diff --git a/.cockpit-appstream.metadata b/.cockpit-appstream.metadata index 66b4ab7..446f877 100644 --- a/.cockpit-appstream.metadata +++ b/.cockpit-appstream.metadata @@ -1,2 +1,2 @@ -966f5b12e230d08d7ffe35ffbbcf882153454430 SOURCES/cockpit-275.tar.xz -3ea687c846787a99fc1fb28b14f44aba48be90ed SOURCES/cockpit-machines-273.tar.xz +256de4a4ebadbf0c4d1b5b70727e5d9f00674bbe SOURCES/cockpit-286.1.tar.xz +d7772c2e0aadeacfca24a1fe7f6d33c1fb6f4e54 SOURCES/cockpit-machines-284.1.tar.xz diff --git a/.gitignore b/.gitignore index 091a3f7..2bd8eee 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/cockpit-275.tar.xz -SOURCES/cockpit-machines-273.tar.xz +SOURCES/cockpit-286.1.tar.xz +SOURCES/cockpit-machines-284.1.tar.xz diff --git a/SPECS/cockpit-appstream.spec b/SPECS/cockpit-appstream.spec index 1bcab66..252c649 100644 --- a/SPECS/cockpit-appstream.spec +++ b/SPECS/cockpit-appstream.spec @@ -28,7 +28,7 @@ # we maintain the basic/optional split, then it can be replaced with just %{version}. %define required_base 266 -%define machines_version 273 +%define machines_version 284.1 # we generally want CentOS packages to be like RHEL; special cases need to check %{centos} explicitly %if 0%{?centos} @@ -51,7 +51,7 @@ Summary: Web Console for Linux servers License: LGPLv2+ URL: https://cockpit-project.org/ -Version: 275 +Version: 286.1 Release: 1%{?dist} Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz Source1: https://github.com/cockpit-project/cockpit-machines/releases/download/%{machines_version}/cockpit-machines-%{machines_version}.tar.xz @@ -77,6 +77,13 @@ Source1: https://github.com/cockpit-project/cockpit-machines/releases/dow %define build_optional 1 %endif +# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH. +%if 0%{?rhel} && 0%{?rhel} <= 8 +%define disallow_root 0 +%else +%define disallow_root 1 +%endif + # Ship custom SELinux policy (but not for cockpit-appstream) %if "%{name}" == "cockpit" %define selinuxtype targeted @@ -256,13 +263,13 @@ done for data in doc man pixmaps polkit-1; do rm -r %{buildroot}/%{_datadir}/$data done -for lib in systemd tmpfiles.d; do - rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib -done +rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d +find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do rm %{buildroot}/%{_libexecdir}/$libexec done -rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d +rm -r %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d +rm -f %{buildroot}/%{_libdir}/security/pam_* rm %{buildroot}/usr/bin/cockpit-bridge rm -f %{buildroot}%{_libexecdir}/cockpit-ssh rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml @@ -274,7 +281,9 @@ for pkg in apps packagekit pcp playground storaged; do rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg done # files from -tests -rm -r %{buildroot}/%{_prefix}/%{__lib}/cockpit-test-assets +rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so +rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket +rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service # files from -pcp rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/ # files from -storaged @@ -299,6 +308,7 @@ cat kdump.list sosreport.list networkmanager.list selinux.list >> system.list rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-kdump.metainfo.xml rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-selinux.metainfo.xml +rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png %endif @@ -327,8 +337,6 @@ troubleshooting, interactive command-line sessions, and more. Summary: Cockpit bridge server-side component Requires: glib-networking Provides: cockpit-ssh = %{version}-%{release} -# PR #10430 dropped workaround for ws' inability to understand x-host-key challenge -Conflicts: cockpit-ws < 181.x # 233 dropped jquery.js, pages started to bundle it (commit 049e8b8dce) Conflicts: cockpit-dashboard < 233 Conflicts: cockpit-networkmanager < 233 @@ -434,6 +442,7 @@ authentication via sssd/FreeIPA. # created in %post, so that users can rm the files %ghost %{_sysconfdir}/issue.d/cockpit.issue %ghost %{_sysconfdir}/motd.d/cockpit +%ghost %attr(0644, root, root) %{_sysconfdir}/cockpit/disallowed-users %dir %{_datadir}/cockpit/motd %{_datadir}/cockpit/motd/update-motd %{_datadir}/cockpit/motd/inactive.motd @@ -482,10 +491,16 @@ if [ -x %{_sbindir}/selinuxenabled ]; then fi # set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them +# disable root login on first-time install; so existing installations aren't changed if [ "$1" = 1 ]; then mkdir -p /etc/motd.d /etc/issue.d ln -s ../../run/cockpit/motd /etc/motd.d/cockpit ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue + printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users +%if 0%{?disallow_root} + printf "root\n" >> /etc/cockpit/disallowed-users +%endif + chmod 644 /etc/cockpit/disallowed-users fi %tmpfiles_create cockpit-tempfiles.conf @@ -557,6 +572,7 @@ BuildArch: noarch The Cockpit component for managing networking. This package uses NetworkManager. %files networkmanager -f networkmanager.list +%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml %endif @@ -618,8 +634,8 @@ The Cockpit component for managing storage. This package uses udisks. %package -n cockpit-tests Summary: Tests for Cockpit -Requires: cockpit-bridge >= 138 -Requires: cockpit-system >= 138 +Requires: cockpit-bridge >= %{required_base} +Requires: cockpit-system >= %{required_base} Requires: openssh-clients Provides: cockpit-test-assets = %{version}-%{release} @@ -628,7 +644,9 @@ This package contains tests and files used while testing Cockpit. These files are not required for running Cockpit. %files -n cockpit-tests -f tests.list -%{_prefix}/%{__lib}/cockpit-test-assets +%{pamdir}/mock-pam-conv-mod.so +%{_unitdir}/cockpit-session.socket +%{_unitdir}/cockpit-session@.service %package -n cockpit-machines BuildArch: noarch @@ -693,6 +711,28 @@ via PackageKit. # The changelog is automatically generated and merged %changelog +* Thu Feb 23 2023 Martin Pitt - 286.1-1 +- Translation updates (rhbz#2139719) + +* Wed Feb 22 2023 Martin Pitt - 286-1 +- Stability and performance improvements + +* Wed Feb 08 2023 Martin Pitt - 285-1 +- Stability and performance improvements + +* Thu Jan 26 2023 Martin Pitt - 284-1 +- Storage: Set up a system to use NBDE +- Machines: Option to forcefully revert a snapshot +- Fix tabular numbers font + +* Wed Jan 11 2023 Katerina Koukiou - 283-1 +- Machines: Summarize system and user session differences +- Machines: Virtual watchdog device support + +* Wed Nov 23 2022 Matej Marusak - 278-1 +- Machines: Allow TRIM/UNMAP requests by default for newly added disks +- Machines: Insert and eject CD & DVD media + * Thu Aug 25 2022 Matej Marusak - 275-1 - Machines: Offer downloading RHEL OS only for RHEL >= 8 (rhbz#2118236)