diff --git a/.cockpit.metadata b/.cockpit.metadata index c7db194..8a82ffa 100644 --- a/.cockpit.metadata +++ b/.cockpit.metadata @@ -1 +1 @@ -9de4e1b0b328c6d1bb923f373d3f72e9ba2e0ede SOURCES/cockpit-173.1.tar.xz +70a78561a0c958723655b998ed85bff6be166cdb SOURCES/cockpit-176.tar.xz diff --git a/.gitignore b/.gitignore index 44bd084..60d5ad0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cockpit-173.1.tar.xz +SOURCES/cockpit-176.tar.xz diff --git a/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch b/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch new file mode 100644 index 0000000..11663ae --- /dev/null +++ b/SOURCES/0001-ssh-Use-SHA256-fingerprints-when-available.patch @@ -0,0 +1,125 @@ +From 50873a820f9d9c655b93e8ff2d4158aff29761ff Mon Sep 17 00:00:00 2001 +From: Martin Pitt +Date: Mon, 8 Oct 2018 15:19:02 +0200 +Subject: [PATCH 1/2] ssh: Use SHA256 fingerprints when available + +libssh 0.8 offers SHA256 fingerprints in addition to the old MD5/SHA1 +ones. The latter are both cryptographically broken, and not allowed when +running in FIPS mode -- these cause an assertion crash in OpenSSL. + +The "ssh" CLI hasn't shown MD5 fingerprints in a long time, not even on +RHEL 7 (it shows SHA1 and SHA256 there by default), so this actually +improves compatibility with ssh. + +Use libssh 0.8's ssh_get_fingerprint_hash() function, as ssh itself +shows SHA256 fingerprints in base64 instead of hex. cockpit-ssh's +fingerprint prompts should be compatible, and hex fingerprints would be +overly long. + +Adjust most check-multi-machine tests to not care about the particular +type of fingerprint, as they don't check the actual fingerprint anyway. +Only `TestMultiMachine.testDirectLogin` does, so adjust the test to +accept both MD5 and SHA256 fingerprints. + +https://bugzilla.redhat.com/show_bug.cgi?id=1585191 + +Closes #10241 +--- + configure.ac | 2 ++ + src/ssh/cockpitsshrelay.c | 17 +++++++++++++++-- + src/ssh/test-sshbridge.c | 8 +++++++- + 3 files changed, 24 insertions(+), 3 deletions(-) + +diff --git a/configure.ac b/configure.ac +index af8b1e3..b0d4879 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -132,6 +132,8 @@ if test "$enable_ssh" != "no"; then + AC_DEFINE_UNQUOTED(HAVE_SSH_GET_SERVER_PUBLICKEY, 1, Whether ssh_get_server_publickey is available) + ]) + ++ AC_CHECK_DECLS([SSH_PUBLICKEY_HASH_SHA256, ssh_get_fingerprint_hash], [], [], [[#include ]]) ++ + COCKPIT_SSH_SESSION_CFLAGS="$COCKPIT_CFLAGS $LIBSSH_CFLAGS $KRB5_CFLAGS" + COCKPIT_SSH_SESSION_LIBS="$COCKPIT_LIBS $LIBSSH_LIBS $KRB5_LIBS" + AC_SUBST(COCKPIT_SSH_SESSION_LIBS) +diff --git a/src/ssh/cockpitsshrelay.c b/src/ssh/cockpitsshrelay.c +index 41286c3..1798345 100644 +--- a/src/ssh/cockpitsshrelay.c ++++ b/src/ssh/cockpitsshrelay.c +@@ -52,6 +52,15 @@ + #include + #include + ++/* libssh 0.8 offers SHA256 fingerprints, use them if available */ ++#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256 ++#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_SHA256 ++#define SSH_PUBLICKEY_HASH_NAME "SHA256" ++#else ++#define SSH_PUBLICKEY_HASH SSH_PUBLICKEY_HASH_MD5 ++#define SSH_PUBLICKEY_HASH_NAME "MD5" ++#endif ++ + /* we had a private one before moving to /etc/ssh/ssh_known_hosts */ + #define LEGACY_KNOWN_HOSTS PACKAGE_LOCALSTATE_DIR "/known_hosts" + +@@ -505,7 +514,7 @@ prompt_for_host_key (CockpitSshData *data) + + message = g_strdup_printf ("The authenticity of host '%s:%d' can't be established. Do you want to proceed this time?", + host, port); +- prompt = g_strdup_printf ("MD5 Fingerprint (%s):", data->host_key_type); ++ prompt = g_strdup_printf (SSH_PUBLICKEY_HASH_NAME " Fingerprint (%s):", data->host_key_type); + + reply = prompt_with_authorize (data, prompt, message, data->host_fingerprint, data->host_key, TRUE); + +@@ -674,7 +683,7 @@ verify_knownhost (CockpitSshData *data, + goto done; + } + +- if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH_MD5, &hash, &len) < 0) ++ if (ssh_get_publickey_hash (key, SSH_PUBLICKEY_HASH, &hash, &len) < 0) + { + g_warning ("Couldn't hash ssh public key"); + ret = "internal-error"; +@@ -682,7 +691,11 @@ verify_knownhost (CockpitSshData *data, + } + else + { ++#if HAVE_DECL_SSH_GET_FINGERPRINT_HASH ++ data->host_fingerprint = ssh_get_fingerprint_hash (SSH_PUBLICKEY_HASH, hash, len); ++#else + data->host_fingerprint = ssh_get_hexa (hash, len); ++#endif + ssh_clean_pubkey_hash (&hash); + } + +diff --git a/src/ssh/test-sshbridge.c b/src/ssh/test-sshbridge.c +index e86f639..bc5bc3a 100644 +--- a/src/ssh/test-sshbridge.c ++++ b/src/ssh/test-sshbridge.c +@@ -563,7 +563,13 @@ test_echo_large (TestCase *tc, + + static const gchar MOCK_RSA_KEY[] = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYzo07OA0H6f7orVun9nIVjGYrkf8AuPDScqWGzlKpAqSipoQ9oY/mwONwIOu4uhKh7FTQCq5p+NaOJ6+Q4z++xBzSOLFseKX+zyLxgNG28jnF06WSmrMsSfvPdNuZKt9rZcQFKn9fRNa8oixa+RsqEEVEvTYhGtRf7w2wsV49xIoIza/bln1ABX1YLaCByZow+dK3ZlHn/UU0r4ewpAIZhve4vCvAsMe5+6KJH8ft/OKXXQY06h6jCythLV4h18gY/sYosOa+/4XgpmBiE7fDeFRKVjP3mvkxMpxce+ckOFae2+aJu51h513S9kxY2PmKaV/JU9HBYO+yO4j+j24v"; + ++#if HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256 ++static const gchar MOCK_RSA_FP[] = "SHA256:XQ8a7zGxMFstDrGecBRUP9OMnOUXd/T3vkNGtYShs2w"; ++#define SSH_PUBLICKEY_HASH_NAME "SHA256" ++#else + static const gchar MOCK_RSA_FP[] = "0e:6a:c8:b1:07:72:e2:04:95:9f:0e:b3:56:af:48:e2"; ++#define SSH_PUBLICKEY_HASH_NAME "MD5" ++#endif + + + static void +@@ -634,7 +640,7 @@ do_hostkey_conversation (TestCase *tc, + (int)tc->ssh_port, MOCK_RSA_FP, + (int)tc->ssh_port, MOCK_RSA_KEY); + +- do_auth_conversation (tc->transport, "MD5 Fingerprint (ssh-rsa):", ++ do_auth_conversation (tc->transport, SSH_PUBLICKEY_HASH_NAME " Fingerprint (ssh-rsa):", + expect_json, response, add_header); + g_free (expect_json); + } +-- +2.19.1 + diff --git a/SOURCES/9999-Build-system-generated-changes-from-patches.patch b/SOURCES/9999-Build-system-generated-changes-from-patches.patch new file mode 100644 index 0000000..ec45230 --- /dev/null +++ b/SOURCES/9999-Build-system-generated-changes-from-patches.patch @@ -0,0 +1,97 @@ +From f2df0777226cf446d682812f464f68e91cbd25b4 Mon Sep 17 00:00:00 2001 +From: Martin Pitt +Date: Sun, 28 Oct 2018 13:55:38 +0100 +Subject: [PATCH 2/2] Build system generated changes from patches + +--- + configure | 90 ++++++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 80 insertions(+), 10 deletions(-) + +diff --git a/configure b/configure +index 841293e..665e89c 100755 +--- a/configure ++++ b/configure +@@ -1939,6 +1939,52 @@ fi + + } # ac_fn_c_try_link + ++# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES ++# --------------------------------------------- ++# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR ++# accordingly. ++ac_fn_c_check_decl () ++{ ++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack ++ as_decl_name=`echo $2|sed 's/ *(.