diff --git a/.cockpit.metadata b/.cockpit.metadata index c6b9c28..f6c4798 100644 --- a/.cockpit.metadata +++ b/.cockpit.metadata @@ -1 +1 @@ -64f4029431fada24f3ece0920849ae8828e43daa SOURCES/cockpit-0.114.tar.xz +aefbc09df1773c8d87c0455224778026567fd64e SOURCES/cockpit-118.tar.xz diff --git a/.gitignore b/.gitignore index b72d249..19872f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cockpit-0.114.tar.xz +SOURCES/cockpit-118.tar.xz diff --git a/SOURCES/0001-test-Ensure-cockpit-session-debug-is-off.patch b/SOURCES/0001-test-Ensure-cockpit-session-debug-is-off.patch new file mode 100644 index 0000000..164d03a --- /dev/null +++ b/SOURCES/0001-test-Ensure-cockpit-session-debug-is-off.patch @@ -0,0 +1,30 @@ +From 36e0fa44509186a24d4275eefcf9ac2d12d0e0f7 Mon Sep 17 00:00:00 2001 +From: petervo +Date: Thu, 8 Sep 2016 09:21:26 -0700 +Subject: [PATCH 1/2] test: Ensure cockpit-session debug is off + +Closes #4996 +Reviewed-by: Stef Walter +--- + test/verify/check-login | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/test/verify/check-login b/test/verify/check-login +index 5d9f895..813174e 100755 +--- a/test/verify/check-login ++++ b/test/verify/check-login +@@ -87,6 +87,11 @@ account required pam_succeed_if.so user ingroup %s""" % m.get_admin_group + b.click('#go-account') + b.enter_page("/users") + b.wait_text ("#account-user-name", "admin") ++ try: ++ m.execute("journalctl -p 7 SYSLOG_IDENTIFIER=cockpit-ws | grep 'cockpit-session: opening pam session'") ++ assert False, "cockpit-session debug messsages found" ++ except subprocess.CalledProcessError: ++ pass + + self.allow_journal_messages ("Returning error-response ... with reason .*", + "pam_unix\(cockpit:auth\): authentication failure; .*", +-- +1.8.3.1 + diff --git a/SOURCES/0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch b/SOURCES/0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch deleted file mode 100644 index 18ffacd..0000000 --- a/SOURCES/0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 67ce9876656f8e5a9f088990f6e08847a65a4be9 Mon Sep 17 00:00:00 2001 -From: Stef Walter -Date: Thu, 14 Jul 2016 10:20:18 +0200 -Subject: [PATCH 1/2] tools: Update spec file for lack of cockpit-daemon - -cockpit-daemon is and has for a long time now no longer been a -thing. We can still upgrade cleanly with the 'Obsoletes' line -here. - -Reviewed-by: Peter ---- - tools/cockpit.spec | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/tools/cockpit.spec b/tools/cockpit.spec -index 091e409..5a0ad60 100644 ---- a/tools/cockpit.spec -+++ b/tools/cockpit.spec -@@ -110,7 +110,6 @@ machines. - - %package bridge - Summary: Cockpit bridge server-side component --Provides: %{name}-daemon - Obsoletes: %{name}-daemon < 0.48-2 - Requires: polkit - --- -1.8.3.1 - diff --git a/SOURCES/0002-tools-Update-packaging-files-for-stable-0.114-releas.patch b/SOURCES/0002-tools-Update-packaging-files-for-stable-0.114-releas.patch deleted file mode 100644 index 34abbf8..0000000 --- a/SOURCES/0002-tools-Update-packaging-files-for-stable-0.114-releas.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 2ab6a1716eca40c1a1c16aa1ac5457959b54fb82 Mon Sep 17 00:00:00 2001 -From: Stef Walter -Date: Thu, 14 Jul 2016 10:25:36 +0200 -Subject: [PATCH 2/2] tools: Update packaging files for stable 0.114 release - -The internal javascript API in 0.114 is considered stable -in the base1 package. So subpackages can use any version of -cockpit-bridge and cockpit-shell 0.114 or later. - -Closes #4736 -Reviewed-by: Peter ---- - tools/cockpit.spec | 33 +++++++++++++++++++++++---------- - 1 file changed, 23 insertions(+), 10 deletions(-) - -diff --git a/tools/cockpit.spec b/tools/cockpit.spec -index 5a0ad60..655cf8a 100644 ---- a/tools/cockpit.spec -+++ b/tools/cockpit.spec -@@ -16,6 +16,10 @@ - - %if %{defined gitcommit} - %define extra_flags CFLAGS='-O2 -Wall -Werror -fPIC -g -DWITH_DEBUG' -+%define stable_api %{gitcommit} -+%else -+# The first version with a stable APIs -+%define stable_api 0.114 - %endif - - %if 0%{?centos} -@@ -344,7 +348,7 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true - - %package shell - Summary: Cockpit Shell user interface package --Requires: %{name}-bridge = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} - Requires: shadow-utils - Requires: grep - Requires: libpwquality -@@ -366,7 +370,8 @@ This package contains the Cockpit shell UI assets. - - %package storaged - Summary: Cockpit user interface for storage, using Storaged --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - Requires: storaged >= 2.1.1 - %if 0%{?fedora} >= 24 || 0%{?rhel} >= 8 - Recommends: storaged-lvm2 >= 2.1.1 -@@ -386,7 +391,8 @@ The Cockpit component for managing storage. This package uses Storaged. - - %package ostree - Summary: Cockpit user interface for rpm-ostree --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - %if 0%{?fedora} > 0 && 0%{?fedora} < 24 - Requires: rpm-ostree >= 2015.10-1 - %else -@@ -404,7 +410,8 @@ The Cockpit components for managing software updates for ostree based systems. - - %package sosreport - Summary: Cockpit user interface for diagnostic reports --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - Requires: sos - BuildArch: noarch - -@@ -416,7 +423,8 @@ sosreport tool. - - %package subscriptions - Summary: Cockpit subscription user interface package --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - Requires: subscription-manager >= 1.13 - BuildArch: noarch - -@@ -428,7 +436,8 @@ subscription management. - - %package networkmanager - Summary: Cockpit user interface for networking, using NetworkManager --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - Requires: NetworkManager - BuildArch: noarch - -@@ -443,7 +452,8 @@ The Cockpit component for managing networking. This package uses NetworkManager - - %package selinux - Summary: Cockpit SELinux package --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - Requires: setroubleshoot-server >= 3.3.3 - BuildArch: noarch - -@@ -459,7 +469,8 @@ utility setroubleshoot to diagnose and resolve SELinux issues. - - %package docker - Summary: Cockpit user interface for Docker containers --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - Requires: docker >= 1.3.0 - - %description docker -@@ -475,7 +486,8 @@ This package is not yet complete. - %package kubernetes - Summary: Cockpit user interface for Kubernetes cluster - Requires: /usr/bin/kubectl --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - BuildRequires: golang-bin - BuildRequires: golang-src - -@@ -493,7 +505,8 @@ cluster. Installed on the Kubernetes master. This package is not yet complete. - - %package test-assets - Summary: Additional stuff for testing Cockpit --Requires: %{name}-shell = %{version}-%{release} -+Requires: %{name}-bridge >= %{stable_api} -+Requires: %{name}-shell >= %{stable_api} - Requires: openssh-clients - - %description test-assets --- -1.8.3.1 - diff --git a/SOURCES/0002-ws-Turn-session-debug-back-off.patch b/SOURCES/0002-ws-Turn-session-debug-back-off.patch new file mode 100644 index 0000000..3511d26 --- /dev/null +++ b/SOURCES/0002-ws-Turn-session-debug-back-off.patch @@ -0,0 +1,27 @@ +From 689873f5d858618e9940b7c4dc0a72e1b25e146c Mon Sep 17 00:00:00 2001 +From: petervo +Date: Thu, 8 Sep 2016 06:55:37 -0700 +Subject: [PATCH 2/2] ws: Turn session debug back off + +Closes #4996 +Reviewed-by: Stef Walter +--- + src/ws/session.