = {
# RadioButton label
- "Level1" => _("&Home Workstation"),
+ "Level1" => _("&Workstation"),
# RadioButton label
- "Level2" => _("N&etworked Workstation"),
+ "Level2" => _("&Roaming Device"),
# RadioButton label
"Level3" => _("Network &Server")
}
# Levels definitions
- @Levels =
- # end of Levels
- {
- "Level1" => {
- "CONSOLE_SHUTDOWN" => "reboot",
- "CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict",
- "DISPLAYMANAGER_REMOTE_ACCESS" => "no",
- "kernel.sysrq" => "1",
- "FAIL_DELAY" => "1",
- "GID_MAX" => "60000",
- "GID_MIN" => "1000",
- "AllowShutdown" => "All",
- "HIBERNATE_SYSTEM" => "active_console",
- "PASSWD_ENCRYPTION" => "sha512",
- "PASSWD_USE_CRACKLIB" => "yes",
- "PASS_MAX_DAYS" => "99999",
- "PASS_MIN_DAYS" => "0",
- "PASS_MIN_LEN" => "5",
- "PASS_WARN_AGE" => "7",
- "PERMISSION_SECURITY" => "easy",
- "RUN_UPDATEDB_AS" => "nobody",
- "UID_MAX" => "60000",
- "UID_MIN" => "1000",
- "SYS_UID_MAX" => "499",
- "SYS_UID_MIN" => "100",
- "SYS_GID_MAX" => "499",
- "SYS_GID_MIN" => "100",
- "USERADD_CMD" => "/usr/sbin/useradd.local",
- "USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local",
- "USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local",
- "PASSWD_REMEMBER_HISTORY" => "0",
- "SYSTOHC" => "yes",
- "SYSLOG_ON_NO_ERROR" => "yes",
- "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no",
- "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => "no",
- "SMTPD_LISTEN_REMOTE" => "no",
- "DISABLE_STOP_ON_REMOVAL" => "no",
- "DISABLE_RESTART_ON_UPDATE" => "no",
- "net.ipv4.tcp_syncookies" => "1",
- "net.ipv4.ip_forward" => "0",
- "net.ipv6.conf.all.forwarding" => "0"
- },
- "Level2" => {
- "CONSOLE_SHUTDOWN" => "ignore",
- "CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict",
- "DISPLAYMANAGER_REMOTE_ACCESS" => "no",
- "kernel.sysrq" => "0",
- "FAIL_DELAY" => "6",
- "GID_MAX" => "60000",
- "GID_MIN" => "1000",
- "AllowShutdown" => "Root",
- "HIBERNATE_SYSTEM" => "active_console",
- "PASSWD_ENCRYPTION" => "sha512",
- "PASSWD_USE_CRACKLIB" => "yes",
- "PASS_MAX_DAYS" => "99999",
- "PASS_MIN_DAYS" => "1",
- "PASS_MIN_LEN" => "5",
- "PASS_WARN_AGE" => "14",
- "PERMISSION_SECURITY" => "easy",
- "RUN_UPDATEDB_AS" => "nobody",
- "UID_MAX" => "60000",
- "UID_MIN" => "1000",
- "SYS_UID_MAX" => "499",
- "SYS_UID_MIN" => "100",
- "SYS_GID_MAX" => "499",
- "SYS_GID_MIN" => "100",
- "USERADD_CMD" => "/usr/sbin/useradd.local",
- "USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local",
- "USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local",
- "PASSWD_REMEMBER_HISTORY" => "0",
- "SYSTOHC" => "yes",
- "SYSLOG_ON_NO_ERROR" => "yes",
- "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no",
- "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => "no",
- "SMTPD_LISTEN_REMOTE" => "no",
