diff --git a/.cockpit.metadata b/.cockpit.metadata index 7f2efe9..ea5c68d 100644 --- a/.cockpit.metadata +++ b/.cockpit.metadata @@ -1 +1 @@ -d59a0eb6157945319714511842aa46e2b1645941 SOURCES/cockpit-251.tar.xz +c408f0050d65f48049f8f3f0ef0ab49e55251988 SOURCES/cockpit-264.tar.xz diff --git a/.gitignore b/.gitignore index 6893666..e36c35a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cockpit-251.tar.xz +SOURCES/cockpit-264.tar.xz diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec index e0030e3..7b16b5c 100644 --- a/SPECS/cockpit.spec +++ b/SPECS/cockpit.spec @@ -1,5 +1,5 @@ # This spec file has been automatically updated -Version: 251 +Version: 264 Release: 1%{?dist} # # Copyright (C) 2014-2020 Red Hat, Inc. @@ -26,10 +26,6 @@ Release: 1%{?dist} # # Check first cockpit-devel@lists.fedorahosted.org # -# Globals that may be defined elsewhere -# * Version 122 -# * wip 1 -# # earliest base that the subpackages work on; the instances of this get computed/updated # by tools/gen-spec-dependencies during "make dist", but keep a hardcoded fallback @@ -56,17 +52,15 @@ Summary: Web Console for Linux servers License: LGPLv2+ URL: https://cockpit-project.org/ -%if %{defined wip} -Source0: cockpit-%{version}.tar.xz -%else -Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz -%endif +Source0: https://github.com/cockpit-project/cockpit/releases/download/264/cockpit-264.tar.xz # in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system}) # and cockpit-appstream (building optional packages like cockpit-{pcp}) # This split does not apply to EPEL/COPR. # In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream -%if 0%{?rhel} == 8 && 0%{?epel} == 0 +# We also provide an override mechanism if you want to build all packages. +%define build_all 0 +%if 0%{?rhel} == 8 && 0%{?epel} == 0 && !%{build_all} %if "%{name}" == "cockpit" %define build_basic 1 @@ -81,11 +75,10 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %define build_optional 1 %endif -# Ship custom SELinux policy only in Fedora and RHEL-9 onward -%if 0%{?rhel} >= 9 || 0%{?fedora} +# Ship custom SELinux policy (but not for cockpit-appstream) +%if "%{name}" == "cockpit" %define selinuxtype targeted -%define with_selinux 1 -%define selinux_policy_version %(rpm --quiet -q selinux-policy && rpm -q --queryformat "%{V}-%{R}" selinux-policy || echo 1) +%define selinux_configure_arg --enable-selinux-policy=%{selinuxtype} %endif BuildRequires: gcc @@ -132,10 +125,8 @@ BuildRequires: gdb # For documentation BuildRequires: xmlto -%if 0%{?with_selinux} BuildRequires: selinux-policy BuildRequires: selinux-policy-devel -%endif # This is the "cockpit" metapackage. It should only # Require, Suggest or Recommend other cockpit-xxx subpackages @@ -146,7 +137,7 @@ Requires: cockpit-system # Optional components Recommends: (cockpit-storaged if udisks2) -Recommends: cockpit-packagekit +Recommends: (cockpit-packagekit if dnf) Suggests: cockpit-pcp %if 0%{?rhel} == 0 @@ -161,12 +152,10 @@ Recommends: subscription-manager-cockpit %setup -q -n cockpit-%{version} %build -exec 2>&1 %configure \ - --disable-silent-rules \ + %{?selinux_configure_arg} \ --with-cockpit-user=cockpit-ws \ --with-cockpit-ws-instance-user=cockpit-wsinstance \ - --with-selinux-config-type=etc_t \ %if 0%{?suse_version} --docdir=%_defaultdocdir/%{name} \ %endif @@ -175,12 +164,7 @@ exec 2>&1 --disable-ssh \ %endif -make -j4 %{?extra_flags} all - -%if 0%{?with_selinux} - make -f /usr/share/selinux/devel/Makefile cockpit.pp - bzip2 -9 cockpit.pp -%endif +%make_build %check exec 2>&1 @@ -206,21 +190,15 @@ install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit rm -f %{buildroot}/%{_libdir}/cockpit/*.so install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/ -%if 0%{?with_selinux} - install -D -m 644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 - install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_session_selinux.8cockpit - install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_ws_selinux.8cockpit - # create this directory in the build root so that %ghost sees the desired mode - install -d -m 700 %{buildroot}%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} -%endif - # only ship deprecated PatternFly API for stable releases -%if 0%{?fedora} <= 33 || 0%{?rhel} <= 8 +%if 0%{?rhel} <= 8 ln -s cockpit.css.gz %{buildroot}/%{_datadir}/cockpit/base1/patternfly.css.gz %endif # Build the package