.cockpit.metadata

@@ -1 +1,2 @@
-e4db91830e687a63851668cd2525132086ebae6d SOURCES/cockpit-311.2.tar.xz
+a37e1d6ad4b1b25729682c54ab7e4dcdcfd894a7 SOURCES/cockpit.css.gz
+e3c77825b38894cbf8261dbddf56affefb431083  SOURCES/cockpit-310.3.tar.xz

.gitignore

@@ -1 +1,2 @@
-SOURCES/cockpit-311.2.tar.xz
+SOURCES/cockpit-310.3.tar.xz
+SOURCES/cockpit.css.gz

SOURCES/0001-Added-support-GOST-and-PAM-GOST-profiles-for-crypto-.patch

@@ -0,0 +1,71 @@
+From 383c67ef13d6a7060b3ed249804f0948e667510f Mon Sep 17 00:00:00 2001
+From: tigro <tigro@msvsphere-os.ru>
+Date: Tue, 2 Apr 2024 16:50:30 +0300
+Subject: [PATCH] Added support GOST and PAM-GOST profiles for crypto-policies
+ in the UI interface
+
+---
+ pkg/systemd/overview-cards/cryptoPolicies.jsx |  7 +++++
+ po/ru.po                                      | 28 +++++++++++++++++++
+ 2 files changed, 35 insertions(+)
+
+diff --git a/pkg/systemd/overview-cards/cryptoPolicies.jsx b/pkg/systemd/overview-cards/cryptoPolicies.jsx
+index 4da83868b..acbfaef3f 100644
+--- a/pkg/systemd/overview-cards/cryptoPolicies.jsx
++++ b/pkg/systemd/overview-cards/cryptoPolicies.jsx
+@@ -121,6 +121,13 @@ const CryptoPolicyDialog = ({
+         </Flex>),
+         "FIPS:OSPP": _("FIPS with further Common Criteria restrictions."),
+         FUTURE: _("Protects from anticipated near-term future attacks at the expense of interoperability."),
++        "DEFAULT:GOST": _("DEFAULT with GOST algorithms enabled."),
++        "DEFAULT:PAM-GOST": _("DEFAULT with GOST password hashing based on minimal auth profile."),
++        "DEFAULT:GOST:PAM-GOST": _("DEFAULT with GOST and GOST password hashing based on minimal auth profile."),
++        "DEFAULT:GOST:SSSD-PAM-GOST": _("DEFAULT with GOST and GOST password hashing based on sssd auth profile."),
++        "DEFAULT:PATCH-PAM-GOST": _("DEFAULT with GOST password hashing based on patch for custom configs."),
++        "GOST-ONLY": _("GOST algorithms allowed only."),
++        "GOST-ONLY-PAM": _("GOST algorithms allowed only with GOST pass hashing."),
+     };
+ 
+     const policies = Object.keys(cryptopolicies)
+diff --git a/po/ru.po b/po/ru.po
+index df7e755b5..2ceb4d063 100644
+--- a/po/ru.po
++++ b/po/ru.po
+@@ -2438,6 +2438,34 @@ msgstr "Настраиваемые зоны"
+ msgid "DEFAULT with SHA-1 signature verification allowed."
+ msgstr ""
+ 
++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:124
++msgid "DEFAULT with GOST algorithms enabled."
++msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ алгоритмов"
++
++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:125
++msgid "DEFAULT with GOST password hashing based on minimal auth profile."
++msgstr "Профиль по умолчанию, с добавлением поддержки хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации minimal"
++
++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:126
++msgid "DEFAULT with GOST and GOST password hashing based on minimal auth profile."
++msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ и хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации minimal"
++
++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:127
++msgid "DEFAULT with GOST and GOST password hashing based on sssd auth profile."
++msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ и хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации sssd"
++
++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:128
++msgid "DEFAULT with GOST password hashing based on patch for custom configs."
++msgstr "Профиль по умолчанию, с добавлением хэшей паролей по ГОСТ 34.11-2012 модификацией файлов авторизации. Для пользовательских конфигураций"
++
++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:129
++msgid "GOST algorithms allowed only."
++msgstr "Профиль ГОСТ с запретом всего остального"
++
++#: pkg/systemd/overview-cards/cryptoPolicies.jsx:130
++msgid "GOST algorithms allowed only with GOST pass hashing."
++msgstr "Профиль ГОСТ(+хэш паролей по ГОСТ 34.11-2012) с запретом всего остального"
++
+ #: pkg/networkmanager/ip-settings.jsx:237
+ msgid "DNS"
+ msgstr "DNS"
+-- 
+2.44.0
+

