rpms/system-config-securitylevel/devel system-config-securitylevel-1.6.29.1-v6state.patch, NONE, 1.1 system-config-securitylevel-1.7.0-dirty.patch, NONE, 1.1 system-config-securitylevel-1.7.0-expand.patch, NONE, 1.1 system-config-securitylevel-1.7.0-honour_exit_code.patch, NONE, 1.1 sources, 1.85, 1.86 system-config-securitylevel.spec, 1.95, 1.96
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Fri Jun 8 15:53:41 UTC 2007
Author: twoerner
Update of /cvs/pkgs/rpms/system-config-securitylevel/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9694
Modified Files:
sources system-config-securitylevel.spec
Added Files:
system-config-securitylevel-1.6.29.1-v6state.patch
system-config-securitylevel-1.7.0-dirty.patch
system-config-securitylevel-1.7.0-expand.patch
system-config-securitylevel-1.7.0-honour_exit_code.patch
Log Message:
[tw]
- use state module for IPv6 firewall again (rhbz#233725, rhbz#236035)
- honour exit code of lokkit call (rhbz#227285)
- gui: fixed expand of trusted services list
- gui: make apply and ok button sensitive only if there are changes
(rhbz#227285)
- fixed url (rhbz#237723)
system-config-securitylevel-1.6.29.1-v6state.patch:
--- NEW FILE system-config-securitylevel-1.6.29.1-v6state.patch ---
--- system-config-securitylevel-1.6.29.1/src/lokkit.c.v6state 2006-12-14 17:40:11.000000000 +0100
+++ system-config-securitylevel-1.6.29.1/src/lokkit.c 2007-06-06 17:04:30.000000000 +0200
@@ -1029,33 +1029,17 @@
fprintf(fw, "-A %s -p udp -m udp --dport 631 -j ACCEPT\n", CHAIN_NAME);
fprintf(fw, "-A %s -p tcp -m tcp --dport 631 -j ACCEPT\n", CHAIN_NAME);
- /* Allow outgoing connections */
- fprintf(fw, "-A %s -p udp -m udp --dport 32768:61000 -j ACCEPT\n", CHAIN_NAME);
- fprintf(fw, "-A %s -p tcp -m tcp --dport 32768:61000 -j ACCEPT\n", CHAIN_NAME);
-
/* Note: The RELATED is extremely important as it matches ICMP error messages. */
- /* fprintf(fw, "-A %s -m state --state ESTABLISHED,RELATED -j ACCEPT\n", CHAIN_NAME); */
+ fprintf(fw, "-A %s -m state --state ESTABLISHED,RELATED -j ACCEPT\n", CHAIN_NAME);
for (i=0; ports && ports[i].start_port; i++) {
- if (ports[i].end_port == 0) {
- fprintf(fw, "-A %s -m %s -p %s --dport %d -j ACCEPT\n",
- CHAIN_NAME, ports[i].proto, ports[i].proto,
- ports[i].start_port);
- }
-/*
+ if (ports[i].end_port == 0)
fprintf(fw, "-A %s -m state --state NEW -m %s -p %s --dport %d -j ACCEPT\n",
CHAIN_NAME, ports[i].proto, ports[i].proto, ports[i].start_port);
-*/
- else {
- fprintf(fw, "-A %s -m %s -p %s --dport %d:%d -j ACCEPT\n",
- CHAIN_NAME, ports[i].proto, ports[i].proto,
- ports[i].start_port, ports[i].end_port);
- }
-/*
+ else
fprintf(fw, "-A %s -m state --state NEW -m %s -p %s --dport %d:%d -j ACCEPT\n",
CHAIN_NAME, ports[i].proto, ports[i].proto, ports[i].start_port,
ports[i].end_port);
-*/
}
system-config-securitylevel-1.7.0-dirty.patch:
--- NEW FILE system-config-securitylevel-1.7.0-dirty.patch ---
--- system-config-securitylevel-1.7.0/src/securitylevel.py.1.7.0 2007-01-12 16:24:59.000000000 +0100
+++ system-config-securitylevel-1.7.0/src/securitylevel.py 2007-06-06 17:14:47.000000000 +0200
