diff options
Diffstat (limited to 'meta-arm/meta-arm-systemready')
13 files changed, 1161 insertions, 13 deletions
diff --git a/meta-arm/meta-arm-systemready/README.md b/meta-arm/meta-arm-systemready/README.md index 49cfed6e33..73cd188dd6 100644 --- a/meta-arm/meta-arm-systemready/README.md +++ b/meta-arm/meta-arm-systemready/README.md @@ -83,18 +83,18 @@ Currently, this layer only supports To build the firmware for Arm SystemReady on the supported machines (take the `fvp-base` machine as an example): - kas build kas/fvp-base.yml:kas/arm-systemready-firmware.yml + ARM_FVP_EULA_ACCEPT=1 kas build kas/fvp-base.yml:kas/arm-systemready-firmware.yml To run the Arm SystemReady ACS tests on the supported machines (take running Arm SystemReady IR on the `fvp-base` machine as an example): - kas build kas/fvp-base.yml:kas/arm-systemready-ir-acs.yml + ARM_FVP_EULA_ACCEPT=1 kas build kas/fvp-base.yml:kas/arm-systemready-ir-acs.yml To run the Linux distributions installation on the supported machines (take installing openSUSE on the `fvp-base` machine as an example): - kas build kas/fvp-base.yml:kas/arm-systemready-linux-distros-opensuse.yml + ARM_FVP_EULA_ACCEPT=1 kas build kas/fvp-base.yml:kas/arm-systemready-linux-distros-opensuse.yml kas shell \ kas/fvp-base.yml:kas/arm-systemready-linux-distros-opensuse.yml \ diff --git a/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass b/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass index 9dc3635dcd..d817b69321 100644 --- a/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass +++ b/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass @@ -29,7 +29,7 @@ IMAGE_POSTPROCESS_COMMAND += "write_image_test_data; " python do_deploy() { deploydir = d.getVar('DEPLOYDIR') suffix = d.getVar('IMAGE_DEPLOY_SUFFIX') - imgfile = os.path.join(d.getVar('WORKDIR'), d.getVar('IMAGE_FILENAME')) + imgfile = os.path.join(d.getVar('UNPACKDIR'), d.getVar('IMAGE_FILENAME')) deployfile = os.path.join(deploydir, d.getVar('IMAGE_NAME') + suffix) linkfile = os.path.join(deploydir, d.getVar('IMAGE_LINK_NAME') + suffix) @@ -47,14 +47,14 @@ python do_deploy() { # Copy the report.txt to DEPLOYDIR # The machine-specific implementation can optionally put the report file in - # ${WORKDIR}/report.txt. If there is no such file present, use the template. - workdir = d.getVar('WORKDIR') - report_file = os.path.join(workdir, "report.txt") + # ${UNPACKDIR}/report.txt. If there is no such file present, use the template. + unpackdir = d.getVar('UNPACKDIR') + report_file = os.path.join(unpackdir, "report.txt") report_file_dest = os.path.join(deploydir, "report.txt") if os.path.exists(report_file): report_file_to_copy = report_file else: - report_file_to_copy = os.path.join(workdir, "systemready-ir-template", + report_file_to_copy = os.path.join(unpackdir, "systemready-ir-template", "report.txt") shutil.copyfile(report_file_to_copy, report_file_dest) diff --git a/meta-arm/meta-arm-systemready/classes/extra_imagedepends_only.bbclass b/meta-arm/meta-arm-systemready/classes/extra_imagedepends_only.bbclass index bf06a9f490..224b724e72 100644 --- a/meta-arm/meta-arm-systemready/classes/extra_imagedepends_only.bbclass +++ b/meta-arm/meta-arm-systemready/classes/extra_imagedepends_only.bbclass @@ -23,3 +23,5 @@ do_rootfs[noexec] = "1" do_image[noexec] = "1" do_image_complete[noexec] = "1" do_build[depends] = "" + +IMAGE_CLASSES:remove = "create-spdx-image-3.0" diff --git a/meta-arm/meta-arm-systemready/conf/layer.conf b/meta-arm/meta-arm-systemready/conf/layer.conf index 79ef3a1441..58f84fd9c8 100644 --- a/meta-arm/meta-arm-systemready/conf/layer.conf +++ b/meta-arm/meta-arm-systemready/conf/layer.conf @@ -8,7 +8,7 @@ BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \ BBFILE_COLLECTIONS += "meta-arm-systemready" BBFILE_PATTERN_meta-arm-systemready = "^${LAYERDIR}/" -LAYERSERIES_COMPAT_meta-arm-systemready = "nanbield scarthgap" +LAYERSERIES_COMPAT_meta-arm-systemready = "styhead" LAYERDEPENDS_meta-arm-systemready = "core" diff --git a/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_fedora_unattended.py b/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_fedora_unattended.py new file mode 100644 index 0000000000..f607fb1271 --- /dev/null +++ b/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_fedora_unattended.py @@ -0,0 +1,39 @@ +from oeqa.runtime.case import OERuntimeTestCase + + +class SystemReadyFedoraUnattendedTest(OERuntimeTestCase): + def setUp(self): + super().setUp() + self.console = self.target.DEFAULT_CONSOLE + + def test_fedora_unattended(self): + # Turn