*//'` ++ as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 ++$as_echo_n "checking whether $as_decl_name is declared... " >&6; } ++if eval \${$3+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++$4 ++int ++main () ++{ ++#ifndef $as_decl_name ++#ifdef __cplusplus ++ (void) $as_decl_use; ++#else ++ (void) $as_decl_name; ++#endif ++#endif ++ ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_compile "$LINENO"; then : ++ eval "$3=yes" ++else ++ eval "$3=no" ++fi ++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++fi ++eval ac_res=\$$3 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 ++$as_echo "$ac_res" >&6; } ++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno ++ ++} # ac_fn_c_check_decl ++ + # ac_fn_c_check_func LINENO FUNC VAR + # ---------------------------------- + # Tests whether FUNC exists, setting the cache variable VAR accordingly +@@ -6891,6 +6937,30 @@ _ACEOF + fi + + ++ ac_fn_c_check_decl "$LINENO" "SSH_PUBLICKEY_HASH_SHA256" "ac_cv_have_decl_SSH_PUBLICKEY_HASH_SHA256" "#include ++" ++if test "x$ac_cv_have_decl_SSH_PUBLICKEY_HASH_SHA256" = xyes; then : ++ ac_have_decl=1 ++else ++ ac_have_decl=0 ++fi ++ ++cat >>confdefs.h <<_ACEOF ++#define HAVE_DECL_SSH_PUBLICKEY_HASH_SHA256 $ac_have_decl ++_ACEOF ++ac_fn_c_check_decl "$LINENO" "ssh_get_fingerprint_hash" "ac_cv_have_decl_ssh_get_fingerprint_hash" "#include ++" ++if test "x$ac_cv_have_decl_ssh_get_fingerprint_hash" = xyes; then : ++ ac_have_decl=1 ++else ++ ac_have_decl=0 ++fi ++ ++cat >>confdefs.h <<_ACEOF ++#define HAVE_DECL_SSH_GET_FINGERPRINT_HASH $ac_have_decl ++_ACEOF ++ ++ + COCKPIT_SSH_SESSION_CFLAGS="$COCKPIT_CFLAGS $LIBSSH_CFLAGS $KRB5_CFLAGS" + COCKPIT_SSH_SESSION_LIBS="$COCKPIT_LIBS $LIBSSH_LIBS $KRB5_LIBS" + diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec index 8fdce44..d26440a 100644 --- a/SPECS/cockpit.spec +++ b/SPECS/cockpit.spec @@ -19,14 +19,23 @@ %define _hardened_build 1 -# define to build the dashboard -# define build_dashboard 1 +# define to build the dashboard; i686 buildroot does not have libssh-devel +%ifarch x86_64 %{arm} aarch64 ppc64le s390x +%define build_dashboard 1 +%endif # build basic packages like cockpit-bridge %define build_basic 1 # build optional extensions like cockpit-docker %define build_optional 1 +# cockpit's firewall service definition moved to firewalld +%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8 +%define firewalld_service 0 +%else +%define firewalld_service 1 +%endif + %define __lib lib # on RHEL 7.x we build subscriptions; superseded later by @@ -36,7 +45,7 @@ %endif -%define libssh_version 0.7.1 +%define libssh_version 0.7.1-7 %if 0%{?fedora} > 0 && 0%{?fedora} < 22 %define libssh_version 0.6.0 %endif @@ -57,15 +66,18 @@ Summary: A user interface for Linux servers License: LGPLv2+ URL: https://cockpit-project.org/ -Version: 173.1 +Version: 176 %if %{defined wip} Release: 1.