Sle15 sp1 merge

package/yast2-firewall.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Apr 26 12:30:53 UTC 2019 - jreidinger <jreidinger@suse.com>
+
+- change proposal naming and add option to set cpu mitigations
+  (bsc#1128707)
+- 4.2.0
+
 -------------------------------------------------------------------
 Tue Mar 26 23:44:33 UTC 2019 - knut.anderssen@suse.com
 

package/yast2-firewall.spec

@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.1.11
+Version:        4.2.0
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -38,6 +38,8 @@ Requires:       yast2 >= 4.1.67
 
 # ButtonBox widget
 Conflicts:	yast2-ycp-ui-bindings < 2.17.3
+# CpiMitigations
+Conflicts:	yast2-bootloader < 4.2.1
 
 Provides:	yast2-config-firewall
 Obsoletes:	yast2-config-firewall

src/lib/y2firewall/clients/proposal.rb

@@ -22,6 +22,7 @@
 # find current contact information at www.suse.com.
 
 require "yast"
+require "erb"
 require "y2firewall/firewalld/api"
 require "y2firewall/proposal_settings"
 require "y2firewall/dialogs/proposal"
@@ -45,7 +46,8 @@ class Proposal < ::Installation::ProposalClient
         LINK_ENABLE_SSHD = "firewall--enable_sshd".freeze,
         LINK_DISABLE_SSHD = "firewall--disable_sshd".freeze,
         LINK_OPEN_VNC = "firewall--open_vnc".freeze,
-        LINK_CLOSE_VNC = "firewall--close_vnc".freeze
+        LINK_CLOSE_VNC = "firewall--close_vnc".freeze,
+        LINK_CPU_MITIGATIONS = "firewall--cpu_mitigations".freeze
       ].freeze
 
       LINK_FIREWALL_DIALOG = "firewall".freeze
@@ -60,11 +62,12 @@ def initialize
       end
 
       def description
+        # TODO: temporary dgettext only to avoid new translation
         {
           # Proposal title
-          "rich_text_title" => _("Firewall and SSH"),
+          "rich_text_title" => Yast::Builtins.dgettext("security", "Security"),
           # Menu entry label
-          "menu_title"      => _("&Firewall and SSH"),
+          "menu_title"      => Yast::Builtins.dgettext("ncurses-pkg", "&Security"),
           "id"              => LINK_FIREWALL_DIALOG
         }
       end
@@ -106,15 +109,56 @@ def write
       # Obtain and call the corresponding method for the clicked link.
       def call_proposal_action_for(link)
         action = link.gsub("firewall--", "")
-        @settings.public_send("#{action}!")
+        if action == "cpu_mitigations"
+          bootloader_dialog
+        else
+          @settings.public_send("#{action}!")
+        end
       end
 
       # Array with the available proposal descriptions.
       #
       # @return [Array<String>] services and ports descriptions
       def proposals
-        # Filter proposals with content and sort them
-        [firewall_proposal, sshd_proposal, ssh_port_proposal, vnc_fw_proposal].compact
+        # Filter proposals with content
+        [cpu_mitigations_proposal, firewall_proposal, sshd_proposal,
+         ssh_port_proposal, vnc_fw_proposal].compact
+      end
+
+      # Returns the cpu mitigation part of the bootloader proposal description
+      # Returns nil if this part should be skipped
+      # @return [String] proposal html text
+      def cpu_mitigations_proposal
+        require "bootloader/bootloader_factory"
+        bl = ::Bootloader::BootloaderFactory.current
+        return nil if bl.name == "none"
+
+        mitigations = bl.cpu_mitigations
+
+        res = _("CPU Mitigations: ") + "<a href=\"#{LINK_CPU_MITIGATIONS}\">" +
+          ERB::Util.html_escape(mitigations.to_human_string) + "</a>"
+        log.info "mitigations output #{res.inspect}"
+        res
+      end
+
+      def bootloader_dialog
+        require "bootloader/config_dialog"
+        Yast.import "Bootloader"
+
+        begin
+          # do it in own dialog window
+          Yast::Wizard.CreateDialog
+          dialog = ::Bootloader::ConfigDialog.new(initial_tab: :kernel)
+          settings = Yast::Bootloader.Export
+          result = dialog.run
+          if result != :next
+            Yast::Bootloader.Import(settings)
+          else
+            Yast::Bootloader.proposed_cfg_changed = true
+          end
+        ensure
+          Yast::Wizard.CloseDialog
+        end
       end
 
       # Returns the VNC-port part of the firewall proposal description

test/lib/y2firewall/clients/proposal_test.rb

@@ -24,14 +24,19 @@
 require "y2firewall/clients/proposal"
 
 describe Y2Firewall::Clients::Proposal do
-  let(:client) { described_class.new }
+  subject(:client) { described_class.new }
   let(:proposal_settings) { Y2Firewall::ProposalSettings.instance }
 
+  before do
+    # skip bootloader proposal to avoid build dependency on it
+    allow(subject).to receive(:cpu_mitigations_proposal)
+  end
+
   describe "#initialize" do
     it "instantiates a new proposal settings" do
       expect(Y2Firewall::ProposalSettings).to receive(:instance)
 
-      client
+      described_class.new
     end
   end