commit autoyast2 for openSUSE:Factory

Fri, 18 Nov 2022 06:43:26 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package autoyast2 for openSUSE:Factory 
checked in at 2022-11-18 15:42:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/autoyast2 (Old)
 and      /work/SRC/openSUSE:Factory/.autoyast2.new.1597 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "autoyast2"

Fri Nov 18 15:42:54 2022 rev:329 rq:1036309 version:4.5.9

Changes:
--------
--- /work/SRC/openSUSE:Factory/autoyast2/autoyast2.changes      2022-11-03 
19:14:01.971954017 +0100
+++ /work/SRC/openSUSE:Factory/.autoyast2.new.1597/autoyast2.changes    
2022-11-18 15:43:15.706490560 +0100
@@ -1,0 +2,12 @@
+Tue Nov  8 15:52:04 UTC 2022 - Josef Reidinger <jreidin...@suse.com>
+
+- Add needed packages for kdump even when kdump section is not
+  defined if product enable kdump by default (bsc#1204180)
+- 4.5.9
+
+-------------------------------------------------------------------
+Thu Nov  3 16:45:52 UTC 2022 - Imobach Gonzalez Sosa <igonzalezs...@suse.com>
+
+- Add support for security policies validation (jsc#SLE-24764).
+
+-------------------------------------------------------------------

Old:
----
  autoyast2-4.5.8.tar.bz2

New:
----
  autoyast2-4.5.9.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ autoyast2.spec ++++++
--- /var/tmp/diff_new_pack.fs4q1R/_old  2022-11-18 15:43:16.302493179 +0100
+++ /var/tmp/diff_new_pack.fs4q1R/_new  2022-11-18 15:43:16.310493213 +0100
@@ -22,7 +22,7 @@
 %endif
 
 Name:           autoyast2
-Version:        4.5.8
+Version:        4.5.9
 Release:        0
 Summary:        YaST2 - Automated Installation
 License:        GPL-2.0-only
@@ -44,15 +44,17 @@
 # Replace PackageSystem with Package
 BuildRequires:  yast2 >= 4.4.38
 # FileSystems.read_default_subvol_from_target
+BuildRequires:  yast2-xml
 BuildRequires:  yast2-services-manager
 BuildRequires:  yast2-transfer
-BuildRequires:  yast2-xml
 # ProductSpec API
+BuildRequires:  yast2-packager >= 4.4.13
 BuildRequires:  yast2-country
 BuildRequires:  yast2-network >= 3.1.145
-BuildRequires:  yast2-packager >= 4.4.13
 BuildRequires:  yast2-slp
 BuildRequires:  yast2-update >= 3.3.0
+# Support for SecurityPolicies
+BuildRequires:  yast2-security >= 4.5.3
 # Required for test suite testing one time sync
 BuildRequires:  yast2-ntp-client >= 4.0.1
 # UEFI detection in Y2Storage::Arch
@@ -71,16 +73,16 @@
 Requires:       yast2 >= 4.4.38
 Requires:       yast2-core
 Requires:       yast2-country >= 3.1.13
-# Moving security module to first installation stage
-Requires:       yast2-security >= 4.1.1
+# Support for SecurityPolicies
+Requires:       yast2-security >= 4.5.3
 # Install selected network backend packages
 Requires:       yast2-network >= 4.5.9
 Requires:       yast2-schema >= 4.0.6
 Requires:       yast2-transfer >= 2.21.0
 Requires:       yast2-xml
 # New API for Y2Storage::PackageHandler and storage features
-Requires:       yast2-ruby-bindings >= 1.0.0
 Requires:       yast2-storage-ng >= 4.2.95
+Requires:       yast2-ruby-bindings >= 1.0.0
 
 Conflicts:      yast2-installation < 3.1.166
 

++++++ autoyast2-4.5.8.tar.bz2 -> autoyast2-4.5.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/autoyast2-4.5.8/package/autoyast2.changes 
new/autoyast2-4.5.9/package/autoyast2.changes
--- old/autoyast2-4.5.8/package/autoyast2.changes       2022-11-03 
15:00:47.000000000 +0100
+++ new/autoyast2-4.5.9/package/autoyast2.changes       2022-11-17 
06:44:50.000000000 +0100
@@ -1,4 +1,16 @@
 -------------------------------------------------------------------
+Tue Nov  8 15:52:04 UTC 2022 - Josef Reidinger <jreidin...@suse.com>
+
+- Add needed packages for kdump even when kdump section is not
+  defined if product enable kdump by default (bsc#1204180)
+- 4.5.9
+
+-------------------------------------------------------------------
+Thu Nov  3 16:45:52 UTC 2022 - Imobach Gonzalez Sosa <igonzalezs...@suse.com>
+
+- Add support for security policies validation (jsc#SLE-24764).
+
+-------------------------------------------------------------------
 Thu Nov  3 13:04:26 UTC 2022 - Ladislav Slezák <lsle...@suse.cz>
 