- "DISABLE_STOP_ON_REMOVAL" => "no",
- "DISABLE_RESTART_ON_UPDATE" => "no",
- "net.ipv4.tcp_syncookies" => "1",
- "net.ipv4.ip_forward" => "0",
- "net.ipv6.conf.all.forwarding" => "0"
- },
- "Level3" => {
- "CONSOLE_SHUTDOWN" => "ignore",
- "CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict",
- "DISPLAYMANAGER_REMOTE_ACCESS" => "no",
- "kernel.sysrq" => "0",
- "FAIL_DELAY" => "3",
- "GID_MAX" => "60000",
- "GID_MIN" => "1000",
- "AllowShutdown" => "Root",
- "HIBERNATE_SYSTEM" => "active_console",
- "PASSWD_ENCRYPTION" => "sha512",
- "PASSWD_USE_CRACKLIB" => "yes",
- "PASS_MAX_DAYS" => "99999",
- "PASS_MIN_DAYS" => "1",
- "PASS_MIN_LEN" => "6",
- "PASS_WARN_AGE" => "14",
- "PERMISSION_SECURITY" => "secure",
- "RUN_UPDATEDB_AS" => "nobody",
- "UID_MAX" => "60000",
- "UID_MIN" => "1000",
- "SYS_UID_MAX" => "499",
- "SYS_UID_MIN" => "100",
- "SYS_GID_MAX" => "499",
- "SYS_GID_MIN" => "100",
- "USERADD_CMD" => "/usr/sbin/useradd.local",
- "USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local",
- "USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local",
- "PASSWD_REMEMBER_HISTORY" => "0",
- "SYSTOHC" => "yes",
- "SYSLOG_ON_NO_ERROR" => "yes",
- "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no",
- "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => "no",
- "SMTPD_LISTEN_REMOTE" => "no",
- "DISABLE_STOP_ON_REMOVAL" => "no",
- "DISABLE_RESTART_ON_UPDATE" => "no",
- "net.ipv4.tcp_syncookies" => "1",
- "net.ipv4.ip_forward" => "0",
- "net.ipv6.conf.all.forwarding" => "0"
- }
- }
+ @Levels = @LevelsNames.keys.each_with_object({}) do |level, levels|
+ lfile = Directory.find_data_file("security/#{level.downcase}.yml")
+ raise(Errno::ENOENT, "#{level.downcase}.yml file not found") unless lfile
+ levels[level] = YAML.load_file(lfile)
+ end
# EOF
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/SCRStub.rb new/yast2-security-3.1.10/test/SCRStub.rb
--- old/yast2-security-3.1.9/test/SCRStub.rb 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/test/SCRStub.rb 2015-06-22 10:41:26.000000000 +0200
@@ -26,42 +26,6 @@
end
end
- # Shortcut for generating Yast::Path objects
- #
- # @param route [String] textual representation of the path
- # @return [Yast::Path] the corresponding Path object
- def path(route)
- Yast::Path.new(route)
- end
-
- # Encapsulates subsequent SCR calls into a chroot.
- #
- # Raises an exception if something goes wrong.
- #
- # @param [#to_s] directory to use as '/' for SCR calls
- def set_root_path(directory)
- check_version = false
- @scr_handle = Yast::WFM.SCROpen("chroot=#{directory}:scr", check_version)
- raise "Error creating the chrooted scr instance" if @scr_handle < 0
- Yast::WFM.SCRSetDefault(@scr_handle)
- end
-
- # Resets the SCR calls to default behaviour, closing the SCR instance open by
- # #set_root_path.
