rpms/oscap-anaconda-addon
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import oscap-anaconda-addon-1.1.1-5.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-11-03 07:05:36 -05:00 committed by Andrew Lukoshko
parent 1785b27ce6
commit ec32b32bd4
16 changed files with 4073 additions and 3953 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/oscap-anaconda-addon-1.0.tar.gz
SOURCES/oscap-anaconda-addon-1.1.1.tar.gz

2
.oscap-anaconda-addon.metadata
View File

@ -1 +1 @@
6edf7e4859de8e66837404c084405ea4318a319d SOURCES/oscap-anaconda-addon-1.0.tar.gz
789fbf8b6c8618619fb484a635c29d638202d015 SOURCES/oscap-anaconda-addon-1.1.1.tar.gz

26
SOURCES/bootloader.patch
View File

@ -1,26 +0,0 @@
From 1e275a0da36595dd921732e0f60510171cdbe75c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Tue, 15 Jan 2019 19:16:44 +0100
Subject: [PATCH] Updated code to comply to the Bootloader proxy API.
---
org_fedora_oscap/rule_handling.py | 4 ++--
tests/test_rule_handling.py | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index 738465f..f3fd057 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -716,9 +716,9 @@ def eval_rules(self, ksdata, storage, report_only=False):
bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
- if self._require_password and not bootloader_proxy.password_is_set:
+ if self._require_password and not bootloader_proxy.IsPasswordSet:
# TODO: Anaconda provides a way to set bootloader password:
- # bootloader_proxy.set_password(...)
+ # bootloader_proxy.SetEncryptedPassword(...)
# We don't support setting the bootloader password yet,
# but we shouldn't stop the installation, just because of that.
return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,

30
SOURCES/checksum.patch
View File

@ -1,30 +0,0 @@
From fd1684358e212521abaf3ec7662aa97181868c0a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Tue, 15 Jan 2019 18:19:28 +0100
Subject: [PATCH] Fixed the checksum function to use forward-compatible rb
mode.
On python3, there is a problem as contents of r-opened file is string,
but they are treated as bytes later. rb mode is fully python2-compatible.
---
org_fedora_oscap/utils.py | 4 ++--
tests/data/file | 1 +
tests/test_utils.py | 12 ++++++++++++
3 files changed, 15 insertions(+), 2 deletions(-)
create mode 100644 tests/data/file
diff --git a/org_fedora_oscap/utils.py b/org_fedora_oscap/utils.py
index 6d5c157..3be8325 100644
--- a/org_fedora_oscap/utils.py
+++ b/org_fedora_oscap/utils.py
@@ -175,8 +175,8 @@ def get_file_fingerprint(fpath, hash_obj):
"""
- with open(fpath, "r") as fobj:
- bsize = 4*1024
+ with open(fpath, "rb") as fobj:
+ bsize = 4 * 1024
# process file as 4 KB blocks
buf = fobj.read(bsize)
while buf:

25
SOURCES/do_not_use_capitals_for_the_spoke_title.patch
View File

@ -1,25 +0,0 @@
From 2f97f43a4194263e47d4747e39c22b8287a659b3 Mon Sep 17 00:00:00 2001
From: Radek Vykydal <rvykydal@redhat.com>
Date: Wed, 21 Aug 2019 15:49:21 +0200
Subject: [PATCH] Do not use capitals for spoke title.
Resolves: rhbz#1744185
To be consistent with other spokes.
---
org_fedora_oscap/gui/spokes/oscap.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index 96802cf..0c90fb7 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -195,7 +195,7 @@ class OSCAPSpoke(NormalSpoke):
icon = "changes-prevent-symbolic"
# title of the spoke (will be displayed on the hub)
- title = N_("_SECURITY POLICY")
+ title = N_("_Security Policy")
# methods defined by API and helper methods #
def __init__(self, data, storage, payload, instclass):

