From c4aaec3d293b9e43a3c7a3dc7bc12d6ee407a847 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Fri, 23 Dec 2022 06:10:00 +0000
Subject: [PATCH] Auto sync2gitlab import of cockpit-282.1-1.el8.src.rpm

---
 .gitignore   |  1 +
 cockpit.spec | 24 +++++++++++++++++++++++-
 sources      |  2 +-
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4dd3cdc..17339ac 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@
 /cockpit-276.tar.xz
 /cockpit-276.1.tar.xz
 /cockpit-279.tar.xz
+/cockpit-282.1.tar.xz
diff --git a/cockpit.spec b/cockpit.spec
index f26a3e4..619a403 100644
--- a/cockpit.spec
+++ b/cockpit.spec
@@ -49,7 +49,7 @@ Summary:        Web Console for Linux servers
 License:        LGPLv2+
 URL:            https://cockpit-project.org/
 
-Version:        279
+Version:        282.1
 Release:        1%{?dist}
 Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
 Source1:        cockpit.css.gz
@@ -74,6 +74,13 @@ Source1:        cockpit.css.gz
 %define build_optional 1
 %endif
 
+# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH.
+%if 0%{?rhel} && 0%{?rhel} <= 8
+%define disallow_root 0
+%else
+%define disallow_root 1
+%endif
+
 # Ship custom SELinux policy (but not for cockpit-appstream)
 %if "%{name}" == "cockpit"
 %define selinuxtype targeted
@@ -147,6 +154,8 @@ Suggests: cockpit-pcp
 
 %if 0%{?rhel} == 0
 Recommends: (cockpit-networkmanager if NetworkManager)
+# c-ostree is not in RHEL 8/9
+Recommends: (cockpit-ostree if rpm-ostree)
 Suggests: cockpit-selinux
 %endif
 %if 0%{?rhel} && 0%{?centos} == 0
@@ -431,6 +440,7 @@ authentication via sssd/FreeIPA.
 # created in %post, so that users can rm the files
 %ghost %{_sysconfdir}/issue.d/cockpit.issue
 %ghost %{_sysconfdir}/motd.d/cockpit
+%ghost %attr(0644, root, root) %{_sysconfdir}/cockpit/disallowed-users
 %dir %{_datadir}/cockpit/motd
 %{_datadir}/cockpit/motd/update-motd
 %{_datadir}/cockpit/motd/inactive.motd
@@ -479,10 +489,16 @@ if [ -x %{_sbindir}/selinuxenabled ]; then
 fi
 
 # set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them
+# disable root login on first-time install; so existing installations aren't changed
 if [ "$1" = 1 ]; then
     mkdir -p /etc/motd.d /etc/issue.d
     ln -s ../../run/cockpit/motd /etc/motd.d/cockpit
     ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue
+    printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
+%if 0%{?disallow_root}
+    printf "root\n" >> /etc/cockpit/disallowed-users
+%endif
+    chmod 644 /etc/cockpit/disallowed-users
 fi
 
 %tmpfiles_create cockpit-tempfiles.conf
@@ -662,6 +678,12 @@ via PackageKit.
 
 # The changelog is automatically generated and merged
 %changelog
+* Wed Dec 14 2022 Katerina Koukiou <kkoukiou@redhat.com> - 282-1
+- Add right-to-left language support
+- Accounts: Redesign and include groups
+- Dark theme switcher
+- tools: Disallow root login by default
+
 * Tue Nov 15 2022 Matej Marusak <mmarusak@redhat.com> - 279-1
 - Dark theme support
 - Metrics: Display individual disk read/write usage
diff --git a/sources b/sources
index 8b2ce79..679d1cd 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (cockpit-279.tar.xz) = 76788142d836ec6fadebe122da4b5fc6a5c41c99b5b66c84573488e7581edb313a947d6c6b20d6f858075c6c716f3c5f7b6874e2405844231c6c5ac60043d270
+SHA512 (cockpit-282.1.tar.xz) = a4b06419fafba8f2c2f1fdc4475683eb34a941e260666909c7b3e09c7a3c90c28996c180016bee81ac95291999121ec1ccb70c4e7f5d3a02d9d61dccbdd62d0c
 SHA512 (cockpit.css.gz) = 1851e890e49141c17e498f1472c3bc307439cefaa0f1dccecbfc87b04087af03ca42199c86116c1fcf8890b58ca98f8aecfb01cc8b3c03a76e2685f7bd610568