diff --git a/.cockpit.metadata b/.cockpit.metadata
index c7db194..8a82ffa 100644
--- a/.cockpit.metadata
+++ b/.cockpit.metadata
@@ -1 +1 @@
-9de4e1b0b328c6d1bb923f373d3f72e9ba2e0ede SOURCES/cockpit-173.1.tar.xz
+70a78561a0c958723655b998ed85bff6be166cdb SOURCES/cockpit-176.tar.xz
diff --git a/.gitignore b/.gitignore
index 44bd084..60d5ad0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/cockpit-173.1.tar.xz
+SOURCES/cockpit-176.tar.xz
diff --git a/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch b/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch
new file mode 100644
index 0000000..11663ae
--- /dev/null
+++ b/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch
@@ -0,0 +1,125 @@
+From 50873a820f9d9c655b93e8ff2d4158aff29761ff Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin@piware.de>
+Date: Mon, 8 Oct 2018 15:19:02 +0200
+Subject: [PATCH 1/2] ssh: Use SHA256 fingerprints when available
+
+libssh 0.8 offers SHA256 fingerprints in addition to the old MD5/SHA1
+ones. The latter are both cryptographically broken, and not allowed when
+running in FIPS mode -- these cause an assertion crash in OpenSSL.
+
+The "ssh" CLI hasn't shown MD5 fingerprints in a long time, not even on
+RHEL 7 (it shows SHA1 and SHA256 there by default), so this actually
+improves compatibility with ssh.
+
+Use libssh 0.8's ssh_get_fingerprint_hash() function, as ssh itself
+shows SHA256 fingerprints in base64 instead of hex. cockpit-ssh's
+fingerprint prompts should be compatible, and hex fingerprints would be
+overly long.
+
+Adjust most check-multi-machine tests to not care about the particular
+type of fingerprint, as they don't check the actual fingerprint anyway.
+Only `TestMultiMachine.testDirectLogin` does, so adjust the test to
+accept both MD5 and SHA256 fingerprints.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1585191
+
+Closes #10241
+---
+ configure.ac | 2 ++
+ src/ssh/cockpitsshrelay.c | 17 +++++++++++++++--
+ src/ssh/test-sshbridge.c | 8 +++++++-
+ 3 files changed, 24 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index af8b1e3..b0d4879 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -132,6 +132,8 @@ if test "$enable_ssh" != "no"; then
+ AC_DEFINE_UNQUOTED(HAVE_SSH_GET_SERVER_PUBLICKEY, 1, Whether ssh_get_server_publickey is available)
+ ])
+
++ AC_CHECK_DECLS([SSH_PUBLICKEY_HASH_SHA256, ssh_get_fingerprint_hash], [], [], [[#include <libssh/libssh.h>]])
++
+ COCKPIT_SSH_SESSION_CFLAGS="$COCKPIT_CFLAGS $LIBSSH_CFLAGS $KRB5_CFLAGS"
+ COCKPIT_SSH_SESSION_LIBS="$COCKPIT_LIBS $LIBSSH_LIBS $KRB5_LIBS"
+ AC_SUBST(COCKPIT_SSH_SESSION_LIBS)
+diff --git a/src/ssh/cockpitsshrelay.c b/src/ssh/cockpitsshrelay.c
+index 41286c3..1798345 100644
+--- a/src/ssh/cockpitsshrelay.c
++++ b/src/ssh/cockpitsshrelay.c
+@@ -52,6 +52,15 @@
+ #include <fcntl.h>
+ #include <time.h>
+
++/* libssh 0.8 offers SHA256 fingerprints, use them if available */
++#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256
++#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_SHA256
++#define SSH_PUBLICKEY_HASH_NAME "SHA256"
++#else
++#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_MD5
++#define SSH_PUBLICKEY_HASH_NAME "MD5"
++#endif
++
+ /* we had a private one before moving to /etc/ssh/ssh_known_hosts */
+ #define LEGACY_KNOWN_HOSTS PACKAGE_LOCALSTATE_DIR "/known_hosts"
+
+@@ -505,7 +514,7 @@ prompt_for_host_key (CockpitSshData *data)