SOURCES/0001-Adds-MSVSphere-branding-directory.patch

@@ -0,0 +1,87 @@
+From fc676ccfa2932d62c09d6e47300147ab69aec6c0 Mon Sep 17 00:00:00 2001
+From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
+Date: Mon, 20 Nov 2023 21:15:12 +0300
+Subject: [PATCH 1/6] Adds MSVSphere branding directory
+
+---
+ Makefile.am                         |  1 +
+ src/branding/msvsphere/Makefile.am  | 11 +++++++++
+ src/branding/msvsphere/branding.css | 36 +++++++++++++++++++++++++++++
+ 3 files changed, 48 insertions(+)
+ create mode 100644 src/branding/msvsphere/Makefile.am
+ create mode 100644 src/branding/msvsphere/branding.css
+
+diff --git a/Makefile.am b/Makefile.am
+index 7901fcc0d..5f2696062 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -174,6 +174,7 @@ include src/branding/debian/Makefile.am
+ include src/branding/default/Makefile.am
+ include src/branding/fedora/Makefile.am
+ include src/branding/kubernetes/Makefile.am
++include src/branding/msvsphere/Makefile.am
+ include src/branding/opensuse/Makefile.am
+ include src/branding/registry/Makefile.am
+ include src/branding/rhel/Makefile.am
+diff --git a/src/branding/msvsphere/Makefile.am b/src/branding/msvsphere/Makefile.am
+new file mode 100644
+index 000000000..7425bdd0f
+--- /dev/null
++++ b/src/branding/msvsphere/Makefile.am
+@@ -0,0 +1,11 @@
++msvspherebrandingdir = $(datadir)/cockpit/branding/msvsphere
++
++dist_msvspherebranding_DATA = \
++	src/branding/msvsphere/branding.css \
++	$(NULL)
++
++# Opportunistically use sphere-logos ... yes they're called 'fedora'
++install-data-hook::
++	ln -sTfr $(DESTDIR)/usr/share/pixmaps/system-logo-white.png $(DESTDIR)$(msvspherebrandingdir)/logo.png
++	ln -sTfr $(DESTDIR)/usr/share/pixmaps/fedora-logo-sprite.png $(DESTDIR)$(msvspherebrandingdir)/apple-touch-icon.png
++	ln -sTfr $(DESTDIR)/etc/favicon.png $(DESTDIR)$(msvspherebrandingdir)/favicon.ico
+diff --git a/src/branding/msvsphere/branding.css b/src/branding/msvsphere/branding.css
+new file mode 100644
+index 000000000..2b87b42bc
+--- /dev/null
++++ b/src/branding/msvsphere/branding.css
+@@ -0,0 +1,36 @@
++/* MSVSphere Branding */
++
++:root {
++    --ct-color-host-accent: #cc0000 !important;
++}
++
++body.login-pf {
++    background: url("bg-plain.jpg") no-repeat 50% 0;
++    background-size: cover;
++    background-color: #101010;
++}
++
++#badge {
++    width: 225px;
++    height: 80px;
++    background-image: url("logo.png");
++    background-size: contain;
++    background-repeat: no-repeat;
++}
++
++#brand {
++    font-size: 18pt;
++    text-transform: uppercase;
++}
++
++#brand:before {
++    content: "${NAME}";
++}
++
++#index-brand {
++    font-weight: bold;
++}
++
++#index-brand:before {
++    content: "${NAME}";
++}
+-- 
+2.43.0
+

SOURCES/0002-Show-MSVSPHERE_PRETTY_NAME-instead-of-NAME-on-login-.patch

@@ -0,0 +1,46 @@
+From 2e1149a465911f292a94a21d012198a009b1403f Mon Sep 17 00:00:00 2001
+From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
+Date: Mon, 20 Nov 2023 21:25:21 +0300
+Subject: [PATCH 2/6] Show MSVSPHERE_PRETTY_NAME instead of NAME on login page
+
+---
+ src/branding/msvsphere/branding.css | 4 ++--
+ src/ws/cockpithandlers.c            | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/branding/msvsphere/branding.css b/src/branding/msvsphere/branding.css
+index 2b87b42bc..67faf6d4b 100644
+--- a/src/branding/msvsphere/branding.css
++++ b/src/branding/msvsphere/branding.css
+@@ -24,7 +24,7 @@ body.login-pf {
+ }
+ 
+ #brand:before {
+-    content: "${NAME}";
++    content: "${MSVSPHERE_PRETTY_NAME}";
+ }
+ 
+ #index-brand {
+@@ -32,5 +32,5 @@ body.login-pf {
+ }
+ 
+ #index-brand:before {
+-    content: "${NAME}";
++    content: "${MSVSPHERE_PRETTY_NAME}";
+ }
+diff --git a/src/ws/cockpithandlers.c b/src/ws/cockpithandlers.c
+index c866e1c15..b1b914ffa 100644
+--- a/src/ws/cockpithandlers.c
++++ b/src/ws/cockpithandlers.c
+@@ -287,7 +287,7 @@ build_environment (GHashTable *os_release)
+    * the corresponding information is not a leak.
+    */
+   static const gchar *release_fields[] = {
+-    "NAME", "ID", "PRETTY_NAME", "VARIANT", "VARIANT_ID", "CPE_NAME", "ID_LIKE", "DOCUMENTATION_URL"
++    "NAME", "ID", "PRETTY_NAME", "VARIANT", "VARIANT_ID", "CPE_NAME", "ID_LIKE", "DOCUMENTATION_URL", "MSVSPHERE_PRETTY_NAME"
+   };
+ 
+   static const gchar *prefix = "\n    <script>\nvar environment = ";
+-- 
+2.43.0
+

