Update to upstream release 317

CVE-2024-2947 Resolves: jira#RHEL-30454 Resolves: jira#RHEL-37521
2024-04-02 04:13:21 +02:00 · 2024-04-02 04:13:21 +02:00 · 8a7e15df3e
commit 8a7e15df3e
parent a4cd7bd195
7 changed files with 108 additions and 180 deletions
--- a/.gitignore
+++ b/.gitignore
@ -281,3 +281,11 @@
 /cockpit-310.tar.xz
 /cockpit-310.1.tar.xz
 /cockpit-310.2.tar.xz
 /cockpit-311.tar.xz
 /cockpit-311.1.tar.xz
 /cockpit-312.tar.xz
 /cockpit-313.tar.xz
 /cockpit-314.tar.xz
 /cockpit-315.tar.xz
 /cockpit-316.tar.xz
 /cockpit-317.tar.xz
--- a/README.packit
+++ b/README.packit
@ -1,3 +1,3 @@
 This repository is maintained by packit.
 https://packit.dev/
-The file was generated using packit 0.90.0.post1.dev9+g1f0325d1.
+The file was generated using packit 0.97.1.post1.dev4+g1268842e.
--- a/cockpit.spec
+++ b/cockpit.spec
@ -49,43 +49,10 @@ Summary:        Web Console for Linux servers
 License:        LGPL-2.1-or-later
 URL:            https://cockpit-project.org/
-Version:        310.2
+Version:        317
 Release:        1%{?dist}
 Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
 # Don't change the bridge in the RHEL 8; the old SSH breaks some features, see @todoPybridgeRHEL8
 %if 0%{?rhel} == 8 && !%{defined enable_old_bridge}
 %define enable_old_bridge 1
 %endif
 # in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system})
 # and cockpit-appstream (building optional packages like cockpit-{pcp})
 # This split does not apply to EPEL/COPR nor packit c8s builds, only to our own
 # image-prepare rhel-8-Y builds (which will disable build_all).
 # In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream
 %define build_all 1
 %if 0%{?rhel} == 8 && 0%{?epel} == 0 && !0%{?build_all}
 %if "%{name}" == "cockpit"
 %define build_basic 1
 %define build_optional 0
 %else
 %define build_basic 0
 %define build_optional 1
 %endif
 %else
 %define build_basic 1
 %define build_optional 1
 %endif
 # Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH.
 %if 0%{?rhel} && 0%{?rhel} <= 8
 %define disallow_root 0
 %else
 %define disallow_root 1
 %endif
 # pcp stopped building on ix86
 %define build_pcp 1
 %if 0%{?fedora} >= 40 || 0%{?rhel} >= 10
@ -94,11 +61,9 @@ Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{v
 %endif
 %endif
-# Ship custom SELinux policy (but not for cockpit-appstream)
+# Ship custom SELinux policy
 %if "%{name}" == "cockpit"
 %define selinuxtype targeted
 %define selinux_configure_arg --enable-selinux-policy=%{selinuxtype}
 %endif
 BuildRequires: gcc
 BuildRequires: pkgconfig(gio-unix-2.0)
@ -109,16 +74,8 @@ BuildRequires: pam-devel
 BuildRequires: autoconf automake
 BuildRequires: make
 BuildRequires: python3-devel
 %if 0%{?rhel} && 0%{?rhel} <= 8
 # RHEL 8's gettext does not yet have metainfo.its
 BuildRequires: gettext >= 0.19.7
 BuildRequires: libappstream-glib-devel
 %else
 BuildRequires: gettext >= 0.21
 %endif
 %if 0%{?build_basic}
 BuildRequires: libssh-devel >= 0.8.5
 %endif
 BuildRequires: openssl-devel
 BuildRequires: gnutls-devel >= 3.4.3
 BuildRequires: zlib-devel
@ -179,10 +136,9 @@ Suggests: cockpit-selinux
 Requires: subscription-manager-cockpit
 %endif
 %if 0%{?enable_old_bridge} == 0
 BuildRequires:  python3-devel
 BuildRequires:  python3-pip
-%if 0%{?rhel} == 0
+%if 0%{?rhel} == 0 && !0%{?suse_version}
 # All of these are only required for running pytest (which we only do on Fedora)
 BuildRequires:  procps-ng
 BuildRequires:  pyproject-rpm-macros
