diff --git a/.cockpit.metadata b/.cockpit.metadata
index c6b9c28..f6c4798 100644
--- a/.cockpit.metadata
+++ b/.cockpit.metadata
@@ -1 +1 @@
-64f4029431fada24f3ece0920849ae8828e43daa SOURCES/cockpit-0.114.tar.xz
+aefbc09df1773c8d87c0455224778026567fd64e SOURCES/cockpit-118.tar.xz
diff --git a/.gitignore b/.gitignore
index b72d249..19872f2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/cockpit-0.114.tar.xz
+SOURCES/cockpit-118.tar.xz
diff --git a/SOURCES/0001-test-Ensure-cockpit-session-debug-is-off.patch b/SOURCES/0001-test-Ensure-cockpit-session-debug-is-off.patch
new file mode 100644
index 0000000..164d03a
--- /dev/null
+++ b/SOURCES/0001-test-Ensure-cockpit-session-debug-is-off.patch
@@ -0,0 +1,30 @@
+From 36e0fa44509186a24d4275eefcf9ac2d12d0e0f7 Mon Sep 17 00:00:00 2001
+From: petervo <petervo@redhat.com>
+Date: Thu, 8 Sep 2016 09:21:26 -0700
+Subject: [PATCH 1/2] test: Ensure cockpit-session debug is off
+
+Closes #4996
+Reviewed-by: Stef Walter <stefw@redhat.com>
+---
+ test/verify/check-login | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/test/verify/check-login b/test/verify/check-login
+index 5d9f895..813174e 100755
+--- a/test/verify/check-login
++++ b/test/verify/check-login
+@@ -87,6 +87,11 @@ account required pam_succeed_if.so user ingroup %s""" % m.get_admin_group
+ b.click('#go-account')
+ b.enter_page("/users")
+ b.wait_text ("#account-user-name", "admin")
++ try:
++ m.execute("journalctl -p 7 SYSLOG_IDENTIFIER=cockpit-ws | grep 'cockpit-session: opening pam session'")
++ assert False, "cockpit-session debug messsages found"
++ except subprocess.CalledProcessError:
++ pass
+
+ self.allow_journal_messages ("Returning error-response ... with reason .*",
+ "pam_unix\(cockpit:auth\): authentication failure; .*",
+--
+1.8.3.1
+
diff --git a/SOURCES/0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch b/SOURCES/0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch
deleted file mode 100644
index 18ffacd..0000000
--- a/SOURCES/0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 67ce9876656f8e5a9f088990f6e08847a65a4be9 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Thu, 14 Jul 2016 10:20:18 +0200
-Subject: [PATCH 1/2] tools: Update spec file for lack of cockpit-daemon
-
-cockpit-daemon is and has for a long time now no longer been a
-thing. We can still upgrade cleanly with the 'Obsoletes' line
-here.
-
-Reviewed-by: Peter <petervo@redhat.com>
----
- tools/cockpit.spec | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/tools/cockpit.spec b/tools/cockpit.spec
-index 091e409..5a0ad60 100644
---- a/tools/cockpit.spec
-+++ b/tools/cockpit.spec
-@@ -110,7 +110,6 @@ machines.
-
- %package bridge
- Summary: Cockpit bridge server-side component
--Provides: %{name}-daemon
- Obsoletes: %{name}-daemon < 0.48-2
- Requires: polkit
-
---
-1.8.3.1
-
diff --git a/SOURCES/0002-tools-Update-packaging-files-for-stable-0.114-releas.patch b/SOURCES/0002-tools-Update-packaging-files-for-stable-0.114-releas.patch
deleted file mode 100644
index 34abbf8..0000000
--- a/SOURCES/0002-tools-Update-packaging-files-for-stable-0.114-releas.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 2ab6a1716eca40c1a1c16aa1ac5457959b54fb82 Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Thu, 14 Jul 2016 10:25:36 +0200
-Subject: [PATCH 2/2] tools: Update packaging files for stable 0.114 release
-
-The internal javascript API in 0.114 is considered stable
-in the base1 package. So subpackages can use any version of
-cockpit-bridge and cockpit-shell 0.114 or later.
