diff --git a/.cockpit.metadata b/.cockpit.metadata index 38e602f..246eead 100644 --- a/.cockpit.metadata +++ b/.cockpit.metadata @@ -1 +1 @@ -c81c4fd63504e87808bc7df1f2d640da8296de6e SOURCES/cockpit-238.2.tar.xz +bc694f39e4dc50161bfb92b8ec768be9563717d7 SOURCES/cockpit-251.1.tar.xz diff --git a/.gitignore b/.gitignore index 009df0a..11a2dcc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cockpit-238.2.tar.xz +SOURCES/cockpit-251.1.tar.xz diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec index e97b560..4b3bd1f 100644 --- a/SPECS/cockpit.spec +++ b/SPECS/cockpit.spec @@ -1,5 +1,5 @@ # This spec file has been automatically updated -Version: 238.2 +Version: 251.1 Release: 1%{?dist} # # Copyright (C) 2014-2020 Red Hat, Inc. @@ -19,7 +19,7 @@ Release: 1%{?dist} # # This file is maintained at the following location: -# https://github.com/cockpit-project/cockpit/blob/master/tools/cockpit.spec +# https://github.com/cockpit-project/cockpit/blob/main/tools/cockpit.spec # # If you are editing this file in another location, changes will likely # be clobbered the next time an automated release is done. @@ -44,12 +44,8 @@ Release: 1%{?dist} %define __lib lib -%if 0%{?rhel} -%define vdo_on_demand 1 -%endif - -%if 0%{?suse_version} -%define pamdir /%{_lib}/security +%if %{defined _pamdir} +%define pamdir %{_pamdir} %else %define pamdir %{_libdir}/security %endif @@ -67,7 +63,7 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %endif # in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system}) -# and cockpit-appstream (building optional packages like cockpit-{machines,pcp}) +# and cockpit-appstream (building optional packages like cockpit-{pcp}) # This split does not apply to EPEL/COPR. # In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream %if 0%{?rhel} == 8 && 0%{?epel} == 0 @@ -85,6 +81,13 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %define build_optional 1 %endif +# Ship custom SELinux policy only in Fedora and RHEL-9 onward +%if 0%{?rhel} >= 9 || 0%{?fedora} +%define selinuxtype targeted +%define with_selinux 1 +%define selinux_policy_version %(rpm --quiet -q selinux-policy && rpm -q --queryformat "%{V}-%{R}" selinux-policy || echo 1) +%endif + BuildRequires: gcc BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(json-glib-1.0) @@ -129,6 +132,11 @@ BuildRequires: gdb # For documentation BuildRequires: xmlto +%if 0%{?with_selinux} +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +%endif + # This is the "cockpit" metapackage. It should only # Require, Suggest or Recommend other cockpit-xxx subpackages @@ -159,8 +167,6 @@ exec 2>&1 --with-cockpit-user=cockpit-ws \ --with-cockpit-ws-instance-user=cockpit-wsinstance \ --with-selinux-config-type=etc_t \ - --with-appstream-data-packages='[ "appstream-data" ]' \ - --with-nfs-client-package='"nfs-utils"' \ %if 0%{?suse_version} --docdir=%_defaultdocdir/%{name} \ %endif @@ -168,9 +174,14 @@ exec 2>&1 %if 0%{?build_basic} == 0 --disable-ssh \ %endif - %{?vdo_on_demand:--with-vdo-package='"vdo"'} + make -j4 %{?extra_flags} all +%if 0%{?with_selinux} + make -f /usr/share/selinux/devel/Makefile cockpit.pp + bzip2 -9 cockpit.pp +%endif + %check exec 2>&1 # HACK: Fedora koji builders are very slow, unreliable, and inaccessible for debugging; https://github.com/cockpit-project/cockpit/issues/13909 @@ -195,6 +206,14 @@ install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit rm -f %{buildroot}/%{_libdir}/cockpit/*.so install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/ +%if 0%{?with_selinux} + install -D -m 644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_session_selinux.8cockpit + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_ws_selinux.8cockpit + # create this directory in the build root so that %ghost sees the desired mode + install -d -m 700 %{buildroot}%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + # only ship deprecated PatternFly API for stable releases %if 0%{?fedora} <= 33 || 0%{?rhel} <= 8 ln -s cockpit.css.gz %{buildroot}/%{_datadir}/cockpit/base1/patternfly.css.gz @@ -246,9 +265,6 @@ find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list -echo '%dir %{_datadir}/cockpit/machines' > machines.list -find %{buildroot}%{_datadir}/cockpit/machines -type f >> machines.list - echo '%dir %{_datadir}/cockpit/selinux' > selinux.list find %{buildroot}%{_datadir}/cockpit/selinux -type f >> selinux.list @@ -256,6 +272,7 @@ echo '%dir %{_datadir}/cockpit/playground' > tests.list find %{buildroot}%{_datadir}/cockpit/playground -type f >> tests.list echo '%dir %{_datadir}/cockpit/static' > static.list +echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list # when not building basic packages, remove their files @@ -270,7 +287,7 @@ done for lib in systemd tmpfiles.d; do rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib done -for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop; do +for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do rm %{buildroot}/%{_libexecdir}/$libexec done rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d @@ -281,15 +298,13 @@ rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml # when not building optional packages, remove their files %if 0%{?build_optional} == 0 -for pkg in apps machines packagekit pcp playground storaged; do +for pkg in apps packagekit pcp playground storaged; do rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg done # files from -tests rm -r %{buildroot}/%{_prefix}/%{__lib}/cockpit-test-assets # files from -pcp rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/ -# files from -machines -rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-machines.metainfo.xml # files from -storaged rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml %endif @@ -302,8 +317,6 @@ sed -i "s|%{buildroot}||" *.list pushd %{buildroot}/%{_datadir}/cockpit/branding find -L * -type l -printf "%H\n" | sort -u | xargs rm -rv popd -# need this in SUSE as post build checks dislike stale symlinks -install -m 644 -D /dev/null %{buildroot}/run/cockpit/motd %else %global _debugsource_packages 1 %global _debuginfo_subpackages 0 @@ -401,10 +414,9 @@ Provides: cockpit-shell = %{version}-%{release} Provides: cockpit-systemd = %{version}-%{release} Provides: cockpit-tuned = %{version}-%{release} Provides: cockpit-users = %{version}-%{release} -Obsoletes: cockpit-dashboard +Obsoletes: cockpit-dashboard < %{version}-%{release} %if 0%{?rhel} Provides: cockpit-networkmanager = %{version}-%{release} -Obsoletes: cockpit-networkmanager Requires: NetworkManager >= 1.6 Provides: cockpit-kdump = %{version}-%{release} Requires: kexec-tools @@ -423,7 +435,6 @@ Recommends: (reportd >= 0.7.1 if abrt) %endif # NPM modules which are also available as packages Provides: bundled(js-jquery) = 3.5.1 -Provides: bundled(js-moment) = 2.29.1 Provides: bundled(xstatic-bootstrap-datepicker-common) = 1.9.0 Provides: bundled(xstatic-patternfly-common) = 3.59.5 @@ -438,6 +449,10 @@ Summary: Cockpit Web Service Requires: glib-networking Requires: openssl Requires: glib2 >= 2.50.0 +%if 0%{?with_selinux} +Requires: (selinux-policy >= %{selinux_policy_version} if selinux-policy-%{selinuxtype}) +Requires(post): (policycoreutils if selinux-policy-%{selinuxtype}) +%endif Conflicts: firewalld < 0.6.0-1 Recommends: sscg >= 2.3 Recommends: system-logos @@ -455,15 +470,13 @@ authentication via sssd/FreeIPA. %doc %{_mandir}/man8/cockpit-ws.8.gz %doc %{_mandir}/man8/cockpit-tls.8.gz %doc %{_mandir}/man8/remotectl.8.gz -%doc %{_mandir}/man8/pam_cockpit_cert.8.gz %doc %{_mandir}/man8/pam_ssh_add.8.gz %dir %{_sysconfdir}/cockpit %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d %config(noreplace) %{_sysconfdir}/pam.d/cockpit -%config %{_sysconfdir}/issue.d/cockpit.issue -%config %{_sysconfdir}/motd.d/cockpit -%ghost /run/cockpit/motd -%ghost %dir /run/cockpit +# created in %post, so that users can rm the files +%ghost %{_sysconfdir}/issue.d/cockpit.issue +%ghost %{_sysconfdir}/motd.d/cockpit %dir %{_datadir}/cockpit/motd %{_datadir}/cockpit/motd/update-motd %{_datadir}/cockpit/motd/inactive.motd @@ -487,27 +500,69 @@ authentication via sssd/FreeIPA. %{_libexecdir}/cockpit-wsinstance-factory %{_libexecdir}/cockpit-tls %{_libexecdir}/cockpit-desktop +%{_libexecdir}/cockpit-certificate-ensure +%{_libexecdir}/cockpit-certificate-helper %attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session %{_datadir}/cockpit/branding +%if 0%{?with_selinux} + %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %{_mandir}/man8/%{name}_session_selinux.8cockpit.* + %{_mandir}/man8/%{name}_ws_selinux.8cockpit.