%{wip}%{?dist} Source0: cockpit-%{version}.tar.gz %else -Release: 1%{?dist} +Release: 4%{?dist} Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz %endif +Patch1: 0001-ssh-Use-SHA256-fingerprints-when-available.patch +Patch9999: 9999-Build-system-generated-changes-from-patches.patch + BuildRequires: gcc BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(json-glib-1.0) @@ -139,7 +151,7 @@ if [ -n "%{patches}" ]; then git config core.autocrlf false && git config core.safecrlf false && git config gc.auto 0 git add -f . && git commit -a -q -m "Base" && git tag -a initial --message="initial" git am --whitespace=nowarn %{patches} - touch -r $(git diff --name-only initial..HEAD) .git dist/storaged/stamp $(find dist -type f) + touch -r $(git diff --name-only initial..HEAD) .git Makefile.in aclocal.m4 rm -rf .git fi @@ -147,11 +159,13 @@ fi exec 2>&1 %configure \ --disable-silent-rules \ + %{!?build_dashboard:--disable-ssh} \ --with-cockpit-user=cockpit-ws \ --with-selinux-config-type=etc_t \ - %{?rhel:--without-storaged-iscsi-sessions} \ +%if 0%{?rhel} >= 7 && 0%{?rhel} < 8 + --without-storaged-iscsi-sessions \ +%endif --with-appstream-data-packages='[ "appstream-data" ]' \ - %{!?build_dashboard:--disable-ssh} \ --with-nfs-client-package='"nfs-utils"' \ %{?vdo_on_demand:--with-vdo-package='"vdo"'} make -j4 %{?extra_flags} all @@ -166,6 +180,9 @@ make install-tests DESTDIR=%{buildroot} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit rm -f %{buildroot}/%{_libdir}/cockpit/*.so +%if 0%{?firewalld_service} == 0 +rm -f %{buildroot}/%{_prefix}/%{__lib}/firewalld/services/cockpit.xml +%endif install -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/ # On RHEL we don't yet show options for changing language @@ -190,8 +207,7 @@ echo '%{_libexecdir}/cockpit-ssh' >> base.list echo '%dir %{_datadir}/cockpit/dashboard' >> dashboard.list find %{buildroot}%{_datadir}/cockpit/dashboard -type f >> dashboard.list %else -rm -rf %{buildroot}/%{_datadir}/cockpit/dashboard -rm -rf %{buildroot}/%{_datadir}/%{name}/ssh +rm -rf %{buildroot}/%{_datadir}/cockpit/dashboard %{buildroot}/%{_datadir}/cockpit/ssh touch dashboard.list %endif @@ -232,15 +248,9 @@ find %{buildroot}%{_datadir}/cockpit/storaged -type f >> storaged.list echo '%dir %{_datadir}/cockpit/networkmanager' > networkmanager.list find %{buildroot}%{_datadir}/cockpit/networkmanager -type f >> networkmanager.list -echo '%dir %{_datadir}/cockpit/ostree' > ostree.list -find %{buildroot}%{_datadir}/cockpit/ostree -type f >> ostree.list - echo '%dir %{_datadir}/cockpit/packagekit' >> packagekit.list find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list -echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list -find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list - echo '%dir %{_datadir}/cockpit/machines' > machines.list find %{buildroot}%{_datadir}/cockpit/machines -type f >> machines.list @@ -304,7 +314,7 @@ rm -f %{buildroot}%{_libexecdir}/cockpit-ssh # when not building optional packages, remove their files %if 0%{?build_optional} == 0 -for pkg in apps dashboard docker kubernetes machines