From b804c2758f8b0a89e1b47c8a5861c09ad3bb6090 Mon Sep 17 00:00:00 2001 From: Katerina Koukiou Date: Mon, 17 May 2021 12:08:09 +0200 Subject: [PATCH] Update to upstream release 244.1 Resolves: rhbz#1943169 --- .gitignore | 1 + cockpit.spec | 120 +++++++++++++++++++++++++++++---------------- plans/upstream.fmf | 2 +- sources | 2 +- 4 files changed, 80 insertions(+), 45 deletions(-) diff --git a/.gitignore b/.gitignore index 140df17..98209ef 100644 --- a/.gitignore +++ b/.gitignore @@ -203,3 +203,4 @@ /cockpit-239.tar.xz /cockpit-240.tar.xz /cockpit-241.tar.xz +/cockpit-244.1.tar.xz diff --git a/cockpit.spec b/cockpit.spec index 9333e5a..3dfaadb 100644 --- a/cockpit.spec +++ b/cockpit.spec @@ -1,6 +1,6 @@ # This spec file has been automatically updated -Version: 241 -Release: 2%{?dist} +Version: 244.1 +Release: 1%{?dist} # # Copyright (C) 2014-2020 Red Hat, Inc. # @@ -63,7 +63,7 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %endif # in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system}) -# and cockpit-appstream (building optional packages like cockpit-{machines,pcp}) +# and cockpit-appstream (building optional packages like cockpit-{pcp}) # This split does not apply to EPEL/COPR. # In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream %if 0%{?rhel} == 8 && 0%{?epel} == 0 @@ -81,6 +81,13 @@ Source0: https://github.com/cockpit-project/cockpit/releases/download/%{v %define build_optional 1 %endif +# Ship custom SELinux policy only in Fedora and RHEL-9 onward +%if 0%{?rhel} >= 9 || 0%{?fedora} +%define selinuxtype targeted +%define with_selinux 1 +%define selinux_policy_version %(rpm --quiet -q selinux-policy && rpm -q --queryformat "%{V}-%{R}" selinux-policy || echo 1) +%endif + BuildRequires: gcc BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(json-glib-1.0) @@ -125,6 +132,11 @@ BuildRequires: gdb # For documentation BuildRequires: xmlto +%if 0%{?with_selinux} +BuildRequires: selinux-policy +BuildRequires: selinux-policy-devel +%endif + # This is the "cockpit" metapackage. It should only # Require, Suggest or Recommend other cockpit-xxx subpackages @@ -165,6 +177,11 @@ exec 2>&1 make -j4 %{?extra_flags} all +%if 0%{?with_selinux} + make -f /usr/share/selinux/devel/Makefile cockpit.pp + bzip2 -9 cockpit.pp +%endif + %check exec 2>&1 # HACK: Fedora koji builders are very slow, unreliable, and inaccessible for debugging; https://github.com/cockpit-project/cockpit/issues/13909 @@ -189,6 +206,14 @@ install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit rm -f %{buildroot}/%{_libdir}/cockpit/*.so install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/ +%if 0%{?with_selinux} + install -D -m 644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_session_selinux.8cockpit + install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_ws_selinux.8cockpit + # create this directory in the build root so that %ghost sees the desired mode + install -d -m 700 %{buildroot}%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + # only ship deprecated PatternFly API for stable releases %if 0%{?fedora} <= 33 || 0%{?rhel} <= 8 ln -s cockpit.css.gz %{buildroot}/%{_datadir}/cockpit/base1/patternfly.css.gz @@ -240,9 +265,6 @@ find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list -echo '%dir %{_datadir}/cockpit/machines' > machines.list -find %{buildroot}%{_datadir}/cockpit/machines -type f >> machines.list - echo '%dir %{_datadir}/cockpit/selinux' > selinux.list find %{buildroot}%{_datadir}/cockpit/selinux -type f >> selinux.list @@ -250,6 +272,7 @@ echo '%dir %{_datadir}/cockpit/playground' > tests.list find %{buildroot}%{_datadir}/cockpit/playground -type f >> tests.list echo '%dir %{_datadir}/cockpit/static' > static.list +echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list # when not building basic packages, remove their files @@ -264,7 +287,7 @@ done for lib in systemd tmpfiles.d; do rm -r %{buildroot}/%{_prefix}/%{__lib}/$lib done -for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop cockpit-certificate-helper; do +for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do rm %{buildroot}/%{_libexecdir}/$libexec done rm -r %{buildroot}/%{_libdir}/security %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d @@ -275,15 +298,13 @@ rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml # when not building optional packages, remove their files %if 0%{?build_optional} == 0 -for pkg in apps machines packagekit pcp playground storaged; do +for pkg in apps packagekit pcp playground storaged; do rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg done # files from -tests rm -r %{buildroot}/%{_prefix}/%{__lib}/cockpit-test-assets # files from -pcp rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/ -# files from -machines -rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-machines.metainfo.xml # files from -storaged rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml %endif @@ -296,8 +317,6 @@ sed -i "s|%{buildroot}||" *.list pushd %{buildroot}/%{_datadir}/cockpit/branding find -L * -type l -printf "%H\n" | sort -u | xargs rm -rv popd -# need this in SUSE as post build checks dislike stale symlinks -install -m 644 -D /dev/null %{buildroot}/run/cockpit/motd %else %global _debugsource_packages 1 %global _debuginfo_subpackages 0 @@ -395,10 +414,9 @@ Provides: cockpit-shell = %{version}-%{release} Provides: cockpit-systemd = %{version}-%{release} Provides: cockpit-tuned = %{version}-%{release} Provides: cockpit-users = %{version}-%{release} -Obsoletes: cockpit-dashboard +Obsoletes: cockpit-dashboard < %{version}-%{release} %if 0%{?rhel} Provides: cockpit-networkmanager = %{version}-%{release} -Obsoletes: cockpit-networkmanager Requires: NetworkManager >= 1.6 Provides: cockpit-kdump = %{version}-%{release} Requires: kexec-tools @@ -432,6 +450,10 @@ Summary: Cockpit Web Service Requires: glib-networking Requires: openssl Requires: glib2 >= 2.50.0 +%if 0%{?with_selinux} +Requires: (selinux-policy >= %{selinux_policy_version} if selinux-policy-%{selinuxtype}) +Requires(post): (policycoreutils if selinux-policy-%{selinuxtype}) +%endif Conflicts: firewalld < 0.6.0-1 Recommends: sscg >= 2.3 Recommends: system-logos @@ -454,10 +476,9 @@ authentication via sssd/FreeIPA. %dir %{_sysconfdir}/cockpit %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d %config(noreplace) %{_sysconfdir}/pam.d/cockpit -%config %{_sysconfdir}/issue.d/cockpit.issue -%config %{_sysconfdir}/motd.d/cockpit -%ghost /run/cockpit/motd -%ghost %dir /run/cockpit +# created in %post, so that users can rm the files +%ghost %{_sysconfdir}/issue.d/cockpit.issue +%ghost %{_sysconfdir}/motd.d/cockpit %dir %{_datadir}/cockpit/motd %{_datadir}/cockpit/motd/update-motd %{_datadir}/cockpit/motd/inactive.motd @@ -481,17 +502,45 @@ authentication via sssd/FreeIPA. %{_libexecdir}/cockpit-wsinstance-factory %{_libexecdir}/cockpit-tls %{_libexecdir}/cockpit-desktop +%{_libexecdir}/cockpit-certificate-ensure %{_libexecdir}/cockpit-certificate-helper %attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session %{_datadir}/cockpit/branding +%if 0%{?with_selinux} + %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %{_mandir}/man8/%{name}_session_selinux.8cockpit.* + %{_mandir}/man8/%{name}_ws_selinux.8cockpit.* + %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%endif + %pre ws getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_relabel_pre -s %{selinuxtype} +fi +%endif + %post ws +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 + %selinux_relabel_post -s %{selinuxtype} +fi +%endif + +# set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them +if [ "$1" = 1 ]; then + mkdir -p /etc/motd.d /etc/issue.d + ln -s /run/cockpit/motd /etc/motd.d/cockpit + ln -s /run/cockpit/motd /etc/issue.d/cockpit.issue +fi + %tmpfiles_create cockpit-tempfiles.conf %systemd_post cockpit.socket cockpit.service # firewalld only partially picks up changes to its services files without this @@ -501,6 +550,12 @@ test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true %systemd_preun cockpit.socket cockpit.service %postun ws +%if 0%{?with_selinux} +if %{_sbindir}/selinuxenabled 2>/dev/null; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} + %selinux_relabel_post -s %{selinuxtype} +fi +%endif %systemd_postun_with_restart cockpit.socket cockpit.service # ------------------------------------------------------------------------------- @@ -622,31 +677,6 @@ These files are not required for running Cockpit. %files -n cockpit-tests -f tests.list %{_prefix}/%{__lib}/cockpit-test-assets -%package -n cockpit-machines -BuildArch: noarch -Summary: Cockpit user interface for virtual machines -Requires: cockpit-bridge >= 186 -Requires: cockpit-system >= 186 -%if 0%{?suse_version} -Requires: libvirt-daemon-qemu -%else -Requires: libvirt-daemon-kvm -%endif -Requires: libvirt-client -Requires: libvirt-dbus >= 1.2.0 -# Optional components -Recommends: virt-install -Recommends: libosinfo -Recommends: python3-gobject-base - -%description -n cockpit-machines -The Cockpit components for managing virtual machines. - -If "virt-install" is installed, you can also create new virtual machines. - -%files -n cockpit-machines -f machines.list -%{_datadir}/metainfo/org.cockpit-project.cockpit-machines.metainfo.xml - %package -n cockpit-pcp Summary: Cockpit PCP integration Requires: cockpit-bridge >= 238.1.1 @@ -680,6 +710,10 @@ via PackageKit. # The changelog is automatically generated and merged %changelog +* Mon May 12 2021 Katerina Koukiou - 244.1-1 +- Shell: sudo is invoked only when explicitly requested +- Dynamically manage motd/issue symlinks in package scripts (rhbz#1876848) + * Thu Apr 15 2021 Mohan Boddu - 241-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 diff --git a/plans/upstream.fmf b/plans/upstream.fmf index ba347f3..05552ef 100644 --- a/plans/upstream.fmf +++ b/plans/upstream.fmf @@ -2,6 +2,6 @@ discover: how: fmf repository: https://github.com/cockpit-project/cockpit # FIXME: get rid of the hardcoding: https://github.com/psss/tmt/issues/585 - ref: "241" + ref: "244.1" execute: how: tmt diff --git a/sources b/sources index 6e03497..afa289f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cockpit-241.tar.xz) = ebac207f4795b1c8aee844476807f68b8481bd86e8182cf8ec6b97cfc3ce4ab863c093763f7ce11ba1a4b99f5a85f69ea68cc2de5f76f9ffc6594d0a3b2a8814 +SHA512 (cockpit-244.1.tar.xz) = ed9852b938f782c47692b484d710a5a2ea99827bc18cf1f322037a277bba379b508e7d5a8ba4b638317e6db92c36033c882ec5618941512d59779d1ec775fdd9