# # Copyright (C) 2014-2020 Red Hat, Inc. # # Cockpit is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Cockpit is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with Cockpit; If not, see . # # # This file is maintained at the following location: # https://github.com/cockpit-project/cockpit/blob/main/tools/cockpit.spec # # If you are editing this file in another location, changes will likely # be clobbered the next time an automated release is done. # # Check first cockpit-devel@lists.fedorahosted.org # # earliest base that the subpackages work on; this is still required as long as # we maintain the basic/optional split, then it can be replaced with just %{version}. %define required_base 266 # we generally want CentOS packages to be like RHEL; special cases need to check %{centos} explicitly %if 0%{?centos} %define rhel %{centos} %endif %define _hardened_build 1 %define __lib lib %if %{defined _pamdir} %define pamdir %{_pamdir} %else %define pamdir %{_libdir}/security %endif Name: cockpit Summary: Web Console for Linux servers License: LGPL-2.1-or-later URL: https://cockpit-project.org/ Version: 309 Release: 0 Source0: cockpit-%{version}.tar Source1: cockpit.pam Source2: cockpit-rpmlintrc Source3: cockpit-suse-theme.tar Source10: vendor.tar.gz Source99: README.packaging Source98: package-lock.json Source97: node_modules.spec.inc %include %{_sourcedir}/node_modules.spec.inc Patch1: 0001-selinux-allow-login-to-read-motd-file.patch Patch2: suse_docs.patch Patch3: suse-microos-branding.patch Patch4: css-overrides.patch Patch5: storage-btrfs.patch Patch6: 0001-users-Support-for-watching-lastlog2-and-wutmp-on-ove.patch Patch7: CVE-2024-6126.patch # SLE Micro specific patches Patch101: hide-pcp.patch Patch102: 0002-selinux-temporary-remove-setroubleshoot-section.patch # For anything based on SLES 15 codebase (including Leap, SLE Micro) Patch103: 0004-leap-gnu18-removal.patch Patch104: selinux_libdir.patch Patch201: remove_rh_links.patch %if 0%{?fedora} >= 38 || 0%{?rhel} >= 9 %define cockpit_enable_python 1 %endif # Experimental Python support %if !%{defined cockpit_enable_python} %define cockpit_enable_python 0 %endif # in RHEL 8 the source package is duplicated: cockpit (building basic packages like cockpit-{bridge,system}) # and cockpit-appstream (building optional packages like cockpit-{pcp}) # This split does not apply to EPEL/COPR nor packit c8s builds, only to our own # image-prepare rhel-8-Y builds (which will disable build_all). # In Fedora ELN/RHEL 9+ there is just one source package, which ships rpms in both BaseOS and AppStream %define build_all 1 %if 0%{?rhel} == 8 && 0%{?epel} == 0 && !0%{?build_all} %if "%{name}" == "cockpit" %define build_basic 1 %define build_optional 0 %else %define build_basic 0 %define build_optional 1 %endif %else %define build_basic 1 %define build_optional 1 %endif %if 0%{?build_optional} && 0%{?suse_version} == 0 %define build_tests 1 %endif # Allow root login in Cockpit on SLEM6 and RHEL 8 and lower as it also allows password login over SSH. %if ( 0%{?rhel} && 0%{?rhel} <= 8 ) || 0%{?suse_version} >= 1600 %define disallow_root 0 %else %define disallow_root 1 %endif # No PCP on SLE Micro %define build_pcp 0 # Ship custom SELinux policy (but not for cockpit-appstream) %if 0%{?rhel} >= 9 || 0%{?fedora} || 0%{?suse_version} >= 1600 || 0%{?is_smo} %if "%{name}" == "cockpit" %define selinuxtype targeted %define selinux_configure_arg --enable-selinux-policy=%{selinuxtype} %define with_selinux 1 %endif %endif BuildRequires: gcc BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(json-glib-1.0) BuildRequires: pkgconfig(polkit-agent-1) >= 0.105 BuildRequires: pam-devel BuildRequires: autoconf automake BuildRequires: make BuildRequires: /usr/bin/python3 BuildRequires: python3-devel %if ( 0%{?rhel} && 0%{?rhel} <= 8 ) || 0%{?suse_version} <= 1500 # RHEL 8's gettext does not yet have metainfo.its BuildRequires: gettext >= 0.19.7 %if 