on the FVP. + self.target.transition('on') + + # Timeout value = elapsed time * 2; where elapsed time was collected + # from the elapsed time in the log.do_testimage for each function after + # the build is finished on the development machine. + self.target.expect(self.console, + ' Booting `Install Fedora 39\'', + timeout=(2 * 60)) + bb.plain('Installation status: Loading the installer, kernel and initrd...') + + self.target.expect(self.console, + 'Setting up the installation environment', + timeout=(2 * 60 * 60)) + bb.plain('Installation status: Setting up the installation environment...') + + self.target.expect(self.console, + 'Installing the software', + timeout=(30 * 60)) + bb.plain('Installation status: Installing the software packages...') + + # Waiting to respond to the boot loader prompt error message. + self.target.expect(self.console, + 'Please respond \'yes\' or \'no\': ', + timeout=(16 * 60 * 60)) + self.target.sendline(self.console, 'yes') + + # Waiting till the installation is finished. + self.target.expect(self.console, r'.*login: ', timeout=(5 * 60 * 60)) + bb.plain('Installation status: Fedora installation finished successfully.') diff --git a/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_opensuse_unattended.py b/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_opensuse_unattended.py new file mode 100644 index 0000000000..aea8df3e10 --- /dev/null +++ b/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_opensuse_unattended.py @@ -0,0 +1,42 @@ +from oeqa.runtime.case import OERuntimeTestCase + +class SystemReadyOpenSUSEUnattendedTest(OERuntimeTestCase): + def setUp(self): + super().setUp() + self.console = self.target.DEFAULT_CONSOLE + + def test_opensuse_unattended(self): + # Turn on the FVP. + self.target.transition('on') + + # Timeout value = elapsed time * 2; where elapsed time was collected + # from the elapsed time in the log.do_testimage for each function after + # the build is finished on the development machine. + self.target.expect(self.console, + 'Booting `Installation\'', + timeout=(2 * 60)) + bb.plain('Installation status: Loading the kernel, initrd and basic drivers...') + + self.target.expect(self.console, + 'Starting hardware detection...', + timeout=(40 * 60)) + bb.plain('Installation status: Starting hardware detection...') + + self.target.expect(self.console, + 'Loading Installation System', + timeout=(60 * 60)) + bb.plain('Installation status: Loading Installation System...') + + self.target.expect(self.console, + 'Starting Installer', + timeout=(40 * 60)) + bb.plain('Installation status: Performing Installation...') + + self.target.expect(self.console, + 'Finishing Configuration', + timeout=(15 * 60 * 60)) + bb.plain('Installation status: Finishing Configuration...') + + # Waiting till the installation is finished. + self.target.expect(self.console, r'.*login: ', timeout=(6 * 60 * 60)) + bb.plain('Installation status: openSUSE installation finished successfully.') diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb index 41ac2f7759..83257b3017 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb @@ -39,7 +39,7 @@ file://${COMMON_LICENSE_DIR}/Unicode-DFS-2016;md5=907371994d651afe53e98adc278246 file://${COMMON_LICENSE_DIR}/Unicode-TOU;md5=666362dc5dba74f477af0f44fb85bd22 \ file://${COMMON_LICENSE_DIR}/Zlib;md5=87f239f408daca8a157858e192597633 \ " -IMAGE_CLASSES:remove = "license_image" +IMAGE_CLASSES:remove = "license_image create-spdx-image-3.0" COMPATIBLE_MACHINE = "(fvp-.+|.+-fvp)" @@ -58,4 +58,6 @@ SRC_URI[acs-img.sha256sum] = "ea52f84dab44bde97de3e2d2224d883acaae35724dd8e2bdfb # Revision pointing to v2023.04 tag SRCREV_sr-ir-template = "c714db178ddf72e5ae5017f15421095297d5bf0e" +S = "${WORKDIR}/sources-unpack" + inherit arm-systemready-acs diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-fedora.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-fedora.bb index 25990b3038..de4ea36dd0 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-fedora.bb +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-fedora.bb @@ -98,6 +98,22 @@ file://${COMMON_LICENSE_DIR}/OPUBL-1.0;md5=99367d4750dbf0ae6cc74209ddd52f6d \ ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE = "6144" +TEST_SUITES = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "arm_systemready_fedora_unattended", "", d)}" + +ISO_LABEL = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "Fedora-S-dvd-aarch64-39", "", d)}" +BOOT_CATALOG = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "boot.catalog", "", d)}" +BOOT_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "EFI/BOOT/BOOTAA64.EFI", "", d)}" +EFI_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "images/efiboot.img", "", d)}" + PV = "39.1.5" SRC_URI = "https://download.fedoraproject.org/pub/fedora/linux/releases/39/Server/aarch64/iso/Fedora-Server-dvd-aarch64-39-1.5.