30
SOURCES/help_id.patch
View File

@ -1,30 +0,0 @@
From ccd4e2f078d00fa4570d2bd56802c726286d1020 Mon Sep 17 00:00:00 2001
From: Martin Kolman <mkolman@redhat.com>
Date: Wed, 10 Oct 2018 17:12:01 +0200
Subject: [PATCH] Set help id for the OSCAP addon provided spoke (#1638068)
The new Anaconda help system now operates on help ids instead of pointing to
individual files.
So drop the old property and replace it with a proper help_id.
Resolves: rhbz#1638068
---
org_fedora_oscap/gui/spokes/oscap.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index d9fe548..36fd656 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -179,8 +179,8 @@ class OSCAPSpoke(NormalSpoke):
# name of the .glade file in the same directory as this source
uiFile = "oscap.glade"
- # name of the file providing help content for this spoke
- helpFile = "SecurityPolicySpoke.xml"
+ # id of the help content for this spoke
+ help_id = "SecurityPolicySpoke"
# domain of oscap-anaconda-addon translations
translationDomain = "oscap-anaconda-addon"

7236
SOURCES/lang.patch
View File

File diff suppressed because it is too large Load Diff

25
SOURCES/oaa-1.2-unicode_issues_PR124.patch Normal file
View File

@ -0,0 +1,25 @@
From 316d1fdd46e962c2eca32dde8b6d391286bd3d28 Mon Sep 17 00:00:00 2001
From: Masahiro Matsuya <mmatsuya@redhat.com>
Date: Fri, 7 Aug 2020 15:50:05 +0900
Subject: [PATCH] avoiding UnicodeDecodeError in decode(). Output more errors
which starts with E: oscap
---
org_fedora_oscap/common.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/org_fedora_oscap/common.py b/org_fedora_oscap/common.py
index 9b4b7bf..45ce727 100644
--- a/org_fedora_oscap/common.py
+++ b/org_fedora_oscap/common.py
@@ -136,8 +136,9 @@ def execute(self, ** kwargs):
(stdout, stderr) = proc.communicate()
self.stdout = stdout.decode()
- self.stderr = stderr.decode()
+ self.stderr = stderr.decode(errors="replace")
self.messages = re.findall(r'OpenSCAP Error:.*', self.stderr)
+ self.messages = self.messages + re.findall(r'E: oscap:.*', self.stderr)
self.returncode = proc.returncode