@ -191,7 +147,6 @@ BuildRequires:  python3-pytest-cov
 BuildRequires:  python3-pytest-timeout
 BuildRequires:  python3-tox-current-env
 %endif
 %endif
 %prep
 %setup -q -n cockpit-%{version}
@ -199,18 +154,10 @@ BuildRequires:  python3-tox-current-env
 %build
 %configure \
    %{?selinux_configure_arg} \
    --with-cockpit-user=cockpit-ws \
    --with-cockpit-ws-instance-user=cockpit-wsinstance \
 %if 0%{?suse_version}
    --docdir=%_defaultdocdir/%{name} \
 %endif
    --with-pamdir='%{pamdir}' \
 %if 0%{?enable_old_bridge}
    --enable-old-bridge \
 %endif
 %if 0%{?build_basic} == 0
    --disable-ssh \
 %endif
 %if %{build_pcp} == 0
    --disable-pcp \
 %endif
@ -220,7 +167,7 @@ BuildRequires:  python3-tox-current-env
 %check
 make -j$(nproc) check
-%if 0%{?enable_old_bridge} == 0 && 0%{?rhel} == 0
+%if 0%{?rhel} == 0
 %tox
 %endif
@ -239,10 +186,6 @@ echo '%dir %{_datadir}/cockpit/base1' >> base.list
 find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list
 echo '%{_sysconfdir}/cockpit/machines.d' >> base.list
 echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list
 %if 0%{?enable_old_bridge} && 0%{?build_basic}
 echo '%dir %{_datadir}/cockpit/ssh' >> base.list
 find %{buildroot}%{_datadir}/cockpit/ssh -type f >> base.list
 %endif
 echo '%{_libexecdir}/cockpit-ssh' >> base.list
 %if %{build_pcp}
@ -290,43 +233,6 @@ echo '%dir %{_datadir}/cockpit/static' > static.list
 echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list
 find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list
 # when not building basic packages, remove their files
 %if 0%{?build_basic} == 0
 for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do
    rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
    rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
 done
 for data in doc man pixmaps polkit-1; do
    rm -r %{buildroot}/%{_datadir}/$data
 done
 rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
 find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete
 for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
    rm -f %{buildroot}/%{_libexecdir}/$libexec
 done
 rm -r %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
 rm -f %{buildroot}/%{_libdir}/security/pam_*
 rm -f %{buildroot}/usr/bin/cockpit-bridge
 rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
 rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
 rm -rf %{buildroot}%{python3_sitelib}/cockpit*
 %endif
 # when not building optional packages, remove their files
 %if 0%{?build_optional} == 0
 for pkg in apps packagekit pcp playground storaged; do
    rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
 done
 # files from -tests
 rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
 rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket
 rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service
 # files from -pcp
 rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/
 # files from -storaged
 rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
 %endif
 sed -i "s|%{buildroot}||" *.list
 %if ! 0%{?suse_version}
@ -350,9 +256,7 @@ rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png
 %endif
 # -------------------------------------------------------------------------------
-# Basic Sub-packages
+# Sub-packages
 %if 0%{?build_basic}
 %description
 The Cockpit Web Console enables users to administer GNU/Linux servers using a
@ -390,9 +294,7 @@ system on behalf of the web based user interface.