SOURCES/0003-Show-MSVSPHERE_PRETTY_NAME-instead-of-NAME-for-docum.patch

@@ -0,0 +1,26 @@
+From c1e377389f4e613e9707de8ea09bd5fc9179f8d4 Mon Sep 17 00:00:00 2001
+From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
+Date: Mon, 20 Nov 2023 21:46:51 +0300
+Subject: [PATCH 3/6] Show MSVSPHERE_PRETTY_NAME instead of NAME for
+ documentation link
+
+---
+ pkg/shell/topnav.jsx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pkg/shell/topnav.jsx b/pkg/shell/topnav.jsx
+index 1ad8c3dcb..e1a8e4c66 100644
+--- a/pkg/shell/topnav.jsx
++++ b/pkg/shell/topnav.jsx
+@@ -149,7 +149,7 @@ export class TopNav extends React.Component {
+ 
+         if (this.state.osRelease.DOCUMENTATION_URL)
+             docItems.push(<DropdownItem key="os-doc" href={this.state.osRelease.DOCUMENTATION_URL} target="blank" rel="noopener noreferrer" icon={<ExternalLinkAltIcon />}>
+-                {cockpit.format(_("$0 documentation"), this.state.osRelease.NAME)}
++                {cockpit.format(_("$0 documentation"), this.state.osRelease.MSVSPHERE_PRETTY_NAME)}
+             </DropdownItem>);
+ 
+         // global documentation for cockpit as a whole
+-- 
+2.43.0
+

SOURCES/0004-Include-pkg-shell-module-translations-in-other-modul.patch

@@ -0,0 +1,28 @@
+From 6beacc90bdaa4fc3af4f5ae6b627de59aa08fb55 Mon Sep 17 00:00:00 2001
+From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
+Date: Tue, 21 Nov 2023 00:04:04 +0300
+Subject: [PATCH 4/6] Include pkg/shell module translations in other modules
+
+This is required to fix the sudo button translation which is
+located in pkg/shell/superuser.jsx but used in different places
+like pkg/sosreport module.
+---
+ pkg/lib/cockpit-po-plugin.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pkg/lib/cockpit-po-plugin.js b/pkg/lib/cockpit-po-plugin.js
+index a7f31ca64..c3594d0ce 100644
+--- a/pkg/lib/cockpit-po-plugin.js
++++ b/pkg/lib/cockpit-po-plugin.js
+@@ -70,7 +70,7 @@ function buildFile(po_file, subdir, webpack_module, webpack_compilation) {
+             for (const [msgid, translation] of Object.entries(context)) {
+                 /* Only include msgids which appear in this source directory */
+                 const references = translation.comments.reference.split(/\s/);
+-                if (!references.some(str => str.startsWith(`pkg/${subdir}`) || str.startsWith(config.src_directory) || str.startsWith(`pkg/lib`)))
++                if (!references.some(str => str.startsWith(`pkg/${subdir}`) || str.startsWith(config.src_directory) || str.startsWith(`pkg/lib`) || str.startsWith(`pkg/shell`)))
+                     continue;
+ 
+                 if (translation.comments.flag?.match(/\bfuzzy\b/))
+-- 
+2.43.0
+