101
SOURCES/oaa-1.2_lang-streamline.patch Normal file
View File

@ -0,0 +1,101 @@
From 2646bb88746aa7b1abc715b40fa0a07a865d9576 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Wed, 17 Jun 2020 14:30:52 +0200
Subject: [PATCH 1/3] Improve handling of languages.
- fix the Makefile so translations are copied to the right directory in the image
- allow generation of update image with or without translations
- regenerate the create_update_image script with latest argbash
---
Makefile | 6 ++-
create_update_image.sh | 86 ++++++++++++++++++++++++++++--------------
2 files changed, 63 insertions(+), 29 deletions(-)
diff --git a/Makefile b/Makefile
index 2c2059c..dc8e9a0 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,8 @@ ADDON = org_fedora_oscap
TESTS = tests \
testing_files
+DEFAULT_INSTALL_OF_PO_FILES ?= yes
+
OSVERSION := $(shell grep -o " [0-9]\{1,\}" /etc/redhat-release | sed "s/ //g")
ifeq ($(OSVERSION),7)
PYVERSION = ""
@@ -37,7 +39,9 @@ NUM_PROCS = $$(getconf _NPROCESSORS_ONLN)
install:
mkdir -p $(DESTDIR)$(ADDONDIR)
cp -rv $(ADDON) $(DESTDIR)$(ADDONDIR)
+ifeq ($(DEFAULT_INSTALL_OF_PO_FILES),yes)
$(MAKE) install-po-files
+endif
uninstall:
rm -rfv $(DESTDIR)$(ADDONDIR)
@@ -78,7 +82,7 @@ push-pot: potfile
zanata push $(ZANATA_PUSH_ARGS)
install-po-files:
- $(MAKE) -C po install
+ $(MAKE) -C po install RPM_BUILD_ROOT=$(DESTDIR)
test:
@echo "***Running pylint$(PYVERSION) checks***"
From 7434500bcd94c2c53d61c84a7364493372f7e053 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Wed, 17 Jun 2020 14:32:25 +0200
Subject: [PATCH 2/3] Dont use capital letters for the spoke title.
---
org_fedora_oscap/gui/spokes/oscap.glade | 2 +-
po/oscap-anaconda-addon.pot | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.glade b/org_fedora_oscap/gui/spokes/oscap.glade
index e9e2fc0..e8516c0 100644
--- a/org_fedora_oscap/gui/spokes/oscap.glade
+++ b/org_fedora_oscap/gui/spokes/oscap.glade
@@ -37,7 +37,7 @@
<property name="can_focus">False</property>
<property name="hexpand">True</property>
<property name="vexpand">True</property>
- <property name="window_name" translatable="yes">SECURITY POLICY</property>
+ <property name="window_name" translatable="yes">Security Policy</property>
<signal name="button-clicked" handler="on_back_clicked" swapped="no"/>
<child internal-child="main_box">
<object class="GtkBox" id="AnacondaSpokeWindow-main_box1">
From 00c3dd557881def88c2898fa6ced17dddfef5213 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 18 Jun 2020 15:12:40 +0200
Subject: [PATCH 3/3] Changed URI back to URL in order not to mess with
translations.
The PR #112 marked this string as translatable, and changed it in the process.
However, the string is already present elsewhere in the source code, so this move
messed things up for translators.
This change reverts the URL->URI change, and leaves the GUI string "translatable",
as there is no way how to record the reason for this decision, so the situation doesn't repeat again.
As a result, it is now the job of the translation framework
to deal with the duplication gracefully.
---
org_fedora_oscap/gui/spokes/oscap.glade | 2 +-
po/oscap-anaconda-addon.pot | 9 ++-------
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.glade b/org_fedora_oscap/gui/spokes/oscap.glade
index e8516c0..1adcfcf 100644
--- a/org_fedora_oscap/gui/spokes/oscap.glade
+++ b/org_fedora_oscap/gui/spokes/oscap.glade
@@ -446,7 +446,7 @@
<object class="GtkLabel" id="noContentLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="label" translatable="yes">No content found. Please enter data stream content or archive URI below:</property>
+ <property name="label" translatable="yes">No content found. Please enter data stream content or archive URL below:</property>
<property name="wrap">True</property>
<property name="xalign">0</property>
</object>

41
SOURCES/oaa-1.2_spoke-window_PR122.patch Normal file
View File

@ -0,0 +1,41 @@
From 943b2570c3196aec12a46d5b0e261f026ace0e86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 9 Jul 2020 17:15:11 +0200
Subject: [PATCH] Changed the spoke label back to uppercase.
The spoke title which is defined in the Python code and visible in the hub
should have capitalization that respects the local language convention.
However, the much less visible spoke label that is defined in the glade file
should be uppercase, and so should be translations.
---
org_fedora_oscap/gui/spokes/oscap.glade | 2 +-
org_fedora_oscap/gui/spokes/oscap.py | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.glade b/org_fedora_oscap/gui/spokes/oscap.glade
index 1adcfcf..1fd2664 100644
--- a/org_fedora_oscap/gui/spokes/oscap.glade
+++ b/org_fedora_oscap/gui/spokes/oscap.glade
@@ -37,7 +37,7 @@
<property name="can_focus">False</property>
<property name="hexpand">True</property>
<property name="vexpand">True</property>
- <property name="window_name" translatable="yes">Security Policy</property>
+ <property name="window_name" translatable="yes">SECURITY POLICY</property>
<signal name="button-clicked" handler="on_back_clicked" swapped="no"/>
<child internal-child="main_box">
<object class="GtkBox" id="AnacondaSpokeWindow-main_box1">
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index f21f7d3..b9fcd31 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -196,6 +196,9 @@ class OSCAPSpoke(NormalSpoke):
# title of the spoke (will be displayed on the hub)
title = N_("_Security Policy")
+ # The string "SECURITY POLICY" in oscap.glade is meant to be uppercase,
+ # as it is displayed inside the spoke as the spoke label,
+ # and spoke labels are all uppercase by a convention.
# methods defined by API and helper methods #
def __init__(self, data, storage, payload):

