From b59cd7b39c1d861c28bb4636840e22cb11c532a6 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Dec 23 2022 06:09:48 +0000
Subject: import cockpit-282.1-1.el8


---

diff --git a/.cockpit.metadata b/.cockpit.metadata
index d863580..58d45fb 100644
--- a/.cockpit.metadata
+++ b/.cockpit.metadata
@@ -1,2 +1,2 @@
-e10e1c210ad5ed4b7e7a43231791d7a14092dd66 SOURCES/cockpit-279.tar.xz
+7faf98fd77271fc75fe8fb3ddc8a91a4eaea552f SOURCES/cockpit-282.1.tar.xz
 a37e1d6ad4b1b25729682c54ab7e4dcdcfd894a7 SOURCES/cockpit.css.gz
diff --git a/.gitignore b/.gitignore
index fdbbd7b..fef9232 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/cockpit-279.tar.xz
+SOURCES/cockpit-282.1.tar.xz
 SOURCES/cockpit.css.gz
diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec
index f26a3e4..619a403 100644
--- a/SPECS/cockpit.spec
+++ b/SPECS/cockpit.spec
@@ -49,7 +49,7 @@ Summary:        Web Console for Linux servers
 License:        LGPLv2+
 URL:            https://cockpit-project.org/
 
-Version:        279
+Version:        282.1
 Release:        1%{?dist}
 Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
 Source1:        cockpit.css.gz
@@ -74,6 +74,13 @@ Source1:        cockpit.css.gz
 %define build_optional 1
 %endif
 
+# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH.
+%if 0%{?rhel} && 0%{?rhel} <= 8
+%define disallow_root 0
+%else
+%define disallow_root 1
+%endif
+
 # Ship custom SELinux policy (but not for cockpit-appstream)
 %if "%{name}" == "cockpit"
 %define selinuxtype targeted
@@ -147,6 +154,8 @@ Suggests: cockpit-pcp
 
 %if 0%{?rhel} == 0
 Recommends: (cockpit-networkmanager if NetworkManager)
+# c-ostree is not in RHEL 8/9
+Recommends: (cockpit-ostree if rpm-ostree)
 Suggests: cockpit-selinux
 %endif
 %if 0%{?rhel} && 0%{?centos} == 0
@@ -431,6 +440,7 @@ authentication via sssd/FreeIPA.
 # created in %post, so that users can rm the files
 %ghost %{_sysconfdir}/issue.d/cockpit.issue
 %ghost %{_sysconfdir}/motd.d/cockpit
+%ghost %attr(0644, root, root) %{_sysconfdir}/cockpit/disallowed-users
 %dir %{_datadir}/cockpit/motd
 %{_datadir}/cockpit/motd/update-motd
 %{_datadir}/cockpit/motd/inactive.motd
@@ -479,10 +489,16 @@ if [ -x %{_sbindir}/selinuxenabled ]; then
 fi
 
 # set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them
+# disable root login on first-time install; so existing installations aren't changed
 if [ "$1" = 1 ]; then
     mkdir -p /etc/motd.d /etc/issue.d
     ln -s ../../run/cockpit/motd /etc/motd.d/cockpit
     ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue
+    printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
+%if 0%{?disallow_root}
+    printf "root\n" >> /etc/cockpit/disallowed-users
+%endif
+    chmod 644 /etc/cockpit/disallowed-users
 fi
 
 %tmpfiles_create cockpit-tempfiles.conf
@@ -662,6 +678,12 @@ via PackageKit.
 
 # The changelog is automatically generated and merged
 %changelog
+* Wed Dec 14 2022 Katerina Koukiou <kkoukiou@redhat.com> - 282-1
+- Add right-to-left language support
+- Accounts: Redesign and include groups
+- Dark theme switcher
+- tools: Disallow root login by default
+
 * Tue Nov 15 2022 Matej Marusak <mmarusak@redhat.com> - 279-1
 - Dark theme support
 - Metrics: Display individual disk read/write usage