SOURCES/0005-Show-MSVSPHERE_PRETTY_NAME-instead-of-PRETTY_NAME-in.patch

@@ -0,0 +1,56 @@
+From a62c5236b9b660803c98da943f2fdbca5faaf588 Mon Sep 17 00:00:00 2001
+From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
+Date: Tue, 21 Nov 2023 00:36:55 +0300
+Subject: [PATCH 5/6] Show MSVSPHERE_PRETTY_NAME instead of PRETTY_NAME in
+ overview
+
+---
+ pkg/systemd/overview.jsx | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/pkg/systemd/overview.jsx b/pkg/systemd/overview.jsx
+index e780a1c5d..3527b02b6 100644
+--- a/pkg/systemd/overview.jsx
++++ b/pkg/systemd/overview.jsx
+@@ -28,6 +28,7 @@ import { Page, PageSection, PageSectionVariants } from "@patternfly/react-core/d
+ import { Gallery } from "@patternfly/react-core/dist/esm/layouts/Gallery/index.js";
+ import { Dropdown, DropdownItem, DropdownPosition, DropdownToggle, DropdownToggleAction } from '@patternfly/react-core/dist/esm/deprecated/components/Dropdown/index.js';
+ 
++import { read_os_release } from "os-release.js";
+ import { superuser } from "superuser";
+ 
+ import { SystemInformationCard } from './overview-cards/systemInformationCard.jsx';
+@@ -53,11 +54,14 @@ class OverviewPage extends React.Component {
+         this.state = {
+             actionIsOpen: false,
+             privileged: true,
++            osRelease: {},
+         };
+         this.hostnameMonitor = this.hostnameMonitor.bind(this);
+         this.onPermissionChanged = this.onPermissionChanged.bind(this);
+ 
+         this.superuser = cockpit.dbus(null, { bus: "internal" }).proxy("cockpit.Superuser", "/superuser");
++
++        read_os_release().then(os => this.setState({ osRelease: os || {} }));
+     }
+ 
+     componentDidMount() {
+@@ -154,9 +158,12 @@ class OverviewPage extends React.Component {
+                         <h1>
+                             {this.hostname_text()}
+                         </h1>
+-                        {this.state.hostnameData &&
+-                         this.state.hostnameData.OperatingSystemPrettyName &&
+-                         <div className="ct-overview-header-subheading" id="system_information_os_text">{cockpit.format(_("running $0"), this.state.hostnameData.OperatingSystemPrettyName)}</div>}
++                        {this.state.osRelease && this.state.osRelease.MSVSPHERE_PRETTY_NAME ? (
++                            <div className="ct-overview-header-subheading" id="system_information_os_text">{cockpit.format(_("running $0"), this.state.osRelease.MSVSPHERE_PRETTY_NAME)}</div>
++                        ) : (
++                         this.state.hostnameData && this.state.hostnameData.OperatingSystemPrettyName &&
++                            <div className="ct-overview-header-subheading" id="system_information_os_text">{cockpit.format(_("running $0"), this.state.hostnameData.OperatingSystemPrettyName)}</div>
++                        )}
+                     </div>
+                     <div className='ct-overview-header-actions'>
+                         { show_superuser && <SuperuserIndicator proxy={this.superuser} /> }
+-- 
+2.43.0
+

SOURCES/0006-Disable-upstream-documentation-links.patch

@@ -0,0 +1,39 @@
+From a0a076d4b2b5770c35c63fff4e5ed80abd5fade9 Mon Sep 17 00:00:00 2001
+From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
+Date: Tue, 21 Nov 2023 00:48:25 +0300
+Subject: [PATCH 6/6] Disable upstream documentation links
+
+---
+ pkg/shell/topnav.jsx | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/pkg/shell/topnav.jsx b/pkg/shell/topnav.jsx
+index e1a8e4c66..111563118 100644
+--- a/pkg/shell/topnav.jsx
++++ b/pkg/shell/topnav.jsx
+@@ -152,22 +152,6 @@ export class TopNav extends React.Component {
+                 {cockpit.format(_("$0 documentation"), this.state.osRelease.MSVSPHERE_PRETTY_NAME)}
+             </DropdownItem>);
+ 
+-        // global documentation for cockpit as a whole
+-        (cockpit.manifests.shell?.docs ?? []).forEach(doc => {
+-            docItems.push(<DropdownItem key={doc.label} href={doc.url} target="blank" rel="noopener noreferrer" icon={<ExternalLinkAltIcon />}>
+-                {doc.label}
+-            </DropdownItem>);
+-        });
+-
+-        if (docs.length > 0)
+-            docItems.push(<DropdownSeparator key="separator" />);
+-
+-        docs.forEach(e => {
+-            docItems.push(<DropdownItem key={e.label} href={e.url} target="blank" rel="noopener noreferrer" icon={<ExternalLinkAltIcon />}>
+-                {_(e.label)}
+-            </DropdownItem>);
+-        });
+-
+         docItems.push(<DropdownSeparator key="separator1" />);
+         docItems.push(<DropdownItem key="about" component="button"
+                                     onClick={() => Dialogs.show(<AboutCockpitModal />)}>
+-- 
+2.43.0
+

SOURCES/0007-Update-Russian-translation.patch

@@ -0,0 +1,25 @@
+From 65cc5eae0c57b7df4b710258718fb2c6821d23d2 Mon Sep 17 00:00:00 2001
+From: tigro <tigro@msvsphere-os.ru>
+Date: Mon, 5 Feb 2024 20:09:15 +0300
+Subject: [PATCH] Update Russian translation
+
+---
+ po/ru.po | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/po/ru.po b/po/ru.po
+index 41b461f..34ab2f9 100644
+--- a/po/ru.po
++++ b/po/ru.po
+@@ -1684,7 +1684,7 @@ msgstr "Закрыть выделенные страницы"
+ 
+ #: src/ws/cockpit.appdata.xml.in:7
+ msgid "Cockpit"
+-msgstr "Cockpit"
++msgstr "Панель управления Cockpit"
+ 
+ #: pkg/static/login.js:452
+ msgid "Cockpit authentication is configured incorrectly."
+-- 
+2.43.0
+