25
SOURCES/oaa-1.2_warn-nfs-utils.patch Normal file
View File

@ -0,0 +1,25 @@
From 9e514460c584666308967d611b26ea2927ea0535 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 18 Jun 2020 11:28:15 +0200
Subject: [PATCH] Added nfs-utils as an essential package for GUI envs.
---
org_fedora_oscap/rule_handling.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index 3728f89..6a3a04e 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -43,7 +43,10 @@
ESSENTIAL_PACKAGES = {
"xorg-x11-server-common": {
"env": ["graphical-server-environment", "workstation-product-environment"],
- }
+ },
+ "nfs-utils": {
+ "env": ["graphical-server-environment", "workstation-product-environment"],
+ },
}
log = logging.getLogger("anaconda")

82
SOURCES/oaa-1.2_warn-xorg.patch Normal file
View File

@ -0,0 +1,82 @@
From 6c285154723f618675c3a216ce84b480d770c10d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Tue, 9 Jun 2020 16:56:32 +0200
Subject: [PATCH 1/2] Address incompatible profiles and software selections.
This change introduces a mechanism that allows to vet packages marked for removal.
Such package can now have a record in the ESSENTIAL_PACKAGES dict,
that define whether the package is essential => cant be removed
based on the environment and groups selected in the Software Selection Anaconda spoke.
In case when one first selects the profile and then changes the Software Selection
to an incompatible setting, the Selection spoke will raise an error, as it already
tries to apply the blacklist with its environment/groups.
---
org_fedora_oscap/rule_handling.py | 38 +++++++++++++++++++++++++++----
1 file changed, 33 insertions(+), 5 deletions(-)
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index cd67822..3728f89 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -40,6 +40,12 @@
__all__ = ["RuleData"]
+ESSENTIAL_PACKAGES = {
+ "xorg-x11-server-common": {
+ "env": ["graphical-server-environment", "workstation-product-environment"],
+ }
+}
+
log = logging.getLogger("anaconda")
_ = common._
@@ -627,6 +633,20 @@ def __str__(self):
return ret
+ def _package_is_essential(self, package_name, ksdata_packages):
+ if package_name not in ESSENTIAL_PACKAGES:
+ return False
+ if package_name in ksdata_packages.packageList:
+ return True
+ selected_install_env = ksdata_packages.environment
+ if selected_install_env in ESSENTIAL_PACKAGES[package_name].get("env"):
+ return True
+ selected_install_groups_names = {g.name for g in ksdata_packages.groupList}
+ for g in ESSENTIAL_PACKAGES[package_name].get("groups", []):
+ if g in selected_install_groups_names:
+ return True
+ return False
+
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
@@ -655,13 +675,21 @@ def eval_rules(self, ksdata, storage, report_only=False):
common.MESSAGE_TYPE_INFO, msg))
# now do the same for the packages that should be excluded
-
# add messages for the already excluded packages
for pkg in self._removed_pkgs:
- msg = _("package '%s' has been added to the list of excluded "
- "packages" % pkg)
- messages.append(RuleMessage(self.__class__,
- common.MESSAGE_TYPE_INFO, msg))
+ if self._package_is_essential(pkg, ksdata.packages):
+ msg = _(
+ "package '{package}' has been added to the list "
+ "of excluded packages, but it can't be removed "
+ "from the current software selection without breaking the installation."
+ .format(package=pkg))
+ messages.append(RuleMessage(self.__class__,
+ common.MESSAGE_TYPE_FATAL, msg))
+ else:
+ msg = _("package '%s' has been added to the list of excluded "
+ "packages" % pkg)
+ messages.append(RuleMessage(self.__class__,
+ common.MESSAGE_TYPE_INFO, msg))
# packages, that should be added
packages_to_remove = (pkg for pkg in self._remove_pkgs

