From d3ea03ba645c10d8d8d42960e623ab46992d2216 Mon Sep 17 00:00:00 2001 From: Alexey Berezhok Date: Sat, 10 Feb 2024 20:24:47 +0300 Subject: [PATCH] Added support GOST and PAM-GOST profiles for crypto-policies in the UI interface --- .../0008-Added-new-GOST-profiles-to-UI.patch | 66 +++++++++++++++++++ SPECS/cockpit.spec | 6 +- 2 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0008-Added-new-GOST-profiles-to-UI.patch diff --git a/SOURCES/0008-Added-new-GOST-profiles-to-UI.patch b/SOURCES/0008-Added-new-GOST-profiles-to-UI.patch new file mode 100644 index 0000000..3509459 --- /dev/null +++ b/SOURCES/0008-Added-new-GOST-profiles-to-UI.patch @@ -0,0 +1,66 @@ +From 85017b1121480af708c61115c44051594881b6fe Mon Sep 17 00:00:00 2001 +From: Alexey Berezhok +Date: Sat, 10 Feb 2024 20:10:19 +0300 +Subject: [PATCH] Added new GOST profiles to UI + +--- + pkg/systemd/overview-cards/cryptoPolicies.jsx | 6 ++++-- + po/ru.po | 18 +++++++++++++----- + 2 files changed, 17 insertions(+), 7 deletions(-) + +diff --git a/pkg/systemd/overview-cards/cryptoPolicies.jsx b/pkg/systemd/overview-cards/cryptoPolicies.jsx +index 27cf8be..a8a8f12 100644 +--- a/pkg/systemd/overview-cards/cryptoPolicies.jsx ++++ b/pkg/systemd/overview-cards/cryptoPolicies.jsx +@@ -122,8 +122,10 @@ const CryptoPolicyDialog = ({ + "FIPS:OSPP": _("FIPS with further Common Criteria restrictions."), + FUTURE: _("Protects from anticipated near-term future attacks at the expense of interoperability."), + "DEFAULT:GOST": _("DEFAULT with GOST algorithms enabled."), +- "DEFAULT:PAM-GOST": _("DEFAULT with GOST password hashing."), +- "DEFAULT:GOST:PAM-GOST": _("DEFAULT with GOST and GOST password hashing."), ++ "DEFAULT:PAM-GOST": _("DEFAULT with GOST password hashing based on minimal auth profile."), ++ "DEFAULT:GOST:PAM-GOST": _("DEFAULT with GOST and GOST password hashing based on minimal auth profile."), ++ "DEFAULT:GOST:SSSD-PAM-GOST": _("DEFAULT with GOST and GOST password hashing based on sssd auth profile."), ++ "DEFAULT:PATCH-PAM-GOST": _("DEFAULT with GOST password hashing based on patch for custom configs."), + "GOST-ONLY": _("GOST algorithms allowed only."), + "GOST-ONLY-PAM": _("GOST algorithms allowed only with GOST pass hashing."), + }; +diff --git a/po/ru.po b/po/ru.po +index b15714e..6110d02 100644 +--- a/po/ru.po ++++ b/po/ru.po +@@ -2265,18 +2265,26 @@ msgid "DEFAULT with GOST algorithms enabled." + msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ алгоритмов" + + #: pkg/systemd/overview-cards/cryptoPolicies.jsx:125 +-msgid "DEFAULT with GOST password hashing." +-msgstr "Профиль по умолчанию, с добавленим поддержки хэшей паролей по ГОСТ 34.11-2012" ++msgid "DEFAULT with GOST password hashing based on minimal auth profile." ++msgstr "Профиль по умолчанию, с добавлением поддержки хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации minimal" + + #: pkg/systemd/overview-cards/cryptoPolicies.jsx:126 +-msgid "DEFAULT with GOST and GOST password hashing." +-msgstr "Профиль по умолчанию, с добавленим поддержки ГОСТ и хэшей паролей по ГОСТ 34.11-2012" ++msgid "DEFAULT with GOST and GOST password hashing based on minimal auth profile." ++msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ и хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации minimal" + + #: pkg/systemd/overview-cards/cryptoPolicies.jsx:127 ++msgid "DEFAULT with GOST and GOST password hashing based on sssd auth profile." ++msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ и хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации sssd" ++ ++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:128 ++msgid "DEFAULT with GOST password hashing based on patch for custom configs.." ++msgstr "Профиль по умолчанию, с добавлением хэшей паролей по ГОСТ 34.11-2012 модификацией файлов авторизации. Для пользовательских конфигураций" ++ ++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:129 + msgid "GOST algorithms allowed only." + msgstr "Профиль ГОСТ с запретом всего остального" + +-#: pkg/systemd/overview-cards/cryptoPolicies.jsx:128 ++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:130 + msgid "GOST algorithms allowed only with GOST pass hashing." + msgstr "Профиль ГОСТ(+хэш паролей по ГОСТ 34.11-2012) с запретом всего остального" + +-- +2.43.0 + diff --git a/SPECS/cockpit.spec b/SPECS/cockpit.spec index dda2bd7..4d86981 100644 --- a/SPECS/cockpit.spec +++ b/SPECS/cockpit.spec @@ -50,7 +50,7 @@ License: LGPL-2.1-or-later URL: https://cockpit-project.org/ Version: 300.3 -Release: 2%{?dist}.inferit.2 +Release: 2%{?dist}.inferit.3 # We need to patch official source (000* patches in SOURCE) and # repack tarball to recompile javascript. # Use script cockpit-inferit-patch.sh to create @@ -66,6 +66,7 @@ Patch4: 0005-Show-MSVSPHERE_PRETTY_NAME-instead-of-PRETTY_NAME-in.patch Patch5: 0006-Disable-upstream-documentation-links.patch Patch6: 0001-Added-support-GOST-and-PAM-GOST-profiles-for-crypto-.patch Patch7: 0007-Update-Russian-translation.patch +Patch8: 0008-Added-new-GOST-profiles-to-UI.patch %if 0%{?fedora} >= 38 || 0%{?rhel} >= 9 %define cockpit_enable_python 1 @@ -796,6 +797,9 @@ via PackageKit. # The changelog is automatically generated and merged %changelog +* Sat Feb 10 2024 Alexey Berezhok - 300.3-2.inferit.3 +- Added support GOST and PAM-GOST profiles for crypto-policies in the UI interface + * Mon Feb 05 2024 Arkady L. Shane - 300.3-2.inferit.2 - Update Russian translation in appdata