ostree ovirt packagekit pcp playground storaged; do +for pkg in apps dashboard docker kubernetes machines ovirt packagekit pcp playground storaged; do rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg done # files from -tests @@ -315,6 +325,11 @@ rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib rm -f %{buildroot}/%{_libexecdir}/cockpit-kube-auth %{buildroot}/%{_libexecdir}/cockpit-kube-launch %{buildroot}/%{_libexecdir}/cockpit-stub %endif +# On RHEL, apps is not currently built +%if 0%{?rhel} +rm -rf %{buildroot}/%{_datadir}/%{name}/apps +%endif + sed -i "s|%{buildroot}||" *.list # Build the package lists for debug package, and move debug files to installed locations @@ -457,6 +472,11 @@ Summary: Cockpit Web Service Requires: glib-networking Requires: openssl Requires: glib2 >= 2.37.4 +%if 0%{?firewalld_service} +Conflicts: firewalld >= 0.6.0-1 +%else +Conflicts: firewalld < 0.6.0-1 +%endif %if 0%{?fedora} >= 24 || 0%{?rhel} >= 8 Recommends: sscg >= 2.3 %endif @@ -474,14 +494,16 @@ The Cockpit Web Service listens on the network, and authenticates users. %doc %{_mandir}/man8/pam_ssh_add.8.gz %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d %config(noreplace) %{_sysconfdir}/pam.d/cockpit -%config %{_sysconfdir}/issue.d/cockpit +%config %{_sysconfdir}/issue.d/cockpit.issue %config %{_sysconfdir}/motd.d/cockpit %{_datadir}/cockpit/motd/update-motd %{_datadir}/cockpit/motd/inactive.motd %{_unitdir}/cockpit.service %{_unitdir}/cockpit-motd.service %{_unitdir}/cockpit.socket +%if 0%{?firewalld_service} %{_prefix}/%{__lib}/firewalld/services/cockpit.xml +%endif %{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf %{_sbindir}/remotectl %{_libdir}/security/pam_ssh_add.so @@ -596,25 +618,10 @@ Dummy package from building optional packages only; never install or publish me. %package -n cockpit-storaged Summary: Cockpit user interface for storage, using udisks Requires: cockpit-shell >= %{required_base} -%if 0%{?rhel} == 7 || 0%{?centos} == 7 Requires: udisks2 >= 2.6 Requires: udisks2-lvm2 >= 2.6 Requires: udisks2-iscsi >= 2.6 Requires: device-mapper-multipath -%else -%if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -Requires: udisks2 >= 2.6 -Recommends: udisks2-lvm2 >= 2.6 -Recommends: udisks2-iscsi >= 2.6 -Recommends: device-mapper-multipath -%else -# Fedora < 27 -Requires: storaged >= 2.1.1 -Recommends: storaged-lvm2 >= 2.1.1 -Recommends: storaged-iscsi >= 2.1.1 -Recommends: device-mapper-multipath -%endif -%endif %if 0%{?fedora} || 0%{?rhel} >= 8 Requires: python3 Requires: python3-dbus @@ -648,7 +655,6 @@ These files are not required for running Cockpit. %{_prefix}/%{__lib}/cockpit-test-assets %package -n cockpit-machines -BuildArch: noarch Summary: Cockpit user interface for virtual machines Requires: cockpit-bridge >= %{required_base} Requires: cockpit-system >= %{required_base} @@ -683,23 +689,6 @@ The Cockpit components for managing oVirt virtual machines. %files -n cockpit-machines-ovirt -f ovirt.list -%package -n cockpit-ostree -BuildArch: noarch -Summary: Cockpit user interface for rpm-ostree -# Requires: Uses new translations functionality -Requires: cockpit-bridge >= %{required_base} -Requires: cockpit-system >= %{required_base} -%if 0%{?fedora} > 0 && 0%{?fedora} < 24 -Requires: rpm-ostree >= 2015.10-1 -%else -Requires: /usr/libexec/rpm-ostreed -%endif - -%description -n cockpit-ostree -The Cockpit components for managing software updates for ostree based systems. - -%files -n cockpit-ostree -f ostree.list - %package -n cockpit-pcp Summary: Cockpit PCP integration Requires: cockpit-bridge >= %{required_base} @@ -791,67 +780,112 @@ cluster. Installed on the Kubernetes master. This package is not yet complete. %endif %package -n cockpit-packagekit -Summary: Cockpit user interface for packages -BuildArch: noarch +Summary: Cockpit user interface for package updates Requires: cockpit-bridge >= %{required_base} Requires: PackageKit %description -n cockpit-packagekit -The Cockpit components for installing OS updates and Cockpit add-ons, -via PackageKit. +The Cockpit component for installing package updates, via PackageKit. %files -n cockpit-packagekit -f packagekit.list %endif # build optional extension packages %changelog -* Tue Oct 30 2018 Martin Pitt 173.1-1 -- Crash fixes spotted by coverity rhbz#1644345 -- Fix race condition with fslist channels rhbz#1644346 -- Fix remotectl crash on errors rhbz#1644348 - -* Tue Sep 25 2018 Martin Pitt 173-7 -- Build against fixed build root with all architectures again rhbz#1628490 - -* Wed Sep 12 2018 Martin Pitt 173-6 -- Fix remote unauthenticated crash with crafted URLs rhbz#1627631 -- Fix off-by-one error in flow control rhbz#1626846 - -* Tue Aug 21 2018 Martin Pitt 173-5 -- Storage: Fix crash when cancelling package install -- Update translations rhbz#1569423 - -* Thu Jul 26 2018 Martin Pitt 173-1 -- Rebase to version 173 rhbz#1568728 - -* Thu Jul 12 2018 Martin Pitt 172-1 -- Rebase to version 172 rhbz#1568728 - -* Wed Jun 27 2018 Martin Pitt 171-1 -- Rebase to version 171 rhbz#1568728 - -* Tue Jun 05 2018 Martin Pitt 169-3 -- Rebase to version 169, drop all patches rhbz#1568728 -- Fix Subscriptions page hang when accessing as non-admin rhbz#1442540 -- Show an indicator on front page if updates are available rhbz#1495543 -- Properly localize "Log in" rhbz#1541454 -- Improve check for root privilege availability, to e. g. also work for FreeIPA - admins rhbz#1574630 - -* Mon Jan 08 2018 Martin Pitt 154-3 -- Update source po for Japanese translations rhbz#1512923 -- Adjust build system to avoid build failure for the above - -* Mon Dec 11 2017 Martin Pitt 154-2 -- Update Japanese translations rhbz#1512923 - -* Tue Oct 17 2017 Martin Pitt 154-1 -- Rebase to version 154, drop all patches rhbz#1470780 -- This allows ssh keys to be loaded from arbitrary directories - rhbz#1425887 - -* Thu Jun 22 2017 Dominik Perpeet 138-9 -- Add Japanese translation rhbz#1461085 +* Mon Oct 29 2018 Martin Pitt 176-4 +- Switch to ssh SHA256 fingerprints, to fix crash in FIPS mode + rhbz#1585191 + +* Thu Aug 30 2018 Martin Pitt 176-3 +- Storage: Offer installation of VDO on demand +- Machines: Add disks to a virtual machine + +* Tue Aug 14 2018 Martin Pitt 173-3 +- Re-enable cockpit-kubernetes, Go is now available in + extras-rhel-7.6-go-toolset. (RCM-38564) + +* Tue Jul 31 2018 Martin Pitt 173-2 +- Update to 173 release +- Kubernetes: VM detail page +- Realmd: Install on demand +- Temporarily disable cockpit-kubernetes, until Go becomes available + (RCM-38564) + +* Mon Jul 16 2018 Martin Pitt 172-2 +- Update to 172 release +- Software Updates: Layout rework +- Machines: Add virtual CPU configuration +- Docker: Show container volumes + +* Thu Jun 14 2018 Martin Pitt 170-1 +- Update to 170 release +- Software Updates: Layout rework +- oVirt: Use authenticated libvirt connection by default rhbz#1297037 + +* Wed May 30 2018 Martin Pitt 169-1 +- Update to 169 release +- Storage: Offer installation of NFS client support on demand +- Containers: Don't try to manage "overlay2" storage without a volume group +- Machines: Fix "Start VM" checkbox layout +- Software Updates: Fix security update icon rhbz#1582570 +- Drop obsolete cockpit-bashboard SELinux %post hack rhbz#1570833 + +* Tue Apr 17 2018 Martin Pitt 165-3 +- Revert "noarch" change for cockpit-doc as well + +* Tue Apr 17 2018 Martin Pitt 165-2 +- Revert "noarch" changes from 165-1, they cause too much fallout + +* Fri Apr 13 2018 Martin Pitt 165-1 +- Update to 165 release +- New VMs can be created on Machines page +- Improve LVM volume resizing +- Hide Docker storage pool reset button when it cannot work properly +- Move NFS management into new details page +- Show more details of sessions and services that keep NFS busy +- Machines page now shows proper error notifications +- Show virtual machines that are being created +- Detect if libvirtd is not running and offer to start and/or enable it +- Enable building of cockpit-machines-ovirt rhbz#1515796 + +* Mon Feb 26 2018 Martin Pitt 160-3 +- storaged: Drop VDO async option rhbz#1548988 + +* Mon Jan 29 2018 Martin Pitt 160-2 +- Add kubevirt Virtual Machines overview +- Redesign package list on Software Updates page and show RHEL Errata + +* Wed Jan 10 2018 Martin Pitt 159-1 +- Update to 159 release +- Configure data deduplication with VDO devices on Storage page +- Add serial console to virtual Machines page and redesign the Consoles tab +- Show more error message details for failures on virtual Machines page + +* Thu Dec 14 2017 Martin Pitt 158-1 +- Update to 158 release +- New package "cockpit-packagekit", which provides a "Software Updates" page + for installing package updates rhbz#1479836 +- Add NFS client support to the Storage page +- Add checkboxes for common Storage encryption and mount options +- Adjust cockpit-storaged dependencies to storaged → udisks2 rename + rhbz#1510667 + +* Thu Jun 29 2017 Dominik Perpeet 141-4 +- Bump for rebuild on more architectures + +* Thu Jun 29 2017 Dominik Perpeet 141-3 +- Fix dashboard dependency rhbz#1466423 + +* Mon Jun 05 2017 Dominik Perpeet 141-2 +- Build on more architectures + +* Mon Jun 05 2017 Dominik Perpeet 141-1 +- Update to 141 release +- Allow users to change Docker container environment variables +- Allow auth commands to store credentials for future challenges +- Attempt to tear down used partitions when formatting disks +- Show the correct known_hosts path on missing/mismatching host keys +- Set HTML content type when serving login page, for better reverse proxy operation * Wed May 24 2017 Dominik Perpeet 138-8 - Rebuild for new dependencies