-
-Closes #4736
-Reviewed-by: Peter <petervo@redhat.com>
----
- tools/cockpit.spec | 33 +++++++++++++++++++++++----------
- 1 file changed, 23 insertions(+), 10 deletions(-)
-
-diff --git a/tools/cockpit.spec b/tools/cockpit.spec
-index 5a0ad60..655cf8a 100644
---- a/tools/cockpit.spec
-+++ b/tools/cockpit.spec
-@@ -16,6 +16,10 @@
-
- %if %{defined gitcommit}
- %define extra_flags CFLAGS='-O2 -Wall -Werror -fPIC -g -DWITH_DEBUG'
-+%define stable_api %{gitcommit}
-+%else
-+# The first version with a stable APIs
-+%define stable_api 0.114
- %endif
-
- %if 0%{?centos}
-@@ -344,7 +348,7 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
-
- %package shell
- Summary: Cockpit Shell user interface package
--Requires: %{name}-bridge = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
- Requires: shadow-utils
- Requires: grep
- Requires: libpwquality
-@@ -366,7 +370,8 @@ This package contains the Cockpit shell UI assets.
-
- %package storaged
- Summary: Cockpit user interface for storage, using Storaged
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- Requires: storaged >= 2.1.1
- %if 0%{?fedora} >= 24 || 0%{?rhel} >= 8
- Recommends: storaged-lvm2 >= 2.1.1
-@@ -386,7 +391,8 @@ The Cockpit component for managing storage. This package uses Storaged.
-
- %package ostree
- Summary: Cockpit user interface for rpm-ostree
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- %if 0%{?fedora} > 0 && 0%{?fedora} < 24
- Requires: rpm-ostree >= 2015.10-1
- %else
-@@ -404,7 +410,8 @@ The Cockpit components for managing software updates for ostree based systems.
-
- %package sosreport
- Summary: Cockpit user interface for diagnostic reports
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- Requires: sos
- BuildArch: noarch
-
-@@ -416,7 +423,8 @@ sosreport tool.
-
- %package subscriptions
- Summary: Cockpit subscription user interface package
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- Requires: subscription-manager >= 1.13
- BuildArch: noarch
-
-@@ -428,7 +436,8 @@ subscription management.
-
- %package networkmanager
- Summary: Cockpit user interface for networking, using NetworkManager
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- Requires: NetworkManager
- BuildArch: noarch
-
-@@ -443,7 +452,8 @@ The Cockpit component for managing networking. This package uses NetworkManager
-
- %package selinux
- Summary: Cockpit SELinux package
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- Requires: setroubleshoot-server >= 3.3.3
- BuildArch: noarch
-
-@@ -459,7 +469,8 @@ utility setroubleshoot to diagnose and resolve SELinux issues.
-
- %package docker
- Summary: Cockpit user interface for Docker containers
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- Requires: docker >= 1.3.0
-
- %description docker
-@@ -475,7 +486,8 @@ This package is not yet complete.
- %package kubernetes
- Summary: Cockpit user interface for Kubernetes cluster
- Requires: /usr/bin/kubectl
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- BuildRequires: golang-bin
- BuildRequires: golang-src
-
-@@ -493,7 +505,8 @@ cluster. Installed on the Kubernetes master. This package is not yet complete.
-
- %package test-assets
- Summary: Additional stuff for testing Cockpit
--Requires: %{name}-shell = %{version}-%{release}
-+Requires: %{name}-bridge >= %{stable_api}
-+Requires: %{name}-shell >= %{stable_api}
- Requires: openssh-clients
-
- %description test-assets
---
-1.8.3.1
-
diff --git a/SOURCES/0002-ws-Turn-session-debug-back-off.patch b/SOURCES/0002-ws-Turn-session-debug-back-off.patch
new file mode 100644
index 0000000..3511d26
--- /dev/null
+++ b/SOURCES/0002-ws-Turn-session-debug-back-off.patch
@@ -0,0 +1,27 @@
+From 689873f5d858618e9940b7c4dc0a72e1b25e146c Mon Sep 17 00:00:00 2001
+From: petervo <petervo@redhat.com>
+Date: Thu, 8 Sep 2016 06:55:37 -0700
+Subject: [PATCH 2/2] ws: Turn session debug back off
+
+Closes #4996
+Reviewed-by: Stef Walter <stefw@redhat.com>
+---
+ src/ws/session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ws/session.c b/src/ws/session.c
+index 5edee6f..73b104a 100644
+--- a/src/ws/session.c
++++ b/src/ws/session.c
+@@ -53,7 +53,7 @@
+ * this job.