lists for resource packages -echo '%dir %{_datadir}/cockpit/base1' > base.list +# cockpit-bridge is the basic dependency for all cockpit-* packages, so centrally own the page directory +echo '%dir %{_datadir}/cockpit' > base.list +echo '%dir %{_datadir}/cockpit/base1' >> base.list echo '%dir %{_datadir}/cockpit/base1/fonts' >> base.list find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list echo '%{_sysconfdir}/cockpit/machines.d' >> base.list @@ -229,10 +207,10 @@ echo '%dir %{_datadir}/cockpit/ssh' >> base.list find %{buildroot}%{_datadir}/cockpit/ssh -type f >> base.list echo '%{_libexecdir}/cockpit-ssh' >> base.list -echo '%dir %{_datadir}/cockpit/pcp' >> pcp.list +echo '%dir %{_datadir}/cockpit/pcp' > pcp.list find %{buildroot}%{_datadir}/cockpit/pcp -type f >> pcp.list -echo '%dir %{_datadir}/cockpit/tuned' >> system.list +echo '%dir %{_datadir}/cockpit/tuned' > system.list find %{buildroot}%{_datadir}/cockpit/tuned -type f >> system.list echo '%dir %{_datadir}/cockpit/shell' >> system.list @@ -247,7 +225,7 @@ find %{buildroot}%{_datadir}/cockpit/users -type f >> system.list echo '%dir %{_datadir}/cockpit/metrics' >> system.list find %{buildroot}%{_datadir}/cockpit/metrics -type f >> system.list -echo '%dir %{_datadir}/cockpit/kdump' >> kdump.list +echo '%dir %{_datadir}/cockpit/kdump' > kdump.list find %{buildroot}%{_datadir}/cockpit/kdump -type f >> kdump.list echo '%dir %{_datadir}/cockpit/sosreport' > sosreport.list @@ -259,7 +237,7 @@ find %{buildroot}%{_datadir}/cockpit/storaged -type f >> storaged.list echo '%dir %{_datadir}/cockpit/networkmanager' > networkmanager.list find %{buildroot}%{_datadir}/cockpit/networkmanager -type f >> networkmanager.list -echo '%dir %{_datadir}/cockpit/packagekit' >> packagekit.list +echo '%dir %{_datadir}/cockpit/packagekit' > packagekit.list find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list @@ -287,11 +265,11 @@ done for lib in systemd tmpfiles.d; do rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib done -for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do +for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do rm %{buildroot}/%{_libexecdir}/$libexec done rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d -rm %{buildroot}/usr/bin/cockpit-bridge %{buildroot}/usr/sbin/remotectl +rm %{buildroot}/usr/bin/cockpit-bridge rm -f %{buildroot}%{_libexecdir}/cockpit-ssh rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml %endif @@ -356,7 +334,6 @@ troubleshooting, interactive command-line sessions, and more. %{_docdir}/cockpit/AUTHORS %{_docdir}/cockpit/COPYING %{_docdir}/cockpit/README.md -%dir %{_datadir}/cockpit %{_datadir}/metainfo/cockpit.appdata.xml %{_datadir}/pixmaps/cockpit.png %doc %{_mandir}/man1/cockpit.1.gz @@ -428,14 +405,10 @@ Provides: cockpit-selinux = %{version}-%{release} Provides: cockpit-sosreport = %{version}-%{release} Requires: sos %endif -%if 0%{?fedora} >= 29 -# 0.7.0 (actually) supports task cancellation. -# 0.7.1 fixes tasks never announcing completion. -Recommends: (reportd >= 0.7.1 if abrt) +%if 0%{?fedora} +Recommends: (reportd if abrt) %endif # NPM modules which are also available as packages -Provides: bundled(js-jquery) = 3.5.1 -Provides: bundled(xstatic-bootstrap-datepicker-common) = 1.9.0 Provides: bundled(xstatic-patternfly-common) = 3.59.5 %description system @@ -449,14 +422,17 @@ Summary: Cockpit Web Service Requires: glib-networking Requires: openssl Requires: glib2 >= 2.50.0 -%if 0%{?with_selinux} -Requires: (selinux-policy >= %{selinux_policy_version} if selinux-policy-%{selinuxtype}) +Requires: (selinux-policy >= %{_selinux_policy_version} if selinux-policy-%{selinuxtype}) Requires(post): (policycoreutils if selinux-policy-%{selinuxtype}) -%endif Conflicts: firewalld < 0.6.0-1 Recommends: sscg >= 2.3 Recommends: system-logos Suggests: sssd-dbus +# for cockpit-desktop +Suggests: python3 + +# prevent hard python3 dependency for cockpit-desktop, it falls back to other browsers +%global __requires_exclude_from ^%{_libexecdir}/cockpit-client$ %description ws The Cockpit Web Service listens on the network, and authenticates users. @@ -469,7 +445,6 @@ authentication via sssd/FreeIPA. %doc %{_mandir}/man5/cockpit.conf.5.gz %doc %{_mandir}/man8/cockpit-ws.8.gz %doc %{_mandir}/man8/cockpit-tls.8.gz -%doc %{_mandir}/man8/remotectl.8.gz %doc %{_mandir}/man8/pam_ssh_add.8.gz %dir %{_sysconfdir}/cockpit %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d @@ -485,32 +460,28 @@ authentication via sssd/FreeIPA. %{_unitdir}/cockpit.socket %{_unitdir}/cockpit-wsinstance-http.socket %{_unitdir}/cockpit-wsinstance-http.service -%{_unitdir}/cockpit-wsinstance-http-redirect.socket -%{_unitdir}/cockpit-wsinstance-http-redirect.service %{_unitdir}/cockpit-wsinstance-https-factory.socket %{_unitdir}/cockpit-wsinstance-https-factory@.service %{_unitdir}/cockpit-wsinstance-https@.socket %{_unitdir}/cockpit-wsinstance-https@.service %{_unitdir}/system-cockpithttps.slice %{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf -%{_sbindir}/remotectl %{pamdir}/pam_ssh_add.so %{pamdir}/pam_cockpit_cert.so %{_libexecdir}/cockpit-ws %{_libexecdir}/cockpit-wsinstance-factory %{_libexecdir}/cockpit-tls +%{_libexecdir}/cockpit-client +%{_libexecdir}/cockpit-client.ui %{_libexecdir}/cockpit-desktop %{_libexecdir}/cockpit-certificate-ensure %{_libexecdir}/cockpit-certificate-helper %attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session %{_datadir}/cockpit/branding - -%if 0%{?with_selinux} - %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 - %{_mandir}/man8/%{name}_session_selinux.8cockpit.* - %{_mandir}/man8/%{name}_ws_selinux.8cockpit.* - %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} -%endif +%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%{_mandir}/man8/%{name}_session_selinux.8cockpit.* +%{_mandir}/man8/%{name}_ws_selinux.8cockpit.* +%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} %pre ws getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws @@ -518,25 +489,21 @@ getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance -%if 0%{?with_selinux} if %{_sbindir}/selinuxenabled 2>/dev/null; then %selinux_relabel_pre -s %{selinuxtype} fi -%endif %post ws -%if 0%{?with_selinux} -if %{_sbindir}/selinuxenabled 2>/dev/null; then +if [ -x %{_sbindir}/selinuxenabled ]; then %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 %selinux_relabel_post -s %{selinuxtype} fi -%endif # set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them if [ "$1" = 1 ]; then mkdir -p /etc/motd.d /etc/issue.d - ln -s /run/cockpit/motd /etc/motd.d/cockpit - ln -s /run/cockpit/motd /etc/issue.d/cockpit.issue + ln -s ../../run/cockpit/motd /etc/motd.d/cockpit + ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue fi %tmpfiles_create cockpit-tempfiles.conf @@ -556,12 +523,10 @@ fi %systemd_preun cockpit.socket cockpit.service %postun ws -%if 0%{?with_selinux} -if %{_sbindir}/selinuxenabled 2>/dev/null; then +if [ -x %{_sbindir}/selinuxenabled ]; then %selinux_modules_uninstall -s %{selinuxtype} %{name} %selinux_relabel_post -s %{selinuxtype} fi -%endif %systemd_postun_with_restart cockpit.socket cockpit.service # ------------------------------------------------------------------------------- @@ -718,6 +683,43 @@ via PackageKit. # The changelog is automatically generated and merged %changelog +* Fri Feb 25 2022 Martin Pitt - 264-1 + - Metrics: Improve layout on small resolutions + - Networking: Fix checkpoint handling and IP settings dialog (rhbz#2056386) + - Services: Show error message instead of eternal "Loading..." state + - Accounts: Add override button to confirm weak password + - Accounts: Fix parsing of "last login" date + +* Thu Feb 17 2022 Martin Pitt - 263-1 +- Overview: Show scheduled shutdowns +- Networking: Add firewall service description +- Shell: Fix browser history + +* Tue Jan 25 2022 Matej Marusak - 261-1 +- shell: Allow adding keys with passphrase + +* Fri Jan 04 2022 Martin Pitt - 260-1 +- Certificate login validation (rhbz#1992620, CVE-2021-3698) +- Client: Show previously used hosts +- Client: Support port specification +- bridge: Warning on missing cockpit-system package + +* Mon Dec 13 2021 Martin Pitt - 259-1 +- Translation updates + +* Thu Nov 25 2021 Martin Pitt - 258-1 +- Tweak login screen UI +- Fix SELinux policy installation + +* Wed Nov 10 2021 Katerina Koukiou - 257-1 +- Support for reading TLS certificates with any permissions +- cockpit-ws no longer supports merged certificates +- Services: Show user-owned systemd units (rhbz#1792270) + +* Thu Oct 14 2021 Martin Pitt - 255-1 +- Restrict frame embedding to same origin (rhbz#1984902, CVE-2021-3660) +- kdump: Show "Directory" field for NFS mounts (rbhz#2004041) + * Wed Aug 18 2021 Matej Marusak - 251-1 - Logs: Fix layout and add new filtering options (rhbz#1980207)