256
SOURCES/oaa-api-update.patch
View File

@ -1,256 +0,0 @@
diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py
index f712ac4..738465f 100644
--- a/org_fedora_oscap/rule_handling.py
+++ b/org_fedora_oscap/rule_handling.py
@@ -26,7 +26,13 @@
import optparse
import shlex
import logging
+
from pyanaconda.pwpolicy import F22_PwPolicyData
+from pyanaconda.core.constants import (
+ FIREWALL_ENABLED, FIREWALL_DISABLED, FIREWALL_USE_SYSTEM_DEFAULTS)
+from pyanaconda.modules.common.constants.objects import FIREWALL, BOOTLOADER
+from pyanaconda.modules.common.constants.services import NETWORK, STORAGE, USERS
+
from org_fedora_oscap import common
from org_fedora_oscap.common import OSCAPaddonError, RuleMessage
@@ -496,7 +502,10 @@ def eval_rules(self, ksdata, storage, report_only=False):
return []
ret = []
- if not ksdata.rootpw.password:
+
+ users_proxy = USERS.get_proxy()
+
+ if not users_proxy.IsRootPasswordSet:
# root password was not set
msg = _("make sure to create password with minimal length of %d "
@@ -505,12 +514,12 @@ def eval_rules(self, ksdata, storage, report_only=False):
common.MESSAGE_TYPE_WARNING, msg)]
else:
# root password set
- if ksdata.rootpw.isCrypted:
+ if users_proxy.IsRootPasswordCrypted:
msg = _("cannot check root password length (password is crypted)")
log.warning("cannot check root password length (password is crypted)")
return [RuleMessage(self.__class__,
common.MESSAGE_TYPE_WARNING, msg)]
- elif len(ksdata.rootpw.password) < self._minlen:
+ elif len(users_proxy.RootPassword) < self._minlen:
# too short
msg = _("root password is too short, a longer one with at "
"least %d characters is required") % self._minlen
@@ -705,10 +714,13 @@ def __str__(self):
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
- if self._require_password and not storage.bootloader.password:
- # Anaconda doesn't provide a way to set bootloader password, so
- # users cannot do much about that --> we shouldn't stop the
- # installation, should we?
+ bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
+
+ if self._require_password and not bootloader_proxy.password_is_set:
+ # TODO: Anaconda provides a way to set bootloader password:
+ # bootloader_proxy.set_password(...)
+ # We don't support setting the bootloader password yet,
+ # but we shouldn't stop the installation, just because of that.
return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,
"boot loader password not set up")]
else:
@@ -802,8 +814,13 @@ def __init__(self):
self._added_trusts = set()
self._removed_svcs = set()
+ self._new_services_to_add = set()
+ self._new_ports_to_add = set()
+ self._new_trusts_to_add = set()
+ self._new_services_to_remove = set()
+
self._firewall_enabled = None
- self._firewall_default_enabled = None
+ self._firewall_default_state = None
def add_services(self, services):
"""
@@ -895,25 +912,26 @@ def __str__(self):
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
+ firewall_proxy = NETWORK.get_proxy(FIREWALL)
messages = []
- if self._firewall_default_enabled is None:
+ if self._firewall_default_state is None:
# firewall default startup setting
- self._firewall_default_enabled = ksdata.firewall.enabled
+ self._firewall_default_state = firewall_proxy.FirewallMode
if self._firewall_enabled is False:
msg = _("Firewall will be disabled on startup")
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
if not report_only:
- ksdata.firewall.enabled = self._firewall_enabled
+ firewall_proxy.SetFirewallMode(FIREWALL_DISABLED)
elif self._firewall_enabled is True:
msg = _("Firewall will be enabled on startup")
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
if not report_only:
- ksdata.firewall.enabled = self._firewall_enabled
+ firewall_proxy.SetFirewallMode(FIREWALL_ENABLED)
# add messages for the already added services
for svc in self._added_svcs:
@@ -937,49 +955,58 @@ def eval_rules(self, ksdata, storage, report_only=False):
common.MESSAGE_TYPE_INFO, msg))
# services, that should be added
- services_to_add = (svc for svc in self._add_svcs
- if svc not in ksdata.firewall.services)
+ self._new_services_to_add = {
+ svc for svc in self._add_svcs
+ if svc not in firewall_proxy.EnabledServices}
# ports, that should be added
- ports_to_add = (ports for ports in self._add_ports
- if ports not in ksdata.firewall.ports)
+ self._new_ports_to_add = {
+ ports for ports in self._add_ports
+ if ports not in firewall_proxy.EnabledPorts}