+
+ message = g_strdup_printf ("The authenticity of host '%s:%d' can't be established. Do you want to proceed this time?",
+ host, port);
+- prompt = g_strdup_printf ("MD5 Fingerprint (%s):", data->host_key_type);
++ prompt = g_strdup_printf (SSH_PUBLICKEY_HASH_NAME " Fingerprint (%s):", data->host_key_type);
+
+ reply = prompt_with_authorize (data, prompt, message, data->host_fingerprint, data->host_key, TRUE);
+
+@@ -674,7 +683,7 @@ verify_knownhost (CockpitSshData *data,
+ goto done;
+ }
+
+- if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH_MD5, &hash, &len) < 0)
++ if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH, &hash, &len) < 0)
+ {
+ g_warning ("Couldn't hash ssh public key");
+ ret = "internal-error";
+@@ -682,7 +691,11 @@ verify_knownhost (CockpitSshData *data,
+ }
+ else
+ {
++#if HAVE_DECL_SSH_GET_FINGERPRINT_HASH
++ data->host_fingerprint = ssh_get_fingerprint_hash (SSH_PUBLICKEY_HASH, hash, len);
++#else
+ data->host_fingerprint = ssh_get_hexa (hash, len);
++#endif
+ ssh_clean_pubkey_hash (&hash);
+ }
+
+diff --git a/src/ssh/test-sshbridge.c b/src/ssh/test-sshbridge.c
+index e86f639..bc5bc3a 100644
+--- a/src/ssh/test-sshbridge.c
++++ b/src/ssh/test-sshbridge.c
+@@ -563,7 +563,13 @@ test_echo_large (TestCase *tc,
+
+ static const gchar MOCK_RSA_KEY[] = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYzo07OA0H6f7orVun9nIVjGYrkf8AuPDScqWGzlKpAqSipoQ9oY/mwONwIOu4uhKh7FTQCq5p+NaOJ6+Q4z++xBzSOLFseKX+zyLxgNG28jnF06WSmrMsSfvPdNuZKt9rZcQFKn9fRNa8oixa+RsqEEVEvTYhGtRf7w2wsV49xIoIza/bln1ABX1YLaCByZow+dK3ZlHn/UU0r4ewpAIZhve4vCvAsMe5+6KJH8ft/OKXXQY06h6jCythLV4h18gY/sYosOa+/4XgpmBiE7fDeFRKVjP3mvkxMpxce+ckOFae2+aJu51h513S9kxY2PmKaV/JU9HBYO+yO4j+j24v";
+
++#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256
++static const gchar MOCK_RSA_FP[] = "SHA256:XQ8a7zGxMFstDrGecBRUP9OMnOUXd/T3vkNGtYShs2w";
++#define SSH_PUBLICKEY_HASH_NAME "SHA256"
++#else
+ static const gchar MOCK_RSA_FP[] = "0e:6a:c8:b1:07:72:e2:04:95:9f:0e:b3:56:af:48:e2";
++#define SSH_PUBLICKEY_HASH_NAME "MD5"
++#endif
+
+
+ static void
+@@ -634,7 +640,7 @@ do_hostkey_conversation (TestCase *tc,
+ (int)tc->ssh_port, MOCK_RSA_FP,
+ (int)tc->ssh_port, MOCK_RSA_KEY);
+
+- do_auth_conversation (tc->transport, "MD5 Fingerprint (ssh-rsa):",
++ do_auth_conversation (tc->transport, SSH_PUBLICKEY_HASH_NAME " Fingerprint (ssh-rsa):",
+ expect_json, response, add_header);
+ g_free (expect_json);
+ }
+--
+2.19.1
+
diff --git a/SOURCES/9999-Build-system-generated-changes-from-patches.patch b/SOURCES/9999-Build-system-generated-changes-from-patches.patch
new file mode 100644
index 0000000..ec45230
--- /dev/null
+++ b/SOURCES/9999-Build-system-generated-changes-from-patches.patch
@@ -0,0 +1,97 @@
+From f2df0777226cf446d682812f464f68e91cbd25b4 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin@piware.de>
+Date: Sun, 28 Oct 2018 13:55:38 +0100
+Subject: [PATCH 2/2] Build system generated changes from patches
+
+---
+ configure | 90 ++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 80 insertions(+), 10 deletions(-)
+
+diff --git a/configure b/configure
+index 841293e..665e89c 100755
+--- a/configure
++++ b/configure
+@@ -1939,6 +1939,52 @@ fi
+
+ } # ac_fn_c_try_link
+
++# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES
++# ---------------------------------------------
++# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR
++# accordingly.
