particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

image-info: read the firewall default zone

Browse source 
Modify affected image manifests.

Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza 2022-03-01 12:24:17 +01:00 committed by Tom Gundersen
parent cc413d4b2d
commit bd81506831
92 changed files with 115 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
test/data/manifests/centos_8-aarch64-edge_commit-boot.json
View file

@ -12324,6 +12324,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-aarch64-openstack-boot.json
View file

@ -13767,6 +13767,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-aarch64-qcow2_customize-boot.json
View file

@ -15785,6 +15785,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-ppc64le-qcow2_customize-boot.json
View file

@ -17207,6 +17207,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-x86_64-edge_commit-boot.json
View file

@ -12726,6 +12726,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-x86_64-edge_commit_rt-boot.json
View file

@ -12676,6 +12676,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-x86_64-openstack-boot.json
View file

@ -14016,6 +14016,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-x86_64-qcow2_customize-boot.json
View file

@ -16026,6 +16026,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-x86_64-vhd-boot.json
View file

@ -13949,6 +13949,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_8-x86_64-vmdk-boot.json
View file

@ -14017,6 +14017,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-aarch64-edge_commit-boot.json
View file

@ -11261,6 +11261,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-aarch64-openstack-boot.json
View file

@ -12177,6 +12177,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-aarch64-qcow2_customize-boot.json
View file

@ -14474,6 +14474,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-ppc64le-qcow2_customize-boot.json
View file

@ -15618,6 +15618,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-s390x-qcow2_customize-boot.json
View file

@ -16803,6 +16803,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-x86_64-edge_commit-boot.json
View file

@ -11746,6 +11746,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-x86_64-edge_commit_rt-boot.json
View file

@ -12991,6 +12991,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-x86_64-openstack-boot.json
View file

@ -12758,6 +12758,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-x86_64-qcow2_customize-boot.json
View file

@ -15067,6 +15067,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-x86_64-vhd-boot.json
View file

@ -12628,6 +12628,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/centos_9-x86_64-vmdk-boot.json
View file

@ -12759,6 +12759,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/fedora_34-aarch64-ami-boot.json
View file

@ -9503,6 +9503,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_34-aarch64-openstack-boot.json
View file

@ -9852,6 +9852,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_34-x86_64-ami-boot.json
View file

@ -9456,6 +9456,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_34-x86_64-fedora_iot_commit-boot.json
View file

@ -10976,6 +10976,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_34-x86_64-fedora_iot_commit_debug-boot.json
View file

@ -10982,6 +10982,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_34-x86_64-openstack-boot.json
View file

@ -9805,6 +9805,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_34-x86_64-vhd-boot.json
View file

@ -8917,6 +8917,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_35-aarch64-ami-boot.json
View file

@ -9794,6 +9794,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_35-aarch64-openstack-boot.json
View file

@ -10143,6 +10143,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_35-x86_64-ami-boot.json
View file

@ -9747,6 +9747,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_35-x86_64-fedora_iot_commit-boot.json
View file

@ -11015,6 +11015,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_35-x86_64-fedora_iot_commit_debug-boot.json
View file

@ -11021,6 +11021,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_35-x86_64-openstack-boot.json
View file

@ -10096,6 +10096,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/fedora_35-x86_64-vhd-boot.json
View file

@ -9174,6 +9174,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"mdns",

1
test/data/manifests/rhel_8-aarch64-openstack-boot.json
View file

@ -9212,6 +9212,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_8-aarch64-rhel_edge_commit-boot.json
View file

@ -8263,6 +8263,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_8-x86_64-openstack-boot.json
View file

@ -9226,6 +9226,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_8-x86_64-rhel_edge_commit-boot.json
View file

@ -8561,6 +8561,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_8-x86_64-rhel_edge_commit_rt-boot.json
View file

@ -8965,6 +8965,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_8-x86_64-vhd-boot.json
View file

@ -9175,6 +9175,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_8-x86_64-vmdk-boot.json
View file

@ -8674,6 +8674,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_84-aarch64-openstack-boot.json
View file

@ -9730,6 +9730,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_84-aarch64-rhel_edge_commit-boot.json
View file

@ -8637,6 +8637,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_84-x86_64-openstack-boot.json
View file

@ -9909,6 +9909,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_84-x86_64-rhel_edge_commit-boot.json
View file

@ -8935,6 +8935,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_84-x86_64-rhel_edge_commit_rt-boot.json
View file

@ -9292,6 +9292,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_84-x86_64-vhd-boot.json
View file

@ -9960,6 +9960,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_84-x86_64-vmdk-boot.json
View file

@ -9567,6 +9567,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-aarch64-edge_commit-boot.json
View file

@ -9064,6 +9064,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-aarch64-openstack-boot.json
View file

@ -10229,6 +10229,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-aarch64-qcow2_customize-boot.json
View file

@ -12468,6 +12468,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-ppc64le-qcow2_customize-boot.json
View file

