Compare commits

...

No commits in common. 'c9' and 'i8-beta' have entirely different histories.
c9 ... i8-beta

@ -1 +1,2 @@
4784445989c80518644267f01483afc962b10d03 SOURCES/cockpit-323.1.tar.xz
a37e1d6ad4b1b25729682c54ab7e4dcdcfd894a7 SOURCES/cockpit.css.gz
e3c77825b38894cbf8261dbddf56affefb431083 SOURCES/cockpit-310.3.tar.xz

3
.gitignore vendored

@ -1 +1,2 @@
SOURCES/cockpit-323.1.tar.xz
SOURCES/cockpit-310.3.tar.xz
SOURCES/cockpit.css.gz

@ -0,0 +1,71 @@
From 383c67ef13d6a7060b3ed249804f0948e667510f Mon Sep 17 00:00:00 2001
From: tigro <tigro@msvsphere-os.ru>
Date: Tue, 2 Apr 2024 16:50:30 +0300
Subject: [PATCH] Added support GOST and PAM-GOST profiles for crypto-policies
in the UI interface
---
pkg/systemd/overview-cards/cryptoPolicies.jsx | 7 +++++
po/ru.po | 28 +++++++++++++++++++
2 files changed, 35 insertions(+)
diff --git a/pkg/systemd/overview-cards/cryptoPolicies.jsx b/pkg/systemd/overview-cards/cryptoPolicies.jsx
index 4da83868b..acbfaef3f 100644
--- a/pkg/systemd/overview-cards/cryptoPolicies.jsx
+++ b/pkg/systemd/overview-cards/cryptoPolicies.jsx
@@ -121,6 +121,13 @@ const CryptoPolicyDialog = ({
</Flex>),
"FIPS:OSPP": _("FIPS with further Common Criteria restrictions."),
FUTURE: _("Protects from anticipated near-term future attacks at the expense of interoperability."),
+ "DEFAULT:GOST": _("DEFAULT with GOST algorithms enabled."),
+ "DEFAULT:PAM-GOST": _("DEFAULT with GOST password hashing based on minimal auth profile."),
+ "DEFAULT:GOST:PAM-GOST": _("DEFAULT with GOST and GOST password hashing based on minimal auth profile."),
+ "DEFAULT:GOST:SSSD-PAM-GOST": _("DEFAULT with GOST and GOST password hashing based on sssd auth profile."),
+ "DEFAULT:PATCH-PAM-GOST": _("DEFAULT with GOST password hashing based on patch for custom configs."),
+ "GOST-ONLY": _("GOST algorithms allowed only."),
+ "GOST-ONLY-PAM": _("GOST algorithms allowed only with GOST pass hashing."),
};
const policies = Object.keys(cryptopolicies)
diff --git a/po/ru.po b/po/ru.po
index df7e755b5..2ceb4d063 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -2438,6 +2438,34 @@ msgstr "Настраиваемые зоны"
msgid "DEFAULT with SHA-1 signature verification allowed."
msgstr ""
+#: pkg/systemd/overview-cards/cryptoPolicies.jsx:124
+msgid "DEFAULT with GOST algorithms enabled."
+msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ алгоритмов"
+
+#: pkg/systemd/overview-cards/cryptoPolicies.jsx:125
+msgid "DEFAULT with GOST password hashing based on minimal auth profile."
+msgstr "Профиль по умолчанию, с добавлением поддержки хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации minimal"
+
+#: pkg/systemd/overview-cards/cryptoPolicies.jsx:126
+msgid "DEFAULT with GOST and GOST password hashing based on minimal auth profile."
+msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ и хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации minimal"
+
+#: pkg/systemd/overview-cards/cryptoPolicies.jsx:127
+msgid "DEFAULT with GOST and GOST password hashing based on sssd auth profile."
+msgstr "Профиль по умолчанию, с добавлением поддержки ГОСТ и хэшей паролей по ГОСТ 34.11-2012 на базе профиля авторизации sssd"
+
+#: pkg/systemd/overview-cards/cryptoPolicies.jsx:128
+msgid "DEFAULT with GOST password hashing based on patch for custom configs."
+msgstr "Профиль по умолчанию, с добавлением хэшей паролей по ГОСТ 34.11-2012 модификацией файлов авторизации. Для пользовательских конфигураций"
+
+#: pkg/systemd/overview-cards/cryptoPolicies.jsx:129
+msgid "GOST algorithms allowed only."
+msgstr "Профиль ГОСТ с запретом всего остального"
+
+#: pkg/systemd/overview-cards/cryptoPolicies.jsx:130
+msgid "GOST algorithms allowed only with GOST pass hashing."
+msgstr "Профиль ГОСТ(+хэш паролей по ГОСТ 34.11-2012) с запретом всего остального"
+
#: pkg/networkmanager/ip-settings.jsx:237
msgid "DNS"
msgstr "DNS"
--
2.44.0