++ac_fn_c_check_decl ()
++{
++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
++ as_decl_name=`echo $2|sed 's/ *(.*//'`
++ as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'`
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5
++$as_echo_n "checking whether $as_decl_name is declared... " >&6; }
++if eval \${$3+:} false; then :
++ $as_echo_n "(cached) " >&6
++else
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++$4
++int
++main ()
++{
++#ifndef $as_decl_name
++#ifdef __cplusplus
++ (void) $as_decl_use;
++#else
++ (void) $as_decl_name;
++#endif
++#endif
++
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++ eval "$3=yes"
++else
++ eval "$3=no"
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++fi
++eval ac_res=\$$3
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
++$as_echo "$ac_res" >&6; }
++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
++
++} # ac_fn_c_check_decl
++
+ # ac_fn_c_check_func LINENO FUNC VAR
+ # ----------------------------------
+ # Tests whether FUNC exists, setting the cache variable VAR accordingly
+@@ -6891,6 +6937,30 @@ _ACEOF
+ fi
+
+
++ ac_fn_c_check_decl "$LINENO" "SSH_PUBLICKEY_HASH_SHA256" "ac_cv_have_decl_SSH_PUBLICKEY_HASH_SHA256" "#include <libssh/libssh.h>
++"
++if test "x$ac_cv_have_decl_SSH_PUBLICKEY_HASH_SHA256" = xyes; then :
++ ac_have_decl=1
++else
++ ac_have_decl=0
++fi
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256 $ac_have_decl
++_ACEOF
++ac_fn_c_check_decl "$LINENO" "ssh_get_fingerprint_hash" "ac_cv_have_decl_ssh_get_fingerprint_hash" "#include <libssh/libssh.h>
++"
++if test "x$ac_cv_have_decl_ssh_get_fingerprint_hash" = xyes; then :
++ ac_have_decl=1
++else
++ ac_have_decl=0
++fi
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_DECL_SSH_GET_FINGERPRINT_HASH $ac_have_decl
++_ACEOF
++
++
+ COCKPIT_SSH_SESSION_CFLAGS="$COCKPIT_CFLAGS $LIBSSH_CFLAGS $KRB5_CFLAGS"
+ COCKPIT_SSH_SESSION_LIBS="$COCKPIT_LIBS $LIBSSH_LIBS $KRB5_LIBS"
+
diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec
index 8fdce44..d26440a 100644
--- a/SPECS/cockpit.spec
+++ b/SPECS/cockpit.spec
@@ -19,14 +19,23 @@
%define _hardened_build 1
-# define to build the dashboard
-# define build_dashboard 1
+# define to build the dashboard; i686 buildroot does not have libssh-devel
+%ifarch x86_64 %{arm} aarch64 ppc64le s390x
+%define build_dashboard 1
+%endif
# build basic packages like cockpit-bridge
%define build_basic 1
# build optional extensions like cockpit-docker
%define build_optional 1
+# cockpit's firewall service definition moved to firewalld
+%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
+%define firewalld_service 0
+%else
+%define firewalld_service 1
+%endif
+
%define __lib lib
# on RHEL 7.x we build subscriptions; superseded later by
@@ -36,7 +45,7 @@
%endif
-%define libssh_version 0.7.1
+%define libssh_version 0.7.1-7
%if 0%{?fedora} > 0 && 0%{?fedora} < 22
%define libssh_version 0.6.0
%endif
@@ -57,15 +66,18 @@ Summary: A user interface for Linux servers
License: LGPLv2+
URL: https://cockpit-project.org/
-Version: 173.1
+Version: 176
%if %{defined wip}
Release: 1.%{wip}%{?dist}
Source0: cockpit-%{version}.tar.gz
%else
-Release: 1%{?dist}
+Release: 4%{?dist}
Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
%endif
+Patch1: 0001-ssh-Use-SHA256-fingerprints-when-available.patch
+Patch9999: 9999-Build-system-generated-changes-from-patches.patch
+
BuildRequires: gcc
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(json-glib-1.0)
@@ -139,7 +151,7 @@ if [ -n "%{patches}" ]; then
git config core.autocrlf false && git config core.safecrlf false && git config gc.auto 0
