rpms/cockpit
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 209-1

Browse Source 
- New overview design
- Session timeouts
- Banners on login screen
- Client certificate authentication
- Support for Fedora CoreOS
- Dropped support for pam_rhost
This commit is contained in:
Cockpit Project 2019-12-13 10:01:34 +00:00
parent 108ce97828
commit 4c23d89cc0
3 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -164,3 +164,4 @@
/cockpit-206.tar.xz /cockpit-206.tar.xz
/cockpit-207.tar.xz /cockpit-207.tar.xz
/cockpit-208.tar.xz /cockpit-208.tar.xz
/cockpit-209.tar.xz

35
cockpit.spec
View File

@ -1,5 +1,5 @@
# This spec file has been automatically updated # This spec file has been automatically updated
Version: 208 Version: 209
Release: 1%{?dist} Release: 1%{?dist}
# #
# This file is maintained at the following location: # This file is maintained at the following location:
@ -231,7 +231,7 @@ done
for lib in systemd tmpfiles.d firewalld; do for lib in systemd tmpfiles.d firewalld; do
rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib
done done
for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-desktop; do for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop; do
rm %{buildroot}/%{_libexecdir}/$libexec rm %{buildroot}/%{_libexecdir}/$libexec
done done
rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
@ -395,13 +395,14 @@ Conflicts: firewalld < 0.6.0-1
Recommends: sscg >= 2.3 Recommends: sscg >= 2.3
Recommends: system-logos Recommends: system-logos
Requires: systemd >= 235 Requires: systemd >= 235
Suggests: sssd-dbus
Requires(post): systemd Requires(post): systemd
Requires(preun): systemd Requires(preun): systemd
Requires(postun): systemd Requires(postun): systemd
%if %{defined wip} %if %{defined wip}
# HACK: don't apply selinux %post dependencies to CI builds, it would require refreshing images # HACK: don't apply selinux %post dependencies to CI builds, it would require refreshing images
%else %else
%if 0%{?rhel} || 0%{?fedora} %if 0%{?rhel}
# for SELinux policy adjustment in %post below # for SELinux policy adjustment in %post below
Requires(post): /usr/sbin/semanage Requires(post): /usr/sbin/semanage
Requires(post): policycoreutils Requires(post): policycoreutils
@ -411,12 +412,16 @@ Requires(post): policycoreutils
%description ws %description ws
The Cockpit Web Service listens on the network, and authenticates users. The Cockpit Web Service listens on the network, and authenticates users.
If sssd-dbus is installed, you can enable client certificate/smart card
authentication via sssd/FreeIPA.
%files ws -f cockpit.lang %files ws -f cockpit.lang
%doc %{_mandir}/man1/cockpit-desktop.1.gz %doc %{_mandir}/man1/cockpit-desktop.1.gz
%doc %{_mandir}/man5/cockpit.conf.5.gz %doc %{_mandir}/man5/cockpit.conf.5.gz
%doc %{_mandir}/man8/cockpit-ws.8.gz %doc %{_mandir}/man8/cockpit-ws.8.gz
%doc %{_mandir}/man8/cockpit-tls.8.gz %doc %{_mandir}/man8/cockpit-tls.8.gz
%doc %{_mandir}/man8/remotectl.8.gz %doc %{_mandir}/man8/remotectl.8.gz
%doc %{_mandir}/man8/pam_cockpit_cert.8.gz
%doc %{_mandir}/man8/pam_ssh_add.8.gz %doc %{_mandir}/man8/pam_ssh_add.8.gz
%config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d
%config(noreplace) %{_sysconfdir}/pam.d/cockpit %config(noreplace) %{_sysconfdir}/pam.d/cockpit
@ -439,6 +444,7 @@ The Cockpit Web Service listens on the network, and authenticates users.
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf %{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf
%{_sbindir}/remotectl %{_sbindir}/remotectl
%{_libdir}/security/pam_ssh_add.so %{_libdir}/security/pam_ssh_add.so
%{_libdir}/security/pam_cockpit_cert.so
%{_libexecdir}/cockpit-ws %{_libexecdir}/cockpit-ws