 - Log the profile/rules/classes file SHA1 sum so we can later
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/autoyast2-4.5.8/package/autoyast2.spec 
new/autoyast2-4.5.9/package/autoyast2.spec
--- old/autoyast2-4.5.8/package/autoyast2.spec  2022-11-03 15:00:47.000000000 
+0100
+++ new/autoyast2-4.5.9/package/autoyast2.spec  2022-11-17 06:44:50.000000000 
+0100
@@ -22,7 +22,7 @@
 %endif
 
 Name:           autoyast2
-Version:        4.5.8
+Version:        4.5.9
 Release:        0
 Summary:        YaST2 - Automated Installation
 License:        GPL-2.0-only
@@ -53,8 +53,10 @@
 BuildRequires:  yast2-network >= 3.1.145
 BuildRequires:  yast2-slp
 BuildRequires:  yast2-country
+# Support for SecurityPolicies
+BuildRequires:  yast2-security >= 4.5.3
 # Required for test suite testing one time sync
-BuildRequires:       yast2-ntp-client >= 4.0.1
+BuildRequires:  yast2-ntp-client >= 4.0.1
 # UEFI detection in Y2Storage::Arch
 BuildRequires:  yast2-storage-ng >= 4.4.22
 # %%{_unitdir} macro definition is in a separate package since 13.1
@@ -71,8 +73,8 @@
 Requires:       yast2 >= 4.4.38
 Requires:       yast2-core
 Requires:       yast2-country >= 3.1.13
-# Moving security module to first installation stage
-Requires:       yast2-security >= 4.1.1
+# Support for SecurityPolicies
+Requires:       yast2-security >= 4.5.3
 # Install selected network backend packages
 Requires:       yast2-network >= 4.5.9
 Requires:       yast2-schema >= 4.0.6
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/autoyast2-4.5.8/src/lib/autoinstall/autosetup_helpers.rb 
new/autoyast2-4.5.9/src/lib/autoinstall/autosetup_helpers.rb
--- old/autoyast2-4.5.8/src/lib/autoinstall/autosetup_helpers.rb        
2022-11-03 15:00:47.000000000 +0100
+++ new/autoyast2-4.5.9/src/lib/autoinstall/autosetup_helpers.rb        
2022-11-17 06:44:50.000000000 +0100
@@ -18,6 +18,8 @@
 # find current contact information at www.suse.com.
 
 require "y2storage"
+require "y2security/security_policies/manager"
+require "y2security/security_policies/target_config"
 require "autoinstall/activate_callbacks"
 require "autoinstall/xml_checks"
 
@@ -27,6 +29,8 @@
 Yast.import "Timezone"
 Yast.import "Keyboard"
 Yast.import "Language"
+Yast.import "HTML"
+Yast.import "Report"
 
 module Y2Autoinstallation
   # This module defines some methods that are used in 
{Y2Autoinstallation::Clients::InstAutosetup}
@@ -229,6 +233,30 @@
       Yast::Profile.remove_sections("firewall") if !need_second_stage_run?
     end
 
+    # Check the security policy
+    #
+    # If any of the rules of the enabled policy fails, it displays a warning.
+    def autosetup_security_policy
+      target_config = Y2Security::SecurityPolicies::TargetConfig.new
+      manager = Y2Security::SecurityPolicies::Manager.instance
+      rules = manager.failing_rules(target_config)
+      return if !manager.enabled_policy || rules.empty?
+
+      items = rules.map do |rule|
+        ids = (rule.identifiers + rule.references).join(", ")
+        "#{rule.description} (#{ids})"
+      end
+
+      # TRANSLATORS: policy_name is the name of a SCAP policy
+      message = format(
+        _("The system does not comply with the %{policy_name} policy:"),
+        policy_name: manager.enabled_policy.name
+      )
+      Yast::Report.LongWarning(
+        Yast::HTML.Para(message) + Yast::HTML.List(items)
+      )
+    end
+
   private
 
     # Checks whether we need to run second stage handling
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/autoyast2-4.5.8/src/lib/autoinstall/clients/inst_autosetup.rb 
new/autoyast2-4.5.9/src/lib/autoinstall/clients/inst_autosetup.rb
--- old/autoyast2-4.5.8/src/lib/autoinstall/clients/inst_autosetup.rb   
2022-11-03 15:00:47.000000000 +0100
+++ new/autoyast2-4.5.9/src/lib/autoinstall/clients/inst_autosetup.rb   
2022-11-17 06:44:50.000000000 +0100
@@ -79,7 +79,8 @@
           _("Import SSH keys/settings"),
           _("Set up user defined configuration files"),
           _("Confirm License"),
-          _("Configure firewall")
+          _("Configure firewall"),
+          _("Check security policy")
         ]
 
         @progress_descriptions = [
@@ -97,7 +98,8 @@
           _("Importing SSH keys/settings..."),
           _("Setting up user defined configuration files..."),
           _("Confirming License..."),
-          _("Configuring the firewall")
+          _("Configuring the firewall"),
+          _("Checking the security policy")
         ]
 