@ -13593,6 +13593,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-s390x-qcow2_customize-boot.json
View file

@ -13772,6 +13772,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-x86_64-openstack-boot.json
View file

@ -10439,6 +10439,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-x86_64-qcow2_customize-boot.json
View file

@ -12679,6 +12679,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-x86_64-vhd-boot.json
View file

@ -10496,6 +10496,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_85-x86_64-vmdk-boot.json
View file

@ -10427,6 +10427,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-aarch64-edge_commit-boot.json
View file

@ -9070,6 +9070,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-aarch64-openstack-boot.json
View file

@ -10381,6 +10381,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-aarch64-qcow2_customize-boot.json
View file

@ -12440,6 +12440,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-ppc64le-qcow2_customize-boot.json
View file

@ -13555,6 +13555,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-s390x-qcow2_customize-boot.json
View file

@ -13639,6 +13639,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-x86_64-edge_commit-boot.json
View file

@ -9367,6 +9367,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-x86_64-edge_commit_rt-boot.json
View file

@ -10052,6 +10052,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-x86_64-openstack-boot.json
View file

@ -10591,6 +10591,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-x86_64-qcow2_customize-boot.json
View file

@ -12651,6 +12651,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-x86_64-vhd-boot.json
View file

@ -10544,6 +10544,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_86-x86_64-vmdk-boot.json
View file

@ -10592,6 +10592,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-aarch64-edge_commit-boot.json
View file

@ -8211,6 +8211,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-aarch64-openstack-boot.json
View file

@ -9130,6 +9130,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-aarch64-qcow2_customize-boot.json
View file

@ -11438,6 +11438,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-ppc64le-qcow2_customize-boot.json
View file

@ -12304,6 +12304,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-s390x-qcow2_customize-boot.json
View file

@ -13050,6 +13050,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-x86_64-edge_commit-boot.json
View file

@ -8558,6 +8558,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-x86_64-edge_commit_rt-boot.json
View file

@ -10464,6 +10464,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-x86_64-openstack-boot.json
View file

@ -9569,6 +9569,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-x86_64-qcow2_customize-boot.json
View file

@ -11896,6 +11896,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-x86_64-vhd-boot.json
View file

@ -9479,6 +9479,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90-x86_64-vmdk-boot.json
View file

@ -9570,6 +9570,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-aarch64-edge_commit-boot.json
View file

@ -8237,6 +8237,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-aarch64-openstack-boot.json
View file

@ -9080,6 +9080,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-aarch64-qcow2_customize-boot.json
View file

@ -11399,6 +11399,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-ppc64le-qcow2_customize-boot.json
View file

@ -12249,6 +12249,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-s390x-qcow2_customize-boot.json
View file

@ -13014,6 +13014,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-x86_64-edge_commit-boot.json
View file

@ -8584,6 +8584,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-x86_64-edge_commit_rt-boot.json
View file

@ -10546,6 +10546,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-x86_64-openstack-boot.json
View file

@ -9505,6 +9505,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-x86_64-qcow2_customize-boot.json
View file

@ -11843,6 +11843,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-x86_64-vhd-boot.json
View file

@ -9415,6 +9415,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

1
test/data/manifests/rhel_90_beta-x86_64-vmdk-boot.json
View file

@ -9079,6 +9079,7 @@
}
}
},
"firewall-default-zone": "public",
"firewall-enabled": [
"ssh",
"dhcpv6-client",

29
tools/image-info
View file

@ -554,6 +554,24 @@ def read_default_target(tree):
return subprocess_check_output(["systemctl", f"--root={tree}", "get-default"]).rstrip()
def read_firewall_default_zone(tree):
"""
Read the name of the default firewall zone
Returns: a string with the zone name. If the firewall configuration doesn't
exist, an empty string is returned.
An example return value:
"trusted"
"""
try:
with open(f"{tree}/etc/firewalld/firewalld.conf") as f:
conf = parse_environment_vars(f.read())
return conf["DefaultZone"]
except FileNotFoundError:
return ""
def read_firewall_zone(tree):
"""
Read enabled services from the configuration of the default firewall zone.
@ -568,11 +586,8 @@ def read_firewall_zone(tree):
"cockpit"
]
"""
try:
with open(f"{tree}/etc/firewalld/firewalld.conf") as f:
conf = parse_environment_vars(f.read())
default = conf["DefaultZone"]
except FileNotFoundError:
default = read_firewall_default_zone(tree)
if default == "":
default = "public"
r = []
@ -2273,6 +2288,10 @@ def append_filesystem(report, tree, *, is_ostree=False):
with contextlib.suppress(FileNotFoundError):
report["firewall-enabled"] = read_firewall_zone(tree)
firewall_default_zone = read_firewall_default_zone(tree)
if firewall_default_zone:
report["firewall-default-zone"] = firewall_default_zone
fstab = read_fstab(tree)
if fstab:
report["fstab"] = fstab