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso" SRC_URI[sha256sum] = "d19dc2a39758155fa53e6fd555d0d173ccc8175b55dea48002d499f39cb30ce0" + +modifyiso() { + UNATTENDED_CONF_DIR="${THISDIR}/unattended-boot-conf/Fedora" + + cp "${UNATTENDED_CONF_DIR}/ks.cfg" ${EXTRACTED_ISO_TEMP_DIR} + sed -i 's/set default="1"/set default="0"/g' "${EXTRACTED_ISO_TEMP_DIR}/EFI/BOOT/grub.cfg" + sed -i 's/set timeout=60/set timeout=0/g' "${EXTRACTED_ISO_TEMP_DIR}/EFI/BOOT/grub.cfg" + sed -i '0,/vmlinuz/s/vmlinuz/& inst.ks=hd:LABEL=Fedora-S-dvd-aarch64-39:\/ks.cfg/' "${EXTRACTED_ISO_TEMP_DIR}/EFI/BOOT/grub.cfg" +} diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb index 06135d1537..33f20587b4 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb @@ -72,3 +72,18 @@ ISO_TYPE = "DVD" BUILD_NO = "491.1" SRC_URI = "https://download.opensuse.org/distribution/leap/${PV}/iso/openSUSE-Leap-${PV}-${ISO_TYPE}-aarch64-Build${BUILD_NO}-Media.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso" SRC_URI[sha256sum] = "456cc4f99b044429d8a89bd302c06e9e382d6ac4dc590139a7096ebb54f5357b" + +TEST_SUITES = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "arm_systemready_opensuse_unattended", "", d)}" + +ISO_LABEL = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "OEMDRV", "", d)}" +BOOT_CATALOG = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "boot.catalog", "", d)}" +BOOT_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "EFI/BOOT/bootaa64.efi", "", d)}" +EFI_IMAGE = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "boot/aarch64/efi", "", d)}" + +modifyiso() { + UNATTENDED_CONF_DIR="${THISDIR}/unattended-boot-conf/openSUSE" + + #create installation configuration files, remove grub timeout, setup network + cp "${UNATTENDED_CONF_DIR}/autoinst.xml" ${EXTRACTED_ISO_TEMP_DIR} + sed -i 's/timeout=60/timeout=0/g' "${EXTRACTED_ISO_TEMP_DIR}/EFI/BOOT/grub.cfg" +}
\ No newline at end of file diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-unattended.inc b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-unattended.inc new file mode 100644 index 0000000000..75951b0e84 --- /dev/null +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-unattended.inc @@ -0,0 +1,45 @@ +SUMMARY = "Arm SystemReady Linux distros unattended requirements" +DESCRIPTION = "Arm SystemReady Linux distro unattended configurations \ + and ISO image modification" + +EXTRACTED_ISO_TEMP_DIR = "${WORKDIR}/extracted_iso_temp_dir" +NEW_ISO_TEMP_DIR = "${WORKDIR}/new_iso_temp_dir" + +# oeqa test case must be added to TEST_SUITES to acknowledge that the unattended +# installation was successful. +inherit testimage + +python () { + unattended_required_vars = ['ISO_LABEL', 'BOOT_CATALOG', 'BOOT_IMAGE', 'EFI_IMAGE'] + + for var in unattended_required_vars: + if not d.getVar(var): + raise bb.parse.SkipRecipe(f'{var} variable is not set') +} + +unpackiso() { + # Unpack the ISO image + bsdtar -xf ${UNPACKDIR}/${ISO_IMAGE_NAME}.iso -C ${EXTRACTED_ISO_TEMP_DIR} + chmod -R u+rw ${EXTRACTED_ISO_TEMP_DIR} +} + +modifyiso() { + +} + +repackiso() { + # Repack the ISO image + mkisofs -o ${NEW_ISO_TEMP_DIR}/${ISO_IMAGE_NAME}.iso -U -r -v -T -J -joliet-long -V ${ISO_LABEL} \ + -volset ${ISO_LABEL} -A ${ISO_LABEL} -b ${BOOT_IMAGE} -c ${BOOT_CATALOG} -no-emul-boot \ + -boot-load-size 4 -boot-info-table -J -R -V ${ISO_LABEL} -eltorito-alt-boot \ + -eltorito-boot ${EFI_IMAGE} -no-emul-boot ${EXTRACTED_ISO_TEMP_DIR} + + mv -f ${NEW_ISO_TEMP_DIR}/${ISO_IMAGE_NAME}.iso ${UNPACKDIR} +} + +# Write the test data in IMAGE_POSTPROCESS_COMMAND +IMAGE_POSTPROCESS_COMMAND += "write_image_test_data; " + +do_unpack[depends] += "cdrtools-native:do_populate_sysroot libarchive-native:do_populate_sysroot" +do_unpack[postfuncs] += "unpackiso modifyiso repackiso" +do_unpack[cleandirs] += "${EXTRACTED_ISO_TEMP_DIR} ${NEW_ISO_TEMP_DIR}"