 %doc %{_mandir}/man1/cockpit-bridge.1.gz
 %{_bindir}/cockpit-bridge
 %{_libexecdir}/cockpit-askpass
 %if 0%{?enable_old_bridge} == 0
 %{python3_sitelib}/%{name}*
 %endif
 %package doc
 Summary: Cockpit deployment and developer guide
@ -426,11 +328,11 @@ Provides: cockpit-users = %{version}-%{release}
 Obsoletes: cockpit-dashboard < %{version}-%{release}
 %if 0%{?rhel}
 Requires: NetworkManager >= 1.6
 Requires: kexec-tools
 Requires: sos
 Requires: sudo
 Recommends: PackageKit
 Recommends: setroubleshoot-server >= 3.3.3
 Recommends: /usr/bin/kdumpctl
 Suggests: NetworkManager-team
 Provides: cockpit-kdump = %{version}-%{release}
 Provides: cockpit-networkmanager = %{version}-%{release}
@ -441,76 +343,78 @@ Provides: cockpit-sosreport = %{version}-%{release}
 Recommends: (reportd if abrt)
 %endif
-Provides: bundled(npm(@patternfly/patternfly)) = 5.1.0
+Provides: bundled(npm(@patternfly/patternfly)) = 5.3.1
-Provides: bundled(npm(@patternfly/react-core)) = 5.1.2
+Provides: bundled(npm(@patternfly/react-core)) = 5.3.3
-Provides: bundled(npm(@patternfly/react-icons)) = 5.1.2
+Provides: bundled(npm(@patternfly/react-icons)) = 5.3.2
-Provides: bundled(npm(@patternfly/react-styles)) = 5.1.2
+Provides: bundled(npm(@patternfly/react-styles)) = 5.3.1
-Provides: bundled(npm(@patternfly/react-table)) = 5.1.2
+Provides: bundled(npm(@patternfly/react-table)) = 5.3.3
-Provides: bundled(npm(@patternfly/react-tokens)) = 5.1.2
+Provides: bundled(npm(@patternfly/react-tokens)) = 5.3.1
 Provides: bundled(npm(argparse)) = 1.0.10
 Provides: bundled(npm(array-buffer-byte-length)) = 1.0.1
 Provides: bundled(npm(attr-accept)) = 2.2.2
 Provides: bundled(npm(autolinker)) = 3.16.2
-Provides: bundled(npm(available-typed-arrays)) = 1.0.6
+Provides: bundled(npm(available-typed-arrays)) = 1.0.7
-Provides: bundled(npm(call-bind)) = 1.0.5
+Provides: bundled(npm(call-bind)) = 1.0.7
-Provides: bundled(npm(date-fns)) = 3.2.0
+Provides: bundled(npm(date-fns)) = 3.6.0
 Provides: bundled(npm(deep-equal)) = 2.2.3
-Provides: bundled(npm(define-data-property)) = 1.1.1
+Provides: bundled(npm(define-data-property)) = 1.1.4
 Provides: bundled(npm(define-properties)) = 1.2.1
-Provides: bundled(npm(es-errors)) = 1.0.0
+Provides: bundled(npm(es-define-property)) = 1.0.0
 Provides: bundled(npm(es-errors)) = 1.3.0
 Provides: bundled(npm(es-get-iterator)) = 1.1.3
 Provides: bundled(npm(file-selector)) = 0.6.0
 Provides: bundled(npm(focus-trap)) = 7.5.2
 Provides: bundled(npm(for-each)) = 0.3.3
 Provides: bundled(npm(function-bind)) = 1.1.2
 Provides: bundled(npm(functions-have-names)) = 1.2.3
-Provides: bundled(npm(get-intrinsic)) = 1.2.3
+Provides: bundled(npm(get-intrinsic)) = 1.2.4
 Provides: bundled(npm(gopd)) = 1.0.1
 Provides: bundled(npm(has-bigints)) = 1.0.2
-Provides: bundled(npm(has-property-descriptors)) = 1.0.1
+Provides: bundled(npm(has-property-descriptors)) = 1.0.2
-Provides: bundled(npm(has-proto)) = 1.0.1
+Provides: bundled(npm(has-proto)) = 1.0.3
 Provides: bundled(npm(has-symbols)) = 1.0.3
 Provides: bundled(npm(has-tostringtag)) = 1.0.2
-Provides: bundled(npm(hasown)) = 2.0.0
+Provides: bundled(npm(hasown)) = 2.0.2
-Provides: bundled(npm(internal-slot)) = 1.0.6