- #
- # Raises an exception if #set_root_path has not been called before (or if the
- # corresponding instance has already been closed)
- #
- # @see #set_root_path
- def reset_root_path
- default_handle = Yast::WFM.SCRGetDefault
- if default_handle != @scr_handle
- raise "Error closing the chrooted scr instance, it's not the current default one"
- end
- @scr_handle = nil
- Yast::WFM.SCRClose(default_handle)
- end
-
# Matcher for executing commands using SCR.Execute and .target.bash
#
# @return [RSpec::Mocks::Matchers::Receive]
@@ -69,6 +33,13 @@
receive(:Execute).with(path(".target.bash"), command)
end
+ # Matcher for executing commands using SCR.Execute and .target.bash_output
+ #
+ # @return [RSpec::Mocks::Matchers::Receive]
+ def exec_bash_output(command)
+ receive(:Execute).with(path(".target.bash_output"), command)
+ end
+
# Stub all calls to SCR.Write storing the value for future comparison
def stub_scr_write
@written_values = {}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/levels_test.rb new/yast2-security-3.1.10/test/levels_test.rb
--- old/yast2-security-3.1.9/test/levels_test.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-security-3.1.10/test/levels_test.rb 2015-06-22 10:41:26.000000000 +0200
@@ -0,0 +1,66 @@
+#!/usr/bin/env rspec
+
+require_relative 'test_helper'
+
+module Yast
+ class LevelsTester < Client
+ attr_reader :Levels
+
+ def initialize
+ Yast.import "Security"
+ Yast.include self, "security/levels.rb"
+ end
+
+ def apply_level2
+ Security.Settings = @Levels["Level2"]
+ Security.modified = true
+ Security.Write
+ end
+ end
+
+ describe "Levels" do
+ let(:tester) { LevelsTester.new }
+ subject(:settings) { tester.Levels }
+
+ it "reads the settings from the yaml files" do
+ expect(settings["Level1"]["FAIL_DELAY"]).to eq "6"
+ expect(settings["Level2"]["FAIL_DELAY"]).to eq "6"
+ expect(settings["Level3"]["FAIL_DELAY"]).to eq "3"
+ end
+
+ # This 'describe' is the translation to RSpec of the former testsuite.
+ # It's not exactly elegant, but it ensures we don't decrease the number of
+ # covered scenarios by deleting the old testsuite.
+ describe "together with Security" do
+ before do
+ change_scr_root(File.join(DATA_PATH, "system"))
+ stub_scr_write
+ allow(Package).to receive(:Installed).with("systemd").and_return true
+ end
+
+ after do
+ reset_scr_root
+ end
+
+ # Not really needed, but looks better than returning nil
+ let(:empty_bash_output) { {"exit" => 0, "stdout" => "", "stderr" => ""} }
+
+ it "defines the system behavior" do
+ expect(SCR).to exec_bash_output("/usr/sbin/pam-config -a --cracklib")
+ .and_return(empty_bash_output)
+ expect(SCR).to exec_bash_output("/usr/sbin/pam-config -d --cracklib-minlen")
+ .and_return(empty_bash_output)
+ expect(SCR).to exec_bash_output("/usr/sbin/pam-config -d --pwhistory-remember")
+ .and_return(empty_bash_output)
+ expect(SCR).to exec_bash("ln -s -f /dev/null /etc/systemd/system/ctrl-alt-del.target")
+ expect(SCR).to exec_bash("echo 0 > /proc/sys/kernel/sysrq")
+ expect(SCR).to exec_bash("/usr/bin/chkstat --system")
+
+ tester.apply_level2
+
+ expect(written_value_for(".etc.login_defs.FAIL_DELAY")).to eq "6"
+ expect(written_value_for(".sysconfig.locate.RUN_UPDATEDB_AS")).to eq "nobody"
+ end
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/security_test.rb new/yast2-security-3.1.10/test/security_test.rb
--- old/yast2-security-3.1.9/test/security_test.rb 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/test/security_test.rb 2015-06-22 10:41:26.000000000 +0200
