Moved the one-time proposal flag to the settings class

src/lib/installation/clients/security_proposal.rb

@@ -224,9 +224,7 @@ def sshd_proposal
         # Check if only public key auth is configured, and if yes,
         # enable SSHD and open the SSH port; but only now, after we are sure
         # that the user was prompted for the root password (bsc#1211764).
-        @settings.propose unless @sshd_proposed # Only once to allow the user to override this
-
-        @sshd_proposed = true
+        @settings.propose
         if @settings.enable_sshd
           _(
             "SSH service will be enabled (<a href=\"%s\">disable</a>)"

src/lib/installation/security_settings.rb

@@ -78,14 +78,19 @@ def propose_lsm_config
       Yast::PackagesProposal.SetResolvables("LSM", :pattern, lsm_config.needed_patterns)
     end
 
-    # Make a proposal for the security settings:
+    # Make a one-time proposal for the security settings:
     #
     # If only public key authentication is configured, and no root password is set,
     # open the SSH port and enable SSHD so at least SSH access can be used.
     #
     # This should be called AFTER the user was prompted for the root password, e.g.
     # when the security proposal is made during installation.
+    #
+    # This is done only once. Use 'reset_proposal' to do do it again.
     def propose
+      return if @proposal_done
+
+      @proposal_done = true
       log.info("Making security settings proposal")
       return unless only_public_key_auth?
 
@@ -94,6 +99,12 @@ def propose
       enable_sshd! unless @enable_sshd
     end
 
+    # Reset the proposal; i.e. the next call to 'propose' will do a fresh
+    # proposal.
+    def reset_proposal
+      @proposal_done = false
+    end
+
     # Services
 
     # Add the firewall package to be installed and sets the firewalld service