+Provides: bundled(npm(internal-slot)) = 1.0.7
 Provides: bundled(npm(is-arguments)) = 1.1.1
 Provides: bundled(npm(is-array-buffer)) = 3.0.4
 Provides: bundled(npm(is-bigint)) = 1.0.4
 Provides: bundled(npm(is-boolean-object)) = 1.1.2
 Provides: bundled(npm(is-callable)) = 1.2.7
 Provides: bundled(npm(is-date-object)) = 1.0.5
-Provides: bundled(npm(is-map)) = 2.0.2
+Provides: bundled(npm(is-map)) = 2.0.3
 Provides: bundled(npm(is-number-object)) = 1.0.7
 Provides: bundled(npm(is-regex)) = 1.1.4
-Provides: bundled(npm(is-set)) = 2.0.2
+Provides: bundled(npm(is-set)) = 2.0.3
-Provides: bundled(npm(is-shared-array-buffer)) = 1.0.2
+Provides: bundled(npm(is-shared-array-buffer)) = 1.0.3
 Provides: bundled(npm(is-string)) = 1.0.7
 Provides: bundled(npm(is-symbol)) = 1.0.4
-Provides: bundled(npm(is-weakmap)) = 2.0.1
+Provides: bundled(npm(is-weakmap)) = 2.0.2
-Provides: bundled(npm(is-weakset)) = 2.0.2
+Provides: bundled(npm(is-weakset)) = 2.0.3
 Provides: bundled(npm(isarray)) = 2.0.5
-Provides: bundled(npm(js-sha1)) = 0.6.0
+Provides: bundled(npm(js-sha1)) = 0.7.0
-Provides: bundled(npm(js-sha256)) = 0.10.1
+Provides: bundled(npm(js-sha256)) = 0.11.0
 Provides: bundled(npm(js-tokens)) = 4.0.0
 Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1
 Provides: bundled(npm(lodash)) = 4.17.21
 Provides: bundled(npm(loose-envify)) = 1.4.0
 Provides: bundled(npm(object-assign)) = 4.1.1
 Provides: bundled(npm(object-inspect)) = 1.13.1
-Provides: bundled(npm(object-is)) = 1.1.5
+Provides: bundled(npm(object-is)) = 1.1.6
 Provides: bundled(npm(object-keys)) = 1.1.1
 Provides: bundled(npm(object.assign)) = 4.1.5
 Provides: bundled(npm(possible-typed-array-names)) = 1.0.0
 Provides: bundled(npm(prop-types)) = 15.8.1
-Provides: bundled(npm(react-dom)) = 18.2.0
+Provides: bundled(npm(react-dom)) = 18.3.1
 Provides: bundled(npm(react-dropzone)) = 14.2.3
 Provides: bundled(npm(react-is)) = 16.13.1
-Provides: bundled(npm(react)) = 18.2.0
+Provides: bundled(npm(react)) = 18.3.1
-Provides: bundled(npm(regexp.prototype.flags)) = 1.5.1
+Provides: bundled(npm(regexp.prototype.flags)) = 1.5.2
 Provides: bundled(npm(remarkable)) = 2.0.1
-Provides: bundled(npm(scheduler)) = 0.23.0
+Provides: bundled(npm(scheduler)) = 0.23.2
-Provides: bundled(npm(set-function-length)) = 1.2.0
+Provides: bundled(npm(set-function-length)) = 1.2.2
-Provides: bundled(npm(set-function-name)) = 2.0.1
+Provides: bundled(npm(set-function-name)) = 2.0.2
-Provides: bundled(npm(side-channel)) = 1.0.4
+Provides: bundled(npm(side-channel)) = 1.0.6
 Provides: bundled(npm(sprintf-js)) = 1.0.3
 Provides: bundled(npm(stop-iteration-iterator)) = 1.0.0
 Provides: bundled(npm(tabbable)) = 6.2.0
@ -518,8 +422,8 @@ Provides: bundled(npm(throttle-debounce)) = 5.0.0
 Provides: bundled(npm(tslib)) = 2.6.2
 Provides: bundled(npm(uuid)) = 9.0.1
 Provides: bundled(npm(which-boxed-primitive)) = 1.0.2
-Provides: bundled(npm(which-collection)) = 1.0.1
+Provides: bundled(npm(which-collection)) = 1.0.2
-Provides: bundled(npm(which-typed-array)) = 1.1.14
+Provides: bundled(npm(which-typed-array)) = 1.1.15
 Provides: bundled(npm(xterm-addon-canvas)) = 0.5.0
 Provides: bundled(npm(xterm)) = 5.3.0
@ -571,6 +475,7 @@ authentication via sssd/FreeIPA.