0%{?rhel} BuildRequires: libappstream-glib-devel %else # Suse's package has a different name BuildRequires: appstream-glib-devel %endif %else BuildRequires: gettext >= 0.21 %endif %if 0%{?build_basic} BuildRequires: libssh-devel >= 0.8.5 %endif BuildRequires: openssl-devel BuildRequires: gnutls-devel >= 3.4.3 BuildRequires: zlib-devel BuildRequires: pkgconfig(krb5) >= 1.11 BuildRequires: libxslt-devel BuildRequires: glib-networking BuildRequires: sed BuildRequires: glib2-devel >= 2.50.0 # this is for runtimedir in the tls proxy ace21c8879 BuildRequires: pkgconfig(libsystemd) >= 235 %if 0%{?suse_version} BuildRequires: distribution-release %if %{build_pcp} BuildRequires: libpcp-devel BuildRequires: pcp-devel BuildRequires: libpcp3 BuildRequires: libpcp_import1 %endif BuildRequires: openssh BuildRequires: distribution-logos BuildRequires: wallpaper-branding # needed for /var/lib/pcp directory ownership BuildRequires: pcp %else %if %{build_pcp} BuildRequires: pcp-libs-devel %endif BuildRequires: openssh-clients BuildRequires: docbook-style-xsl %endif BuildRequires: krb5-server BuildRequires: gdb # For documentation BuildRequires: xmlto %if 0%{?with_selinux} BuildRequires: selinux-policy BuildRequires: selinux-policy-%{selinuxtype} BuildRequires: selinux-policy-devel %endif # for rebuilding nodejs bits BuildRequires: npm BuildRequires: sassc BuildRequires: local-npm-registry # This is the "cockpit" metapackage. It should only # Require, Suggest or Recommend other cockpit-xxx subpackages Requires: cockpit-bridge Requires: cockpit-ws Requires: cockpit-system # Optional components Recommends: (cockpit-storaged if udisks2) Recommends: (cockpit-packagekit if dnf) Suggests: cockpit-pcp %if 0%{?rhel} == 0 Recommends: (cockpit-networkmanager if NetworkManager) # c-ostree is not in RHEL 8/9 Recommends: (cockpit-ostree if rpm-ostree) Suggests: cockpit-selinux %endif %if 0%{?rhel} && 0%{?centos} == 0 Requires: subscription-manager-cockpit %endif %if 0%{?enable_old_bridge} == 0 BuildRequires: python3-devel BuildRequires: python3-pip %if 0%{?rhel} == 0 && 0%{?suse_version} == 0 # All of these are only required for running pytest (which we only do on Fedora) BuildRequires: procps-ng BuildRequires: pyproject-rpm-macros BuildRequires: python3-pytest-asyncio BuildRequires: python3-pytest-cov BuildRequires: python3-pytest-timeout BuildRequires: python3-tox-current-env %endif %endif %prep %setup -q -n cockpit-%{version} -a 3 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 # SLE Micro specific patches %patch101 -p1 # Patches for versions lower then SLE Micro 5.5 %if 0%{?sle_version} < 150500 %patch102 -p1 %endif # For anything based on SLES 15 codebase (including Leap, SLEM) %if 0%{?suse_version} == 1500 %patch103 -p1 %patch104 -p0 %endif %patch201 -p1 cp %SOURCE1 tools/cockpit.pam # rm -rf node_modules package-lock.json local-npm-registry %{_sourcedir} install --also=dev --legacy-peer-deps cd vendor; tar zxfO %SOURCE10 | tar xvi; cd .. %build find node_modules -name \*.node -print -delete touch node_modules/.stamp exec 2>&1 PKG_NAME="Cockpit" echo "m4_define(VERSION_NUMBER, %version)" > version.m4 autoreconf -fvi -I tools # %configure \ %{?selinux_configure_arg} \ --with-cockpit-user=cockpit-ws \ --with-cockpit-ws-instance-user=cockpit-wsinstance \ %if 0%{?suse_version} --docdir=%_defaultdocdir/%{name} \ %endif --with-pamdir='%{pamdir}' \ %if 0%{?enable_old_bridge} --enable-old-bridge \ %endif %if 0%{?build_basic} == 0 --disable-ssh \ %endif %if %{build_pcp} == 0 --disable-pcp \ %endif %if 0%{?with_selinux} make -f /usr/share/selinux/devel/Makefile cockpit.pp bzip2 -9 cockpit.pp %endif %make_build %check make -j$(nproc) check %if 0%{?enable_old_bridge} == 0 && 0%{?rhel} == 0 && 0%{?suse_version} == 0 %tox %endif %install # In obs we get write error: stdout %make_install | tee make_install.log make install-tests DESTDIR=%{buildroot} %if 0%{?suse_version} > 1500 mkdir -p $RPM_BUILD_ROOT%{_pam_vendordir} install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_pam_vendordir}/cockpit %else mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit %endif rm -f %{buildroot}/%{_libdir}/cockpit/*.so install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/ # selinux %if 0%{?with_selinux} install -D -m 644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_session_selinux.8cockpit install -D -m 644 -t %{buildroot}%{_mandir}/man8 selinux/%{name}_ws_selinux.8cockpit # create this directory in the build root so that %ghost sees the desired mode install -d -m 700 %{buildroot}%{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} %endif # SUSE branding mkdir -p %{buildroot}%{_datadir}/cockpit/branding/suse pushd cockpit-suse-theme cp src/css-overrides.css %{buildroot}%{_datadir}/cockpit/branding/suse cp src/fonts.css %{buildroot}%{_datadir}/cockpit/branding/suse cp -a src/fonts %{buildroot}%{_datadir}/cockpit/branding/suse popd # Build the package lists for resource packages # cockpit-bridge is the basic dependency for all cockpit-* packages, so centrally own the page directory echo '%dir %{_datadir}/cockpit' > base.list echo '%dir %{_datadir}/cockpit/base1' >> base.list find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list echo '%{_sysconfdir}/cockpit/machines.d' >> base.list echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list %if 0%{?enable_old_bridge} && 0%{?build_basic} echo '%dir %{_datadir}/cockpit/ssh' >> base.list find %{buildroot}%{_datadir}/cockpit/ssh -type f >> base.list %endif echo '%{_libexecdir}/cockpit-ssh' >> base.list %if %{build_pcp} echo '%dir %{_datadir}/cockpit/pcp' > pcp.list find %{buildroot}%{_datadir}/cockpit/pcp -type f >> pcp.list %endif echo '%dir %{_datadir}/cockpit/shell' >> system.list find %{buildroot}%{_datadir}/cockpit/shell -type f >> system.list echo '%dir %{_datadir}/cockpit/systemd' >> system.list find %{buildroot}%{_datadir}/cockpit/systemd -type f >> system.list echo '%dir %{_datadir}/cockpit/users' >> system.list find %{buildroot}%{_datadir}/cockpit/users -type f >> system.list echo '%dir %{_datadir}/cockpit/metrics' >> system.list find %{buildroot}%{_datadir}/cockpit/metrics -type f >> system.list echo '%dir %{_datadir}/cockpit/kdump' > kdump.list find %{buildroot}%{_datadir}/cockpit/kdump -type f >> kdump.list echo '%dir %{_datadir}/cockpit/sosreport' > sosreport.list find %{buildroot}%{_datadir}/cockpit/sosreport -type f >> sosreport.list echo '%dir %{_datadir}/cockpit/storaged' > storaged.list find %{buildroot}%{_datadir}/cockpit/storaged -type f >> storaged.list echo '%dir %{_datadir}/cockpit/networkmanager' > networkmanager.list find %{buildroot}%{_datadir}/cockpit/networkmanager -type f >> networkmanager.list echo '%dir %{_datadir}/cockpit/packagekit' > packagekit.list find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list echo '%dir %{_datadir}/cockpit/selinux' > selinux.list find %{buildroot}%{_datadir}/cockpit/selinux -type f >> selinux.list echo '%dir %{_datadir}/cockpit/playground' > tests.list find %{buildroot}%{_datadir}/cockpit/playground -type f >> tests.list echo '%dir %{_datadir}/cockpit/static' > static.list echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list # when not building basic packages, remove their files %if 0%{?build_basic} == 0 for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do rm -r %{buildroot}/%{_datadir}/cockpit/$pkg rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml done for data in doc man pixmaps polkit-1; do rm -r %{buildroot}/%{_datadir}/$data done rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do rm -f %{buildroot}/%{_libexecdir}/$libexec done rm -r %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d %if 0%{?suse_version} > 1500 rm -r %{buildroot}/%{_pam_vendordir} %else rm -r %{buildroot}/%{_sysconfdir}/pam.d %endif rm -f %{buildroot}/%{_libdir}/security/pam_* rm -f %{buildroot}/usr/bin/cockpit-bridge rm -f %{buildroot}%{_libexecdir}/cockpit-ssh rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml rm -rf %{buildroot}%{python3_sitelib}/cockpit* %endif # when not building optional packages, remove their files %if 0%{?build_optional} == 0 for pkg in apps packagekit pcp playground storaged; do rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg done # files from -pcp rm -r %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/ # files from -storaged rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml %endif %if 0%{?build_tests} == 0 rm -rf %{buildroot}%{_datadir}/cockpit/playground rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service %endif sed -i "s|%{buildroot}||" *.list %if 0%{?suse_version} # remove brandings with stale symlinks. Means they don't match # the distro. pushd %{buildroot}/%{_datadir}/cockpit/branding ls --hide={default,kubernetes,opensuse,registry,suse} | xargs rm -rv popd # need this in SUSE as post build checks dislike stale symlinks install -m 644 -D /dev/null %{buildroot}/run/cockpit/motd test -e %{buildroot}/usr/share/cockpit/branding/opensuse/default-1920x1200.jpg || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/opensuse/default-1920x1200.jpg test -e %{buildroot}/usr/share/cockpit/branding/suse/apple-touch-icon.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/suse/apple-touch-icon.png test -e %{buildroot}/usr/share/cockpit/branding/suse/default-1920x1200.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/suse/default-1920x1200.png # remove files of not installable packages rm -r %{buildroot}%{_datadir}/cockpit/sosreport rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png %else %global _debugsource_packages 1 %global _debuginfo_subpackages 0 %define find_debug_info %{_rpmconfigdir}/find-debuginfo.sh %{?_missing_build_ids_terminate_build:--strict-build-id} %{?_include_minidebuginfo:-m} %{?_find_debuginfo_dwz_opts} %{?_find_debuginfo_opts} %{?_debugsource_packages:-S debugsourcefiles.list} "%{_builddir}/%{?buildsubdir}" %endif # /suse_version rm -rf %{buildroot}/usr/src/debug # On RHEL kdump, networkmanager, selinux, and sosreport are part of the system package %if 0%{?rhel} cat kdump.list sosreport.list networkmanager.list selinux.list >> system.list rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-kdump.metainfo.xml rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-selinux.metainfo.xml rm -f %{buildroot}%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png %endif mkdir -p %{buildroot}%{_datadir}/cockpit/devel cp -a pkg/lib %{buildroot}%{_datadir}/cockpit/devel # ------------------------------------------------------------------------------- # Basic Sub-packages %if 0%{?build_basic} %description The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. %files %{_docdir}/cockpit/AUTHORS %{_docdir}/cockpit/COPYING %{_docdir}/cockpit/README.md %{_datadir}/metainfo/cockpit.appdata.xml %{_datadir}/pixmaps/cockpit.png %doc %{_mandir}/man1/cockpit.1.gz %package bridge Summary: Cockpit bridge server-side component Requires: glib-networking Provides: cockpit-ssh = %{version}-%{release} # 233 dropped jquery.js, pages started to bundle it (commit 049e8b8dce) Conflicts: cockpit-dashboard < 233 Conflicts: cockpit-networkmanager < 233 Conflicts: cockpit-storaged < 233 Conflicts: cockpit-system < 233 Conflicts: cockpit-tests < 233 Conflicts: cockpit-docker < 233 %description bridge The Cockpit bridge component installed server side and runs commands on the system on behalf of the web based user interface. %files bridge -f base.list %doc %{_mandir}/man1/cockpit-bridge.1.gz %{_bindir}/cockpit-bridge %{_libexecdir}/cockpit-askpass %if 0%{?enable_old_bridge} == 0 %{python3_sitelib}/%{name}* %endif %package doc Summary: Cockpit deployment and developer guide BuildArch: noarch %description doc The Cockpit Deployment and Developer Guide shows sysadmins how to deploy Cockpit on their machines as well as helps developers who want to embed or extend Cockpit. %files