From c76a7e24f53397c12925630ad9960981b23a357e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 05 2021 20:47:56 +0000 Subject: import cockpit-appstream-251-1.el8 --- diff --git a/.cockpit-appstream.metadata b/.cockpit-appstream.metadata index 1fa6933..8cf76ab 100644 --- a/.cockpit-appstream.metadata +++ b/.cockpit-appstream.metadata @@ -1 +1,2 @@ -e96e3ae84e9873afa290d6e4dd861021d93bc341 SOURCES/cockpit-238.1.tar.xz +d59a0eb6157945319714511842aa46e2b1645941 SOURCES/cockpit-251.tar.xz +a0f57d0c6cbb5c198464e58efbaeacdb8f0b8218 SOURCES/cockpit-machines-250.1.tar.gz diff --git a/.gitignore b/.gitignore index b693518..000887a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -SOURCES/cockpit-238.1.tar.xz +SOURCES/cockpit-251.tar.xz +SOURCES/cockpit-machines-250.1.tar.gz diff --git a/SPECS/cockpit-appstream.spec b/SPECS/cockpit-appstream.spec index 6f64c54..691f1fa 100644 --- a/SPECS/cockpit-appstream.spec +++ b/SPECS/cockpit-appstream.spec @@ -1,5 +1,5 @@ # This spec file has been automatically updated -Version: 238.1 +Version: 251 Release: 1%{?dist} # # Copyright (C) 2014-2020 Red Hat, Inc. @@ -19,7 +19,7 @@ Release: 1%{?dist} # # This file is maintained at the following location: -# https://github.com/cockpit-project/cockpit/blob/master/tools/cockpit.spec +# https://github.com/cockpit-project/cockpit/blob/main/tools/cockpit.spec # # If you are editing this file in another location, changes will likely # be clobbered the next time an automated release is done. @@ -35,6 +35,8 @@ Release: 1%{?dist} # by tools/gen-spec-dependencies during "make dist", but keep a hardcoded fallback %define required_base 122 +%define machines_version 250.1 + # we generally want CentOS packages to be like RHEL; special cases need to check %{centos} explicitly %if 0%{?centos} %define rhel %{centos} @@ -44,12 +46,8 @@ Release: 1%{?dist} %define __lib lib -%if 0%{?rhel} -%define vdo_on_demand 1 -%endif - -%if 0%{?suse_version} -%define pamdir /%{_lib}/security +%if %{defined _pamdir} +%define pamdir %{_pamdir} %else %define pamdir %{_libdir}/security %endif @@ -64,10 +62,11 @@ URL: https://cockpit-project.org/ Source0: cockpit-%{version}.tar.xz %else Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz +Source1: https://github.com/cockpit-project/cockpit-machines/releases/download/%{machines_version}/cockpit-machines-%{machines_version}.tar.gz %endif # in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system}) -# and cockpit-appstream (building optional packages like cockpit-{machines,pcp}) +# and cockpit-appstream (building optional packages like cockpit-{pcp}) # This split does not apply to EPEL/COPR. # In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream %if 0%{?rhel} == 8 && 0%{?epel} == 0 @@ -85,6 +84,13 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %define build_optional 1 %endif +# Ship custom SELinux policy only in Fedora and RHEL-9 onward +%if 0%{?rhel} >= 9 || 0%{?fedora} +%define selinuxtype targeted +%define with_selinux 1 +%define selinux_policy_version %(rpm --quiet -q selinux-policy && rpm -q --queryformat "%{V}-%{R}" selinux-policy || echo 1) +%endif + BuildRequires: gcc BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(json-glib-1.0) @@ -129,6 +135,11 @@ BuildRequires: gdb # For documentation BuildRequires: xmlto +%if 0%{?with_selinux} +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +%endif + # This is the "cockpit" metapackage. It should only # Require, Suggest or Recommend other cockpit-xxx subpackages @@ -150,6 +161,7 @@ Recommends: subscription-manager-cockpit %endif %prep +%setup -q -T -a 1 -c -n cockpit-machines-%{machines_version} %setup -q -n cockpit-%{version} %build @@ -159,8 +171,6 @@ exec 2>&1 --with-cockpit-user=cockpit-ws \ --with-cockpit-ws-instance-user=cockpit-wsinstance \ --with-selinux-config-type=etc_t \ - --with-appstream-data-packages='[ "appstream-data" ]' \ - --with-nfs-client-package='"nfs-utils"' \ %if 0%{?suse_version} --docdir=%_defaultdocdir/%{name} \ %endif @@ -168,9 +178,14 @@ exec 2>&1 %if 0%{?build_basic} == 0 --disable-ssh \ %endif - %{?vdo_on_demand:--with-vdo-package='"vdo"'} + make -j4 %{?extra_flags} all +%if 0%{?with_selinux} + make -f /usr/share/selinux/devel/Makefile cockpit.pp + bzip2 -9 cockpit.pp +%endif + %check exec 2>&1 # HACK: Fedora koji builders are very slow, unreliable, and inaccessible for debugging; https://github.com/cockpit-project/cockpit/issues/13909 @@ -190,11 +205,20 @@ exec 2>&1 %install %make_install make install-tests DESTDIR=%{buildroot} +make -C %{_builddir}/cockpit-machines-%{machines_version}/cockpit-machines install DESTDIR=%{buildroot} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit rm -f %{buildroot}/%{_libdir}/cockpit/*.so install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/ +%if 0%{?with_selinux} + install -D -m 644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_session_selinux.8cockpit + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_ws_selinux.8cockpit + # create this directory in the build root so that %ghost sees the desired mode + install -d -m 700 %{buildroot}%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + # only ship deprecated PatternFly API for stable releases %if 0%{?fedora} <= 33 || 0%{?rhel} <= 8 ln -s cockpit.css.gz %{buildroot}/%{_datadir}/cockpit/base1/patternfly.css.gz @@ -256,6 +280,7 @@ echo '%dir %{_datadir}/cockpit/playground' > tests.list find %{buildroot}%{_datadir}/cockpit/playground -type f >> tests.list echo '%dir %{_datadir}/cockpit/static' > static.list +echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list # when not building basic packages, remove their files @@ -270,7 +295,7 @@ done for lib in systemd tmpfiles.d; do rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib done -for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop; do +for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do rm %{buildroot}/%{_libexecdir}/$libexec done rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d @@ -281,15 +306,13 @@ rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml # when not building optional packages, remove their files %if 0%{?build_optional} == 0 -for pkg in apps machines packagekit pcp playground storaged; do +for pkg in apps packagekit pcp playground storaged; do rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg done # files from -tests rm -r %{buildroot}/%{_prefix}/%{__lib}/cockpit-test-assets # files from -pcp rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/ -# files from -machines -rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-machines.metainfo.xml # files from -storaged rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml %endif @@ -302,8 +325,6 @@ sed -i "s|%{buildroot}||" *.list pushd %{buildroot}/%{_datadir}/cockpit/branding find -L * -type l -printf "%H\n" | sort -u | xargs rm -rv popd -# need this in SUSE as post build checks dislike stale symlinks -install -m 644 -D /dev/null %{buildroot}/run/cockpit/motd %else %global _debugsource_packages 1 %global _debuginfo_subpackages 0 @@ -401,10 +422,9 @@ Provides: cockpit-shell = %{version}-%{release} Provides: cockpit-systemd = %{version}-%{release} Provides: cockpit-tuned = %{version}-%{release} Provides: cockpit-users = %{version}-%{release} -Obsoletes: cockpit-dashboard +Obsoletes: cockpit-dashboard < %{version}-%{release} %if 0%{?rhel} Provides: cockpit-networkmanager = %{version}-%{release} -Obsoletes: cockpit-networkmanager Requires: NetworkManager >= 1.6 Provides: cockpit-kdump = %{version}-%{release} Requires: kexec-tools @@ -423,7 +443,6 @@ Recommends: (reportd >= 0.7.1 if abrt) %endif # NPM modules which are also available as packages Provides: bundled(js-jquery) = 3.5.1 -Provides: bundled(js-moment) = 2.29.1 Provides: bundled(xstatic-bootstrap-datepicker-common) = 1.9.0 Provides: bundled(xstatic-patternfly-common) = 3.59.5 @@ -438,6 +457,10 @@ Summary: Cockpit Web Service Requires: glib-networking Requires: openssl Requires: glib2 >= 2.50.0 +%if 0%{?with_selinux} +Requires: (selinux-policy >= %{selinux_policy_version} if selinux-policy-%{selinuxtype}) +Requires(post): (policycoreutils if selinux-policy-%{selinuxtype}) +%endif Conflicts: firewalld < 0.6.0-1 Recommends: sscg >= 2.3 Recommends: system-logos @@ -455,15 +478,13 @@ authentication via sssd/FreeIPA. %doc %{_mandir}/man8/cockpit-ws.8.gz %doc %{_mandir}/man8/cockpit-tls.8.gz %doc %{_mandir}/man8/remotectl.8.gz -%doc %{_mandir}/man8/pam_cockpit_cert.8.gz %doc %{_mandir}/man8/pam_ssh_add.8.gz %dir %{_sysconfdir}/cockpit %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d %config(noreplace) %{_sysconfdir}/pam.d/cockpit -%config %{_sysconfdir}/issue.d/cockpit.issue -%config %{_sysconfdir}/motd.d/cockpit -%ghost /run/cockpit/motd -%ghost %dir /run/cockpit +# created in %post, so that users can rm the files +%ghost %{_sysconfdir}/issue.d/cockpit.issue +%ghost %{_sysconfdir}/motd.d/cockpit %dir %{_datadir}/cockpit/motd %{_datadir}/cockpit/motd/update-motd %{_datadir}/cockpit/motd/inactive.motd @@ -487,27 +508,69 @@ authentication via sssd/FreeIPA. %{_libexecdir}/cockpit-wsinstance-factory %{_libexecdir}/cockpit-tls %{_libexecdir}/cockpit-desktop +%{_libexecdir}/cockpit-certificate-ensure +%{_libexecdir}/cockpit-certificate-helper %attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session %{_datadir}/cockpit/branding +%if 0%{?with_selinux} + %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %{_mandir}/man8/%{name}_session_selinux.8cockpit.