\ No newline at end of file diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc index d80cf2373e..5e8a18e2f1 100644 --- a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc @@ -2,7 +2,12 @@ SUMMARY = "Arm SystemReady Linux distros installation" DESCRIPTION = "Arm SystemReady Linux distro CD/DVD images and installation \ target disk image" -IMAGE_CLASSES:remove = "license_image testimage" +DISTRO_UNATTENDED_INST_TESTS ?= "0" + +require ${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "arm-systemready-linux-distros-unattended.inc", "", d)} + +IMAGE_CLASSES:remove = "license_image create-spdx-image-3.0" +IMAGE_CLASSES:remove = "${@oe.utils.vartrue("DISTRO_UNATTENDED_INST_TESTS", "", "testimage", d)}" BUILDHISTORY_FEATURES:remove = "image" INHIBIT_DEFAULT_DEPS = "1" @@ -15,13 +20,15 @@ do_configure[noexec] = "1" do_compile[noexec] = "1" ISO_IMAGE_NAME = "${PN}-${PV}" -IMAGE_LINK_NAME = "${PN}-${PV}-${MACHINE}" +IMAGE_LINK_NAME = "${PN}-${MACHINE}" ARM_SYSTEMREADY_LINUX_DISTRO_ISO_IMAGE = \ "${DEPLOY_DIR_IMAGE}/${ISO_IMAGE_NAME}.iso" # Size of installation disk in MB ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE ?= "4096" +S = "${WORKDIR}/sources-unpack" + do_image() { dd if=/dev/zero of=${WORKDIR}/${IMAGE_LINK_NAME}.wic \ bs=1M count=${ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE} status=none @@ -29,7 +36,7 @@ do_image() { do_deploy() { # Deploy the iso and installation target disk image to the deploy folder - install -m 644 ${WORKDIR}/${ISO_IMAGE_NAME}.iso ${DEPLOYDIR} + install -m 644 ${UNPACKDIR}/${ISO_IMAGE_NAME}.iso ${DEPLOYDIR} install -m 644 ${WORKDIR}/${IMAGE_LINK_NAME}.wic ${DEPLOYDIR} } @@ -44,7 +51,13 @@ python do_image_complete() { from oe.utils import execute_pre_post_process post_process_cmds = d.getVar("IMAGE_POSTPROCESS_COMMAND") execute_pre_post_process(d, post_process_cmds) + + if d.getVar('DISTRO_UNATTENDED_INST_TESTS') == "1": + # Ensure an empty rootfs manifest exists (required by testimage) + fname = os.path.join(d.getVar('IMGDEPLOYDIR'), d.getVar('IMAGE_LINK_NAME') + ".manifest") + open(fname, 'w').close() } + do_image_complete[nostamp] = "1" addtask image_complete after do_deploy before do_build diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/unattended-boot-conf/Fedora/ks.cfg b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/unattended-boot-conf/Fedora/ks.cfg new file mode 100644 index 0000000000..f8ea3bc678 --- /dev/null +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/unattended-boot-conf/Fedora/ks.cfg @@ -0,0 +1,39 @@ +# Generated by Anaconda 39.32.6 +# Generated by pykickstart v3.48 +#version=DEVEL +# Use text mode install +text + +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' +# System language +lang en_GB.UTF-8 + +# Use CDROM installation media +cdrom + +%packages --excludedocs --ignoremissing +@core --nodefaults + +%end + +# Run the Setup Agent on first boot +firstboot --enable +# Do not configure the X Window System +skipx + +# System bootloader configuration +bootloader --location=mbr --boot-drive=vda +autopart +# Partition clearing information +clearpart --all --initlabel --drives=vda + +# System timezone +timezone Europe/London --utc + +# Root password +rootpw --lock +user --groups=wheel --name=user --password=unsafe --gecos="usr1" + +# Reboot after installation with an attempt to eject the installation media +reboot --eject diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/unattended-boot-conf/openSUSE/autoinst.xml b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/unattended-boot-conf/openSUSE/autoinst.xml new file mode 100755 index 0000000000..8da6e1cbad --- /dev/null +++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/unattended-boot-conf/openSUSE/autoinst.xml @@ -0,0 +1,935 @@ +<?xml version="1.0"?> +<!DOCTYPE profile> +<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"> + <bootloader t="map"> + <global t="map"> + <append>splash=silent preempt=full mitigations=auto quiet security=apparmor</append> + <cpu_mitigations>auto</cpu_mitigations> + <gfxmode>auto</gfxmode> + <hiddenmenu>false</hiddenmenu> + <os_prober>true</os_prober> + <secure_boot>true</secure_boot> + <terminal>gfxterm</terminal> + <timeout t="integer">8</timeout> + <update_nvram>true</update_nvram> + </global> + <loader_type>grub2-efi</loader_type> + </bootloader> + <firewall t="map"> + <default_zone>public</default_zone> + <enable_firewall t="boolean">true</enable_firewall> + <log_denied_packets>off</log_denied_packets> + <start_firewall t="boolean">true</start_firewall> + <zones t="list"> + <zone t="map"> + <description>Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description> + <interfaces t="list"/> + <masquerade t="boolean">false</masquerade> + <name>block</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"/> + <short>Block</short> + <target>%%REJECT%%</target> + </zone> + <zone t="map"> + <description>For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.