 %{_unitdir}/cockpit.service
 %{_unitdir}/cockpit-motd.service
 %{_unitdir}/cockpit.socket
 %{_unitdir}/cockpit-ws-user.service
 %{_unitdir}/cockpit-wsinstance-http.socket
 %{_unitdir}/cockpit-wsinstance-http.service
 %{_unitdir}/cockpit-wsinstance-https-factory.socket
@ -578,7 +483,8 @@ authentication via sssd/FreeIPA.
 %{_unitdir}/cockpit-wsinstance-https@.socket
 %{_unitdir}/cockpit-wsinstance-https@.service
 %{_unitdir}/system-cockpithttps.slice
-%{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf
+%{_prefix}/%{__lib}/tmpfiles.d/cockpit-ws.conf
 %{_sysusersdir}/cockpit-wsinstance.conf
 %{pamdir}/pam_ssh_add.so
 %{pamdir}/pam_cockpit_cert.so
 %{_libexecdir}/cockpit-ws
@ -597,8 +503,8 @@ authentication via sssd/FreeIPA.
 %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
 %pre ws
-getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws
+# HACK: old RPM and even Fedora's current RPM don't properly support sysusers
-getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws
+# https://github.com/rpm-software-management/rpm/issues/3073
 getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance
 getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance
@ -619,13 +525,11 @@ if [ "$1" = 1 ]; then
    ln -s ../../run/cockpit/motd /etc/motd.d/cockpit
    ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue
    printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
 %if 0%{?disallow_root}
    printf "root\n" >> /etc/cockpit/disallowed-users
 %endif
    chmod 644 /etc/cockpit/disallowed-users
 fi
-%tmpfiles_create cockpit-tempfiles.conf
+%tmpfiles_create cockpit-ws.conf
 %systemd_post cockpit.socket cockpit.service
 # firewalld only partially picks up changes to its services files without this
 test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
@ -657,7 +561,7 @@ fi
 Summary: Cockpit user interface for kernel crash dumping
 Requires: cockpit-bridge >= %{required_base}
 Requires: cockpit-shell >= %{required_base}
-Requires: kexec-tools
+Requires: /usr/bin/kdumpctl
 BuildArch: noarch
 %description kdump
@ -716,21 +620,6 @@ utility setroubleshoot to diagnose and resolve SELinux issues.
 %endif
 #/ build basic packages
 %else
 # RPM requires this
 %description
 Dummy package from building optional packages only; never install or publish me.
 #/ build basic packages
 %endif
 # -------------------------------------------------------------------------------
 # Sub-packages that are optional extensions
 %if 0%{?build_optional}
 %package -n cockpit-storaged
 Summary: Cockpit user interface for storage, using udisks
 Requires: cockpit-shell >= %{required_base}
@ -806,11 +695,38 @@ via PackageKit.