@ -0,0 +1,87 @@
From fc676ccfa2932d62c09d6e47300147ab69aec6c0 Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
Date: Mon, 20 Nov 2023 21:15:12 +0300
Subject: [PATCH 1/6] Adds MSVSphere branding directory
---
Makefile.am | 1 +
src/branding/msvsphere/Makefile.am | 11 +++++++++
src/branding/msvsphere/branding.css | 36 +++++++++++++++++++++++++++++
3 files changed, 48 insertions(+)
create mode 100644 src/branding/msvsphere/Makefile.am
create mode 100644 src/branding/msvsphere/branding.css
diff --git a/Makefile.am b/Makefile.am
index 7901fcc0d..5f2696062 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -174,6 +174,7 @@ include src/branding/debian/Makefile.am
include src/branding/default/Makefile.am
include src/branding/fedora/Makefile.am
include src/branding/kubernetes/Makefile.am
+include src/branding/msvsphere/Makefile.am
include src/branding/opensuse/Makefile.am
include src/branding/registry/Makefile.am
include src/branding/rhel/Makefile.am
diff --git a/src/branding/msvsphere/Makefile.am b/src/branding/msvsphere/Makefile.am
new file mode 100644
index 000000000..7425bdd0f
--- /dev/null
+++ b/src/branding/msvsphere/Makefile.am
@@ -0,0 +1,11 @@
+msvspherebrandingdir = $(datadir)/cockpit/branding/msvsphere
+
+dist_msvspherebranding_DATA = \
+ src/branding/msvsphere/branding.css \
+ $(NULL)
+
+# Opportunistically use sphere-logos ... yes they're called 'fedora'
+install-data-hook::
+ ln -sTfr $(DESTDIR)/usr/share/pixmaps/system-logo-white.png $(DESTDIR)$(msvspherebrandingdir)/logo.png
+ ln -sTfr $(DESTDIR)/usr/share/pixmaps/fedora-logo-sprite.png $(DESTDIR)$(msvspherebrandingdir)/apple-touch-icon.png
+ ln -sTfr $(DESTDIR)/etc/favicon.png $(DESTDIR)$(msvspherebrandingdir)/favicon.ico
diff --git a/src/branding/msvsphere/branding.css b/src/branding/msvsphere/branding.css
new file mode 100644
index 000000000..2b87b42bc
--- /dev/null
+++ b/src/branding/msvsphere/branding.css
@@ -0,0 +1,36 @@
+/* MSVSphere Branding */
+
+:root {
+ --ct-color-host-accent: #cc0000 !important;
+}
+
+body.login-pf {
+ background: url("bg-plain.jpg") no-repeat 50% 0;
+ background-size: cover;
+ background-color: #101010;
+}
+
+#badge {
+ width: 225px;
+ height: 80px;
+ background-image: url("logo.png");
+ background-size: contain;
+ background-repeat: no-repeat;
+}
+
+#brand {
+ font-size: 18pt;
+ text-transform: uppercase;
+}
+
+#brand:before {
+ content: "${NAME}";
+}
+
+#index-brand {
+ font-weight: bold;
+}
+
+#index-brand:before {
+ content: "${NAME}";
+}
--
2.43.0

@ -0,0 +1,46 @@
From 2e1149a465911f292a94a21d012198a009b1403f Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
Date: Mon, 20 Nov 2023 21:25:21 +0300
Subject: [PATCH 2/6] Show MSVSPHERE_PRETTY_NAME instead of NAME on login page
---
src/branding/msvsphere/branding.css | 4 ++--
src/ws/cockpithandlers.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/branding/msvsphere/branding.css b/src/branding/msvsphere/branding.css
index 2b87b42bc..67faf6d4b 100644
--- a/src/branding/msvsphere/branding.css
+++ b/src/branding/msvsphere/branding.css
@@ -24,7 +24,7 @@ body.login-pf {
}
#brand:before {
- content: "${NAME}";
+ content: "${MSVSPHERE_PRETTY_NAME}";
}
#index-brand {
@@ -32,5 +32,5 @@ body.login-pf {
}
#index-brand:before {
- content: "${NAME}";
+ content: "${MSVSPHERE_PRETTY_NAME}";
}
diff --git a/src/ws/cockpithandlers.c b/src/ws/cockpithandlers.c
index c866e1c15..b1b914ffa 100644
--- a/src/ws/cockpithandlers.c
+++ b/src/ws/cockpithandlers.c
@@ -287,7 +287,7 @@ build_environment (GHashTable *os_release)
* the corresponding information is not a leak.
*/
static const gchar *release_fields[] = {
- "NAME", "ID", "PRETTY_NAME", "VARIANT", "VARIANT_ID", "CPE_NAME", "ID_LIKE", "DOCUMENTATION_URL"
+ "NAME", "ID", "PRETTY_NAME", "VARIANT", "VARIANT_ID", "CPE_NAME", "ID_LIKE", "DOCUMENTATION_URL", "MSVSPHERE_PRETTY_NAME"
};
static const gchar *prefix = "\n <script>\nvar environment = ";
--
2.43.0

@ -0,0 +1,26 @@
From c1e377389f4e613e9707de8ea09bd5fc9179f8d4 Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
Date: Mon, 20 Nov 2023 21:46:51 +0300
Subject: [PATCH 3/6] Show MSVSPHERE_PRETTY_NAME instead of NAME for
documentation link
---
pkg/shell/topnav.jsx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkg/shell/topnav.jsx b/pkg/shell/topnav.jsx
index 1ad8c3dcb..e1a8e4c66 100644
--- a/pkg/shell/topnav.jsx
+++ b/pkg/shell/topnav.jsx
@@ -149,7 +149,7 @@ export class TopNav extends React.Component {
if (this.state.osRelease.DOCUMENTATION_URL)
docItems.push(<DropdownItem key="os-doc" href={this.state.osRelease.DOCUMENTATION_URL} target="blank" rel="noopener noreferrer" icon={<ExternalLinkAltIcon />}>
- {cockpit.format(_("$0 documentation"), this.state.osRelease.NAME)}
+ {cockpit.format(_("$0 documentation"), this.state.osRelease.MSVSPHERE_PRETTY_NAME)}
</DropdownItem>);
// global documentation for cockpit as a whole
--
2.43.0