@@ -1,11 +1,6 @@
#!/usr/bin/env rspec
-ENV["Y2DIR"] = File.expand_path("../../src", __FILE__)
-DATA_PATH = File.join(File.expand_path(File.dirname(__FILE__)), "data")
-
-require 'rspec'
-require "yast"
-require_relative 'SCRStub'
+require_relative 'test_helper'
def services_for(names, aliases = {})
names.map do |n|
@@ -36,10 +31,6 @@
import "SystemdService"
import "Service"
- RSpec.configure do |c|
- c.include SCRStub
- end
-
describe Security do
describe "#ReadServiceSettings" do
let(:aliases) { {} }
@@ -114,13 +105,13 @@
describe "#write_to_locations" do
before do
- set_root_path(File.join(DATA_PATH, "system"))
+ change_scr_root(File.join(DATA_PATH, "system"))
Security.read_from_locations
stub_scr_write
end
after do
- reset_root_path
+ reset_scr_root
end
it "does not write nil values" do
@@ -161,13 +152,13 @@
describe "#write_kernel_settings" do
before do
- set_root_path(File.join(DATA_PATH, "system"))
+ change_scr_root(File.join(DATA_PATH, "system"))
Security.read_kernel_settings
stub_scr_write
end
after do
- reset_root_path
+ reset_scr_root
end
context "writing to sysctl.conf" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/test_helper.rb new/yast2-security-3.1.10/test/test_helper.rb
--- old/yast2-security-3.1.9/test/test_helper.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/yast2-security-3.1.10/test/test_helper.rb 2015-06-22 10:41:26.000000000 +0200
@@ -0,0 +1,47 @@
+# Copyright (c) 2015 SUSE Linux.
+# All Rights Reserved.
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 or 3 of the GNU General
+# Public License as published by the Free Software Foundation.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, contact SUSE LLC.
+
+# To contact SUSE about this file by physical or electronic mail,
+# you may find current contact information at www.suse.com
+
+# Set the paths
+SRC_PATH = File.expand_path("../../src", __FILE__)
+DATA_PATH = File.join(File.expand_path(File.dirname(__FILE__)), "data")
+ENV["Y2DIR"] = SRC_PATH
+
+require "yast"
+require "yast/rspec"
+require_relative 'SCRStub'
+
+::RSpec.configure do |c|
+ c.include SCRStub
+end
+
+if ENV["COVERAGE"]
+ require "simplecov"
+ SimpleCov.start
+
+ # for coverage we need to load all ruby files
+ Dir["#{SRC_PATH}/modules/**/*.rb"].each { |f| require_relative f }
+
+ # use coveralls for on-line code coverage reporting at Travis CI
+ if ENV["TRAVIS"]
+ require "coveralls"
+ SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[
+ SimpleCov::Formatter::HTMLFormatter,
+ Coveralls::SimpleCov::Formatter
+ ]
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level1.out new/yast2-security-3.1.10/testsuite/tests/Level1.out
--- old/yast2-security-3.1.9/testsuite/tests/Level1.out 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/testsuite/tests/Level1.out 1970-01-01 01:00:00.000000000 +0100
@@ -1,78 +0,0 @@
-Read .etc.login_defs.FAIL_DELAY nil
-Write .etc.login_defs.FAIL_DELAY "1" true
-Read .etc.login_defs.GID_MAX nil
-Write .etc.login_defs.GID_MAX "60000" true
-Read .etc.login_defs.GID_MIN nil
-Write .etc.login_defs.GID_MIN "1000" true
-Read .etc.login_defs.PASS_MAX_DAYS nil
-Write .etc.login_defs.PASS_MAX_DAYS "99999" true
-Read .etc.login_defs.PASS_MIN_DAYS nil
-Write .etc.login_defs.PASS_MIN_DAYS "0" true
-Read .etc.login_defs.PASS_WARN_AGE nil
-Write .etc.login_defs.PASS_WARN_AGE "7" true
-Read .etc.login_defs.UID_MAX nil
-Write .etc.login_defs.UID_MAX "60000" true
-Read .etc.login_defs.UID_MIN nil
-Write .etc.login_defs.UID_MIN "1000" true