</description> + <interfaces t="list"/> + <masquerade t="boolean">false</masquerade> + <name>dmz</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"> + <service>ssh</service> + </services> + <short>DMZ</short> + <target>default</target> + </zone> + <zone t="map"> + <description>All network connections are accepted.</description> + <interfaces t="list"> + <interface>docker0</interface> + </interfaces> + <masquerade t="boolean">false</masquerade> + <name>docker</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"/> + <short>docker</short> + <target>ACCEPT</target> + </zone> + <zone t="map"> + <description>Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description> + <interfaces t="list"/> + <masquerade t="boolean">false</masquerade> + <name>drop</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"/> + <short>Drop</short> + <target>DROP</target> + </zone> + <zone t="map"> + <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> + <interfaces t="list"/> + <masquerade t="boolean">true</masquerade> + <name>external</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"> + <service>ssh</service> + </services> + <short>External</short> + <target>default</target> + </zone> + <zone t="map"> + <description>For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> + <interfaces t="list"/> + <masquerade t="boolean">false</masquerade> + <name>home</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"> + <service>dhcpv6-client</service> + <service>mdns</service> + <service>samba-client</service> + <service>ssh</service> + </services> + <short>Home</short> + <target>default</target> + </zone> + <zone t="map"> + <description>For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.</description> + <interfaces t="list"/> + <masquerade t="boolean">false</masquerade> + <name>internal</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"> + <service>dhcpv6-client</service> + <service>mdns</service> + <service>samba-client</service> + <service>ssh</service> + </services> + <short>Internal</short> + <target>default</target> + </zone> + <zone t="map"> + <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> + <interfaces t="list"> + <interface>eth0</interface> + </interfaces> + <masquerade t="boolean">false</masquerade> + <name>public</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"> + <service>dhcpv6-client</service> + <service>ssh</service> + </services> + <short>Public</short> + <target>default</target> + </zone> + <zone t="map"> + <description>All network connections are accepted.</description> + <interfaces t="list"/> + <masquerade t="boolean">false</masquerade> + <name>trusted</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"/> + <short>Trusted</short> + <target>ACCEPT</target> + </zone> + <zone t="map"> + <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> + <interfaces t="list"/> + <masquerade t="boolean">false</masquerade> + <name>work</name> + <ports t="list"/> + <protocols t="list"/> + <services t="list"> + <service>dhcpv6-client</service> + <service>ssh</service> + </services> + <short>Work</short> + <target>default</target> + </zone> + </zones> + </firewall> + <general t="map"> + <mode t="map"> + <confirm t="boolean">false</confirm> + </mode> + </general> + <groups t="list"> + <group t="map"> + <gid>100</gid> + <groupname>users</groupname> + <userlist/> + </group> + <group t="map"> + <gid>499</gid> + <groupname>messagebus</groupname> + <userlist/> + </group> + <group t="map"> + <gid>1</gid> + <groupname>bin</groupname> + <userlist>daemon</userlist> + </group> + <group t="map"> + <gid>488</gid> + <groupname>input</groupname> + <userlist/> + </group> + <group t="map"> + <gid>495</gid> + <groupname>kmem</groupname> + <userlist/> + </group> + <group t="map"> + <gid>493</gid> + <groupname>utmp</groupname> + <userlist/> + </group> + <group t="map"> + <gid>62</gid> + <groupname>man</groupname> + <userlist/> + </group> + <group t="map"> + <gid>477</gid> + <groupname>polkitd</groupname> + <userlist/> + </group> + <group t="map"> + <gid>479</gid> + <groupname>systemd-timesync</groupname> + <userlist/> + </group> + <group t="map"> + <gid>2</gid> + <groupname>daemon</groupname> + <userlist/> + </group> + <group t="map"> + <gid>480</gid> + <groupname>systemd-network</groupname> + <userlist/> + </group> + <group t="map"> + <gid>71</gid> + <groupname>ntadmin</groupname> + <userlist/> + </group> + <group t="map"> + <gid>490</gid> + <groupname>dialout</groupname> + <userlist/> + </group> + <group t="map"> + <gid>59</gid> + <groupname>maildrop</groupname> + <userlist>postfix</userlist> + </group> + <group