doc %exclude %{_docdir}/cockpit/AUTHORS %exclude %{_docdir}/cockpit/COPYING %exclude %{_docdir}/cockpit/README.md %{_docdir}/cockpit %package system Summary: Cockpit admin interface package for configuring and troubleshooting a system BuildArch: noarch Requires: cockpit-bridge >= %{version}-%{release} %if !0%{?suse_version} Requires: shadow-utils %endif Requires: grep Requires: /usr/bin/pwscore Requires: /usr/bin/date Provides: cockpit-shell = %{version}-%{release} Provides: cockpit-systemd = %{version}-%{release} Provides: cockpit-tuned = %{version}-%{release} Provides: cockpit-users = %{version}-%{release} Obsoletes: cockpit-dashboard < %{version}-%{release} %if 0%{?rhel} Requires: NetworkManager >= 1.6 Requires: kexec-tools Requires: sos Requires: sudo Recommends: PackageKit Recommends: setroubleshoot-server >= 3.3.3 Suggests: NetworkManager-team Provides: cockpit-kdump = %{version}-%{release} Provides: cockpit-networkmanager = %{version}-%{release} Provides: cockpit-selinux = %{version}-%{release} Provides: cockpit-sosreport = %{version}-%{release} %endif %if 0%{?fedora} Recommends: (reportd if abrt) %endif #NPM_PROVIDES %description system This package contains the Cockpit shell and system configuration interfaces. %files system -f system.list %dir %{_datadir}/cockpit/shell/images %package ws Summary: Cockpit Web Service Requires: glib-networking Requires: openssl Requires: glib2 >= 2.50.0 %if 0%{?with_selinux} Requires: (selinux-policy >= %{_selinux_policy_version} if selinux-policy-%{selinuxtype}) Requires(post): (policycoreutils if selinux-policy-%{selinuxtype}) %endif Conflicts: firewalld < 0.6.0-1 Recommends: sscg >= 2.3 Recommends: system-logos Suggests: sssd-dbus >= 2.6.2 %if 0%{?suse_version} Requires(pre): permissions Requires: distribution-logos Requires: wallpaper-branding %endif # for cockpit-desktop Suggests: python3 Provides: group(cockpit-ws) Provides: group(cockpit-wsinstance) Provides: user(cockpit-ws) Provides: user(cockpit-wsinstance) # prevent hard python3 dependency for cockpit-desktop, it falls back to other browsers %global __requires_exclude_from ^%{_libexecdir}/cockpit-client$ %description ws The Cockpit Web Service listens on the network, and authenticates users. If sssd-dbus is installed, you can enable client certificate/smart card authentication via sssd/FreeIPA. %files ws -f static.list %doc %{_mandir}/man1/cockpit-desktop.1.gz %doc %{_mandir}/man5/cockpit.conf.5.gz %doc %{_mandir}/man8/cockpit-ws.8.gz %doc %{_mandir}/man8/cockpit-tls.8.gz %doc %{_mandir}/man8/pam_ssh_add.8.gz %dir %{_sysconfdir}/cockpit %config(noreplace) %{_sysconfdir}/cockpit/ws-certs.d %if 0%{?suse_version} > 1500 %{_pam_vendordir}/cockpit %else %config(noreplace) %{_sysconfdir}/pam.d/cockpit %endif # dir is not owned by pam in openSUSE %dir %{_sysconfdir}/motd.d # created in %post, so that users can rm the files %ghost %{_sysconfdir}/issue.d/cockpit.issue %ghost %{_sysconfdir}/motd.d/cockpit %ghost %attr(0644, root, root) %{_sysconfdir}/cockpit/disallowed-users %ghost %dir /run/cockpit %ghost /run/cockpit/motd %dir %{_datadir}/cockpit/motd %{_datadir}/cockpit/motd/update-motd %{_datadir}/cockpit/motd/inactive.motd %{_unitdir}/cockpit.service %{_unitdir}/cockpit-motd.service %{_unitdir}/cockpit.socket %{_unitdir}/cockpit-wsinstance-http.socket %{_unitdir}/cockpit-wsinstance-http.service %{_unitdir}/cockpit-wsinstance-https-factory.socket %{_unitdir}/cockpit-wsinstance-https-factory@.service %{_unitdir}/cockpit-wsinstance-https@.socket %{_unitdir}/cockpit-wsinstance-https@.service %{_unitdir}/system-cockpithttps.slice %{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf %{pamdir}/pam_ssh_add.so %{pamdir}/pam_cockpit_cert.so %{_libexecdir}/cockpit-ws %{_libexecdir}/cockpit-wsinstance-factory %{_libexecdir}/cockpit-tls %{_libexecdir}/cockpit-client %{_libexecdir}/cockpit-client.ui %{_libexecdir}/cockpit-desktop %{_libexecdir}/cockpit-certificate-ensure %{_libexecdir}/cockpit-certificate-helper %{?suse_version:%verify(not mode) }%attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session %{_datadir}/cockpit/branding %if 0%{?with_selinux} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 %{_mandir}/man8/%{name}_session_selinux.8cockpit.