@ -0,0 +1,28 @@
From 6beacc90bdaa4fc3af4f5ae6b627de59aa08fb55 Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
Date: Tue, 21 Nov 2023 00:04:04 +0300
Subject: [PATCH 4/6] Include pkg/shell module translations in other modules
This is required to fix the sudo button translation which is
located in pkg/shell/superuser.jsx but used in different places
like pkg/sosreport module.
---
pkg/lib/cockpit-po-plugin.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkg/lib/cockpit-po-plugin.js b/pkg/lib/cockpit-po-plugin.js
index a7f31ca64..c3594d0ce 100644
--- a/pkg/lib/cockpit-po-plugin.js
+++ b/pkg/lib/cockpit-po-plugin.js
@@ -70,7 +70,7 @@ function buildFile(po_file, subdir, webpack_module, webpack_compilation) {
for (const [msgid, translation] of Object.entries(context)) {
/* Only include msgids which appear in this source directory */
const references = translation.comments.reference.split(/\s/);
- if (!references.some(str => str.startsWith(`pkg/${subdir}`) || str.startsWith(config.src_directory) || str.startsWith(`pkg/lib`)))
+ if (!references.some(str => str.startsWith(`pkg/${subdir}`) || str.startsWith(config.src_directory) || str.startsWith(`pkg/lib`) || str.startsWith(`pkg/shell`)))
continue;
if (translation.comments.flag?.match(/\bfuzzy\b/))
--
2.43.0

@ -0,0 +1,56 @@
From a62c5236b9b660803c98da943f2fdbca5faaf588 Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
Date: Tue, 21 Nov 2023 00:36:55 +0300
Subject: [PATCH 5/6] Show MSVSPHERE_PRETTY_NAME instead of PRETTY_NAME in
overview
---
pkg/systemd/overview.jsx | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/pkg/systemd/overview.jsx b/pkg/systemd/overview.jsx
index e780a1c5d..3527b02b6 100644
--- a/pkg/systemd/overview.jsx
+++ b/pkg/systemd/overview.jsx
@@ -28,6 +28,7 @@ import { Page, PageSection, PageSectionVariants } from "@patternfly/react-core/d
import { Gallery } from "@patternfly/react-core/dist/esm/layouts/Gallery/index.js";
import { Dropdown, DropdownItem, DropdownPosition, DropdownToggle, DropdownToggleAction } from '@patternfly/react-core/dist/esm/deprecated/components/Dropdown/index.js';
+import { read_os_release } from "os-release.js";
import { superuser } from "superuser";
import { SystemInformationCard } from './overview-cards/systemInformationCard.jsx';
@@ -53,11 +54,14 @@ class OverviewPage extends React.Component {
this.state = {
actionIsOpen: false,
privileged: true,
+ osRelease: {},
};
this.hostnameMonitor = this.hostnameMonitor.bind(this);
this.onPermissionChanged = this.onPermissionChanged.bind(this);
this.superuser = cockpit.dbus(null, { bus: "internal" }).proxy("cockpit.Superuser", "/superuser");
+
+ read_os_release().then(os => this.setState({ osRelease: os || {} }));
}
componentDidMount() {
@@ -154,9 +158,12 @@ class OverviewPage extends React.Component {
<h1>
{this.hostname_text()}
</h1>
- {this.state.hostnameData &&
- this.state.hostnameData.OperatingSystemPrettyName &&
- <div className="ct-overview-header-subheading" id="system_information_os_text">{cockpit.format(_("running $0"), this.state.hostnameData.OperatingSystemPrettyName)}</div>}
+ {this.state.osRelease && this.state.osRelease.MSVSPHERE_PRETTY_NAME ? (
+ <div className="ct-overview-header-subheading" id="system_information_os_text">{cockpit.format(_("running $0"), this.state.osRelease.MSVSPHERE_PRETTY_NAME)}</div>
+ ) : (
+ this.state.hostnameData && this.state.hostnameData.OperatingSystemPrettyName &&
+ <div className="ct-overview-header-subheading" id="system_information_os_text">{cockpit.format(_("running $0"), this.state.hostnameData.OperatingSystemPrettyName)}</div>
+ )}
</div>
<div className='ct-overview-header-actions'>
{ show_superuser && <SuperuserIndicator proxy={this.superuser} /> }
--
2.43.0