-Read .etc.login_defs.SYS_UID_MAX nil
-Write .etc.login_defs.SYS_UID_MAX "499" true
-Read .etc.login_defs.SYS_UID_MIN nil
-Write .etc.login_defs.SYS_UID_MIN "100" true
-Read .etc.login_defs.SYS_GID_MAX nil
-Write .etc.login_defs.SYS_GID_MAX "499" true
-Read .etc.login_defs.SYS_GID_MIN nil
-Write .etc.login_defs.SYS_GID_MIN "100" true
-Read .etc.login_defs.USERADD_CMD nil
-Write .etc.login_defs.USERADD_CMD "/usr/sbin/useradd.local" true
-Read .etc.login_defs.USERDEL_PRECMD nil
-Write .etc.login_defs.USERDEL_PRECMD "/usr/sbin/userdel-pre.local" true
-Read .etc.login_defs.USERDEL_POSTCMD nil
-Write .etc.login_defs.USERDEL_POSTCMD "/usr/sbin/userdel-post.local" true
-Read .kde4.kdmrc.AllowShutdown nil
-Write .kde4.kdmrc.AllowShutdown "All" true
-Read .sysconfig.clock.SYSTOHC nil
-Write .sysconfig.clock.SYSTOHC "yes" true
-Read .sysconfig.cron.SYSLOG_ON_NO_ERROR nil
-Write .sysconfig.cron.SYSLOG_ON_NO_ERROR "yes" true
-Read .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS nil
-Write .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS "no" true
-Read .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE nil
-Write .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE "no" true
-Read .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN nil
-Write .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN "no" true
-Read .sysconfig.locate.RUN_UPDATEDB_AS nil
-Write .sysconfig.locate.RUN_UPDATEDB_AS "nobody" true
-Read .sysconfig.mail.SMTPD_LISTEN_REMOTE nil
-Write .sysconfig.mail.SMTPD_LISTEN_REMOTE "no" true
-Read .sysconfig.security.PERMISSION_SECURITY nil
-Write .sysconfig.security.PERMISSION_SECURITY "easy local" true
-Read .sysconfig.services.DISABLE_RESTART_ON_UPDATE nil
-Write .sysconfig.services.DISABLE_RESTART_ON_UPDATE "no" true
-Read .sysconfig.services.DISABLE_STOP_ON_REMOVAL nil
-Write .sysconfig.services.DISABLE_STOP_ON_REMOVAL "no" true
-Write .etc.login_defs nil true
-Write .kde4.kdmrc nil true
-Write .sysconfig.clock nil true
-Write .sysconfig.cron nil true
-Write .sysconfig.displaymanager nil true
-Write .sysconfig.locate nil true
-Write .sysconfig.mail nil true
-Write .sysconfig.security nil true
-Write .sysconfig.services nil true
-Execute .target.remove "/etc/systemd/system/ctrl-alt-del.target" 0
-Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[]
-Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[]
-Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
-Read .etc.sysctl_conf."kernel.sysrq" nil
-Write .etc.sysctl_conf."kernel.sysrq" "1" true
-Read .etc.sysctl_conf."net.ipv4.ip_forward" nil
-Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true
-Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil
-Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true
-Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil
-Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true
-Write .etc.sysctl_conf nil true
-Execute .target.bash "echo 1 > /proc/sys/kernel/sysrq" 0
-Execute .target.bash "/usr/bin/chkstat --system" 0
-Execute .target.bash "/sbin/set_polkit_default_privs" 0
-Return true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level1.rb new/yast2-security-3.1.10/testsuite/tests/Level1.rb
--- old/yast2-security-3.1.9/testsuite/tests/Level1.rb 2015-06-15 17:36:09.000000000 +0200
+++ new/yast2-security-3.1.10/testsuite/tests/Level1.rb 1970-01-01 01:00:00.000000000 +0100
@@ -1,40 +0,0 @@
-# encoding: utf-8
-
-# YaST2: Modules testsuite
-#
-# Description:
-# Testsuite for the security module
-#
-# Authors:
-# Michal Svec