Class: Installation::Clients::SecurityFinish

Inherits:
FinishClient
  • Object
show all
Includes:
Yast::I18n, Yast::Logger
Defined in:
src/lib/installation/clients/security_finish.rb

Overview

This is a step of base installation finish and it is responsible of write the firewall proposal configuration for installation and autoinstallation modes.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeSecurityFinish

Constuctor


43
44
45
46
47
48
# File 'src/lib/installation/clients/security_finish.rb', line 43

def initialize
  super
  textdomain "installation"
  @settings = ::Installation::SecuritySettings.instance
  @firewalld = Y2Firewall::Firewalld.instance
end

Instance Attribute Details

#firewalldObject

Y2Firewall::Firewalld instance


40
41
42
# File 'src/lib/installation/clients/security_finish.rb', line 40

def firewalld
  @firewalld
end

#settingsObject

Installation::SecuritySettings


38
39
40
# File 'src/lib/installation/clients/security_finish.rb', line 38

def settings
  @settings
end

Instance Method Details

#modesObject


54
55
56
# File 'src/lib/installation/clients/security_finish.rb', line 54

def modes
  [:installation, :autoinst, :update]
end

#titleObject


50
51
52
# File 'src/lib/installation/clients/security_finish.rb', line 50

def title
  _("Writing Security Configuration...")
end

#writeObject


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'src/lib/installation/clients/security_finish.rb', line 58

def write
  write_firewall

  Yast::SCR.Write(
    Yast::Path.new(".sysconfig.security.CHECK_SIGNATURES"),
    Yast::SignatureCheckDialogs.CheckSignatures
  )

  # in autoinstallation write security profile here
  Yast::Security.Write if Yast::Mode.autoinst

  # ensure we have correct ca certificates
  if Yast::Mode.update
    res = Yast::SCR.Execute(Yast::Path.new(".target.bash_output"),
      "/usr/sbin/update-ca-certificates")
    log.info("updating ca certificates result: #{res}")

    # Finish here as during upgrade we do not want to modify security settings
    return true
  end

  write_polkit

  # workaround missing capabilities if we use deployment from images
  # as tarballs which is used for images for not support it (bnc#889489)
  # do nothing if capabilities are properly set
  res = Yast::SCR.Execute(Yast::Path.new(".target.bash_output"),
    "/usr/bin/chkstat --system --set")
  log.info("updating capabilities: #{res}")

  # Write down the Linux Security Module configuration
  settings.lsm_config.save

  true
end