@ -0,0 +1,39 @@
From a0a076d4b2b5770c35c63fff4e5ed80abd5fade9 Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <ezamriy@msvsphere-os.ru>
Date: Tue, 21 Nov 2023 00:48:25 +0300
Subject: [PATCH 6/6] Disable upstream documentation links
---
pkg/shell/topnav.jsx | 16 ----------------
1 file changed, 16 deletions(-)
diff --git a/pkg/shell/topnav.jsx b/pkg/shell/topnav.jsx
index e1a8e4c66..111563118 100644
--- a/pkg/shell/topnav.jsx
+++ b/pkg/shell/topnav.jsx
@@ -152,22 +152,6 @@ export class TopNav extends React.Component {
{cockpit.format(_("$0 documentation"), this.state.osRelease.MSVSPHERE_PRETTY_NAME)}
</DropdownItem>);
- // global documentation for cockpit as a whole
- (cockpit.manifests.shell?.docs ?? []).forEach(doc => {
- docItems.push(<DropdownItem key={doc.label} href={doc.url} target="blank" rel="noopener noreferrer" icon={<ExternalLinkAltIcon />}>
- {doc.label}
- </DropdownItem>);
- });
-
- if (docs.length > 0)
- docItems.push(<DropdownSeparator key="separator" />);
-
- docs.forEach(e => {
- docItems.push(<DropdownItem key={e.label} href={e.url} target="blank" rel="noopener noreferrer" icon={<ExternalLinkAltIcon />}>
- {_(e.label)}
- </DropdownItem>);
- });
-
docItems.push(<DropdownSeparator key="separator1" />);
docItems.push(<DropdownItem key="about" component="button"
onClick={() => Dialogs.show(<AboutCockpitModal />)}>
--
2.43.0

@ -0,0 +1,25 @@
From 65cc5eae0c57b7df4b710258718fb2c6821d23d2 Mon Sep 17 00:00:00 2001
From: tigro <tigro@msvsphere-os.ru>
Date: Mon, 5 Feb 2024 20:09:15 +0300
Subject: [PATCH] Update Russian translation
---
po/ru.po | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/po/ru.po b/po/ru.po
index 41b461f..34ab2f9 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -1684,7 +1684,7 @@ msgstr "Закрыть выделенные страницы"
#: src/ws/cockpit.appdata.xml.in:7
msgid "Cockpit"
-msgstr "Cockpit"
+msgstr "Панель управления Cockpit"
#: pkg/static/login.js:452
msgid "Cockpit authentication is configured incorrectly."
--
2.43.0

@ -0,0 +1,27 @@
From c0f6c3e6c1a8abc1dff900669e1743f78f2543b4 Mon Sep 17 00:00:00 2001
From: tigro <tigro@msvsphere-os.ru>
Date: Sat, 10 Feb 2024 23:55:52 +0300
Subject: [PATCH] Change chpasswd to passwd to support PAM crypto algorithms
---
pkg/users/password-dialogs.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pkg/users/password-dialogs.js b/pkg/users/password-dialogs.js
index 089abac41..5589e79f0 100644
--- a/pkg/users/password-dialogs.js
+++ b/pkg/users/password-dialogs.js
@@ -111,8 +111,8 @@ function passwd_self(old_pass, new_pass) {
export function passwd_change(user, new_pass) {
return new Promise((resolve, reject) => {
- cockpit.spawn(["chpasswd"], { superuser: "require", err: "out" })
- .input(user + ":" + new_pass)
+ cockpit.spawn(["passwd", user, "--stdin"], { superuser: "require", err: "out" })
+ .input(new_pass)
.done(function() {
resolve();
})
--
2.43.0

@ -0,0 +1,40 @@
#!/bin/sh -e
_version="$1"
echo "Clean up sources"
rm -rf cockpit
echo "Cloning cockpit.git"
git clone https://github.com/cockpit-project/cockpit.git
cd cockpit
echo -n "Checking tag ${_version}... "
if ! git tag | grep -w ${_version}; then
echo "fail"
exit 1
else
echo "ok"
fi
echo "Checkout tag ${_version}"
git checkout ${_version}
echo "Patching souurces"
# FIXME
# Remove GOST patches for MSVSphere 8
# As it is unsupported by system
rm ../0001-Added-support-GOST-and-PAM-GOST-profiles-for-crypto-.patch
rm ../0009-Change-chpasswd-to-passwd-to-support-PAM-crypto-algo.patch
git am ../000*.patch
echo "Fix version in tools/make-dist"
sed -i "s@VERSION=\"\$(git describe.*@VERSION=${_version}@" tools/make-dist
echo "Make dist"
tools/make-dist
cd ..
cp cockpit/tmp/build-dist/cockpit-${_version}.tar.xz .
sha1sum cockpit-${_version}.tar.xz