@@ -147,6 +147,7 @@
# Set up the trusted services checklist.
self.incomingList = checklist.CheckList(columns=1)
+ self.incomingList.connect("check-dirty", self.checkDirty)
keyList = map(lambda svc: svc.description, self.serviceList)
keyList.sort()
@@ -201,7 +202,7 @@
if self.advancedPage:
self.advancedPage.set_sensitive(True)
- self.dirty = True
+ self.setDirty(True)
def none_activated(self, *args):
self.trustedServicesBox.set_sensitive(False)
@@ -210,12 +211,15 @@
if self.advancedPage:
self.advancedPage.set_sensitive(False)
- self.dirty = True
+ self.setDirty(True)
def add_port_cb(self, button, *args):
protoMapping = ["tcp", "udp"]
self.addPortDialog.show_all()
+ self.addPortDialog.set_position(gtk.WIN_POS_CENTER_ON_PARENT)
+ self.addPortDialog.set_transient_for(self.mainWindow)
+ self.addPortDialog.set_modal(True)
self.portEntry.set_text("")
self.protoCombo.set_active(0)
@@ -233,7 +237,7 @@
else:
if self._findPortInStore(portStr, proto) is None:
self.otherPortsStore.append([portStr, proto])
- self.dirty = True
+ self.setDirty(True)
break
else:
break
@@ -254,7 +258,7 @@
if iter is not None:
# Need to get past the TreeModelSort to whatever's underneath.
model.get_model().remove(iter)
- self.dirty = True
+ self.setDirty(True)
def security_changed_cb(self, combobox, *args):
if self.security_changed_firsttime:
@@ -274,7 +278,7 @@
if self.other_changed_firsttime:
self.other_changed_firsttime = False
return
- self.dirty = True
+ self.setDirty(True)
def okClicked(self, *args):
rc = self.apply()
@@ -348,11 +352,11 @@
if arg in ["--high", "--medium", "--enabled"]:
self.securityOptionMenu.set_active(0)
self.firewall_activated()
- self.dirty = False
+ self.setDirty(False)
elif arg == "--disabled":
self.securityOptionMenu.set_active(1)
self.none_activated()
- self.dirty = False
+ self.setDirty(False)
elif arg.startswith("--trust="):
key, device = string.split(arg, "=")
devicesList.append(string.strip(device))
@@ -376,7 +380,7 @@
key, file = string.split(arg, "=")
if self.advancedPage:
- self.advancedPage.customRulesCheckbox.set_active(True)
+ self.advancedPage.set_active(True)
self.advancedPage.set_sensitive(True)
self.advancedPage.origFilename = file
self.advancedPage.set_filename(file)
@@ -466,13 +470,14 @@
if self.advancedPage:
advancedArgs = self.advancedPage.apply()
- self.dirty = self.advancedPage.dirty
- args.append(self.advancedPage.apply())
+ if advancedArgs and advancedArgs != "":
+ args.append(advancedArgs)
if self.selinuxPage and self.selinuxPage.selinuxsupport:
self.selinuxPage.apply()
- if not self.dirty and not self.incomingList.dirty:
+ if not (self.dirty or self.incomingList.dirty or \
+ (self.advancedPage and self.advancedPage.dirty):
return 0
index = self.securityOptionMenu.get_active()