SOURCES/0009-Change-chpasswd-to-passwd-to-support-PAM-crypto-algo.patch

@@ -0,0 +1,27 @@
+From c0f6c3e6c1a8abc1dff900669e1743f78f2543b4 Mon Sep 17 00:00:00 2001
+From: tigro <tigro@msvsphere-os.ru>
+Date: Sat, 10 Feb 2024 23:55:52 +0300
+Subject: [PATCH] Change chpasswd to passwd to support PAM crypto algorithms
+
+---
+ pkg/users/password-dialogs.js | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/pkg/users/password-dialogs.js b/pkg/users/password-dialogs.js
+index 089abac41..5589e79f0 100644
+--- a/pkg/users/password-dialogs.js
++++ b/pkg/users/password-dialogs.js
+@@ -111,8 +111,8 @@ function passwd_self(old_pass, new_pass) {
+ 
+ export function passwd_change(user, new_pass) {
+     return new Promise((resolve, reject) => {
+-        cockpit.spawn(["chpasswd"], { superuser: "require", err: "out" })
+-                .input(user + ":" + new_pass)
++        cockpit.spawn(["passwd", user, "--stdin"], { superuser: "require", err: "out" })
++                .input(new_pass)
+                 .done(function() {
+                     resolve();
+                 })
+-- 
+2.43.0
+

SOURCES/cockpit-inferit-patch.sh

@@ -0,0 +1,40 @@
+#!/bin/sh -e
+
+_version="$1"
+
+echo "Clean up sources"
+rm -rf cockpit
+
+echo "Cloning cockpit.git"
+git clone https://github.com/cockpit-project/cockpit.git
+cd cockpit
+
+echo -n "Checking tag ${_version}... "
+if ! git tag | grep -w ${_version}; then
+    echo "fail"
+    exit 1
+else
+    echo "ok"
+fi
+
+echo "Checkout tag ${_version}"
+git checkout ${_version}
+
+echo "Patching souurces"
+# FIXME
+# Remove GOST patches for MSVSphere 8
+# As it is unsupported by system
+rm ../0001-Added-support-GOST-and-PAM-GOST-profiles-for-crypto-.patch
+rm ../0009-Change-chpasswd-to-passwd-to-support-PAM-crypto-algo.patch
+git am ../000*.patch
+
+echo "Fix version in tools/make-dist"
+sed -i "s@VERSION=\"\$(git describe.*@VERSION=${_version}@" tools/make-dist
+
+echo "Make dist"
+tools/make-dist
+
+cd ..
+
+cp cockpit/tmp/build-dist/cockpit-${_version}.tar.xz .
+sha1sum cockpit-${_version}.tar.xz

SPECS/cockpit.spec

@@ -49,9 +49,37 @@ Summary:        Web Console for Linux servers
 License:        LGPL-2.1-or-later
 URL:            https://cockpit-project.org/
 
-Version:        311.2
-Release:        1%{?dist}
-Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
+Version:        310.3
+Release:        1%{?dist}.inferit.1
+Source0:        cockpit-%{version}.tar.xz
+Source1:        cockpit.css.gz
+
+# in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system})
+# and cockpit-appstream (building optional packages like cockpit-{pcp})
+# This split does not apply to EPEL/COPR nor packit c8s builds, only to our own
+# image-prepare rhel-8-Y builds (which will disable build_all).
+# In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream
+%if 0%{?rhel} == 8 && 0%{?epel} == 0 && !0%{?build_all}
+
+%if "%{name}" == "cockpit"
+%define build_basic 1
+%define build_optional 0
+%else
+%define build_basic 0
+%define build_optional 1
+%endif
+
+%else
+%define build_basic 1
+%define build_optional 1
+%endif
+
+# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH.
+%if 0%{?rhel} && 0%{?rhel} <= 8
+%define disallow_root 0
+%else
+%define disallow_root 1
+%endif
 
 # pcp stopped building on ix86
 %define build_pcp 1
@@ -61,9 +89,11 @@ Source0:        https://github.com/cockpit-project/cockpit/releases/download/%{v
 %endif
 %endif
 
-# Ship custom SELinux policy
+# Ship custom SELinux policy (but not for cockpit-appstream)
+%if "%{name}" == "cockpit"
 %define selinuxtype targeted
 %define selinux_configure_arg --enable-selinux-policy=%{selinuxtype}
+%endif
 
 BuildRequires: gcc
 BuildRequires: pkgconfig(gio-unix-2.0)
@@ -74,8 +104,16 @@ BuildRequires: pam-devel
 BuildRequires: autoconf automake
 BuildRequires: make
 BuildRequires: python3-devel
+%if 0%{?rhel} && 0%{?rhel} <= 8
+# RHEL 8's gettext does not yet have metainfo.its
+BuildRequires: gettext >= 0.19.7
+BuildRequires: libappstream-glib-devel
+%else
 BuildRequires: gettext >= 0.21
+%endif
+%if 0%{?build_basic}
 BuildRequires: libssh-devel >= 0.8.5
+%endif
 BuildRequires: openssl-devel
 BuildRequires: gnutls-devel >= 3.4.3
 BuildRequires: zlib-devel
@@ -136,18 +174,6 @@ Suggests: cockpit-selinux
 Requires: subscription-manager-cockpit
 %endif
 
