search

KaOSx / apps

KDE SC and applications
https://kaosx.us/packages/packages.php?sortby=name&sordir=asc&repo=apps
27 stars 20 forks source link

NOMAD fails to load UFW at boot #198

Closed NoSavvy closed 4 years ago

NoSavvy commented 4 years ago

Submission type

Nomad front end. Plasma Ver. 5.18.2

Used repositories

Expected behaviour

Disable NOMAD, Add firewall rules and restart NOMAD. Rules should be applied after a reboot.

Actual behaviour

After reboot NOMAD will show that the firewall is on, but UFW status shows as disabled and all ports are available. UFW should be enabled by default when using NOMAD

Steps to reproduce the problem

Disable NOMAD, Add firewall rules and restart NOMAD. Rules should be applied after a reboot.

System info link created by Octopi > Tools > SysInfo

demmm commented 4 years ago

Checking in cli does not show where nomad sets enabled, output (and switching from disable to enable:

kcmshell5 org_nxos_firewall
file:///usr/lib/qt5/qml/org/kde/kirigami.2/templates/AbstractApplicationHeader.qml:35:5: Unable to assign QQuickItem_QML_70 to Page_QMLTYPE_195
file:///usr/lib/qt5/qml/org/kde/kirigami.2/private/globaltoolbar/BreadcrumbControl.qml:58:21: Unable to assign QQuickItem_QML_70 to Page_QMLTYPE_195
Debug message from helper: query
Debug message from helper: run ("--status", "--defaults", "--list", "--modules")
Debug message from helper: run /bin/netstat ("-ntuap")
Debug message from helper: viewlog
""
Debug message from helper: modify
Debug message from helper: run ("--setEnabled=true")
Debug message from helper: run ("--status")
Debug message from helper: query
Debug message from helper: run ("--status", "--defaults", "--list", "--modules")

Will check after reboot, if it is disabled again. If so, then really is a bug in Nomad.

demmm commented 4 years ago

OK, disabled after reboot. File Nomad writes to is /etc/ufw/ufw.conf and it properly goes from disabled to enabled. Now figuring if this is a Nomad or UFW bug.....

demmm commented 4 years ago

If not on the [build] repo, please test with:

sudo pacman -U http://kaosx.tk/repo/build/ufw-0.36-3-x86_64.pkg.tar.zst

and let me know if the pop-up message is clear enough. New installs will have ufw enabled from now on, won't enable on existing installs, thus the message.

NoSavvy commented 4 years ago

Ok Demm, Message is clear enough but maybe mention NOMAD, as that is where it is misleading.

Thanks.

demmm commented 4 years ago

IMO, it is a bug in Nomad, but that is another story (it should never set enable without checking if UFW is activated). There is nothing I can enable in Nomad, so UFW is the only correct place to warn. Or I should be able to patch Nomad to both edit /etc/ufw/uwf.conf and run systemctl enable ufw (that is what it should do, and I was under the impression it did....)

demmm commented 4 years ago

Patching Nomad fixes the issue, but it currently won't build (seems Qt 5.14 issue). Patch can be applied on running system though, just edit /usr/lib/nomad_ufw_plugin_helper.py and apply the following changes:

--- a/plugins/ufw/helper/kcm_ufw_helper.py.cmake    2018-05-28 18:42:07.000000000 +0200
+++ b/plugins/ufw/helper/kcm_ufw_helper.py.cmake    2020-03-11 17:20:08.890711609 +0100
@@ -35,6 +35,7 @@

 import getopt
 import shutil
+import subprocess
 import hashlib
 import io

@@ -326,8 +327,10 @@
 def setEnabled(ufw, status):
     if status.lower() == "false":
         stat=False
+        os.system('systemctl disable ufw')
     else:
         stat=True
+        os.system('systemctl enable ufw')
     if stat != ufw.backend._is_enabled():
         ufw.set_enabled(stat)
         if ufw.backend._is_enabled() != stat:

That it the true fix to this bug imo.