# trusts, that should be added
- trusts_to_add = (trust for trust in self._add_trusts
- if trust not in ksdata.firewall.trusts)
+ self._new_trusts_to_add = {
+ trust for trust in self._add_trusts
+ if trust not in firewall_proxy.Trusts}
- for svc in services_to_add:
+ for svc in self._new_services_to_add:
# add the service unless already added
if not report_only:
self._added_svcs.add(svc)
- ksdata.firewall.services.append(svc)
msg = _("service '%s' has been added to the list of services to be "
"added to the firewall" % svc)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_services = list(self._add_svcs.union(set(firewall_proxy.EnabledServices)))
+ firewall_proxy.SetEnabledServices(all_services)
- for port in ports_to_add:
+ for port in self._new_ports_to_add:
# add the port unless already added
if not report_only:
self._added_ports.add(port)
- ksdata.firewall.ports.append(port)
msg = _("port '%s' has been added to the list of ports to be "
"added to the firewall" % port)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_ports = list(self._add_ports.union(set(firewall_proxy.EnabledPorts)))
+ firewall_proxy.SetEnabledPorts(all_ports)
- for trust in trusts_to_add:
+ for trust in self._new_trusts_to_add:
# add the trust unless already added
if not report_only:
self._added_trusts.add(trust)
- ksdata.firewall.trusts.append(trust)
msg = _("trust '%s' has been added to the list of trusts to be "
"added to the firewall" % trust)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_trusts = list(self._add_trusts.union(set(firewall_proxy.Trusts)))
+ firewall_proxy.SetTrusts(all_trusts)
# now do the same for the services that should be excluded
@@ -990,52 +1017,56 @@ def eval_rules(self, ksdata, storage, report_only=False):
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
- # services, that should be added
- services_to_remove = (svc for svc in self._remove_svcs
- if svc not in ksdata.firewall.remove_services)
+ # services, that should be excluded
+ self._new_services_to_remove = {
+ svc for svc in self._remove_svcs
+ if svc not in firewall_proxy.DisabledServices}
- for svc in services_to_remove:
+ for svc in self._new_services_to_remove:
# exclude the service unless already excluded
if not report_only:
self._removed_svcs.add(svc)
- ksdata.firewall.remove_services.append(svc)
msg = _("service '%s' has been added to the list of services to be "
"removed from the firewall" % svc)
messages.append(RuleMessage(self.__class__,
common.MESSAGE_TYPE_INFO, msg))
+ if not report_only:
+ all_services = list(self._remove_svcs.union(set(firewall_proxy.DisabledServices)))
+ firewall_proxy.SetDisabledServices(all_services)
return messages
def revert_changes(self, ksdata, storage):
""":see: RuleHander.revert_changes"""
+ firewall_proxy = NETWORK.get_proxy(FIREWALL)
if self._firewall_enabled is not None:
- ksdata.firewall.enabled = self._firewall_default_enabled
+ firewall_proxy.SetFirewallMode(self._firewall_default_state)
# remove all services this handler added
- for svc in self._added_svcs:
- if svc in ksdata.firewall.services:
- ksdata.firewall.services.remove(svc)
+ all_services = firewall_proxy.EnabledServices
+ orig_services = set(all_services).difference(self._new_services_to_add)
+ firewall_proxy.SetEnabledServices(list(orig_services))
# remove all ports this handler added
- for port in self._added_ports:
- if port in ksdata.firewall.ports:
- ksdata.firewall.ports.remove(port)
+ all_ports = firewall_proxy.EnabledPorts
+ orig_ports = set(all_ports).difference(self._new_ports_to_add)
+ firewall_proxy.SetEnabledPorts(list(orig_ports))
# remove all trusts this handler added
- for trust in self._added_trusts:
- if trust in ksdata.firewall.trusts:
- ksdata.firewall.trusts.remove(trust)
+ all_trusts = firewall_proxy.Trusts
+ orig_trusts = set(all_trusts).difference(self._new_trusts_to_add)
+ firewall_proxy.SetTrusts(list(orig_trusts))
# remove all services this handler excluded
- for svc in self._removed_svcs:
- if svc in ksdata.firewall.remove_services:
- ksdata.firewall.remove_services.remove(svc)
+ all_services = firewall_proxy.DisabledServices
+ orig_services = set(all_services).difference(self._new_services_to_remove)
+ firewall_proxy.SetDisabledServices(list(orig_services))
self._added_svcs = set()
self._added_ports = set()
self._added_trusts = set()
self._removed_svcs = set()
self._firewall_enabled = None
- self._firewall_default_enabled = None
+ self._firewall_default_state = None