@@ -519,10 +524,25 @@
# Set these to False so if you click Apply followed by OK, you're not
# prompted twice.
- self.dirty = False
self.incomingList.dirty = False
+ self.setDirty(False)
+ self.checkDirty()
return 0
+ def setDirty(self, val):
+ self.dirty = val
+ self.checkDirty()
+
+ def checkDirty(self, *args):
+ if self.dirty or self.incomingList.dirty or \
+ (self.advancedPage != None and self.advancedPage.dirty) or \
+ (self.selinuxPage != None and self.selinuxPage.dirty):
+ self.applyButton.set_sensitive(True)
+ self.okButton.set_sensitive(True)
+ else:
+ self.applyButton.set_sensitive(False)
+ self.okButton.set_sensitive(False)
+
def launch(self, doDebug = None):
self.doDebug = doDebug
self.setupScreen()
@@ -548,7 +605,9 @@
self.cancelButton = self.xml.get_widget("cancelButton")
self.applyButton = self.xml.get_widget("applyButton")
self.advancedPage = advancedPage.AdvancedPage(xml)
+ self.advancedPage.connect("check-dirty", self.checkDirty)
self.selinuxPage = selinuxPage.selinuxPage(xml)
+ self.selinuxPage.connect("check-dirty", self.checkDirty)
self.mainWindow.connect("destroy", self.destroy)
self.okButton.connect("clicked", self.okClicked)
--- system-config-securitylevel-1.7.0/src/checklist.py.1.7.0 2006-01-27 19:57:20.000000000 +0100
+++ system-config-securitylevel-1.7.0/src/checklist.py 2007-06-06 12:14:28.000000000 +0200
@@ -22,8 +22,13 @@
"""A class (derived from gtk.TreeView) that provides a list of
checkbox / text string pairs"""
+ __gsignals__ = {
+ "check-dirty": (gobject.SIGNAL_RUN_FIRST, gobject.TYPE_NONE, ())
+ }
+
# XXX need to handle the multicolumn case better still....
def __init__ (self, columns=1):
+ self.__gobject_init__()
self.store = gtk.ListStore(gobject.TYPE_BOOLEAN,
gobject.TYPE_STRING, gobject.TYPE_STRING)
@@ -86,6 +91,7 @@
val = self.store.get_value(iter, 0)
self.store.set_value(iter, 0, not val)
self.dirty=True
+ self.emit("check-dirty")
def clear (self):
--- system-config-securitylevel-1.7.0/src/selinuxPage.py.1.7.0 2007-01-04 20:17:09.000000000 +0100
+++ system-config-securitylevel-1.7.0/src/selinuxPage.py 2007-06-06 15:03:48.000000000 +0200
@@ -59,8 +59,12 @@
dialog.destroy()
return (status, output)
-class selinuxPage:
+class selinuxPage(gobject.GObject):
+ __gsignals__ = {
+ "check-dirty": (gobject.SIGNAL_RUN_FIRST, gobject.TYPE_NONE, ())
+ }
def __init__(self, xml, doDebug=None, inFirstboot=False):
+ self.__gobject_init__()
self.xml = xml
self.selinuxsupport = True
self.needRelabel = False
@@ -130,6 +134,7 @@
self.needRelabel = True
else:
self.needRelabel = False
+ self.emit("check-dirty")
def read_selinux_config(self):
self.initEnabled = DISABLED
@@ -157,6 +162,7 @@
self.initEnabled = DISABLED
self.enabledOptionMenu.set_active(DISABLED)
+
self.enabled_changed(self.enabledOptionMenu)
return 0
--- system-config-securitylevel-1.7.0/src/advancedPage.py.1.7.0 2007-01-12 16:24:59.000000000 +0100
+++ system-config-securitylevel-1.7.0/src/advancedPage.py 2007-06-06 14:53:09.000000000 +0200
@@ -19,8 +19,15 @@
# You should have received a copy of the GNU General Public License
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
-class AdvancedPage:
+import gobject, gtk
+
+class AdvancedPage(gobject.GObject):
+ __gsignals__ = {
+ "check-dirty": (gobject.SIGNAL_RUN_FIRST, gobject.TYPE_NONE, ())
+ }
+
def __init__(self, xml):
+ self.__gobject_init__()
self.xml = xml
self.origFilename = None
self.dirty = False
@@ -29,13 +36,23 @@
self.advancedVBox = self.xml.get_widget("advancedVBox")
self.customRulesCheckbox = self.xml.get_widget("customRulesCheckbox")
self.customRulesChooser = self.xml.get_widget("customRulesChooser")
+ self.selection_changed_handler = self.customRulesChooser.connect( \
+ "selection-changed", self.file_changed)