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/ws/session.c b/src/ws/session.c +index 5edee6f..73b104a 100644 +--- a/src/ws/session.c ++++ b/src/ws/session.c +@@ -53,7 +53,7 @@ + * this job. + */ + +-#define DEBUG_SESSION 1 ++#define DEBUG_SESSION 0 + #define AUTH_FD 3 + #define EX 127 + #define DEFAULT_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +-- +1.8.3.1 + diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec index 3b53c67..6cab246 100644 --- a/SPECS/cockpit.spec +++ b/SPECS/cockpit.spec @@ -4,7 +4,7 @@ # %define branding auto -%define tag 0.114 +%define tag 118 %define rev 2 %if %{defined gitcommit} @@ -44,8 +44,8 @@ Source0: cockpit-%{version}.tar.gz Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz %endif -Patch1: 0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch -Patch2: 0002-tools-Update-packaging-files-for-stable-0.114-releas.patch +Patch1: 0001-test-Ensure-cockpit-session-debug-is-off.patch +Patch2: 0002-ws-Turn-session-debug-back-off.patch BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(json-glib-1.0) @@ -77,7 +77,9 @@ BuildRequires: krb5-server # For documentation BuildRequires: xmlto -# Mandatory components of "cockpit" +# This is the "cockpit" metapackage. It should only +# Require, Suggest or Recommend other cockpit-xxx subpackages + Requires: %{name}-bridge = %{version}-%{release} Requires: %{name}-ws = %{version}-%{release} Requires: %{name}-shell = %{version}-%{release} @@ -149,12 +151,13 @@ The Cockpit Web Service listens on the network, and authenticates users. %prep %setup -q + %patch1 -p1 %patch2 -p1 %build exec 2>&1 -%configure --disable-silent-rules --with-cockpit-user=cockpit-ws --with-branding=auto --with-selinux-config-type=etc_t +%configure --disable-silent-rules --with-cockpit-user=cockpit-ws --with-branding=auto --with-selinux-config-type=etc_t %{?rhel:--without-storaged-iscsi-sessions} make -j4 %{?extra_flags} all %check @@ -194,8 +197,8 @@ find %{buildroot}%{_datadir}/%{name}/tuned -type f >> shell.list echo '%dir %{_datadir}/%{name}/shell' >> shell.list find %{buildroot}%{_datadir}/%{name}/shell -type f >> shell.list -echo '%dir %{_datadir}/%{name}/system' >> shell.list -find %{buildroot}%{_datadir}/%{name}/system -type f >> shell.list +echo '%dir %{_datadir}/%{name}/systemd' >> shell.list +find %{buildroot}%{_datadir}/%{name}/systemd -type f >> shell.list echo '%dir %{_datadir}/%{name}/users' >> shell.list find %{buildroot}%{_datadir}/%{name}/users -type f >> shell.list @@ -206,17 +209,17 @@ find %{buildroot}%{_datadir}/%{name}/sosreport -type f >> sosreport.list echo '%dir %{_datadir}/%{name}/subscriptions' > subscriptions.list find %{buildroot}%{_datadir}/%{name}/subscriptions -type f >> subscriptions.list -echo '%dir %{_datadir}/%{name}/storage' > storaged.list -find %{buildroot}%{_datadir}/%{name}/storage -type f >> storaged.list +echo '%dir %{_datadir}/%{name}/storaged' > storaged.list +find %{buildroot}%{_datadir}/%{name}/storaged -type f >> storaged.list -echo '%dir %{_datadir}/%{name}/network' > networkmanager.list -find %{buildroot}%{_datadir}/%{name}/network -type f >> networkmanager.list +echo '%dir %{_datadir}/%{name}/networkmanager' > networkmanager.list +find %{buildroot}%{_datadir}/%{name}/networkmanager -type f >> networkmanager.list echo '%dir %{_datadir}/%{name}/ostree' > ostree.list find %{buildroot}%{_datadir}/%{name}/ostree -type f >> ostree.list -# on RHEL systems we don't have the required setroubleshoot-server packages -%if 0%{?rhel}%{?centos} +# on CentOS systems we don't have the required setroubleshoot-server packages +%if 0%{?centos} rm -rf %{buildroot}%{_datadir}/%{name}/selinux %else echo '%dir %{_datadir}/%{name}/selinux' > selinux.list @@ -246,16 +249,20 @@ touch kubernetes.list sed -i "s|%{buildroot}||" *.list # Build the package lists for debug package, and move debug files to installed locations -find %{buildroot}/usr/src/debug%{_datadir}/%{name} -type f -o -type l > debug.list -sed -i "s|%{buildroot}/usr/src/debug||" debug.list +find %{buildroot}/usr/src/debug%{_datadir}/%{name} -type f -o -type l > debug.partial +sed -i "s|%{buildroot}/usr/src/debug||" debug.partial +sed -n 's/\.map\(\.gz\)\?$/\0/p' *.list >> debug.partial +sed -i '/\.map\(\.gz\)\?