git add -f . && git commit -a -q -m "Base" && git tag -a initial --message="initial"
git am --whitespace=nowarn %{patches}
- touch -r $(git diff --name-only initial..HEAD) .git dist/storaged/stamp $(find dist -type f)
+ touch -r $(git diff --name-only initial..HEAD) .git Makefile.in aclocal.m4
rm -rf .git
fi
@@ -147,11 +159,13 @@ fi
exec 2>&1
%configure \
--disable-silent-rules \
+ %{!?build_dashboard:--disable-ssh} \
--with-cockpit-user=cockpit-ws \
--with-selinux-config-type=etc_t \
- %{?rhel:--without-storaged-iscsi-sessions} \
+%if 0%{?rhel} >= 7 && 0%{?rhel} < 8
+ --without-storaged-iscsi-sessions \
+%endif
--with-appstream-data-packages='[ "appstream-data" ]' \
- %{!?build_dashboard:--disable-ssh} \
--with-nfs-client-package='"nfs-utils"' \
%{?vdo_on_demand:--with-vdo-package='"vdo"'}
make -j4 %{?extra_flags} all
@@ -166,6 +180,9 @@ make install-tests DESTDIR=%{buildroot}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit
rm -f %{buildroot}/%{_libdir}/cockpit/*.so
+%if 0%{?firewalld_service} == 0
+rm -f %{buildroot}/%{_prefix}/%{__lib}/firewalld/services/cockpit.xml
+%endif
install -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/
# On RHEL we don't yet show options for changing language
@@ -190,8 +207,7 @@ echo '%{_libexecdir}/cockpit-ssh' >> base.list
echo '%dir %{_datadir}/cockpit/dashboard' >> dashboard.list
find %{buildroot}%{_datadir}/cockpit/dashboard -type f >> dashboard.list
%else
-rm -rf %{buildroot}/%{_datadir}/cockpit/dashboard
-rm -rf %{buildroot}/%{_datadir}/%{name}/ssh
+rm -rf %{buildroot}/%{_datadir}/cockpit/dashboard %{buildroot}/%{_datadir}/cockpit/ssh
touch dashboard.list
%endif
@@ -232,15 +248,9 @@ find %{buildroot}%{_datadir}/cockpit/storaged -type f >> storaged.list
echo '%dir %{_datadir}/cockpit/networkmanager' > networkmanager.list
find %{buildroot}%{_datadir}/cockpit/networkmanager -type f >> networkmanager.list
-echo '%dir %{_datadir}/cockpit/ostree' > ostree.list
-find %{buildroot}%{_datadir}/cockpit/ostree -type f >> ostree.list
-
echo '%dir %{_datadir}/cockpit/packagekit' >> packagekit.list
find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list
-echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list
-find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list
-
echo '%dir %{_datadir}/cockpit/machines' > machines.list
find %{buildroot}%{_datadir}/cockpit/machines -type f >> machines.list
@@ -304,7 +314,7 @@ rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
# when not building optional packages, remove their files
%if 0%{?build_optional} == 0
-for pkg in apps dashboard docker kubernetes machines ostree ovirt packagekit pcp playground storaged; do
+for pkg in apps dashboard docker kubernetes machines ovirt packagekit pcp playground storaged; do
rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
done
# files from -tests
@@ -315,6 +325,11 @@ rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib
rm -f %{buildroot}/%{_libexecdir}/cockpit-kube-auth %{buildroot}/%{_libexecdir}/cockpit-kube-launch %{buildroot}/%{_libexecdir}/cockpit-stub
%endif
+# On RHEL, apps is not currently built
+%if 0%{?rhel}
+rm -rf %{buildroot}/%{_datadir}/%{name}/apps
+%endif
+
sed -i "s|%{buildroot}||" *.list
# Build the package lists for debug package, and move debug files to installed locations
@@ -457,6 +472,11 @@ Summary: Cockpit Web Service
Requires: glib-networking
Requires: openssl
Requires: glib2 >= 2.37.4
+%if 0%{?firewalld_service}
+Conflicts: firewalld >= 0.6.0-1
+%else
+Conflicts: firewalld < 0.6.0-1
+%endif
%if 0%{?fedora} >= 24 || 0%{?rhel} >= 8
Recommends: sscg >= 2.3
%endif
@@ -474,14 +494,16 @@ The Cockpit Web Service listens on the network, and authenticates users.