t="map"> + <gid>478</gid> + <groupname>nscd</groupname> + <userlist/> + </group> + <group t="map"> + <gid>51</gid> + <groupname>postfix</groupname> + <userlist/> + </group> + <group t="map"> + <gid>485</gid> + <groupname>tape</groupname> + <userlist/> + </group> + <group t="map"> + <gid>487</gid> + <groupname>render</groupname> + <userlist/> + </group> + <group t="map"> + <gid>476</gid> + <groupname>sshd</groupname> + <userlist/> + </group> + <group t="map"> + <gid>491</gid> + <groupname>cdrom</groupname> + <userlist/> + </group> + <group t="map"> + <gid>486</gid> + <groupname>sgx</groupname> + <userlist/> + </group> + <group t="map"> + <gid>0</gid> + <groupname>root</groupname> + <userlist/> + </group> + <group t="map"> + <gid>489</gid> + <groupname>disk</groupname> + <userlist/> + </group> + <group t="map"> + <gid>15</gid> + <groupname>shadow</groupname> + <userlist/> + </group> + <group t="map"> + <gid>484</gid> + <groupname>video</groupname> + <userlist/> + </group> + <group t="map"> + <gid>496</gid> + <groupname>wheel</groupname> + <userlist/> + </group> + <group t="map"> + <gid>483</gid> + <groupname>audit</groupname> + <userlist/> + </group> + <group t="map"> + <gid>498</gid> + <groupname>mail</groupname> + <userlist>postfix</userlist> + </group> + <group t="map"> + <gid>5</gid> + <groupname>tty</groupname> + <userlist/> + </group> + <group t="map"> + <gid>65533</gid> + <groupname>nogroup</groupname> + <userlist/> + </group> + <group t="map"> + <gid>65534</gid> + <groupname>nobody</groupname> + <userlist/> + </group> + <group t="map"> + <gid>497</gid> + <groupname>lp</groupname> + <userlist/> + </group> + <group t="map"> + <gid>482</gid> + <groupname>chrony</groupname> + <userlist/> + </group> + <group t="map"> + <gid>492</gid> + <groupname>audio</groupname> + <userlist/> + </group> + <group t="map"> + <gid>494</gid> + <groupname>lock</groupname> + <userlist/> + </group> + <group t="map"> + <gid>36</gid> + <groupname>kvm</groupname> + <userlist/> + </group> + <group t="map"> + <gid>42</gid> + <groupname>trusted</groupname> + <userlist/> + </group> + <group t="map"> + <gid>481</gid> + <groupname>systemd-journal</groupname> + <userlist/> + </group> + </groups> + <host t="map"> + <hosts t="list"> + <hosts_entry t="map"> + <host_address>127.0.0.1</host_address> + <names t="list"> + <name>localhost</name> + </names> + </hosts_entry> + <hosts_entry t="map"> + <host_address>::1</host_address> + <names t="list"> + <name>localhost ipv6-localhost ipv6-loopback</name> + </names> + </hosts_entry> + <hosts_entry t="map"> + <host_address>fe00::0</host_address> + <names t="list"> + <name>ipv6-localnet</name> + </names> + </hosts_entry> + <hosts_entry t="map"> + <host_address>ff00::0</host_address> + <names t="list"> + <name>ipv6-mcastprefix</name> + </names> + </hosts_entry> + <hosts_entry t="map"> + <host_address>ff02::1</host_address> + <names t="list"> + <name>ipv6-allnodes</name> + </names> + </hosts_entry> + <hosts_entry t="map"> + <host_address>ff02::2</host_address> + <names t="list"> + <name>ipv6-allrouters</name> + </names> + </hosts_entry> + <hosts_entry t="map"> + <host_address>ff02::3</host_address> + <names t="list"> + <name>ipv6-allhosts</name> + </names> + </hosts_entry> + </hosts> + </host> + <language t="map"> + <language>en_GB</language> + <languages>en_GB</languages> + </language> + <networking t="map"> + <dhcp_options t="map"> + <dhclient_client_id/> + <dhclient_hostname_option>AUTO</dhclient_hostname_option> + </dhcp_options> + <dns t="map"> + <dhcp_hostname t="boolean">true</dhcp_hostname> + <hostname>localhost</hostname> + <resolv_conf_policy>auto</resolv_conf_policy> + </dns> + <interfaces t="list"> + <interface t="map"> + <bootproto>dhcp</bootproto> + <name>eth0</name> + <startmode>auto</startmode> + <zone>public</zone> + </interface> + </interfaces> + <ipv6 t="boolean">true</ipv6> + <keep_install_network t="boolean">true</keep_install_network> + <managed t="boolean">false</managed> + <routing t="map"> + <ipv4_forward t="boolean">false</ipv4_forward> + <ipv6_forward t="boolean">false</ipv6_forward> + </routing> + </networking> + <ntp-client t="map"> + <ntp_policy>auto</ntp_policy> + <ntp_servers t="list"/> + <ntp_sync>systemd</ntp_sync> + </ntp-client> + <partitioning t="list"> + <drive t="map"> + <device>/dev/vda</device> + <disklabel>gpt</disklabel> + <enable_snapshots t="boolean">false</enable_snapshots> + <partitions t="list"> + <partition t="map"> + <create t="boolean">true</create> + <filesystem t="symbol">vfat</filesystem> + <format