+ */
+
+-#define DEBUG_SESSION 1
++#define DEBUG_SESSION 0
+ #define AUTH_FD 3
+ #define EX 127
+ #define DEFAULT_PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+--
+1.8.3.1
+
diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec
index 3b53c67..6cab246 100644
--- a/SPECS/cockpit.spec
+++ b/SPECS/cockpit.spec
@@ -4,7 +4,7 @@
#
%define branding auto
-%define tag 0.114
+%define tag 118
%define rev 2
%if %{defined gitcommit}
@@ -44,8 +44,8 @@ Source0: cockpit-%{version}.tar.gz
Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
%endif
-Patch1: 0001-tools-Update-spec-file-for-lack-of-cockpit-daemon.patch
-Patch2: 0002-tools-Update-packaging-files-for-stable-0.114-releas.patch
+Patch1: 0001-test-Ensure-cockpit-session-debug-is-off.patch
+Patch2: 0002-ws-Turn-session-debug-back-off.patch
BuildRequires: pkgconfig(gio-unix-2.0)
BuildRequires: pkgconfig(json-glib-1.0)
@@ -77,7 +77,9 @@ BuildRequires: krb5-server
# For documentation
BuildRequires: xmlto
-# Mandatory components of "cockpit"
+# This is the "cockpit" metapackage. It should only
+# Require, Suggest or Recommend other cockpit-xxx subpackages
+
Requires: %{name}-bridge = %{version}-%{release}
Requires: %{name}-ws = %{version}-%{release}
Requires: %{name}-shell = %{version}-%{release}
@@ -149,12 +151,13 @@ The Cockpit Web Service listens on the network, and authenticates users.
%prep
%setup -q
+
%patch1 -p1
%patch2 -p1
%build
exec 2>&1
-%configure --disable-silent-rules --with-cockpit-user=cockpit-ws --with-branding=auto --with-selinux-config-type=etc_t
+%configure --disable-silent-rules --with-cockpit-user=cockpit-ws --with-branding=auto --with-selinux-config-type=etc_t %{?rhel:--without-storaged-iscsi-sessions}
make -j4 %{?extra_flags} all
%check
@@ -194,8 +197,8 @@ find %{buildroot}%{_datadir}/%{name}/tuned -type f >> shell.list
echo '%dir %{_datadir}/%{name}/shell' >> shell.list
find %{buildroot}%{_datadir}/%{name}/shell -type f >> shell.list
-echo '%dir %{_datadir}/%{name}/system' >> shell.list
-find %{buildroot}%{_datadir}/%{name}/system -type f >> shell.list
+echo '%dir %{_datadir}/%{name}/systemd' >> shell.list
+find %{buildroot}%{_datadir}/%{name}/systemd -type f >> shell.list
echo '%dir %{_datadir}/%{name}/users' >> shell.list
find %{buildroot}%{_datadir}/%{name}/users -type f >> shell.list
@@ -206,17 +209,17 @@ find %{buildroot}%{_datadir}/%{name}/sosreport -type f >> sosreport.list
echo '%dir %{_datadir}/%{name}/subscriptions' > subscriptions.list
find %{buildroot}%{_datadir}/%{name}/subscriptions -type f >> subscriptions.list
-echo '%dir %{_datadir}/%{name}/storage' > storaged.list
-find %{buildroot}%{_datadir}/%{name}/storage -type f >> storaged.list
+echo '%dir %{_datadir}/%{name}/storaged' > storaged.list
+find %{buildroot}%{_datadir}/%{name}/storaged -type f >> storaged.list
-echo '%dir %{_datadir}/%{name}/network' > networkmanager.list
-find %{buildroot}%{_datadir}/%{name}/network -type f >> networkmanager.list
+echo '%dir %{_datadir}/%{name}/networkmanager' > networkmanager.list
+find %{buildroot}%{_datadir}/%{name}/networkmanager -type f >> networkmanager.list
echo '%dir %{_datadir}/%{name}/ostree' > ostree.list
find %{buildroot}%{_datadir}/%{name}/ostree -type f >> ostree.list
-# on RHEL systems we don't have the required setroubleshoot-server packages
-%if 0%{?rhel}%{?centos}
+# on CentOS systems we don't have the required setroubleshoot-server packages
+%if 0%{?centos}
rm -rf %{buildroot}%{_datadir}/%{name}/selinux
%else
echo '%dir %{_datadir}/%{name}/selinux' > selinux.list
@@ -246,16 +249,20 @@ touch kubernetes.list
sed -i "s|%{buildroot}||" *.list
# Build the package lists for debug package, and move debug files to installed locations
-find %{buildroot}/usr/src/debug%{_datadir}/%{name} -type f -o -type l > debug.list
-sed -i "s|%{buildroot}/usr/src/debug||" debug.list
+find %{buildroot}/usr/src/debug%{_datadir}/%{name} -type f -o -type l > debug.partial
+sed -i "s|%{buildroot}/usr/src/debug||" debug.partial
+sed -n 's/\.map\(\.gz\)\?$/\0/p' *.list >> debug.partial
+sed -i '/\.map\(\.gz\)\?$/d' *.list
tar -C %{buildroot}/usr/src/debug -cf - . | tar -C %{buildroot} -xf -
rm -rf %{buildroot}/usr/src/debug
-# On RHEL subscriptions, networkmanager, and sosreport are part of the shell package
+# On RHEL subscriptions, networkmanager, selinux, and sosreport are part of the shell package
%if 0%{?rhel}
-cat subscriptions.list sosreport.list networkmanager.list >> shell.list
+cat subscriptions.list sosreport.list networkmanager.list selinux.list >> shell.list
%endif
+%find_lang %{name}
+
# dwz has trouble with the go binaries
# https://fedoraproject.org/wiki/PackagingDrafts/Go
%global _dwz_low_mem_die_limit 0
@@ -270,7 +277,7 @@ cat subscriptions.list sosreport.list networkmanager.list >> shell.list
# Redefine how debug info is built to slip in our extra debug files
%define __debug_install_post \
%{find_debug_info} \
- cat debug.list >> %{_builddir}/%{?buildsubdir}/debugfiles.list \
+ cat debug.partial >> %{_builddir}/%{?buildsubdir}/debugfiles.list \
%{nil}
%files
@@ -307,7 +314,7 @@ cat subscriptions.list sosreport.list networkmanager.list >> shell.list