@ -12,7 +12,7 @@
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <https://www.gnu.org/licenses/>.
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
#
# This file is maintained at the following location:
@ -49,30 +49,51 @@ Summary: Web Console for Linux servers
License: LGPL-2.1-or-later
URL: https://cockpit-project.org/
Version: 323.1
Release: 1%{?dist}
Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
Version: 310.3
Release: 1%{?dist}.inferit.1
Source0: cockpit-%{version}.tar.xz
Source1: cockpit.css.gz
# in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system})
# and cockpit-appstream (building optional packages like cockpit-{pcp})
# This split does not apply to EPEL/COPR nor packit c8s builds, only to our own
# image-prepare rhel-8-Y builds (which will disable build_all).
# In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream
%if 0%{?rhel} == 8 && 0%{?epel} == 0 && !0%{?build_all}
%if "%{name}" == "cockpit"
%define build_basic 1
%define build_optional 0
%else
%define build_basic 0
%define build_optional 1
%endif
%else
%define build_basic 1
%define build_optional 1
%endif
%if 0%{?fedora} >= 41 || 0%{?rhel}
ExcludeArch: %{ix86}
# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH.
%if 0%{?rhel} && 0%{?rhel} <= 8
%define disallow_root 0
%else
%define disallow_root 1
%endif
# pcp stopped building on ix86 in Fedora 40+, and broke hard on 39: https://bugzilla.redhat.com/show_bug.cgi?id=2284431
# pcp stopped building on ix86
%define build_pcp 1
%if 0%{?fedora} >= 39 || 0%{?rhel} >= 10
%if 0%{?fedora} >= 40 || 0%{?rhel} >= 10
%ifarch %ix86
%define build_pcp 0
%endif
%endif
%define enable_multihost 1
%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10
%define enable_multihost 0
%endif
# Ship custom SELinux policy
# Ship custom SELinux policy (but not for cockpit-appstream)
%if "%{name}" == "cockpit"
%define selinuxtype targeted
%define selinux_configure_arg --enable-selinux-policy=%{selinuxtype}
%endif
BuildRequires: gcc
BuildRequires: pkgconfig(gio-unix-2.0)
@ -83,8 +104,16 @@ BuildRequires: pam-devel
BuildRequires: autoconf automake
BuildRequires: make
BuildRequires: python3-devel
%if 0%{?rhel} && 0%{?rhel} <= 8
# RHEL 8's gettext does not yet have metainfo.its
BuildRequires: gettext >= 0.19.7
BuildRequires: libappstream-glib-devel
%else
BuildRequires: gettext >= 0.21
%endif
%if 0%{?build_basic}
BuildRequires: libssh-devel >= 0.8.5
%endif
BuildRequires: openssl-devel
BuildRequires: gnutls-devel >= 3.4.3
BuildRequires: zlib-devel
@ -145,44 +174,30 @@ Suggests: cockpit-selinux
Requires: subscription-manager-cockpit
%endif
BuildRequires: python3-devel
BuildRequires: python3-pip
%if 0%{?rhel} == 0 && !0%{?suse_version}
# All of these are only required for running pytest (which we only do on Fedora)
BuildRequires: procps-ng
BuildRequires: pyproject-rpm-macros
BuildRequires: python3-pytest-asyncio
BuildRequires: python3-pytest-cov
BuildRequires: python3-pytest-timeout
BuildRequires: python3-tox-current-env
%endif
%prep
%setup -q -n cockpit-%{version}
%build
%configure \
%{?selinux_configure_arg} \
--with-cockpit-user=cockpit-ws \
--with-cockpit-ws-instance-user=cockpit-wsinstance \
%if 0%{?suse_version}
--docdir=%_defaultdocdir/%{name} \
%endif
--with-pamdir='%{pamdir}' \
%if 0%{?build_basic} == 0
--disable-ssh \
%endif
%if %{build_pcp} == 0
--disable-pcp \
%endif
%if %{enable_multihost}
--enable-multihost \
%endif
%make_build
%check
make -j$(nproc) check
%if 0%{?rhel} == 0
%tox
%endif
%install
%make_install
make install-tests DESTDIR=%{buildroot}
@ -191,6 +206,10 @@ install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit
rm -f %{buildroot}/%{_libdir}/cockpit/*.so
install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/
# RHEL 8 specific backwards compat API
install -m 644 %{SOURCE1} %{buildroot}%{_datadir}/cockpit/base1/
ln -s cockpit.css.gz %{buildroot}%{_datadir}/cockpit/base1/patternfly.css.gz
# Build the package lists for resource packages
# cockpit-bridge is the basic dependency for all cockpit-* packages, so centrally own the page directory
echo '%dir %{_datadir}/cockpit' > base.list
@ -198,6 +217,10 @@ echo '%dir %{_datadir}/cockpit/base1' >> base.list
find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list
echo '%{_sysconfdir}/cockpit/machines.d' >> base.list
echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list
%if 0%{?build_basic}
echo '%dir %{_datadir}/cockpit/ssh' >> base.list
find %{buildroot}%{_datadir}/cockpit/ssh -type f >> base.list
%endif
echo '%{_libexecdir}/cockpit-ssh' >> base.list
%if %{build_pcp}
@ -245,6 +268,43 @@ echo '%dir %{_datadir}/cockpit/static' > static.list
echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list
find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list
# when not building basic packages, remove their files
%if 0%{?build_basic} == 0