         Progress.New(
@@ -275,8 +277,11 @@
 
         Progress.NextStage
 
-        # SLES only. Have to be run before software to add required packages 
to enable kdump
-        if Builtins.haskey(Profile.current, "kdump")
+        # For kdump we respect product defaults. So even if not specified in 
profile
+        # import empty one to get proposal and install needed software.
+        log.info "checking for kdump auto"
+        if WFM.ClientExists("kdump_auto")
+          log.info "calling import"
           Call.Function(
             "kdump_auto",
             ["Import", Ops.get_map(Profile.current, "kdump", {})]
@@ -386,6 +391,11 @@
         #
         autosetup_firewall
 
+        Progress.NextStage
+
+        # Validate the security policy
+        autosetup_security_policy unless AutoinstConfig.Confirm
+
         # Results of imported values semantic check.
         return :abort unless AutoInstall.valid_imported_values
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/autoyast2-4.5.8/test/lib/autosetup_helpers_test.rb 
new/autoyast2-4.5.9/test/lib/autosetup_helpers_test.rb
--- old/autoyast2-4.5.8/test/lib/autosetup_helpers_test.rb      2022-11-03 
15:00:47.000000000 +0100
+++ new/autoyast2-4.5.9/test/lib/autosetup_helpers_test.rb      2022-11-17 
06:44:50.000000000 +0100
@@ -20,6 +20,7 @@
 
 require_relative "../test_helper"
 require "autoinstall/autosetup_helpers"
+require "y2security/security_policies/rule"
 
 Yast.import "AutoinstConfig"
 Yast.import "Profile"
@@ -506,4 +507,45 @@
       end
     end
   end
+
+  describe "#autosetup_security_policy" do
+    let(:target_config) do
+      instance_double(Y2Security::SecurityPolicies::TargetConfig)
+    end
+    let(:policy) do
+      instance_double(Y2Security::SecurityPolicies::Policy, name: "DISA STIG")
+    end
+    let(:failing_rules) { [] }
+
+    before do
+      allow(Y2Security::SecurityPolicies::Manager.instance)
+        .to receive(:enabled_policy).and_return(policy)
+      allow(Y2Security::SecurityPolicies::Manager.instance)
+        .to receive(:failing_rules).and_return(failing_rules)
+      allow(Y2Security::SecurityPolicies::TargetConfig)
+        .to receive(:new).and_return(target_config)
+    end
+
+    context "when there are no issues" do
+      it "does not report any issue" do
+        expect(Yast::Report).to_not receive(:LongWarning)
+          .with(/Dummy rule/)
+        client.autosetup_security_policy
+      end
+    end
+
+    context "when there are issues" do
+      let(:rule) do
+        instance_double(Y2Security::SecurityPolicies::Rule, id: "testing",
+          description: "Dummy rule", identifiers: ["CCE-12345"], references: 
["SLES-15-12345"])
+      end
+      let(:failing_rules) { [rule] }
+
+      it "reports railing rules" do
+        expect(Yast::Report).to receive(:LongWarning)
+          .with(/DISA STIG.*Dummy rule \(CCE-12345, SLES-15-12345\)/)
+        client.autosetup_security_policy
+      end
+    end
+  end
 end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/autoyast2-4.5.8/test/lib/clients/inst_autosetup_test.rb 
new/autoyast2-4.5.9/test/lib/clients/inst_autosetup_test.rb
--- old/autoyast2-4.5.8/test/lib/clients/inst_autosetup_test.rb 2022-11-03 
15:00:47.000000000 +0100
+++ new/autoyast2-4.5.9/test/lib/clients/inst_autosetup_test.rb 2022-11-17 
06:44:50.000000000 +0100
@@ -68,6 +68,8 @@
       allow(importer).to receive(:import_entry).and_call_original
       allow(Yast::ProductControl).to receive(:RunFrom).and_return(:next)
       Yast::Profile.current = Yast::ProfileHash.new(profile)
+
+      allow(Yast::Profile).to receive(:remove_sections)
     end
 
     it "sets up the network" do
@@ -297,6 +299,8 @@
       end
 
       it "removes the add-on section from the profile" do
+
+        allow(Yast::Profile).to receive(:remove_sections).and_call_original
         expect(Yast::Profile.current).to have_key("add-on")
         expect(Yast::WFM).to receive(:CallFunction)
           .with("add-on_auto", ["Import", profile["add-on"]])
@@ -305,5 +309,27 @@
         expect(Yast::Profile.current).to_not have_key("add-on")
       end
     end
+
+    context "when the confirmation mode is not enabled" do
+      before do
+        allow(Yast::AutoinstConfig).to receive(:Confirm).and_return(false)
+      end
+
+      it "validates the security policy" do
+        expect(subject).to receive(:autosetup_security_policy)
+        subject.main
+      end
+    end
+
+    context "when the confirmation mode is enabled" do
+      before do
+        allow(Yast::AutoinstConfig).to receive(:Confirm).and_return(true)
+      end
+
+      it "does not validate the security policy" do
+        expect(subject).to_not receive(:autosetup_security_policy)
+        subject.main
+      end
+    end
   end
 end

Reply via email to