* + %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + %pre ws getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_relabel_pre -s %{selinuxtype} +fi +%endif + %post ws +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %selinux_relabel_post -s %{selinuxtype} +fi +%endif + +# set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them +if [ "$1" = 1 ]; then + mkdir -p /etc/motd.d /etc/issue.d + ln -s /run/cockpit/motd /etc/motd.d/cockpit + ln -s /run/cockpit/motd /etc/issue.d/cockpit.issue +fi + %tmpfiles_create cockpit-tempfiles.conf -%systemd_post cockpit.socket +%systemd_post cockpit.socket cockpit.service # firewalld only partially picks up changes to its services files without this test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true +# check for deprecated PAM config +if grep --color=auto pam_cockpit_cert %{_sysconfdir}/pam.d/cockpit; then + echo '**** WARNING:' + echo '**** WARNING: pam_cockpit_cert is a no-op and will be removed in a' + echo '**** WARNING: future release; remove it from your /etc/pam.d/cockpit.' + echo '**** WARNING:' +fi + %preun ws -%systemd_preun cockpit.socket +%systemd_preun cockpit.socket cockpit.service %postun ws -%systemd_postun_with_restart cockpit.socket -%systemd_postun_with_restart cockpit.service +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} + %selinux_relabel_post -s %{selinuxtype} +fi +%endif +%systemd_postun_with_restart cockpit.socket cockpit.service # ------------------------------------------------------------------------------- # Sub-packages that are part of cockpit-system in RHEL/CentOS, but separate in Fedora @@ -628,35 +683,10 @@ These files are not required for running Cockpit. %files -n cockpit-tests -f tests.list %{_prefix}/%{__lib}/cockpit-test-assets -%package -n cockpit-machines -BuildArch: noarch -Summary: Cockpit user interface for virtual machines -Requires: cockpit-bridge >= 186 -Requires: cockpit-system >= 186 -%if 0%{?suse_version} -Requires: libvirt-daemon-qemu -%else -Requires: libvirt-daemon-kvm -%endif -Requires: libvirt-client -Requires: libvirt-dbus >= 1.2.0 -# Optional components -Recommends: virt-install -Recommends: libosinfo -Recommends: python3-gobject-base - -%description -n cockpit-machines -The Cockpit components for managing virtual machines. - -If "virt-install" is installed, you can also create new virtual machines. - -%files -n cockpit-machines -f machines.list -%{_datadir}/metainfo/org.cockpit-project.cockpit-machines.metainfo.xml - %package -n cockpit-pcp Summary: Cockpit PCP integration -Requires: cockpit-bridge >= 134.x -Requires(post): pcp +Requires: cockpit-bridge >= 238.1.1 +Requires: pcp %description -n cockpit-pcp Cockpit support for reading PCP metrics and loading PCP archives. @@ -674,6 +704,8 @@ BuildArch: noarch Requires: cockpit-bridge >= 186 Requires: PackageKit Recommends: python3-tracer +# HACK: https://bugzilla.redhat.com/show_bug.cgi?id=1800468 +Requires: polkit %description -n cockpit-packagekit The Cockpit components for installing OS updates and Cockpit add-ons, @@ -686,8 +718,39 @@ via PackageKit. # The changelog is automatically generated and merged %changelog -* Fri Mar 12 2021 Matej Marusak - 238.2-1 -- Update translations (rhbz#1899681) +* Thu Sep 09 2021 Martin Pitt - 251.1-1 +- Translation updates (rhbz#1961628) + +* Wed Aug 18 2021 Matej Marusak - 251-1 +- Logs: Fix layout and add new filtering options (rhbz#1980207) + +* Wed Aug 04 2021 Martin Pitt - 250-1 +- Shell: Improve admin switcher and session menu +- Update Insights links to point to console.redhat.com (rhbz#1984841) + +* Wed Jul 21 2021 Matej Marusak - 249-1 +- common: Add Content-Type for wasm +- all: Port away from Moment.js + +* Thu Jul 08 2021 Martin Pitt - 248-1 +- Metrics: Install missing packages +- PAM: Deprecate pam_cockpit_cert module + +* Wed Jun 23 2021 Katerina Koukiou - 247-1 +- Metrics: Enable Grafana client setup + +* Tue Jun 15 2021 Martin Pitt - 246-1 +- Metrics: New PCP configuration dialog +- Polish of the Services page +- Updated translations + +* Mon May 12 2021 Katerina Koukiou - 244.1-1 +- Shell: sudo is invoked only when explicitly requested +- Dynamically manage motd/issue symlinks in package scripts (rhbz#1876848) + +* Mon Apr 19 2021 Matej Marusak - 242-1 +- Network: Fix device connection button (rhbz#1946874) +- Network: Fully show MAC dropdown in add bond dialog (rhbz#1946877) * Mon Feb 22 2021 Martin Pitt - 238.1-1 - Several UI alignment fixes