for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do
rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
done
for data in doc man pixmaps polkit-1; do
rm -r %{buildroot}/%{_datadir}/$data
done
rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete
for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
rm -f %{buildroot}/%{_libexecdir}/$libexec
done
rm -r %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
rm -f %{buildroot}/%{_libdir}/security/pam_*
rm -f %{buildroot}/usr/bin/cockpit-bridge
rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
rm -rf %{buildroot}%{python3_sitelib}/cockpit*
%endif
# when not building optional packages, remove their files
%if 0%{?build_optional} == 0
for pkg in apps packagekit pcp playground storaged; do
rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
done
# files from -tests
rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket
rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service
# files from -pcp
rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/
# files from -storaged
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
%endif
sed -i "s|%{buildroot}||" *.list
%if ! 0%{?suse_version}
@ -268,7 +328,9 @@ rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png
%endif
# -------------------------------------------------------------------------------
# Sub-packages
# Basic Sub-packages
%if 0%{?build_basic}
%description
The Cockpit Web Console enables users to administer GNU/Linux servers using a
@ -306,7 +368,6 @@ system on behalf of the web based user interface.
%doc %{_mandir}/man1/cockpit-bridge.1.gz
%{_bindir}/cockpit-bridge
%{_libexecdir}/cockpit-askpass
%{python3_sitelib}/%{name}*
%package doc
Summary: Cockpit deployment and developer guide
@ -340,11 +401,11 @@ Provides: cockpit-users = %{version}-%{release}
Obsoletes: cockpit-dashboard < %{version}-%{release}
%if 0%{?rhel}
Requires: NetworkManager >= 1.6
Requires: kexec-tools
Requires: sos
Requires: sudo
Recommends: PackageKit
Recommends: setroubleshoot-server >= 3.3.3
Recommends: /usr/bin/kdumpctl
Suggests: NetworkManager-team
Provides: cockpit-kdump = %{version}-%{release}
Provides: cockpit-networkmanager = %{version}-%{release}
@ -355,39 +416,87 @@ Provides: cockpit-sosreport = %{version}-%{release}
Recommends: (reportd if abrt)
%endif
Provides: bundled(npm(@patternfly/patternfly)) = 5.3.1
Provides: bundled(npm(@patternfly/react-core)) = 5.3.4
Provides: bundled(npm(@patternfly/react-icons)) = 5.3.2
Provides: bundled(npm(@patternfly/react-styles)) = 5.3.1
Provides: bundled(npm(@patternfly/react-table)) = 5.3.4
Provides: bundled(npm(@patternfly/react-tokens)) = 5.3.1
Provides: bundled(npm(@xterm/addon-canvas)) = 0.7.0
Provides: bundled(npm(@xterm/xterm)) = 5.5.0
Provides: bundled(npm(@patternfly/patternfly)) = 5.1.0
Provides: bundled(npm(@patternfly/react-core)) = 5.1.2
Provides: bundled(npm(@patternfly/react-icons)) = 5.1.2
Provides: bundled(npm(@patternfly/react-styles)) = 5.1.2
Provides: bundled(npm(@patternfly/react-table)) = 5.1.2
Provides: bundled(npm(@patternfly/react-tokens)) = 5.1.2
Provides: bundled(npm(argparse)) = 1.0.10
Provides: bundled(npm(array-buffer-byte-length)) = 1.0.0
Provides: bundled(npm(attr-accept)) = 2.2.2
Provides: bundled(npm(autolinker)) = 3.16.2
Provides: bundled(npm(dequal)) = 2.0.3
Provides: bundled(npm(available-typed-arrays)) = 1.0.5
Provides: bundled(npm(call-bind)) = 1.0.5
Provides: bundled(npm(date-fns)) = 3.2.0
Provides: bundled(npm(deep-equal)) = 2.2.3
Provides: bundled(npm(define-data-property)) = 1.1.1
Provides: bundled(npm(define-properties)) = 1.2.1
Provides: bundled(npm(es-get-iterator)) = 1.1.3
Provides: bundled(npm(file-selector)) = 0.6.0
Provides: bundled(npm(focus-trap)) = 7.5.2
Provides: bundled(npm(js-sha1)) = 0.7.0
Provides: bundled(npm(js-sha256)) = 0.11.0
Provides: bundled(npm(for-each)) = 0.3.3
Provides: bundled(npm(function-bind)) = 1.1.2
Provides: bundled(npm(functions-have-names)) = 1.2.3
Provides: bundled(npm(get-intrinsic)) = 1.2.2
Provides: bundled(npm(gopd)) = 1.0.1
Provides: bundled(npm(has-bigints)) = 1.0.2
Provides: bundled(npm(has-property-descriptors)) = 1.0.1
Provides: bundled(npm(has-proto)) = 1.0.1
Provides: bundled(npm(has-symbols)) = 1.0.3
Provides: bundled(npm(has-tostringtag)) = 1.0.0
Provides: bundled(npm(hasown)) = 2.0.0
Provides: bundled(npm(internal-slot)) = 1.0.6
Provides: bundled(npm(is-arguments)) = 1.1.1
Provides: bundled(npm(is-array-buffer)) = 3.0.2
Provides: bundled(npm(is-bigint)) = 1.0.4
Provides: bundled(npm(is-boolean-object)) = 1.1.2
Provides: bundled(npm(is-callable)) = 1.2.7
Provides: bundled(npm(is-date-object)) = 1.0.5
Provides: bundled(npm(is-map)) = 2.0.2
Provides: bundled(npm(is-number-object)) = 1.0.7
Provides: bundled(npm(is-regex)) = 1.1.4
Provides: bundled(npm(is-set)) = 2.0.2
Provides: bundled(npm(is-shared-array-buffer)) = 1.0.2