%doc %{_mandir}/man8/pam_ssh_add.8.gz
%config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d
%config(noreplace) %{_sysconfdir}/pam.d/cockpit
-%config %{_sysconfdir}/issue.d/cockpit
+%config %{_sysconfdir}/issue.d/cockpit.issue
%config %{_sysconfdir}/motd.d/cockpit
%{_datadir}/cockpit/motd/update-motd
%{_datadir}/cockpit/motd/inactive.motd
%{_unitdir}/cockpit.service
%{_unitdir}/cockpit-motd.service
%{_unitdir}/cockpit.socket
+%if 0%{?firewalld_service}
%{_prefix}/%{__lib}/firewalld/services/cockpit.xml
+%endif
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf
%{_sbindir}/remotectl
%{_libdir}/security/pam_ssh_add.so
@@ -596,25 +618,10 @@ Dummy package from building optional packages only; never install or publish me.
%package -n cockpit-storaged
Summary: Cockpit user interface for storage, using udisks
Requires: cockpit-shell >= %{required_base}
-%if 0%{?rhel} == 7 || 0%{?centos} == 7
Requires: udisks2 >= 2.6
Requires: udisks2-lvm2 >= 2.6
Requires: udisks2-iscsi >= 2.6
Requires: device-mapper-multipath
-%else
-%if 0%{?fedora} >= 27 || 0%{?rhel} >= 8
-Requires: udisks2 >= 2.6
-Recommends: udisks2-lvm2 >= 2.6
-Recommends: udisks2-iscsi >= 2.6
-Recommends: device-mapper-multipath
-%else
-# Fedora < 27
-Requires: storaged >= 2.1.1
-Recommends: storaged-lvm2 >= 2.1.1
-Recommends: storaged-iscsi >= 2.1.1
-Recommends: device-mapper-multipath
-%endif
-%endif
%if 0%{?fedora} || 0%{?rhel} >= 8
Requires: python3
Requires: python3-dbus
@@ -648,7 +655,6 @@ These files are not required for running Cockpit.
%{_prefix}/%{__lib}/cockpit-test-assets
%package -n cockpit-machines
-BuildArch: noarch
Summary: Cockpit user interface for virtual machines
Requires: cockpit-bridge >= %{required_base}
Requires: cockpit-system >= %{required_base}
@@ -683,23 +689,6 @@ The Cockpit components for managing oVirt virtual machines.
%files -n cockpit-machines-ovirt -f ovirt.list
-%package -n cockpit-ostree
-BuildArch: noarch
-Summary: Cockpit user interface for rpm-ostree
-# Requires: Uses new translations functionality
-Requires: cockpit-bridge >= %{required_base}
-Requires: cockpit-system >= %{required_base}
-%if 0%{?fedora} > 0 && 0%{?fedora} < 24
-Requires: rpm-ostree >= 2015.10-1
-%else
-Requires: /usr/libexec/rpm-ostreed
-%endif
-
-%description -n cockpit-ostree
-The Cockpit components for managing software updates for ostree based systems.