* %{_mandir}/man8/%{name}_ws_selinux.8cockpit.* %ghost %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} %endif %pre ws getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance if %{_sbindir}/selinuxenabled 2>/dev/null; then %selinux_relabel_pre -s %{selinuxtype} fi %if 0%{?suse_version} > 1500 # Prepare for migration to /usr/lib; save any old .rpmsave for i in pam.d/cockpit ; do test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done %endif %post ws if [ -x %{_sbindir}/selinuxenabled ]; then %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 %selinux_relabel_post -s %{selinuxtype} fi # set up dynamic motd/issue symlinks on first-time install; don't bring them back on upgrades if admin removed them # disable root login on first-time install; so existing installations aren't changed if [ "$1" = 1 ]; then mkdir -p /etc/motd.d /etc/issue.d ln -s ../../run/cockpit/motd /etc/motd.d/cockpit ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users %if 0%{?disallow_root} printf "root\n" >> /etc/cockpit/disallowed-users %endif chmod 644 /etc/cockpit/disallowed-users fi # switch old self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade if [ "$1" = 2 ]; then certfile=/etc/cockpit/ws-certs.d/0-self-signed.cert test -f $certfile && stat -c '%G' $certfile | grep -q cockpit-wsinstance && chgrp cockpit-ws $certfile fi %if 0%{?suse_version} %set_permissions %{_libexecdir}/cockpit-session %endif %tmpfiles_create cockpit-tempfiles.conf %systemd_post cockpit.socket cockpit.service # firewalld only partially picks up changes to its services files without this test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true # check for deprecated PAM config if test -f %{_sysconfdir}/pam.d/cockpit && grep -q pam_cockpit_cert %{_sysconfdir}/pam.d/cockpit; then echo '**** WARNING:' echo '**** WARNING: pam_cockpit_cert is a no-op and will be removed in a' echo '**** WARNING: future release; remove it from your /etc/pam.d/cockpit.' echo '**** WARNING:' fi %preun ws %systemd_preun cockpit.socket cockpit.service %postun ws if [ -x %{_sbindir}/selinuxenabled ]; then %selinux_modules_uninstall -s %{selinuxtype} %{name} %selinux_relabel_post -s %{selinuxtype} fi %systemd_postun_with_restart cockpit.socket cockpit.service %if 0%{?suse_version} %verifyscript ws %verify_permissions -e %{_libexecdir}/cockpit-session %endif %if 0%{?suse_version} > 1500 %posttrans ws # Migration to /usr/lib, restore just created .rpmsave for i in pam.d/cockpit ; do test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: done %endif # ------------------------------------------------------------------------------- # Sub-packages that are part of cockpit-system in RHEL/CentOS, but separate in Fedora %if 0%{?rhel} == 0 %package kdump Summary: Cockpit user interface for kernel crash dumping Requires: cockpit-bridge >= %{required_base} Requires: cockpit-shell >= %{required_base} Requires: kexec-tools BuildArch: noarch %description kdump The Cockpit component for configuring kernel crash dumping. %files kdump -f kdump.list %{_datadir}/metainfo/org.cockpit-project.cockpit-kdump.metainfo.xml %if !0%{?suse_version} %package sosreport Summary: Cockpit user interface for diagnostic reports Requires: cockpit-bridge >= %{required_base} Requires: cockpit-shell >= %{required_base} Requires: sos BuildArch: noarch %description sosreport The Cockpit component for creating diagnostic reports with the sosreport tool. %files sosreport -f sosreport.list %{_datadir}/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml %{_datadir}/pixmaps/cockpit-sosreport.png %endif %package networkmanager Summary: Cockpit user interface for networking, using