Provides: bundled(npm(is-string)) = 1.0.7
Provides: bundled(npm(is-symbol)) = 1.0.4
Provides: bundled(npm(is-typed-array)) = 1.1.12
Provides: bundled(npm(is-weakmap)) = 2.0.1
Provides: bundled(npm(is-weakset)) = 2.0.2
Provides: bundled(npm(isarray)) = 2.0.5
Provides: bundled(npm(js-sha1)) = 0.6.0
Provides: bundled(npm(js-sha256)) = 0.10.1
Provides: bundled(npm(js-tokens)) = 4.0.0
Provides: bundled(npm(json-stable-stringify-without-jsonify)) = 1.0.1
Provides: bundled(npm(lodash)) = 4.17.21
Provides: bundled(npm(loose-envify)) = 1.4.0
Provides: bundled(npm(object-assign)) = 4.1.1
Provides: bundled(npm(object-inspect)) = 1.13.1
Provides: bundled(npm(object-is)) = 1.1.5
Provides: bundled(npm(object-keys)) = 1.1.1
Provides: bundled(npm(object.assign)) = 4.1.5
Provides: bundled(npm(prop-types)) = 15.8.1
Provides: bundled(npm(react-dom)) = 18.3.1
Provides: bundled(npm(react-dom)) = 18.2.0
Provides: bundled(npm(react-dropzone)) = 14.2.3
Provides: bundled(npm(react-is)) = 16.13.1
Provides: bundled(npm(react)) = 18.3.1
Provides: bundled(npm(react)) = 18.2.0
Provides: bundled(npm(regexp.prototype.flags)) = 1.5.1
Provides: bundled(npm(remarkable)) = 2.0.1
Provides: bundled(npm(scheduler)) = 0.23.2
Provides: bundled(npm(scheduler)) = 0.23.0
Provides: bundled(npm(set-function-length)) = 1.2.0
Provides: bundled(npm(set-function-name)) = 2.0.1
Provides: bundled(npm(side-channel)) = 1.0.4
Provides: bundled(npm(sprintf-js)) = 1.0.3
Provides: bundled(npm(stop-iteration-iterator)) = 1.0.0
Provides: bundled(npm(tabbable)) = 6.2.0
Provides: bundled(npm(throttle-debounce)) = 5.0.2
Provides: bundled(npm(tslib)) = 2.6.3
Provides: bundled(npm(uuid)) = 10.0.0
Provides: bundled(npm(throttle-debounce)) = 5.0.0
Provides: bundled(npm(tslib)) = 2.6.2
Provides: bundled(npm(uuid)) = 9.0.1
Provides: bundled(npm(which-boxed-primitive)) = 1.0.2
Provides: bundled(npm(which-collection)) = 1.0.1
Provides: bundled(npm(which-typed-array)) = 1.1.13
Provides: bundled(npm(xterm-addon-canvas)) = 0.5.0
Provides: bundled(npm(xterm)) = 5.3.0
%description system
This package contains the Cockpit shell and system configuration interfaces.
@ -437,7 +546,6 @@ authentication via sssd/FreeIPA.
%{_unitdir}/cockpit.service
%{_unitdir}/cockpit-motd.service
%{_unitdir}/cockpit.socket
%{_unitdir}/cockpit-ws-user.service
%{_unitdir}/cockpit-wsinstance-http.socket
%{_unitdir}/cockpit-wsinstance-http.service
%{_unitdir}/cockpit-wsinstance-https-factory.socket
@ -445,8 +553,7 @@ authentication via sssd/FreeIPA.
%{_unitdir}/cockpit-wsinstance-https@.socket
%{_unitdir}/cockpit-wsinstance-https@.service
%{_unitdir}/system-cockpithttps.slice
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-ws.conf
%{_sysusersdir}/cockpit-wsinstance.conf
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf
%{pamdir}/pam_ssh_add.so
%{pamdir}/pam_cockpit_cert.so
%{_libexecdir}/cockpit-ws
@ -465,8 +572,8 @@ authentication via sssd/FreeIPA.
%ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name}
%pre ws
# HACK: old RPM and even Fedora's current RPM don't properly support sysusers
# https://github.com/rpm-software-management/rpm/issues/3073
getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws
getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws
getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance
getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance
@ -487,11 +594,13 @@ if [ "$1" = 1 ]; then
ln -s ../../run/cockpit/motd /etc/motd.d/cockpit
ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue
printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
%if 0%{?disallow_root}
printf "root\n" >> /etc/cockpit/disallowed-users
%endif
chmod 644 /etc/cockpit/disallowed-users
fi
%tmpfiles_create cockpit-ws.conf
%tmpfiles_create cockpit-tempfiles.conf
%systemd_post cockpit.socket cockpit.service
# firewalld only partially picks up changes to its services files without this
test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
@ -523,7 +632,7 @@ fi
Summary: Cockpit user interface for kernel crash dumping
Requires: cockpit-bridge >= %{required_base}
Requires: cockpit-shell >= %{required_base}
Requires: /usr/bin/kdumpctl
Requires: kexec-tools
BuildArch: noarch
%description kdump
@ -582,6 +691,21 @@ utility setroubleshoot to diagnose and resolve SELinux issues.
%endif
#/ build basic packages
%else
# RPM requires this
%description
Dummy package from building optional packages only; never install or publish me.
#/ build basic packages
%endif
# -------------------------------------------------------------------------------
# Sub-packages that are optional extensions
%if 0%{?build_optional}
%package -n cockpit-storaged
Summary: Cockpit user interface for storage, using udisks
Requires: cockpit-shell >= %{required_base}
@ -657,87 +781,33 @@ via PackageKit.
%files -n cockpit-packagekit -f packagekit.list