-BuildRequires:  python3-devel
-BuildRequires:  python3-pip
-%if 0%{?rhel} == 0
-# All of these are only required for running pytest (which we only do on Fedora)
-BuildRequires:  procps-ng
-BuildRequires:  pyproject-rpm-macros
-BuildRequires:  python3-pytest-asyncio
-BuildRequires:  python3-pytest-cov
-BuildRequires:  python3-pytest-timeout
-BuildRequires:  python3-tox-current-env
-%endif
-
 %prep
 %setup -q -n cockpit-%{version}
 
@@ -160,6 +186,9 @@ BuildRequires:  python3-tox-current-env
     --docdir=%_defaultdocdir/%{name} \
 %endif
     --with-pamdir='%{pamdir}' \
+%if 0%{?build_basic} == 0
+    --disable-ssh \
+%endif
 %if %{build_pcp} == 0
     --disable-pcp \
 %endif
@@ -169,10 +198,6 @@ BuildRequires:  python3-tox-current-env
 %check
 make -j$(nproc) check
 
-%if 0%{?rhel} == 0
-%tox
-%endif
-
 %install
 %make_install
 make install-tests DESTDIR=%{buildroot}
@@ -181,6 +206,10 @@ install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit
 rm -f %{buildroot}/%{_libdir}/cockpit/*.so
 install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/
 
+# RHEL 8 specific backwards compat API
+install -m 644 %{SOURCE1} %{buildroot}%{_datadir}/cockpit/base1/
+ln -s cockpit.css.gz %{buildroot}%{_datadir}/cockpit/base1/patternfly.css.gz
+
 # Build the package lists for resource packages
 # cockpit-bridge is the basic dependency for all cockpit-* packages, so centrally own the page directory
 echo '%dir %{_datadir}/cockpit' > base.list
@@ -188,6 +217,10 @@ echo '%dir %{_datadir}/cockpit/base1' >> base.list
 find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list
 echo '%{_sysconfdir}/cockpit/machines.d' >> base.list
 echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list
+%if 0%{?build_basic}
+echo '%dir %{_datadir}/cockpit/ssh' >> base.list
+find %{buildroot}%{_datadir}/cockpit/ssh -type f >> base.list
+%endif
 echo '%{_libexecdir}/cockpit-ssh' >> base.list
 
 %if %{build_pcp}
@@ -235,6 +268,43 @@ echo '%dir %{_datadir}/cockpit/static' > static.list
 echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list
 find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list
 
+# when not building basic packages, remove their files
+%if 0%{?build_basic} == 0
+for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do
+    rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
+    rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
+done
+for data in doc man pixmaps polkit-1; do
+    rm -r %{buildroot}/%{_datadir}/$data
+done
+rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
+find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete
+for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
+    rm -f %{buildroot}/%{_libexecdir}/$libexec
+done
+rm -r %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
+rm -f %{buildroot}/%{_libdir}/security/pam_*
+rm -f %{buildroot}/usr/bin/cockpit-bridge
+rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
+rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
+rm -rf %{buildroot}%{python3_sitelib}/cockpit*
+%endif
+
+# when not building optional packages, remove their files
+%if 0%{?build_optional} == 0
+for pkg in apps packagekit pcp playground storaged; do
+    rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
+done
+# files from -tests
+rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
+rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket
+rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service
+# files from -pcp
+rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/
+# files from -storaged
+rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
+%endif
+
 sed -i "s|%{buildroot}||" *.list
 
 %if ! 0%{?suse_version}
@@ -258,7 +328,9 @@ rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png
 %endif
 
 # -------------------------------------------------------------------------------
-# Sub-packages
+# Basic Sub-packages
+
+%if 0%{?build_basic}
 
 %description
 The Cockpit Web Console enables users to administer GNU/Linux servers using a
@@ -296,7 +368,6 @@ system on behalf of the web based user interface.
 %doc %{_mandir}/man1/cockpit-bridge.1.gz
 %{_bindir}/cockpit-bridge
 %{_libexecdir}/cockpit-askpass
-%{python3_sitelib}/%{name}*
 