 %files -n cockpit-packagekit -f packagekit.list
 #/ build optional extension packages
 %endif
 # The changelog is automatically generated and merged
 %changelog
 * Wed May 29 2024 Packit <hello@packit.dev> - 317-1
 - webserver: System user changes
 - metrics: Prefer valkey over redis on Fedora
 * Thu Apr 25 2024 Packit <hello@packit.dev> - 316-1
 - cockpit.js API: Fix format_bytes() units
 * Wed Apr 10 2024 Packit <hello@packit.dev> - 315-1
 - systemd: Check proper ssh service unit on Debian/Ubuntu
 - Translation updates
 * Thu Mar 28 2024 Packit <hello@packit.dev> - 314-1
 - Diagnostic reports: Fix command injection vulnerability with crafted report names
 - Storage: Improvements to read-only encrypted filesystems
 * Wed Mar 13 2024 Packit <hello@packit.dev> - 313-1
 - assorted bug fixes and improvements
 * Wed Feb 28 2024 Packit <hello@packit.dev> - 312-1
 - Accounts: support lastlog2 and make the page faster
 - Storage: Various Anaconda mode fixes
 - Fix package build if cockpit-bridge package is installed
 * Tue Feb 20 2024 Packit <hello@packit.dev> - 311.1-1
 - Update documentation links to RHEL 9 (RHEL-3954)
 - Storage: Various bug fixes
 * Wed Feb 14 2024 Packit <hello@packit.dev> - 311-1
 - Bug fixes and stability improvements
 * Wed Feb 07 2024 Packit <hello@packit.dev> - 310.2-1
 - selinux: Cover migration to /run
 - ws: Handle HEAD requests correctly, for curl 8.6.0
--- a/gating.yaml
+++ b/gating.yaml
@ -7,8 +7,8 @@ rules:
 --- !Policy
 product_versions:
  - rhel-8
  - rhel-9
  - rhel-10
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/packit.yaml
+++ b/packit.yaml
@ -27,13 +27,13 @@ jobs:
    identifier: self
    trigger: pull_request
    targets:
      - fedora-38
      - fedora-39
      - fedora-40
      - fedora-latest-aarch64
      - fedora-development
      - centos-stream-8-x86_64
      - centos-stream-9-x86_64
      - centos-stream-9-aarch64
      - centos-stream-10
  # current Fedora runs reverse dependency testing against https://copr.fedorainfracloud.org/coprs/g/cockpit/main-builds/
  - job: tests
@ -90,19 +90,19 @@ jobs:
    trigger: release
    dist_git_branches:
      - fedora-development
      - fedora-38
      - fedora-39
      - fedora-40
  - job: koji_build
    trigger: commit
    dist_git_branches:
      - fedora-development
      - fedora-38
      - fedora-39
      - fedora-40
  - job: bodhi_update
    trigger: commit
    dist_git_branches:
      # rawhide updates are created automatically
      - fedora-38
      - fedora-39
      - fedora-40
--- a/plans/all.fmf
+++ b/plans/all.fmf
@ -4,17 +4,21 @@ discover:
 execute:
    how: tmt
-/basic:
+# Let's handle them upstream only, don't break Fedora/RHEL reverse dependency gating
-    summary: Run tests for basic packages
+environment:
-    discover+:
+    TEST_AUDIT_NO_SELINUX: 1
        test: /test/browser/basic
-/network:
+/main:
-    summary: Run tests for cockpit-networkmanager
+    summary: Non-storage tests
    discover+:
-        test: /test/browser/network
+        test: /test/browser/main
-/optional:
+/storage-basic:
-    summary: Run tests for optional packages
+    summary: Basic storage tests
    discover+:
-        test: /test/browser/optional
+        test: /test/browser/storage-basic
 /storage-extra:
    summary: More expensive storage tests (LVM, LUKS, Anaconda)
    discover+:
        test: /test/browser/storage-extra
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (cockpit-310.2.tar.xz) = bd996dba91a1ad473de3bfe4b31480fc71c76966e2e2c452446c76ede66dd9ad8bf5b32603122b8a45f9c84b277e732fe5694f297af15671ffb690eac61d3250
+SHA512 (cockpit-317.tar.xz) = 55dfa449fd77dcd71d5f27cfd72235daa50c1a3c2d19cac5bc43b933322b4ba353b35f5acfc9f119c1d03a20dbbb80736b9feaca12ae95accbd46e067bb0c558
`@ -1 +1 @@`
	`SHA512 (cockpit-310.2.tar.xz) = bd996dba91a1ad473de3bfe4b31480fc71c76966e2e2c452446c76ede66dd9ad8bf5b32603122b8a45f9c84b277e732fe5694f297af15671ffb690eac61d3250`	`SHA512 (cockpit-317.tar.xz) = 55dfa449fd77dcd71d5f27cfd72235daa50c1a3c2d19cac5bc43b933322b4ba353b35f5acfc9f119c1d03a20dbbb80736b9feaca12ae95accbd46e067bb0c558`