# Set up initial sensitivity of things on the advanced page.
self.customRulesChooser.set_sensitive(False)
- self.customRulesCheckbox.connect("clicked", self.custom_changed_cb)
+ self.custom_changed_handler = self.customRulesCheckbox.connect( \
+ "clicked", self.custom_changed_cb)
def custom_changed_cb(self, button, *args):
self.customRulesChooser.set_sensitive(button.get_active())
+ self.dirty = True
+ self.emit("check-dirty")
+
+ def set_active(self, bool):
+ self.customRulesCheckbox.handler_block(self.custom_changed_handler)
+ self.customRulesCheckbox.set_active(bool)
+ self.customRulesCheckbox.handler_unblock(self.custom_changed_handler)
def set_sensitive(self, bool):
self.customRulesCheckbox.set_sensitive(bool)
@@ -43,24 +60,19 @@
if self.customRulesCheckbox.get_active():
self.customRulesChooser.set_sensitive(bool)
+ def file_changed(self, *args):
+ if self.customRulesChooser.get_filename() != self.origFilename:
+ self.dirty = True
+ self.emit("check-dirty")
+
def set_filename(self, file):
+ self.customRulesChooser.handler_block(self.selection_changed_handler)
self.customRulesChooser.set_filename(file)
+ self.customRulesChooser.handler_unblock(self.selection_changed_handler)
def apply(self):
if self.customRulesCheckbox.get_active():
newFilename = self.customRulesChooser.get_filename()
-
- if newFilename != self.origFilename:
- self.dirty = True
-
if newFilename != "":
return "--custom-rules=%s" % newFilename
- else:
- return ""
- else:
- # They used to have a custom rules file enabled, but no longer do.
- # Set the dirty flag so we know to re-run lokkit without the arg
- if self.origFilename:
- self.dirty = True
-
- return ""
+ return ""
system-config-securitylevel-1.7.0-expand.patch:
--- NEW FILE system-config-securitylevel-1.7.0-expand.patch ---
--- system-config-securitylevel-1.7.0/src/system-config-securitylevel.glade.expand 2007-01-08 21:07:52.000000000 +0100
+++ system-config-securitylevel-1.7.0/src/system-config-securitylevel.glade 2007-06-05 15:16:37.000000000 +0200
@@ -187,11 +187,14 @@
</widget>
<packing>
<property name="position">1</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
</packing>
</child>
</widget>
<packing>
- <property name="expand">False</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
<property name="position">2</property>
</packing>
</child>
@@ -252,12 +255,15 @@
</widget>
<packing>
<property name="position">3</property>
+ <property name="fill">False</property>
+ <property name="expand">False</property>
</packing>
</child>
</widget>
</child>
<child>
<widget class="GtkVBox" id="advancedVBox">
+ <property name="border_width">5</property>
<property name="spacing">5</property>
<property name="visible">True</property>
<child>
@@ -273,7 +279,7 @@
</child>
<child>
<widget class="GtkAlignment" id="alignment1">
- <property name="left_padding">10</property>
+ <property name="left_padding">0</property>
<property name="visible">True</property>
<child>
<widget class="GtkVBox" id="vbox2">
system-config-securitylevel-1.7.0-honour_exit_code.patch:
--- NEW FILE system-config-securitylevel-1.7.0-honour_exit_code.patch ---
--- system-config-securitylevel-1.7.0/src/securitylevel.py.honour_exit_code 2007-01-12 16:24:59.000000000 +0100
+++ system-config-securitylevel-1.7.0/src/securitylevel.py 2007-06-07 16:29:15.000000000 +0200
@@ -462,7 +462,7 @@
def apply(self, *args):