 %package doc
 Summary: Cockpit deployment and developer guide
@@ -352,34 +423,32 @@ Provides: bundled(npm(@patternfly/react-styles)) = 5.1.2
 Provides: bundled(npm(@patternfly/react-table)) = 5.1.2
 Provides: bundled(npm(@patternfly/react-tokens)) = 5.1.2
 Provides: bundled(npm(argparse)) = 1.0.10
-Provides: bundled(npm(array-buffer-byte-length)) = 1.0.1
+Provides: bundled(npm(array-buffer-byte-length)) = 1.0.0
 Provides: bundled(npm(attr-accept)) = 2.2.2
 Provides: bundled(npm(autolinker)) = 3.16.2
-Provides: bundled(npm(available-typed-arrays)) = 1.0.6
-Provides: bundled(npm(call-bind)) = 1.0.7
-Provides: bundled(npm(date-fns)) = 3.3.1
+Provides: bundled(npm(available-typed-arrays)) = 1.0.5
+Provides: bundled(npm(call-bind)) = 1.0.5
+Provides: bundled(npm(date-fns)) = 3.2.0
 Provides: bundled(npm(deep-equal)) = 2.2.3
-Provides: bundled(npm(define-data-property)) = 1.1.4
+Provides: bundled(npm(define-data-property)) = 1.1.1
 Provides: bundled(npm(define-properties)) = 1.2.1
-Provides: bundled(npm(es-define-property)) = 1.0.0
-Provides: bundled(npm(es-errors)) = 1.3.0
 Provides: bundled(npm(es-get-iterator)) = 1.1.3
 Provides: bundled(npm(file-selector)) = 0.6.0
 Provides: bundled(npm(focus-trap)) = 7.5.2
 Provides: bundled(npm(for-each)) = 0.3.3
 Provides: bundled(npm(function-bind)) = 1.1.2
 Provides: bundled(npm(functions-have-names)) = 1.2.3
-Provides: bundled(npm(get-intrinsic)) = 1.2.4
+Provides: bundled(npm(get-intrinsic)) = 1.2.2
 Provides: bundled(npm(gopd)) = 1.0.1
 Provides: bundled(npm(has-bigints)) = 1.0.2
-Provides: bundled(npm(has-property-descriptors)) = 1.0.2
+Provides: bundled(npm(has-property-descriptors)) = 1.0.1
 Provides: bundled(npm(has-proto)) = 1.0.1
 Provides: bundled(npm(has-symbols)) = 1.0.3
-Provides: bundled(npm(has-tostringtag)) = 1.0.2
-Provides: bundled(npm(hasown)) = 2.0.1
-Provides: bundled(npm(internal-slot)) = 1.0.7
+Provides: bundled(npm(has-tostringtag)) = 1.0.0
+Provides: bundled(npm(hasown)) = 2.0.0
+Provides: bundled(npm(internal-slot)) = 1.0.6
 Provides: bundled(npm(is-arguments)) = 1.1.1
-Provides: bundled(npm(is-array-buffer)) = 3.0.4
+Provides: bundled(npm(is-array-buffer)) = 3.0.2
 Provides: bundled(npm(is-bigint)) = 1.0.4
 Provides: bundled(npm(is-boolean-object)) = 1.1.2
 Provides: bundled(npm(is-callable)) = 1.2.7
@@ -391,11 +460,12 @@ Provides: bundled(npm(is-set)) = 2.0.2
 Provides: bundled(npm(is-shared-array-buffer)) = 1.0.2
 Provides: bundled(npm(is-string)) = 1.0.7
 Provides: bundled(npm(is-symbol)) = 1.0.4
+Provides: bundled(npm(is-typed-array)) = 1.1.12
 Provides: bundled(npm(is-weakmap)) = 2.0.1
 Provides: bundled(npm(is-weakset)) = 2.0.2
 Provides: bundled(npm(isarray)) = 2.0.5
-Provides: bundled(npm(js-sha1)) = 0.7.0
-Provides: bundled(npm(js-sha256)) = 0.11.0
+Provides: bundled(npm(js-sha1)) = 0.6.0
+Provides: bundled(npm(js-sha256)) = 0.10.1
 Provides: bundled(npm(js-tokens)) = 4.0.0
 Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1
 Provides: bundled(npm(lodash)) = 4.17.21
@@ -410,12 +480,12 @@ Provides: bundled(npm(react-dom)) = 18.2.0
 Provides: bundled(npm(react-dropzone)) = 14.2.3
 Provides: bundled(npm(react-is)) = 16.13.1
 Provides: bundled(npm(react)) = 18.2.0
-Provides: bundled(npm(regexp.prototype.flags)) = 1.5.2
+Provides: bundled(npm(regexp.prototype.flags)) = 1.5.1
 Provides: bundled(npm(remarkable)) = 2.0.1
 Provides: bundled(npm(scheduler)) = 0.23.0
-Provides: bundled(npm(set-function-length)) = 1.2.1
+Provides: bundled(npm(set-function-length)) = 1.2.0
 Provides: bundled(npm(set-function-name)) = 2.0.1
-Provides: bundled(npm(side-channel)) = 1.0.5
+Provides: bundled(npm(side-channel)) = 1.0.4
 Provides: bundled(npm(sprintf-js)) = 1.0.3
 Provides: bundled(npm(stop-iteration-iterator)) = 1.0.0
 Provides: bundled(npm(tabbable)) = 6.2.0
@@ -424,7 +494,7 @@ Provides: bundled(npm(tslib)) = 2.6.2
 Provides: bundled(npm(uuid)) = 9.0.1
 Provides: bundled(npm(which-boxed-primitive)) = 1.0.2
 Provides: bundled(npm(which-collection)) = 1.0.1
-Provides: bundled(npm(which-typed-array)) = 1.1.14
+Provides: bundled(npm(which-typed-array)) = 1.1.13
 Provides: bundled(npm(xterm-addon-canvas)) = 0.5.0
 Provides: bundled(npm(xterm)) = 5.3.0
 