# be out of sync with reality.
/usr/share/pcp/lib/pmlogger reload
-%files ws
+%files ws -f %{name}.lang
%doc %{_mandir}/man5/cockpit.conf.5.gz
%doc %{_mandir}/man8/cockpit-ws.8.gz
%doc %{_mandir}/man8/remotectl.8.gz
@@ -344,7 +351,7 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
%package shell
Summary: Cockpit Shell user interface package
-Requires: %{name}-bridge >= %{stable_api}
+Requires: %{name}-bridge = %{version}-%{release}
Requires: shadow-utils
Requires: grep
Requires: libpwquality
@@ -354,6 +361,10 @@ Provides: %{name}-subscriptions = %{version}-%{release}
Requires: subscription-manager >= 1.13
Provides: %{name}-networkmanager = %{version}-%{release}
Requires: NetworkManager
+# Optional components (only when soft deps are supported)
+%if 0%{?fedora} >= 24 || 0%{?rhel} >= 8
+Recommends: NetworkManager-team
+%endif
%endif
Provides: %{name}-assets
Obsoletes: %{name}-assets < 0.32
@@ -366,7 +377,7 @@ This package contains the Cockpit shell UI assets.
%package storaged
Summary: Cockpit user interface for storage, using Storaged
-Requires: %{name}-bridge >= %{stable_api}
+Requires: %{name}-bridge >= %{version}-%{release}
Requires: %{name}-shell >= %{stable_api}
Requires: storaged >= 2.1.1
%if 0%{?fedora} >= 24 || 0%{?rhel} >= 8
@@ -435,6 +446,10 @@ Summary: Cockpit user interface for networking, using NetworkManager
Requires: %{name}-bridge >= %{stable_api}
Requires: %{name}-shell >= %{stable_api}
Requires: NetworkManager
+# Optional components (only when soft deps are supported)
+%if 0%{?fedora} >= 24 || 0%{?rhel} >= 8
+Recommends: NetworkManager-team
+%endif
BuildArch: noarch
%description networkmanager
@@ -468,6 +483,7 @@ Summary: Cockpit user interface for Docker containers
Requires: %{name}-bridge >= %{stable_api}
Requires: %{name}-shell >= %{stable_api}
Requires: docker >= 1.3.0
+Requires: python
%description docker
The Cockpit components for interacting with Docker and user interface.
@@ -516,6 +532,21 @@ pulls in some necessary packages via dependencies.
%endif
%changelog
+* Tue Sep 20 2016 Dominik Perpeet <dperpeet@redhat.com> 118-2
+- Turn off Cockpit debug session
+
+* Wed Sep 07 2016 Dominik Perpeet <dperpeet@redhat.com> 118-1
+- Update to 118 release
+- SELinux audit failures can be diagnosed and solutions applied to the system
+- Configure storage for Docker containers and images
+- Volumes and environment variables can be configured for Docker containers
+- Support PAM conversations on the Login screen, enabling two factor authentication
+- Cockpit URLs can be proxied with a configured HTTP path prefix
+- Timer jobs in systemd can be created and configured
+- Display all managed NetworkManager devices
+- Add support for network teams
+- Prevent removal of last volume from volume group rhbz#1354421
+
* Fri Jul 15 2016 Dominik Perpeet <dperpeet@redhat.com> - 0.114-2
- The API of cockpit-bridge and cockpit-shell is now stable, other components
only depend on a version >= 0.114 now, not an exact match to their own version