#/ build optional extension packages
%endif
# The changelog is automatically generated and merged
%changelog
* Tue Aug 20 2024 Packit <hello@packit.dev> - 323-1
- metrics: Install valkey instead of redis on RHEL/CentOS 10
- login: Prevent multiple logins in a single browser session
- Update documentation links
* Thu Aug 08 2024 Packit <hello@packit.dev> - 322-1
- shell: Deprecate host switcher
* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 321-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Packit <hello@packit.dev> - 321-1
- Bug fixes and performance improvements
* Wed Jul 03 2024 Packit <hello@packit.dev> - 320-1
- pam-ssh-add: Fix insecure killing of session ssh-agent [CVE-2024-6126]
- sosreport: Read report directory from sos config (fix page on Debian/Ubuntu)
* Wed Jun 26 2024 Packit <hello@packit.dev> - 319-1
- List btrfs snapshots in subvolume detail view
* Mon Jun 17 2024 Martin Pitt <mpitt@redhat.com> - 318-2
- Rebuilt for Python 3.13
* Wed Jun 12 2024 Packit <hello@packit.dev> - 318-1
- Storage: Extra confirmation before deleting non-empty partitions in Anaconda's Web UI
- Discontinue Intel 32-bit support in Fedora, CentOS, and RHEL
- cockpit.js: Get user primary group ID
* Mon Jul 22 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 310.3-1.inferit.1
- Remove GOST patches for MSVSphere as it is unsupported by system
* Sun Jun 09 2024 Python Maint <python-maint@redhat.com> - 317-2
- Rebuilt for Python 3.13
* Tue Apr 16 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 310.3-1.inferit
- Replace Source0 archive with MSVSphere OS-specific one
- Add MSVSphere OS branding
- Use MSVSPHERE_PRETTY_NAME instead of PRETTY_NAME and NAME in UI
- Fix sudo button translation issue
- Remove upstream documentation links from UI
- Added GOST PAM support
* Wed May 29 2024 Packit <hello@packit.dev> - 317-1
- webserver: System user changes
- metrics: Prefer valkey over redis on Fedora
* Fri Mar 29 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 310.3-1
- Rebuilt for MSVSphere 8.10 beta
* Thu Apr 25 2024 Packit <hello@packit.dev> - 316-1
- cockpit.js API: Fix format_bytes() units
* Wed Apr 10 2024 Packit <hello@packit.dev> - 315-1
- systemd: Check proper ssh service unit on Debian/Ubuntu
- Translation updates
* Thu Mar 28 2024 Packit <hello@packit.dev> - 314-1
- Diagnostic reports: Fix command injection vulnerability with crafted report names
- Storage: Improvements to read-only encrypted filesystems
* Wed Mar 13 2024 Packit <hello@packit.dev> - 313-1
- assorted bug fixes and improvements
* Wed Feb 28 2024 Packit <hello@packit.dev> - 312-1
- Accounts: support lastlog2 and make the page faster
- Storage: Various Anaconda mode fixes
- Fix package build if cockpit-bridge package is installed
* Tue Feb 20 2024 Packit <hello@packit.dev> - 311.1-1
- Update documentation links to RHEL 9 (RHEL-3954)
- Storage: Various bug fixes
* Wed Feb 14 2024 Packit <hello@packit.dev> - 311-1
- Bug fixes and stability improvements
* Wed Feb 07 2024 Packit <hello@packit.dev> - 310.2-1
- selinux: Cover migration to /run
- ws: Handle HEAD requests correctly, for curl 8.6.0
* Fri Feb 02 2024 Packit <hello@packit.dev> - 310.1-1
- bridge: Fix race condition/crash in file watching channels
* Thu Feb 15 2024 Martin Pitt <mpitt@redhat.com> - 310.3-1
- Translation updates (jira#RHEL-16681)
Lots of bug fixes
* Wed Jan 31 2024 Packit <hello@packit.dev> - 310-1
- Storage: support for btrfs
- Storage: improved support for swap
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 309-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 309-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Packit <hello@packit.dev> - 309-1
- Storage: Introduce btrfs support
@ -754,10 +824,7 @@ via PackageKit.
- Performance and stability improvements
* Wed Nov 01 2023 Packit <hello@packit.dev> - 304-1
Storage: Support for RAID layouts with LVM2
* Thu Oct 19 2023 Adam Williamson <awilliam@redhat.com> - 303-2
- Rebuild for untagged selinux-policy (cockpit-ws dep)
- Bug fixes
* Wed Oct 18 2023 Packit <hello@packit.dev> - 303-1
- Apps: Warn if appstream data package is missing
@ -782,17 +849,11 @@ Storage: Support for RAID layouts with LVM2
* Wed Jul 26 2023 Packit <hello@packit.dev> - 297-1
- users: allow administrators to change the user shell
- tools: Enable Python bridge on Fedora 38
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 296-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
- Enable Python bridge on Fedora 38 and CentOS/RHEL 9
* Wed Jul 12 2023 Packit <hello@packit.dev> - 296-1
- Performance and stability improvements
* Wed Jun 28 2023 Python Maint <python-maint@redhat.com> - 295-2
- Rebuilt for Python 3.12
* Wed Jun 28 2023 Packit <hello@packit.dev> - 295-1
- Cockpit Client can now connect to servers without Cockpit installed

Loading…
Cancel
Save