%{_libexecdir}/cockpit-wsinstance-factory %{_libexecdir}/cockpit-wsinstance-factory
%{_libexecdir}/cockpit-tls %{_libexecdir}/cockpit-tls
@ -463,7 +469,7 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
# HACK: SELinux policy adjustment for cockpit-tls; see https://github.com/fedora-selinux/selinux-policy-contrib/pull/114 # HACK: SELinux policy adjustment for cockpit-tls; see https://github.com/fedora-selinux/selinux-policy-contrib/pull/114
set -ex set -ex
echo "Applying SELinux policy change for cockpit-tls.." echo "Applying SELinux policy change for cockpit-tls.."
semanage fcontext -a /usr/libexec/cockpit-tls -t cockpit_ws_exec_t semanage fcontext -a /usr/libexec/cockpit-tls -t cockpit_ws_exec_t || true
restorecon /usr/libexec/cockpit-tls restorecon /usr/libexec/cockpit-tls
tmp=$(mktemp -d) tmp=$(mktemp -d)
cat <<EOF > $tmp/local.te cat <<EOF > $tmp/local.te
@ -471,23 +477,27 @@ module local 1.0;
require { require {
type cockpit_ws_t; type cockpit_ws_t;
type cockpit_ws_exec_t; type cockpit_ws_exec_t;
type cockpit_session_t;
type cockpit_var_run_t;
class unix_stream_socket { create_stream_socket_perms connectto }; class unix_stream_socket { create_stream_socket_perms connectto };
class file { execute_no_trans}; class file { open read map getattr execute_no_trans};
class dir { getattr search open read };
} }
allow cockpit_ws_t cockpit_ws_t:unix_stream_socket { create_stream_socket_perms connectto }; allow cockpit_ws_t cockpit_ws_t:unix_stream_socket { create_stream_socket_perms connectto };
allow cockpit_ws_t cockpit_ws_exec_t:file { execute_no_trans }; allow cockpit_ws_t cockpit_ws_exec_t:file { execute_no_trans };
# https://github.com/fedora-selinux/selinux-policy-contrib/pull/130
allow cockpit_session_t cockpit_var_run_t:file { open read map getattr };
EOF EOF
checkmodule -M -m -o $tmp/local.mod $tmp/local.te checkmodule -M -m -o $tmp/local.mod $tmp/local.te
semodule_package -o $tmp/local.pp -m $tmp/local.mod semodule_package -o $tmp/local.pp -m $tmp/local.mod
semodule -i $tmp/local.pp semodule -i $tmp/local.pp
rm -rf "$tmp" rm -rf "$tmp"
%endif
%if 0%{?rhel} || 0%{?fedora}
# HACK: SELinux policy adjustment for cockpit-tls; see https://github.com/fedora-selinux/selinux-policy-contrib/pull/161 # HACK: SELinux policy adjustment for cockpit-tls; see https://github.com/fedora-selinux/selinux-policy-contrib/pull/161
echo "Applying SELinux policy change for cockpit-wsinstance-factory..." echo "Applying SELinux policy change for cockpit-wsinstance-factory..."
semanage fcontext -a /usr/libexec/cockpit-wsinstance-factory -t cockpit_ws_exec_t semanage fcontext -a /usr/libexec/cockpit-wsinstance-factory -t cockpit_ws_exec_t || true
restorecon /usr/libexec/cockpit-wsinstance-factory restorecon /usr/libexec/cockpit-wsinstance-factory
%endif %endif
@ -699,6 +709,15 @@ via PackageKit.
# The changelog is automatically generated and merged # The changelog is automatically generated and merged
%changelog %changelog
* Fri Dec 13 2019 Marius Vollmer <mvollmer@redhat.com> - 209-1
- New overview design
- Session timeouts
- Banners on login screen
- Client certificate authentication
- Support for Fedora CoreOS
- Dropped support for pam_rhost
* Wed Nov 27 2019 Martin Pitt <mpitt@redhat.com> - 208-1 * Wed Nov 27 2019 Martin Pitt <mpitt@redhat.com> - 208-1
- Storage: Drop “default mount point” concept - Storage: Drop “default mount point” concept

2
sources
View File

@ -1 +1 @@
SHA512 (cockpit-208.tar.xz) = 9f203439118b44ccacc933858c01496001787df076990942086ae8cf710a8169c69715fde5589a0467426d1960d2e330cc4156607b3a1972185393a583830b6a SHA512 (cockpit-209.tar.xz) = e81153d926c13f55ba13accf2b448eaffc3e7a3faee06f07b890eb9525d6063ab3727ab2622e1ad64a7fd16f03e48973a67bd8cda4be5541379930d6799cb46a