t="boolean">true</format> + <fstopt>utf8</fstopt> + <mount>/boot/efi</mount> + <mountby t="symbol">uuid</mountby> + <partition_id t="integer">259</partition_id> + <partition_nr t="integer">1</partition_nr> + <resize t="boolean">false</resize> + <size>134217728</size> + </partition> + <partition t="map"> + <create t="boolean">true</create> + <create_subvolumes t="boolean">true</create_subvolumes> + <filesystem t="symbol">btrfs</filesystem> + <format t="boolean">true</format> + <mount>/</mount> + <mountby t="symbol">uuid</mountby> + <partition_id t="integer">131</partition_id> + <partition_nr t="integer">2</partition_nr> + <quotas t="boolean">false</quotas> + <resize t="boolean">false</resize> + <size>6307167744</size> + <subvolumes t="list"> + <subvolume t="map"> + <copy_on_write t="boolean">false</copy_on_write> + <path>var</path> + </subvolume> + <subvolume t="map"> + <copy_on_write t="boolean">true</copy_on_write> + <path>usr/local</path> + </subvolume> + <subvolume t="map"> + <copy_on_write t="boolean">true</copy_on_write> + <path>tmp</path> + </subvolume> + <subvolume t="map"> + <copy_on_write t="boolean">true</copy_on_write> + <path>srv</path> + </subvolume> + <subvolume t="map"> + <copy_on_write t="boolean">true</copy_on_write> + <path>root</path> + </subvolume> + <subvolume t="map"> + <copy_on_write t="boolean">true</copy_on_write> + <path>opt</path> + </subvolume> + <subvolume t="map"> + <copy_on_write t="boolean">true</copy_on_write> + <path>home</path> + </subvolume> + <subvolume t="map"> + <copy_on_write t="boolean">true</copy_on_write> + <path>boot/grub2/arm64-efi</path> + </subvolume> + </subvolumes> + <subvolumes_prefix>@</subvolumes_prefix> + </partition> + </partitions> + <type t="symbol">CT_DISK</type> + <use>all</use> + </drive> + </partitioning> + <proxy t="map"> + <enabled t="boolean">false</enabled> + </proxy> + <services-manager t="map"> + <default_target>multi-user</default_target> + <services t="map"> + <enable t="list"> + <service>YaST2-Firstboot</service> + <service>YaST2-Second-Stage</service> + <service>apparmor</service> + <service>auditd</service> + <service>klog</service> + <service>chronyd</service> + <service>cron</service> + <service>cups</service> + <service>firewalld</service> + <service>wickedd-auto4</service> + <service>wickedd-dhcp4</service> + <service>wickedd-dhcp6</service> + <service>wickedd-nanny</service> + <service>irqbalance</service> + <service>issue-generator</service> + <service>kbdsettings</service> + <service>wicked</service> + <service>nscd</service> + <service>postfix</service> + <service>purge-kernels</service> + <service>rsyslog</service> + <service>smartd</service> + <service>sshd</service> + <service>systemd-pstore</service> + <service>systemd-remount-fs</service> + </enable> + </services> + </services-manager> + <software t="map"> + <install_recommended t="boolean">true</install_recommended> + <instsource/> + <packages t="list"> + <package>wicked</package> + <package>shim</package> + <package>os-prober</package> + <package>openssh</package> + <package>openSUSE-release</package> + <package>mokutil</package> + <package>kexec-tools</package> + <package>grub2-arm64-efi</package> + <package>glibc</package> + <package>firewalld</package> + <package>e2fsprogs</package> + <package>dosfstools</package> + <package>chrony</package> + <package>btrfsprogs</package> + <package>autoyast2</package> + </packages> + <patterns t="list"> + <pattern>apparmor</pattern> + <pattern>base</pattern> + <pattern>documentation</pattern> + <pattern>enhanced_base</pattern> + <pattern>minimal_base</pattern> + <pattern>sw_management</pattern> + <pattern>yast2_basis</pattern> + </patterns> + <products t="list"> + <product>Leap</product> + </products> + </software> + <ssh_import t="map"> + <copy_config t="boolean">false</copy_config> + <import t="boolean">false</import> + </ssh_import> + <user_defaults t="map"> + <expire/> + <group>100</group> + <home>/home</home> + <inactive>-1</inactive> + <shell>/bin/bash</shell> + <umask>022</umask> + </user_defaults> + <users t="list"> + <user t="map"> + <authorized_keys t="list"/> + <encrypted t="boolean">true</encrypted> + <fullname>user</fullname> + <gid>100</gid> + <home>/home/user</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max>99999</max> + <min>0</min> + <warn>7</warn> + </password_settings> + <shell>/bin/bash</shell> + <uid>1000</uid> + <user_password>$6$WV8CB/c6j0zhAi5S$4euhbt4alH7WNfaatS9IJgPiiKDJ48d5Ru1zCZCA0N9GiyOPuefN2PAUWlyYeTgqAInpyvPh1frdp4fFVjvEn0</user_password> + <username>user</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>User for nscd</fullname> + <gid>478</gid> + <home>/run/nscd</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/sbin/nologin</shell> + <uid>478</uid> + <user_password>!