# With the new enabled/disabled behavior, we have to ignore the config
# file or else you can only ever turn on services.
- args = ['--quiet', '-f']
+ args = ['/usr/sbin/lokkit', '--quiet', '-f']
if self.advancedPage:
advancedArgs = self.advancedPage.apply()
@@ -509,12 +509,49 @@
if self.doDebug:
print "don't call lokkit if in debug mode"
else:
- path = '/usr/sbin/lokkit'
-
- lokkit = os.fork()
- if not lokkit:
- args.insert(0, path)
- os.execv(path, args)
+ (rfd, wfd) = os.pipe()
+ pid = os.fork()
+ if pid == 0:
+ try:
+ os.close(rfd)
+ fd = os.open("/dev/null", os.O_RDONLY)
+ if fd != 0:
+ os.dup2(fd, 0)
+ os.close(fd)
+ if wfd != 1:
+ os.dup2(wfd, 1)
+ os.close(wfd)
+ os.dup2(1, 2)
+ os.execv(args[0], args)
+ finally:
+ os._exit(255)
+
+ os.close(wfd)
+ # no need to read in chunks if we don't pass on data to some
+ # output func
+ cret = ""
+ cout = os.read(rfd, 8192)
+ while cout:
+ cret += cout
+ cout = os.read(rfd, 8192)
+ os.close(rfd)
+ (cpid, status) = os.waitpid(pid, 0)
+
+ # failed to configure firewall, show error message
+ if status != 0:
+ dialog = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
+ gtk.BUTTONS_CLOSE)
+ dialog.set_markup("<b>" + _("Configuration failed") + \
+ "</b>")
+ dialog.format_secondary_text(" ".join(args) + "\n\n" + \
+ cret.strip())
+ dialog.set_position(gtk.WIN_POS_CENTER_ON_PARENT)
+ dialog.set_transient_for(self.mainWindow)
+ dialog.set_modal(True)
+ dialog.show_all()
+ dialog.run()
+ dialog.destroy()
+ return 1
# Set these to False so if you click Apply followed by OK, you're not
# prompted twice.
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/system-config-securitylevel/devel/sources,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- sources 19 Apr 2007 15:58:31 -0000 1.85
+++ sources 8 Jun 2007 15:53:06 -0000 1.86
@@ -1 +1 @@
-c2d806517d8c2098cd7f95473e1aee1d system-config-securitylevel-1.8.1.tar.bz2
+061b47bbd27554dd3ae8a510b833210e system-config-securitylevel-1.7.0.tar.bz2
Index: system-config-securitylevel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/system-config-securitylevel/devel/system-config-securitylevel.spec,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- system-config-securitylevel.spec 19 Apr 2007 15:58:31 -0000 1.95
+++ system-config-securitylevel.spec 8 Jun 2007 15:53:06 -0000 1.96
@@ -1,14 +1,18 @@
Summary: A graphical interface for modifying the system security level
Name: system-config-securitylevel
-Version: 1.8.1
-Release: 1%{?dist}
-URL: http://fedora.redhat.com/projects/config-tools/
+Version: 1.7.0
+Release: 2%{?dist}
+URL: http://fedoraproject.org/wiki/SystemConfig/securitylevel
License: GPL
ExclusiveOS: Linux
Group: System Environment/Base
Obsoletes: gnome-lokkit
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Source0: %{name}-%{version}.tar.bz2
+Patch0: system-config-securitylevel-1.6.29.1-v6state.patch
+Patch1: system-config-securitylevel-1.7.0-honour_exit_code.patch
+Patch2: system-config-securitylevel-1.7.0-expand.patch
+Patch3: system-config-securitylevel-1.7.0-dirty.patch
BuildRequires: desktop-file-utils newt-devel slang-devel popt
BuildRequires: gettext
BuildRequires: intltool
@@ -41,6 +45,10 @@
%prep
%setup -q
+%patch0 -p1 -b .v6state
+%patch1 -p1 -b .honour_exit_code
+%patch2 -p1 -b .expand
+%patch3 -p1 -b .dirty
%build
make
@@ -93,13 +101,13 @@
/usr/bin/system-config-securitylevel-tui
%changelog
-* Thu Apr 19 2007 Thomas Woerner <twoerner at redhat.com> 1.8.1-1
-- more interface changes
-- better user guidance
-
-* Tue Apr 17 2007 Thomas Woerner <twoerner at redhat.com> 1.8.0-1
-- Lots of interface changes and cleanup
-- New ability to disable ipsec, ipp and mdns entries
+* Fri Jun 8 2007 Thomas Woerner <twoerner at redhat.com> 1.7.0-2
+- use state module for IPv6 firewall again (rhbz#233725, rhbz#236035)
+- honour exit code of lokkit call (rhbz#227285)
+- gui: fixed expand of trusted services list
+- gui: make apply and ok button sensitive only if there are changes
+ (rhbz#227285)
+- fixed url (rhbz#237723)
* Fri Jan 12 2007 Chris Lumens <clumens at redhat.com> 1.7.0-1
- Change .desktop file (#218925).
More information about the fedora-extras-commits
mailing list