rebase package to v1.0.0-alpha

This also removes cruft inherited from Fedora.

Resolves: rhbz1870788
Resolves: rhbz1933713
Resolves: rhbz1942751
Resolves: rhbz1944052
Resolves: rhbz1944206

.gitignore

@@ -64,3 +64,4 @@
 /firewalld-0.9.1.tar.gz
 /firewalld-0.9.2.tar.gz
 /firewalld-0.9.3.tar.gz
+/firewalld-1.0.0-alpha.tar.gz

0001-RHEL-only-Add-cockpit-by-default-to-some-zones.patch

@@ -0,0 +1,99 @@
+From 174b42b2943200a7b2ec2dab6c3445158aa04aba Mon Sep 17 00:00:00 2001
+From: Eric Garver <egarver@redhat.com>
+Date: Tue, 25 May 2021 13:31:41 -0400
+Subject: [PATCH] RHEL only: Add cockpit by default to some zones
+
+Fixes: #1581578
+---
+ config/zones/home.xml     |  1 +
+ config/zones/internal.xml |  1 +
+ config/zones/public.xml   |  1 +
+ config/zones/work.xml     |  1 +
+ src/tests/functions.at    | 20 ++++++++++++++++++++
+ 5 files changed, 24 insertions(+)
+
+diff --git a/config/zones/home.xml b/config/zones/home.xml
+index d73c9bdb16b6..33064688367e 100644
+--- a/config/zones/home.xml
++++ b/config/zones/home.xml
+@@ -6,5 +6,6 @@
+   <service name="mdns"/>
+   <service name="samba-client"/>
+   <service name="dhcpv6-client"/>
++  <service name="cockpit"/>
+   <forward/>
+ </zone>
+diff --git a/config/zones/internal.xml b/config/zones/internal.xml
+index 053c18ccda8b..852b16ad94dd 100644
+--- a/config/zones/internal.xml
++++ b/config/zones/internal.xml
+@@ -6,5 +6,6 @@
+   <service name="mdns"/>
+   <service name="samba-client"/>
+   <service name="dhcpv6-client"/>
++  <service name="cockpit"/>
+   <forward/>
+ </zone>
+diff --git a/config/zones/public.xml b/config/zones/public.xml
+index 49fc4c20af52..62bc751de448 100644
+--- a/config/zones/public.xml
++++ b/config/zones/public.xml
+@@ -4,5 +4,6 @@
+   <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
+   <service name="ssh"/>
+   <service name="dhcpv6-client"/>
++  <service name="cockpit"/>
+   <forward/>
+ </zone>
+diff --git a/config/zones/work.xml b/config/zones/work.xml
+index f1a14a9b4682..27b54a7783c4 100644
+--- a/config/zones/work.xml
++++ b/config/zones/work.xml
+@@ -4,5 +4,6 @@
+   <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
+   <service name="ssh"/>
+   <service name="dhcpv6-client"/>
++  <service name="cockpit"/>
+   <forward/>
+ </zone>
+diff --git a/src/tests/functions.at b/src/tests/functions.at
+index 3f343ef49de1..c950a3c7a1a6 100644
+--- a/src/tests/functions.at
++++ b/src/tests/functions.at
+@@ -106,6 +106,14 @@ m4_define([FWD_START_TEST], [
+     fi
+ 
+     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [
++        AT_KEYWORDS(offline)
++        dnl cockpit is added by default downstream, but upstream tests don't expect
++        dnl it. Simply remove it at the start of every test.
++        dnl
++        FWD_OFFLINE_CHECK([--zone home --remove-service-from-zone cockpit], 0, [ignore])
++        FWD_OFFLINE_CHECK([--zone internal --remove-service-from-zone cockpit], 0, [ignore])
++        FWD_OFFLINE_CHECK([--zone public --remove-service-from-zone cockpit], 0, [ignore])
++        FWD_OFFLINE_CHECK([--zone work --remove-service-from-zone cockpit], 0, [ignore])
+     ], [
+         dnl set the appropriate backend
+         AT_CHECK([sed -i 's/^FirewallBackend.*/FirewallBackend=FIREWALL_BACKEND/' ./firewalld.conf])
+@@ -237,6 +245,18 @@ m4_define([FWD_START_TEST], [
+         ])
+ 
+         FWD_START_FIREWALLD
++
++        dnl cockpit is added by default downstream, but upstream tests don't expect
++        dnl it. Simply remove it at the start of every test.
++        dnl
++        FWD_CHECK([--permanent --zone home --remove-service cockpit], 0, [ignore])
++        FWD_CHECK([            --zone home --remove-service cockpit], 0, [ignore])
++        FWD_CHECK([--permanent --zone internal --remove-service cockpit], 0, [ignore])
++        FWD_CHECK([            --zone internal --remove-service cockpit], 0, [ignore])
++        FWD_CHECK([--permanent --zone public --remove-service cockpit], 0, [ignore])
++        FWD_CHECK([            --zone public --remove-service cockpit], 0, [ignore])
++        FWD_CHECK([--permanent --zone work --remove-service cockpit], 0, [ignore])
++        FWD_CHECK([            --zone work --remove-service cockpit], 0, [ignore])
+     ])
+ ])
+ 
+-- 
+2.27.0
+

FedoraServer.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<zone>
-  <short>Public</short>
-  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
-  <service name="ssh"/>
-  <service name="dhcpv6-client"/>
-  <service name="cockpit"/>
-</zone>

FedoraWorkstation.xml

@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<zone>
-  <short>Fedora Workstation</short>
-  <description>Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
-  <service name="dhcpv6-client"/>
-  <service name="ssh"/>
-  <service name="samba-client"/>
-  <port protocol="udp" port="1025-65535"/>
-  <port protocol="tcp" port="1025-65535"/>
-</zone>

sources

@@ -1 +1 @@
-SHA512 (firewalld-0.9.3.tar.gz) = 9be24a2186179a347cb4c29137423e4a4dcf5faf8fad28bc5258383d6415b1c5fad049dcb20312f6c80181a6a3cf72ecb9b6bcaee1b2a82399674aedc9d568bb
+SHA512 (firewalld-1.0.0-alpha.tar.gz) = 8ffc3184bac5361d3a5c0d1841cb1bf2ce3ef188632ed4b1cedc1f1c6becf01aafc571b44abcc31d572e571bce8586114b2646ed5dffacf5ba3688b041e88a74