meta-openembedded/meta-networking/dynamic-layers/meta-python/recipes-connectivity/firewalld/files/run-ptest
Adrian Freihofer 63d6205550 firewalld: update to 1.1.1 fixes ptest
Update firewalld by 2 major versions, which also includes breaking and
behavioral changes.

Highlights from 0.9 to 1.0:
- Reduced dependencies
- Intra-zone forwarding by default
- NAT rules moved to inet family (reduced rule set)
- Default target is now similar to reject
- ICMP blocks and block inversion only apply to input, not forward
- tftp-client service has been removed
- iptables backend is deprecated
- Direct interface is deprecated
- CleanupModulesOnExit defaults to no (kernel modules not unloaded)
Details:
- https://firewalld.org/2021/07/firewalld-1-0-0-release
- https://github.com/firewalld/firewalld/compare/v0.9.0...v1.0.0

From 1.0 to 1.1 is mostly a bug fix release update.
Details:
- https://firewalld.org/2022/02/firewalld-1-1-0-release
- https://github.com/firewalld/firewalld/compare/v0.9.0...v1.0.0

Improvements on the recipe:
- Add ptest
  - Very helpful to get all the kernel modules
  - Long running, probably not suitable for any OE autobuilder
- RRECOMMENS kernel modules, document configuration
- Improve package splitting
  - firewalld-config and firewalld-applet depend on QT5, pyqt5 and GTK.
    The dependencies were not correctly set but the code was ending up
    on the target device. Now the code gets into a separate package but
    the dependeinces are probably still not complete. Since this is
    probably not used anyway it is not tested yet. It's still not
    perfect but much better than installing broken stuff to the target
    device.
  - The dependenices are added to variables instead of rdepends to keep
    the meta-qt5 and gnome layers optional also at build-time.
- New packageconfigs: ebtables, ipset. This is mosly required to get the
  test suite running but probably also usable otherwise.

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-06-30 07:01:37 -04:00

521 B

#!/bin/sh

ret_val=0

Check if all the kernel modules are available

FIREWALLD_KERNEL_MODULES="@@FIREWALLD_KERNEL_MODULES@@" for m in $FIREWALLD_KERNEL_MODULES; do if modprobe $m; then echo "PASS: loading $m" else echo "FAIL: loading $m" ret_val=1 fi done

Run the test suite from firewalld

Failing testsuites: 203 226 241 250 270 280 281 282 285 286

Problem icmpv6 compared against ipv6-icmptype?

/usr/share/firewalld/testsuite/testsuite -C /tmp -A || ret_val=1

exit $ret_val