-
-%files -n cockpit-ostree -f ostree.list
-
%package -n cockpit-pcp
Summary: Cockpit PCP integration
Requires: cockpit-bridge >= %{required_base}
@@ -791,67 +780,112 @@ cluster. Installed on the Kubernetes master. This package is not yet complete.
%endif
%package -n cockpit-packagekit
-Summary: Cockpit user interface for packages
-BuildArch: noarch
+Summary: Cockpit user interface for package updates
Requires: cockpit-bridge >= %{required_base}
Requires: PackageKit
%description -n cockpit-packagekit
-The Cockpit components for installing OS updates and Cockpit add-ons,
-via PackageKit.
+The Cockpit component for installing package updates, via PackageKit.
%files -n cockpit-packagekit -f packagekit.list
%endif # build optional extension packages
%changelog
-* Tue Oct 30 2018 Martin Pitt <mpitt@redhat.com> 173.1-1
-- Crash fixes spotted by coverity rhbz#1644345
-- Fix race condition with fslist channels rhbz#1644346
-- Fix remotectl crash on errors rhbz#1644348
-
-* Tue Sep 25 2018 Martin Pitt <mpitt@redhat.com> 173-7
-- Build against fixed build root with all architectures again rhbz#1628490
-
-* Wed Sep 12 2018 Martin Pitt <mpitt@redhat.com> 173-6
-- Fix remote unauthenticated crash with crafted URLs rhbz#1627631
-- Fix off-by-one error in flow control rhbz#1626846
-
-* Tue Aug 21 2018 Martin Pitt <mpitt@redhat.com> 173-5
-- Storage: Fix crash when cancelling package install
-- Update translations rhbz#1569423
-
-* Thu Jul 26 2018 Martin Pitt <mpitt@redhat.com> 173-1
-- Rebase to version 173 rhbz#1568728
-
-* Thu Jul 12 2018 Martin Pitt <mpitt@redhat.com> 172-1
-- Rebase to version 172 rhbz#1568728
-
-* Wed Jun 27 2018 Martin Pitt <mpitt@redhat.com> 171-1
-- Rebase to version 171 rhbz#1568728
-
-* Tue Jun 05 2018 Martin Pitt <mpitt@redhat.com> 169-3
-- Rebase to version 169, drop all patches rhbz#1568728
-- Fix Subscriptions page hang when accessing as non-admin rhbz#1442540
-- Show an indicator on front page if updates are available rhbz#1495543
-- Properly localize "Log in" rhbz#1541454
-- Improve check for root privilege availability, to e. g. also work for FreeIPA
- admins rhbz#1574630
-
-* Mon Jan 08 2018 Martin Pitt <mpitt@redhat.com> 154-3
-- Update source po for Japanese translations rhbz#1512923
-- Adjust build system to avoid build failure for the above
-
-* Mon Dec 11 2017 Martin Pitt <mpitt@redhat.com> 154-2
-- Update Japanese translations rhbz#1512923
-
-* Tue Oct 17 2017 Martin Pitt <mpitt@redhat.com> 154-1
-- Rebase to version 154, drop all patches rhbz#1470780
-- This allows ssh keys to be loaded from arbitrary directories
- rhbz#1425887
-
-* Thu Jun 22 2017 Dominik Perpeet <dperpeet@redhat.com> 138-9
-- Add Japanese translation rhbz#1461085
+* Mon Oct 29 2018 Martin Pitt <mpitt@redhat.com> 176-4
+- Switch to ssh SHA256 fingerprints, to fix crash in FIPS mode
+ rhbz#1585191
+
+* Thu Aug 30 2018 Martin Pitt <mpitt@redhat.com> 176-3
+- Storage: Offer installation of VDO on demand
+- Machines: Add disks to a virtual machine
+
+* Tue Aug 14 2018 Martin Pitt <mpitt@redhat.com> 173-3
+- Re-enable cockpit-kubernetes, Go is now available in
+ extras-rhel-7.6-go-toolset. (RCM-38564)
+
+* Tue Jul 31 2018 Martin Pitt <mpitt@redhat.com> 173-2
+- Update to 173 release
+- Kubernetes: VM detail page
+- Realmd: Install on demand
+- Temporarily disable cockpit-kubernetes, until Go becomes available
+ (RCM-38564)
+
