From 4094a56341cb4ce66b300401c2043a2e2f707b52 Mon Sep 17 00:00:00 2001 From: Cockpit Project Date: Wed, 28 Apr 2021 12:23:15 +0000 Subject: [PATCH] Update to 243-1 - Services: Show sockets and memory usage - Developer API: Watch for file changes without reading --- .gitignore | 1 + cockpit.spec | 58 +++++++++++++++++++++++++++++++++++++++++++++- plans/upstream.fmf | 2 +- sources | 2 +- 4 files changed, 60 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 2d4e49b..7ebd50a 100644 --- a/.gitignore +++ b/.gitignore @@ -204,3 +204,4 @@ /cockpit-240.tar.xz /cockpit-241.tar.xz /cockpit-242.tar.xz +/cockpit-243.tar.xz diff --git a/cockpit.spec b/cockpit.spec index e279e64..2345f0f 100644 --- a/cockpit.spec +++ b/cockpit.spec @@ -1,5 +1,5 @@ # This spec file has been automatically updated -Version: 242 +Version: 243 Release: 1%{?dist} # # Copyright (C) 2014-2020 Red Hat, Inc. @@ -81,6 +81,13 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %define build_optional 1 %endif +# Ship custom SELinux policy only in Fedora and RHEL-9 onward +%if 0%{?rhel} >= 9 || 0%{?fedora} +%define selinuxtype targeted +%define with_selinux 1 +%define selinux_policy_version %(rpm --quiet -q selinux-policy && rpm -q --queryformat "%{V}" selinux-policy || echo 1) +%endif + BuildRequires: gcc BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(json-glib-1.0) @@ -125,6 +132,11 @@ BuildRequires: gdb # For documentation BuildRequires: xmlto +%if 0%{?with_selinux} +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +%endif + # This is the "cockpit" metapackage. It should only # Require, Suggest or Recommend other cockpit-xxx subpackages @@ -165,6 +177,11 @@ exec 2>&1 make -j4 %{?extra_flags} all +%if 0%{?with_selinux} + make -f /usr/share/selinux/devel/Makefile cockpit.pp + bzip2 -9 cockpit.pp +%endif + %check exec 2>&1 # HACK: Fedora koji builders are very slow, unreliable, and inaccessible for debugging; https://github.com/cockpit-project/cockpit/issues/13909 @@ -189,6 +206,12 @@ install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit rm -f %{buildroot}/%{_libdir}/cockpit/*.so install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/ +%if 0%{?with_selinux} + install -D -m 644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_session_selinux.8 + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_ws_selinux.8 +%endif + # only ship deprecated PatternFly API for stable releases %if 0%{?fedora} <= 33 || 0%{?rhel} <= 8 ln -s cockpit.css.gz %{buildroot}/%{_datadir}/cockpit/base1/patternfly.css.gz @@ -427,6 +450,8 @@ Summary: Cockpit Web Service Requires: glib-networking Requires: openssl Requires: glib2 >= 2.50.0 +Requires: (selinux-policy >= %{selinux_policy_version} if selinux-policy-%{selinuxtype}) +Requires(post): (policycoreutils if selinux-policy-%{selinuxtype}) Conflicts: firewalld < 0.6.0-1 Recommends: sscg >= 2.3 Recommends: system-logos @@ -481,13 +506,33 @@ authentication via sssd/FreeIPA. %attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session %{_datadir}/cockpit/branding +%if 0%{?with_selinux} + %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %{_mandir}/man8/%{name}_session_selinux.8.* + %{_mandir}/man8/%{name}_ws_selinux.8.* + %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + %pre ws getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_relabel_pre -s %{selinuxtype} +fi +%endif + %post ws +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %selinux_relabel_post -s %{selinuxtype} +fi +%endif + %tmpfiles_create cockpit-tempfiles.conf %systemd_post cockpit.socket cockpit.service # firewalld only partially picks up changes to its services files without this @@ -497,6 +542,12 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true %systemd_preun cockpit.socket cockpit.service %postun ws +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} + %selinux_relabel_post -s %{selinuxtype} +fi +%endif %systemd_postun_with_restart cockpit.socket cockpit.service # ------------------------------------------------------------------------------- @@ -651,6 +702,11 @@ via PackageKit. # The changelog is automatically generated and merged %changelog +* Wed Apr 28 2021 Martin Pitt - 243-1 + +- Services: Show sockets and memory usage +- Developer API: Watch for file changes without reading + * Wed Apr 14 2021 Matej Marusak - 242-1 - Support for pages built with snowpack diff --git a/plans/upstream.fmf b/plans/upstream.fmf index f6d70bc..7f459e6 100644 --- a/plans/upstream.fmf +++ b/plans/upstream.fmf @@ -2,6 +2,6 @@ discover: how: fmf repository: https://github.com/cockpit-project/cockpit # FIXME: get rid of the hardcoding: https://github.com/psss/tmt/issues/585 - ref: "242" + ref: "243" execute: how: tmt diff --git a/sources b/sources index 64fe7a9..3d34c40 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cockpit-242.tar.xz) = 2f09d6ac7e8a35034f40317e6444057222198b63d457ad72302803da1b627835c1d8a4cea66c5ed621b8536577856871f846793edafe2e8b0789675c23980736 +SHA512 (cockpit-243.tar.xz) = 9b80d1258d8dfb72b63d6d35081937b6e42ef82bd5d8d46c2c9095afc1b938f434c87e9fbd17bad0f3a3fbffef614226cc4e30bd7d95f6b7fedecfbb76483a48