diff --git a/.cockpit.metadata b/.cockpit.metadata index 6fe6164..94e2cb0 100644 --- a/.cockpit.metadata +++ b/.cockpit.metadata @@ -1 +1 @@ -966f5b12e230d08d7ffe35ffbbcf882153454430 SOURCES/cockpit-275.tar.xz +256de4a4ebadbf0c4d1b5b70727e5d9f00674bbe SOURCES/cockpit-286.1.tar.xz diff --git a/.gitignore b/.gitignore index e4d0bed..5fa90a8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/cockpit-275.tar.xz +SOURCES/cockpit-286.1.tar.xz diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec index 2fb90f8..3ce40cb 100644 --- a/SPECS/cockpit.spec +++ b/SPECS/cockpit.spec @@ -46,10 +46,10 @@ Name: cockpit Summary: Web Console for Linux servers -License: LGPLv2+ +License: LGPL-2.1-or-later URL: https://cockpit-project.org/ -Version: 275 +Version: 286.1 Release: 1%{?dist} Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz @@ -74,6 +74,13 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %define build_optional 1 %endif +# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH. +%if 0%{?rhel} && 0%{?rhel} <= 8 +%define disallow_root 0 +%else +%define disallow_root 1 +%endif + # Ship custom SELinux policy (but not for cockpit-appstream) %if "%{name}" == "cockpit" %define selinuxtype targeted @@ -147,6 +154,8 @@ Suggests: cockpit-pcp %if 0%{?rhel} == 0 Recommends: (cockpit-networkmanager if NetworkManager) +# c-ostree is not in RHEL 8/9 +Recommends: (cockpit-ostree if rpm-ostree) Suggests: cockpit-selinux %endif %if 0%{?rhel} && 0%{?centos} == 0 @@ -248,13 +257,13 @@ done for data in doc man pixmaps polkit-1; do rm -r %{buildroot}/%{_datadir}/$data done -for lib in systemd tmpfiles.d; do - rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib -done +rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d +find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do rm %{buildroot}/%{_libexecdir}/$libexec done -rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d +rm -r %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d +rm -f %{buildroot}/%{_libdir}/security/pam_* rm %{buildroot}/usr/bin/cockpit-bridge rm -f %{buildroot}%{_libexecdir}/cockpit-ssh rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml @@ -266,7 +275,9 @@ for pkg in apps packagekit pcp playground storaged; do rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg done # files from -tests -rm -r %{buildroot}/%{_prefix}/%{__lib}/cockpit-test-assets +rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so +rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket +rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service # files from -pcp rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/ # files from -storaged @@ -291,6 +302,7 @@ cat kdump.list sosreport.list networkmanager.list selinux.list >> system.list rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-kdump.metainfo.xml rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-selinux.metainfo.xml +rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png %endif @@ -319,8 +331,6 @@ troubleshooting, interactive command-line sessions, and more. Summary: Cockpit bridge server-side component Requires: glib-networking Provides: cockpit-ssh = %{version}-%{release} -# PR #10430 dropped workaround for ws' inability to understand x-host-key challenge -Conflicts: cockpit-ws < 181.x # 233 dropped jquery.js, pages started to bundle it (commit 049e8b8dce) Conflicts: cockpit-dashboard < 233 Conflicts: cockpit-networkmanager < 233 @@ -426,6 +436,7 @@ authentication via sssd/FreeIPA. # created in %post, so that users can rm the files %ghost %{_sysconfdir}/issue.d/cockpit.issue %ghost %{_sysconfdir}/motd.d/cockpit +%ghost %attr(0644, root, root) %{_sysconfdir}/cockpit/disallowed-users %dir %{_datadir}/cockpit/motd %{_datadir}/cockpit/motd/update-motd %{_datadir}/cockpit/motd/inactive.motd @@ -474,10 +485,16 @@ if [ -x %{_sbindir}/selinuxenabled ]; then fi # set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them +# disable root login on first-time install; so existing installations aren't changed if [ "$1" = 1 ]; then mkdir -p /etc/motd.d /etc/issue.d ln -s ../../run/cockpit/motd /etc/motd.d/cockpit ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue + printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users +%if 0%{?disallow_root} + printf "root\n" >> /etc/cockpit/disallowed-users +%endif + chmod 644 /etc/cockpit/disallowed-users fi %tmpfiles_create cockpit-tempfiles.conf @@ -549,6 +566,7 @@ BuildArch: noarch The Cockpit component for managing networking. This package uses NetworkManager. %files networkmanager -f networkmanager.list +%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml %endif @@ -610,8 +628,8 @@ The Cockpit component for managing storage. This package uses udisks. %package -n cockpit-tests Summary: Tests for Cockpit -Requires: cockpit-bridge >= 138 -Requires: cockpit-system >= 138 +Requires: cockpit-bridge >= %{required_base} +Requires: cockpit-system >= %{required_base} Requires: openssh-clients Provides: cockpit-test-assets = %{version}-%{release} @@ -620,7 +638,9 @@ This package contains tests and files used while testing Cockpit. These files are not required for running Cockpit. %files -n cockpit-tests -f tests.list -%{_prefix}/%{__lib}/cockpit-test-assets +%{pamdir}/mock-pam-conv-mod.so +%{_unitdir}/cockpit-session.socket +%{_unitdir}/cockpit-session@.service %package -n cockpit-pcp Summary: Cockpit PCP integration @@ -657,6 +677,64 @@ via PackageKit. # The changelog is automatically generated and merged %changelog +* Thu Feb 23 2023 Packit - 286.1-1 +- Users: Fix broken alignment of the first column in groups table +- Translation updates (rhbz#2139644) + +* Wed Feb 22 2023 Packit - 286-1 +- Metrics page: control visibility of the resource usage graphs + +* Wed Feb 08 2023 Packit - 285-1 +- Cryptographic subpolicies support +- users: Group creation and filtering support + +* Wed Jan 25 2023 Packit - 284-1 +- Services: Show logs for user units +- Storage: Set up a system to use NBDE + +* Thu Jan 19 2023 Fedora Release Engineering - 283-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jan 11 2023 Packit - 283-1 +- Services: Create timer to run every minute + +* Wed Dec 14 2022 Packit - 282-1 +- Add right-to-left language support +- Accounts: Redesign and include groups + + +* Thu Dec 01 2022 Packit - 281-1 +- Dark theme switcher + + +* Thu Nov 24 2022 Packit - 280.1-1 +- Exclude kpatch test on RHEL gating + + +* Wed Nov 16 2022 Packit - 280-1 +- tools: Disallow root login by default + + +* Mon Nov 07 2022 Packit - 279-1 +- Dark theme support + + +* Wed Oct 19 2022 Packit - 278-1 +- Metrics: Display individual disk read/write usage + + +* Wed Sep 21 2022 Packit - 277-1 +- Performance and stability improvements + + +* Mon Sep 12 2022 Packit - 276.1-1 + - login: Use valid selectors when testing for :is() / :where() support. + + +* Wed Sep 07 2022 Packit - 276-1 + - Stability and performance improvements + + * Wed Aug 24 2022 Packit - 275-1 - shell: Support for alternatives to sudo