Class: Installation::Clients::SecurityFinish

Inherits:
FinishClient
  • Object
show all
Includes:
Yast::I18n, Yast::Logger
Defined in:
src/lib/installation/clients/security_finish.rb

Overview

This is a step of base installation finish and it is responsible of write the firewall proposal configuration for installation and autoinstallation modes.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeSecurityFinish

Constuctor



44
45
46
47
48
49
 
# File 'src/lib/installation/clients/security_finish.rb', line 44

def initialize
  super
  textdomain "installation"
  @settings = ::Installation::SecuritySettings.instance
  @firewalld = Y2Firewall::Firewalld.instance
end

Instance Attribute Details

#firewalldObject

Y2Firewall::Firewalld instance



41
42
43
 
# File 'src/lib/installation/clients/security_finish.rb', line 41

def firewalld
  @firewalld
end

#settingsObject

Installation::SecuritySettings



39
40
41
 
# File 'src/lib/installation/clients/security_finish.rb', line 39

def settings
  @settings
end

Instance Method Details

#modesObject 



55
56
57
 
# File 'src/lib/installation/clients/security_finish.rb', line 55

def modes
  [:installation, :autoinst, :update]
end

#titleObject 



51
52
53
 
# File 'src/lib/installation/clients/security_finish.rb', line 51

def title
  _("Writing Security Configuration...")
end

#writeObject 



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
 
# File 'src/lib/installation/clients/security_finish.rb', line 59

def write
  write_firewall

  Yast::SCR.Write(
    Yast::Path.new(".sysconfig.security.CHECK_SIGNATURES"),
    Yast::SignatureCheckDialogs.CheckSignatures
  )

  # in autoinstallation write security profile here
  Yast::Security.Write if Yast::Mode.autoinst

  # ensure we have correct ca certificates
  if Yast::Mode.update
    res = Yast::SCR.Execute(Yast::Path.new(".target.bash_output"),
      "/usr/sbin/update-ca-certificates")
    log.info("updating ca certificates result: #{res}")

    # Finish here as during upgrade we do not want to modify security settings
    return true
  end

  write_polkit

  # workaround missing capabilities if we use deployment from images
  # as tarballs which is used for images for not support it (bnc#889489)
  # do nothing if capabilities are properly set
  res = Yast::SCR.Execute(Yast::Path.new(".target.bash_output"),
    "/usr/bin/chkstat --system --set")
  log.info("updating capabilities: #{res}")

  # Write down the Linux Security Module configuration
  settings.lsm_config.save

  write_security_policies_config

  true
end