68
SOURCES/rootpw.patch
View File

@ -1,68 +0,0 @@
From 44a643f4c115d638d42f19f668cef1c220aab1b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 17 Jan 2019 18:06:02 +0100
Subject: [PATCH] Updated the code to use the up-to-date Anaconda API.
Fixes RHBZ#1665551
---
org_fedora_oscap/gui/spokes/oscap.py | 29 +++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index 36fd656..f16699b 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -38,6 +38,8 @@
from pyanaconda.ui.categories.system import SystemCategory
from pykickstart.errors import KickstartValueError
+from pyanaconda.modules.common.constants.services import USERS
+
# pylint: disable-msg=E0611
from gi.repository import Gdk
@@ -650,26 +652,35 @@ def _update_message_store(self, report_only=False):
def _resolve_rootpw_issues(self, messages, report_only):
"""Mitigate root password issues (which are not fatal in GUI)"""
- fatal_rootpw_msgs = [msg for msg in messages
- if msg.origin == rule_handling.PasswdRules and msg.type == common.MESSAGE_TYPE_FATAL]
+ fatal_rootpw_msgs = [
+ msg for msg in messages
+ if msg.origin == rule_handling.PasswdRules and msg.type == common.MESSAGE_TYPE_FATAL]
+
if fatal_rootpw_msgs:
for msg in fatal_rootpw_msgs:
# cannot just change the message type because it is a namedtuple
messages.remove(msg)
- messages.append(common.RuleMessage(self.__class__,
- common.MESSAGE_TYPE_WARNING,
- msg.text))
+
+ msg = common.RuleMessage(
+ self.__class__, common.MESSAGE_TYPE_WARNING, msg.text)
+ messages.append(msg)
+
if not report_only:
- self.__old_root_pw = self.data.rootpw.password
+ users_proxy = USERS.get_proxy()
+
+ self.__old_root_pw = users_proxy.RootPassword
self.data.rootpw.password = None
- self.__old_root_pw_seen = self.data.rootpw.seen
+ self.__old_root_pw_seen = users_proxy.IsRootpwKickstarted
self.data.rootpw.seen = False
def _revert_rootpw_changes(self):
if self.__old_root_pw is not None:
- self.data.rootpw.password = self.__old_root_pw
- self.data.rootpw.seen = self.__old_root_pw_seen
+ users_proxy = USERS.get_proxy()
+
+ users_proxy.SetRootPassword(self.__old_root_pw)
self.__old_root_pw = None
+
+ users_proxy.SetRootpwKickstarted(self.__old_root_pw_seen)
self.__old_root_pw_seen = None
@async_action_wait

22
SOURCES/translate_spoke_title.patch
View File

@ -1,22 +0,0 @@
From c88dba4b9deeb78158bf2e239e4b7118a9e8b39f Mon Sep 17 00:00:00 2001
From: Marek Haicman <mhaicman@redhat.com>
Date: Thu, 7 Feb 2019 19:24:08 +0100
Subject: [PATCH] Hack hub title to show translated.
---
org_fedora_oscap/gui/spokes/oscap.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/org_fedora_oscap/gui/spokes/oscap.py b/org_fedora_oscap/gui/spokes/oscap.py
index 72c1501..594969a 100644
--- a/org_fedora_oscap/gui/spokes/oscap.py
+++ b/org_fedora_oscap/gui/spokes/oscap.py
@@ -190,6 +190,8 @@ def __init__(self, data, storage, payload, instclass):
NormalSpoke.__init__(self, data, storage, payload, instclass)
self._addon_data = self.data.addons.org_fedora_oscap
+ # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1673071
+ self.title = _(self.title)
self._storage = storage
self._ready = False