* + %{_mandir}/man8/%{name}_ws_selinux.8cockpit.* + %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + %pre ws getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_relabel_pre -s %{selinuxtype} +fi +%endif + %post ws +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %selinux_relabel_post -s %{selinuxtype} +fi +%endif + +# set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them +if [ "$1" = 1 ]; then + mkdir -p /etc/motd.d /etc/issue.d + ln -s /run/cockpit/motd /etc/motd.d/cockpit + ln -s /run/cockpit/motd /etc/issue.d/cockpit.issue +fi + %tmpfiles_create cockpit-tempfiles.conf -%systemd_post cockpit.socket +%systemd_post cockpit.socket cockpit.service # firewalld only partially picks up changes to its services files without this test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true +# check for deprecated PAM config +if grep --color=auto pam_cockpit_cert %{_sysconfdir}/pam.d/cockpit; then + echo '**** WARNING:' + echo '**** WARNING: pam_cockpit_cert is a no-op and will be removed in a' + echo '**** WARNING: future release; remove it from your /etc/pam.d/cockpit.' + echo '**** WARNING:' +fi + %preun ws -%systemd_preun cockpit.socket +%systemd_preun cockpit.socket cockpit.service %postun ws -%systemd_postun_with_restart cockpit.socket -%systemd_postun_with_restart cockpit.service +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} + %selinux_relabel_post -s %{selinuxtype} +fi +%endif +%systemd_postun_with_restart cockpit.socket cockpit.service # ------------------------------------------------------------------------------- # Sub-packages that are part of cockpit-system in RHEL/CentOS, but separate in Fedora @@ -651,12 +714,12 @@ The Cockpit components for managing virtual machines. If "virt-install" is installed, you can also create new virtual machines. %files -n cockpit-machines -f machines.list -%{_datadir}/metainfo/org.cockpit-project.cockpit-machines.metainfo.xml +%{_datadir}/metainfo/org.cockpit-project.machines.metainfo.xml %package -n cockpit-pcp Summary: Cockpit PCP integration -Requires: cockpit-bridge >= 134.x -Requires(post): pcp +Requires: cockpit-bridge >= 238.1.1 +Requires: pcp %description -n cockpit-pcp Cockpit support for reading PCP metrics and loading PCP archives. @@ -674,6 +737,8 @@ BuildArch: noarch Requires: cockpit-bridge >= 186 Requires: PackageKit Recommends: python3-tracer +# HACK: https://bugzilla.redhat.com/show_bug.cgi?id=1800468 +Requires: polkit %description -n cockpit-packagekit The Cockpit components for installing OS updates and Cockpit add-ons, @@ -686,6 +751,37 @@ via PackageKit. # The changelog is automatically generated and merged %changelog +* Thu Aug 19 2021 Matej Marusak - 251-1 +- Machines: Always show current disk bus type (rhbz#1985256) + +* Wed Aug 04 2021 Martin Pitt - 250-1 +- Software Updates: Introduce basic kpatch support +- Software Updates: Handle unregistered RHEL systems with non-CDN OS repository + (rhbz#1970057) +- Machines: Read qemu.conf to get spice/vnc address (rhbz#1963701) + +* Wed Jul 21 2021 Matej Marusak - 249-1 +- Machines: Fix input for "Target Path" when Creating storage pool (rhbz#1866225) +- Machines: Don't round or floor memory and storage size unnecessarily (rhbz#1979152) +- Machines: Use cockpit's proxy API for monitoring libvirt service changes (rhbz#1974223) +- Machines: Fix ooops when press the down arrow several times when inputting custom path (rhbz#1977554) + +* Thu Jul 09 2021 Katerina Koukiou - 248-1 +- Machines: Share host files with the guest using virtiofs +- Machines: Show list of pass-through devices + +* Tue Jun 15 2021 Martin Pitt - 246-1 +- Polish of the Storage page +- Storage: Show both SHA256 and SHA1 Tang fingerprints +- Updated translations + +* Tue May 18 2021 Martin Pitt - 244.1-1 +- Machines: Edit the MAC address of a VM’s network interface + +* Fri Apr 16 2021 Martin Pitt - 242-1 +- Updates: Show subscription status on cloud images (rhbz#1931429) +- Machines: Allow creation of non-root user for unattended installations (rhbz#1940287) + * Mon Feb 22 2021 Martin Pitt - 238.1-1 - Several UI alignment fixes - Updates: Show PackageKit errors properly