NetworkManager Requires: cockpit-bridge >= %{required_base} Requires: cockpit-shell >= %{required_base} Requires: NetworkManager >= 1.6 Conflicts: cockpit-wicked # Optional components Recommends: NetworkManager-team BuildArch: noarch %description networkmanager The Cockpit component for managing networking. This package uses NetworkManager. %files networkmanager -f networkmanager.list %{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml %endif %if 0%{?rhel} == 0 && ( 0%{?suse_version} >= 1500 || 0%{?is_smo} ) %package selinux Summary: Cockpit SELinux package Requires: cockpit-bridge >= %{required_base} Requires: cockpit-shell >= %{required_base} Requires: policycoreutils-python-utils >= 3.1 # setroubleshoot is available on SLE Micro starting with 5.5) %if !0%{?is_smo} || ( 0%{?is_smo} && 0%{?sle_version} >= 150500 ) Requires: setroubleshoot-server >= 3.3.3 %endif BuildArch: noarch %description selinux This package contains the Cockpit user interface integration with the utility setroubleshoot to diagnose and resolve SELinux issues. %files selinux -f selinux.list %{_datadir}/metainfo/org.cockpit-project.cockpit-selinux.metainfo.xml %endif #/ build basic packages %else # RPM requires this %description Dummy package from building optional packages only; never install or publish me. #/ build basic packages %endif # ------------------------------------------------------------------------------- # Sub-packages that are optional extensions %if 0%{?build_optional} %package -n cockpit-storaged Summary: Cockpit user interface for storage, using udisks Requires: cockpit-shell >= %{required_base} Requires: udisks2 >= 2.9 Requires: %{__python3} %if 0%{?suse_version} Requires: libudisks2-0_lvm2 >= 2.9 Requires: libudisks2-0_btrfs >= 2.9 Recommends: multipath-tools Requires: python3-dbus-python %else Recommends: udisks2-lvm2 >= 2.9 Recommends: udisks2-iscsi >= 2.9 %if ! 0%{?rhel} Recommends: udisks2-btrfs >= 2.9 %endif Recommends: device-mapper-multipath Recommends: clevis-luks Requires: python3-dbus %endif BuildArch: noarch %description -n cockpit-storaged The Cockpit component for managing storage. This package uses udisks. %files -n cockpit-storaged -f storaged.list %{_datadir}/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml %if 0%{?build_tests} %package -n cockpit-tests Summary: Tests for Cockpit Requires: cockpit-bridge >= %{required_base} Requires: cockpit-system >= %{required_base} Requires: openssh-clients Provides: cockpit-test-assets = %{version}-%{release} %description -n cockpit-tests This package contains tests and files used while testing Cockpit. These files are not required for running Cockpit. %files -n cockpit-tests -f tests.list %{pamdir}/mock-pam-conv-mod.so %{_unitdir}/cockpit-session.socket %{_unitdir}/cockpit-session@.service # /build_tests %endif %package devel Summary: Development files for for Cockpit %description devel This package contains files used to develop cockpit modules %files devel %{_datadir}/cockpit/devel %if %{build_pcp} %package -n cockpit-pcp Summary: Cockpit PCP integration Requires: cockpit-bridge >= %{required_base} Requires: pcp %description -n cockpit-pcp Cockpit support for reading PCP metrics and loading PCP archives. %files -n cockpit-pcp -f pcp.list %{_libexecdir}/cockpit-pcp %{_localstatedir}/lib/pcp/config/pmlogconf/tools/cockpit %post -n cockpit-pcp systemctl reload-or-try-restart pmlogger %endif %package -n cockpit-packagekit Summary: Cockpit user interface for packages BuildArch: noarch Requires: cockpit-bridge >= %{required_base} Requires: PackageKit Recommends: python3-tracer # HACK: https://bugzilla.redhat.com/show_bug.cgi?id=1800468 Requires: polkit %description -n cockpit-packagekit The Cockpit components for installing OS updates and Cockpit add-ons, via PackageKit. %files -n cockpit-packagekit -f packagekit.list #/ build optional extension packages %endif # The changelog is automatically generated and merged %changelog