@@ -524,7 +594,9 @@ if [ "$1" = 1 ]; then
     ln -s ../../run/cockpit/motd /etc/motd.d/cockpit
     ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue
     printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
+%if 0%{?disallow_root}
     printf "root\n" >> /etc/cockpit/disallowed-users
+%endif
     chmod 644 /etc/cockpit/disallowed-users
 fi
 
@@ -619,6 +691,21 @@ utility setroubleshoot to diagnose and resolve SELinux issues.
 
 %endif
 
+#/ build basic packages
+%else
+
+# RPM requires this
+%description
+Dummy package from building optional packages only; never install or publish me.
+
+#/ build basic packages
+%endif
+
+# -------------------------------------------------------------------------------
+# Sub-packages that are optional extensions
+
+%if 0%{?build_optional}
+
 %package -n cockpit-storaged
 Summary: Cockpit user interface for storage, using udisks
 Requires: cockpit-shell >= %{required_base}
@@ -694,36 +781,33 @@ via PackageKit.
 
 %files -n cockpit-packagekit -f packagekit.list
 
+#/ build optional extension packages
+%endif
+
 # The changelog is automatically generated and merged
 %changelog
-* Tue Apr 02 2024 Martin Pitt <mpitt@redhat.com> - 311.2-1
-- sosreport: Fix command injection with crafted report names [CVE-2024-2947]
-  (jira#RHEL-31074)
-
-* Tue Feb 20 2024 Packit <hello@packit.dev> - 311.1-1
-- Update documentation links to RHEL 9 (RHEL-3954)
-- Storage: Various bug fixes
+* Mon Jul 22 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 310.3-1.inferit.1
+- Remove GOST patches for MSVSphere as it is unsupported by system
 
-* Wed Feb 14 2024 Packit <hello@packit.dev> - 311-1
-- Bug fixes and stability improvements
+* Tue Apr 16 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 310.3-1.inferit
+- Replace Source0 archive with MSVSphere OS-specific one
+- Add MSVSphere OS branding
+- Use MSVSPHERE_PRETTY_NAME instead of PRETTY_NAME and NAME in UI
+- Fix sudo button translation issue
+- Remove upstream documentation links from UI
+- Added GOST PAM support
 
-* Wed Feb 07 2024 Packit <hello@packit.dev> - 310.2-1
-- selinux: Cover migration to /run
-- ws: Handle HEAD requests correctly, for curl 8.6.0
+* Fri Mar 29 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 310.3-1
+- Rebuilt for MSVSphere 8.10 beta
 
-* Fri Feb 02 2024 Packit <hello@packit.dev> - 310.1-1
-- bridge: Fix race condition/crash in file watching channels
+* Thu Feb 15 2024 Martin Pitt <mpitt@redhat.com> - 310.3-1
+- Translation updates (jira#RHEL-16681)
+  Lots of bug fixes
 
 * Wed Jan 31 2024 Packit <hello@packit.dev> - 310-1
 - Storage: support for btrfs
 - Storage: improved support for swap
 
-* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 309-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 309-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
 * Thu Jan 18 2024 Packit <hello@packit.dev> - 309-1
 - Storage: Introduce btrfs support
 
@@ -740,10 +824,7 @@ via PackageKit.
 - Performance and stability improvements
 
 * Wed Nov 01 2023 Packit <hello@packit.dev> - 304-1
-Storage: Support for RAID layouts with LVM2
-
-* Thu Oct 19 2023 Adam Williamson <awilliam@redhat.com> - 303-2
-- Rebuild for untagged selinux-policy (cockpit-ws dep)
+- Bug fixes
 
 * Wed Oct 18 2023 Packit <hello@packit.dev> - 303-1
 - Apps: Warn if appstream data package is missing
@@ -768,17 +849,11 @@ Storage: Support for RAID layouts with LVM2
 
 * Wed Jul 26 2023 Packit <hello@packit.dev> - 297-1
 - users: allow administrators to change the user shell
-- tools: Enable Python bridge on Fedora 38
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 296-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+- Enable Python bridge on Fedora 38 and CentOS/RHEL 9
 
 * Wed Jul 12 2023 Packit <hello@packit.dev> - 296-1
 - Performance and stability improvements
 
-* Wed Jun 28 2023 Python Maint <python-maint@redhat.com> - 295-2
-- Rebuilt for Python 3.12
-
 * Wed Jun 28 2023 Packit <hello@packit.dev> - 295-1
 - Cockpit Client can now connect to servers without Cockpit installed