$/d' *.list tar -C %{buildroot}/usr/src/debug -cf - . | tar -C %{buildroot} -xf - rm -rf %{buildroot}/usr/src/debug -# On RHEL subscriptions, networkmanager, and sosreport are part of the shell package +# On RHEL subscriptions, networkmanager, selinux, and sosreport are part of the shell package %if 0%{?rhel} -cat subscriptions.list sosreport.list networkmanager.list >> shell.list +cat subscriptions.list sosreport.list networkmanager.list selinux.list >> shell.list %endif +%find_lang %{name} + # dwz has trouble with the go binaries # https://fedoraproject.org/wiki/PackagingDrafts/Go %global _dwz_low_mem_die_limit 0 @@ -270,7 +277,7 @@ cat subscriptions.list sosreport.list networkmanager.list >> shell.list # Redefine how debug info is built to slip in our extra debug files %define __debug_install_post \ %{find_debug_info} \ - cat debug.list >> %{_builddir}/%{?buildsubdir}/debugfiles.list \ + cat debug.partial >> %{_builddir}/%{?buildsubdir}/debugfiles.list \ %{nil} %files @@ -307,7 +314,7 @@ cat subscriptions.list sosreport.list networkmanager.list >> shell.list # be out of sync with reality. /usr/share/pcp/lib/pmlogger reload -%files ws +%files ws -f %{name}.lang %doc %{_mandir}/man5/cockpit.conf.5.gz %doc %{_mandir}/man8/cockpit-ws.8.gz %doc %{_mandir}/man8/remotectl.8.gz @@ -344,7 +351,7 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true %package shell Summary: Cockpit Shell user interface package -Requires: %{name}-bridge >= %{stable_api} +Requires: %{name}-bridge = %{version}-%{release} Requires: shadow-utils Requires: grep Requires: libpwquality @@ -354,6 +361,10 @@ Provides: %{name}-subscriptions = %{version}-%{release} Requires: subscription-manager >= 1.13 Provides: %{name}-networkmanager = %{version}-%{release} Requires: NetworkManager +# Optional components (only when soft deps are supported) +%if 0%{?fedora} >= 24 || 0%{?rhel} >= 8 +Recommends: NetworkManager-team +%endif %endif Provides: %{name}-assets Obsoletes: %{name}-assets < 0.32 @@ -366,7 +377,7 @@ This package contains the Cockpit shell UI assets. %package storaged Summary: Cockpit user interface for storage, using Storaged -Requires: %{name}-bridge >= %{stable_api} +Requires: %{name}-bridge >= %{version}-%{release} Requires: %{name}-shell >= %{stable_api} Requires: storaged >= 2.1.1 %if 0%{?fedora} >= 24 || 0%{?rhel} >= 8 @@ -435,6 +446,10 @@ Summary: Cockpit user interface for networking, using NetworkManager Requires: %{name}-bridge >= %{stable_api} Requires: %{name}-shell >= %{stable_api} Requires: NetworkManager +# Optional components (only when soft deps are supported) +%if 0%{?fedora} >= 24 || 0%{?rhel} >= 8 +Recommends: NetworkManager-team +%endif BuildArch: noarch %description networkmanager @@ -468,6 +483,7 @@ Summary: Cockpit user interface for Docker containers Requires: %{name}-bridge >= %{stable_api} Requires: %{name}-shell >= %{stable_api} Requires: docker >= 1.3.0 +Requires: python %description docker The Cockpit components for interacting with Docker and user interface. @@ -516,6 +532,21 @@ pulls in some necessary packages via dependencies. %endif %changelog +* Tue Sep 20 2016 Dominik Perpeet 118-2 +- Turn off Cockpit debug session + +* Wed Sep 07 2016 Dominik Perpeet 118-1 +- Update to 118 release +- SELinux audit failures can be diagnosed and solutions applied to the system +- Configure storage for Docker containers and images +- Volumes and environment variables can be configured for Docker containers +- Support PAM conversations on the Login screen, enabling two factor authentication +- Cockpit URLs can be proxied with a configured HTTP path prefix +- Timer jobs in systemd can be created and configured +- Display all managed NetworkManager devices +- Add support for network teams +- Prevent removal of last volume from volume group rhbz#1354421 + * Fri Jul 15 2016 Dominik Perpeet - 0.114-2 - The API of cockpit-bridge and cockpit-shell is now stable, other components only depend on a version >= 0.114 now, not an exact match to their own version