</user_password> + <username>nscd</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>systemd Network Management</fullname> + <gid>480</gid> + <home>/</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>480</uid> + <user_password>!*</user_password> + <username>systemd-network</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>Daemon</fullname> + <gid>2</gid> + <home>/sbin</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>2</uid> + <user_password>!</user_password> + <username>daemon</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>systemd Time Synchronization</fullname> + <gid>479</gid> + <home>/</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>479</uid> + <user_password>!*</user_password> + <username>systemd-timesync</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>user for rpcbind</fullname> + <gid>65534</gid> + <home>/var/lib/empty</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/sbin/nologin</shell> + <uid>475</uid> + <user_password>!</user_password> + <username>rpc</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>SSH daemon</fullname> + <gid>476</gid> + <home>/var/lib/sshd</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>476</uid> + <user_password>!</user_password> + <username>sshd</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>Postfix Daemon</fullname> + <gid>51</gid> + <home>/var/spool/postfix</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>51</uid> + <user_password>!</user_password> + <username>postfix</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>NFS statd daemon</fullname> + <gid>65533</gid> + <home>/var/lib/nfs</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/sbin/nologin</shell> + <uid>474</uid> + <user_password>!</user_password> + <username>statd</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>bin</fullname> + <gid>1</gid> + <home>/bin</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>1</uid> + <user_password>!</user_password> + <username>bin</username> + </user> + <user t="map"> + <authorized_keys t="list"/> + <encrypted t="boolean">true</encrypted> + <fullname>root</fullname> + <gid>0</gid> + <home>/root</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/bin/bash</shell> + <uid>0</uid> + <user_password>$6$zAe5W7gw/kja9aKy$mM.BWtNyjalXrDNig4CUfN3bgfmehUIs8.zvBwWn1XroK104G.rY3lyup3OH8TujieUmgO4J74Df.LktV4A1K1</user_password> + <username>root</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>User for D-Bus</fullname> + <gid>499</gid> + <home>/run/dbus</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/bin/false</shell> + <uid>499</uid> + <user_password>!</user_password> + <username>messagebus</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>Manual pages viewer</fullname> + <gid>62</gid> + <home>/var/lib/empty</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>13</uid> + <user_password>!</user_password> + <username>man</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>Printing daemon</fullname> + <gid>497</gid> + <home>/var/spool/lpd</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>497</uid> + <user_password>!</user_password> + <username>lp</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>User for polkitd</fullname> + <gid>477</gid> + <home>/var/lib/polkit</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>477</uid> + <user_password>!</user_password> + <username>polkitd</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>Chrony Daemon</fullname> + <gid>482</gid> + <home>/var/lib/chrony</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>496</uid> + <user_password>!</user_password> + <username>chrony</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>nobody</fullname> + <gid>65534</gid> + <home>/var/lib/nobody</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/bin/bash</shell> + <uid>65534</uid> + <user_password>!</user_password> + <username>nobody</username> + </user> + <user t="map"> + <encrypted t="boolean">true</encrypted> + <fullname>Mailer daemon</fullname> + <gid>498</gid> + <home>/var/spool/clientmqueue</home> + <home_btrfs_subvolume t="boolean">false</home_btrfs_subvolume> + <password_settings t="map"> + <expire/> + <flag/> + <inact/> + <max/> + <min/> + <warn/> + </password_settings> + <shell>/usr/sbin/nologin</shell> + <uid>498</uid> + <user_password>!</user_password> + <username>mail</username> + </user> + </users> +</profile> |