55
SPECS/oscap-anaconda-addon.spec
View File

@ -2,8 +2,8 @@
%global _default_patch_flags --no-backup-if-mismatch
Name: oscap-anaconda-addon
Version: 1.0
Release: 10%{?dist}
Version: 1.1.1
Release: 5%{?dist}
Summary: Anaconda addon integrating OpenSCAP to the installation process
License: GPLv2+
@ -16,25 +16,22 @@ URL: https://github.com/OpenSCAP/oscap-anaconda-addon
# or via direct git checkout:
# git clone https://github.com/OpenSCAP/oscap-anaconda-addon.git
Source0: %{name}-%{version}.tar.gz
# Let the Patch1 be reserved for translations patches
Patch1: lang.patch
Patch2: oaa-api-update.patch
Patch3: help_id.patch
Patch4: rootpw.patch
Patch5: bootloader.patch
Patch6: checksum.patch
Patch7: translate_spoke_title.patch
Patch8: do_not_use_capitals_for_the_spoke_title.patch
Patch2: oaa-1.2_warn-xorg.patch
Patch3: oaa-1.2_warn-nfs-utils.patch
Patch4: oaa-1.2_lang-streamline.patch
Patch5: oaa-1.2_spoke-window_PR122.patch
Patch6: oaa-1.2-unicode_issues_PR124.patch
BuildArch: noarch
BuildRequires: gettext
BuildRequires: python3-devel
BuildRequires: python3-pycurl
#BuildRequires: python-mock
#BuildRequires: python-nose
#BuildRequires: python3-cpio
BuildRequires: openscap openscap-utils openscap-python3
BuildRequires: anaconda-core >= 28.22.10
Requires: anaconda-core >= 28.22.10
BuildRequires: anaconda-core >= 33
Requires: anaconda-core >= 33
Requires: python3-cpio
Requires: python3-pycurl
Requires: python3-kickstart
@ -54,11 +51,14 @@ content.
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
# As Patch1 translates the upsated string "_Security Policy" added by Patch8,
# Patch1 needs to be aplied after Patch8
# As patches may translates the strings that are updated by later patches,
# Patch1 needs to be aplied last.
%patch1 -p1
# NOTE CONCERNING TRANSLATION PATCHES
# When preparing translation patches, don't consider that some languages are unsupported -
# we aim to include all applicable translation texts to the appropriate patch.
# This has consulted with ljanda@redhat.com, and we basically follow the existing practice of the Anaconda project we integrate into.
%build
@ -76,6 +76,25 @@ make install DESTDIR=%{buildroot}
%doc COPYING ChangeLog README.md
%changelog
* Tue Aug 18 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-5
- Fixed issues with encountering filenames with weird encoding during scans - rhbz#1867960
* Thu Jul 09 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-4
- Fixed spoke window text: RHBZ#1855041
* Fri Jun 26 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-3
- Updated translations: RHBZ#1820557
* Mon Jun 22 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-2
- Fixed issues addressing combination of profiles and GUI-based software selections: RHBZ#1843932, RHBZ#1787156
- Improved handling of languages, capitalization: RHBZ#1696278
- Updated translations: RHBZ#1820557
* Tue Jun 02 2020 Matěj Týč <matyc@redhat.com> - 1.1.1-1
- Rebase to upstream 1.1.1
- This OAA is compatible with the RHEL 8.3 Anaconda: RHBZ#1696278
- The UX has been improved: RHBZ#1781790
* Mon Sep 02 2019 Watson Sato <wsato@redhat.com> - 1.0-10
- Do not use capital letters for spoke title: RHBZ#1744185
- Updated translations