+* Mon Jul 16 2018 Martin Pitt <mpitt@redhat.com> 172-2
+- Update to 172 release
+- Software Updates: Layout rework
+- Machines: Add virtual CPU configuration
+- Docker: Show container volumes
+
+* Thu Jun 14 2018 Martin Pitt <mpitt@redhat.com> 170-1
+- Update to 170 release
+- Software Updates: Layout rework
+- oVirt: Use authenticated libvirt connection by default rhbz#1297037
+
+* Wed May 30 2018 Martin Pitt <mpitt@redhat.com> 169-1
+- Update to 169 release
+- Storage: Offer installation of NFS client support on demand
+- Containers: Don't try to manage "overlay2" storage without a volume group
+- Machines: Fix "Start VM" checkbox layout
+- Software Updates: Fix security update icon rhbz#1582570
+- Drop obsolete cockpit-bashboard SELinux %post hack rhbz#1570833
+
+* Tue Apr 17 2018 Martin Pitt <mpitt@redhat.com> 165-3
+- Revert "noarch" change for cockpit-doc as well
+
+* Tue Apr 17 2018 Martin Pitt <mpitt@redhat.com> 165-2
+- Revert "noarch" changes from 165-1, they cause too much fallout
+
+* Fri Apr 13 2018 Martin Pitt <mpitt@redhat.com> 165-1
+- Update to 165 release
+- New VMs can be created on Machines page
+- Improve LVM volume resizing
+- Hide Docker storage pool reset button when it cannot work properly
+- Move NFS management into new details page
+- Show more details of sessions and services that keep NFS busy
+- Machines page now shows proper error notifications
+- Show virtual machines that are being created
+- Detect if libvirtd is not running and offer to start and/or enable it
+- Enable building of cockpit-machines-ovirt rhbz#1515796
+
+* Mon Feb 26 2018 Martin Pitt <mpitt@redhat.com> 160-3
+- storaged: Drop VDO async option rhbz#1548988
+
+* Mon Jan 29 2018 Martin Pitt <mpitt@redhat.com> 160-2
+- Add kubevirt Virtual Machines overview
+- Redesign package list on Software Updates page and show RHEL Errata
+
+* Wed Jan 10 2018 Martin Pitt <mpitt@redhat.com> 159-1
+- Update to 159 release
+- Configure data deduplication with VDO devices on Storage page
+- Add serial console to virtual Machines page and redesign the Consoles tab
+- Show more error message details for failures on virtual Machines page
+
+* Thu Dec 14 2017 Martin Pitt <mpitt@redhat.com> 158-1
+- Update to 158 release
+- New package "cockpit-packagekit", which provides a "Software Updates" page
+ for installing package updates rhbz#1479836
+- Add NFS client support to the Storage page
+- Add checkboxes for common Storage encryption and mount options
+- Adjust cockpit-storaged dependencies to storaged → udisks2 rename
+ rhbz#1510667
+
+* Thu Jun 29 2017 Dominik Perpeet <dperpeet@redhat.com> 141-4
+- Bump for rebuild on more architectures
+
+* Thu Jun 29 2017 Dominik Perpeet <dperpeet@redhat.com> 141-3
+- Fix dashboard dependency rhbz#1466423
+
+* Mon Jun 05 2017 Dominik Perpeet <dperpeet@redhat.com> 141-2
+- Build on more architectures
+
+* Mon Jun 05 2017 Dominik Perpeet <dperpeet@redhat.com> 141-1
+- Update to 141 release
+- Allow users to change Docker container environment variables
+- Allow auth commands to store credentials for future challenges
+- Attempt to tear down used partitions when formatting disks
+- Show the correct known_hosts path on missing/mismatching host keys
+- Set HTML content type when serving login page, for better reverse proxy operation
* Wed May 24 2017 Dominik Perpeet <dperpeet@redhat.com> 138-8
- Rebuild for new dependencies