diff --git a/0001-bridge-Pass-connectable-to-TLS-client-connection.patch b/0001-bridge-Pass-connectable-to-TLS-client-connection.patch new file mode 100644 index 0000000..79edc7e --- /dev/null +++ b/0001-bridge-Pass-connectable-to-TLS-client-connection.patch @@ -0,0 +1,35 @@ +From 979e3a4f0f499c2128094c00ca9b9e9accb9efe4 Mon Sep 17 00:00:00 2001 +From: Martin Pitt +Date: Mon, 30 Mar 2020 19:14:18 +0200 +Subject: [PATCH] bridge: Pass connectable to TLS client connection + +This is being used for SNI and better error messages for TLS +connections [1]. Recent glib versions started to warn about this, which +makes our tests fail: + + (test-httpstream:172365): GLib-Net-WARNING **: 02:19:07.627: GTlsClientConnection certificate verification will fail because its server-identity property is NULL. Fix your application! + (test-websocketstream:172431): GLib-Net-WARNING **: 02:19:08.201: GTlsClientConnection certificate verification will fail because its server-identity property is NULL. Fix your application! + +[1] https://developer.gnome.org/gio/stable/GTlsClientConnection.html#GTlsClientConnection--server-identity + +Closes #13814 +--- + src/bridge/cockpitconnect.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/bridge/cockpitconnect.c b/src/bridge/cockpitconnect.c +index dab1c7946..baee6bba3 100644 +--- a/src/bridge/cockpitconnect.c ++++ b/src/bridge/cockpitconnect.c +@@ -135,7 +135,7 @@ on_socket_connect (GObject *object, + + if (connectable->tls) + { +- cs->io = g_tls_client_connection_new (G_IO_STREAM (object), NULL, &error); ++ cs->io = g_tls_client_connection_new (G_IO_STREAM (object), connectable->address, &error); + if (cs->io) + { + g_debug ("%s: tls handshake", connectable->name); +-- +2.16.4 + diff --git a/cockpit.changes b/cockpit.changes index 3422317..e4d821b 100644 --- a/cockpit.changes +++ b/cockpit.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Wed Apr 29 07:50:41 UTC 2020 - Ludwig Nussel + +- remove branding with stale symlinks. Can't rely on /etc/os-release as OBS may + use the dummy-release package. + +------------------------------------------------------------------- +Tue Apr 28 09:18:22 UTC 2020 - Ludwig Nussel + +- use pkgconfig(systemd) and pkgconfig(krb5) +- fix build with glib update (0001-bridge-Pass-connectable-to-TLS-client-connection.patch) + ------------------------------------------------------------------- Fri Mar 27 10:50:51 UTC 2020 - Ludwig Nussel diff --git a/cockpit.spec b/cockpit.spec index 758a8ec..5dbc1c0 100644 --- a/cockpit.spec +++ b/cockpit.spec @@ -71,6 +71,8 @@ Source1: cockpit.pam # merged upstream after 215 Patch: 0001-test-handle-XDG_CONFIG_DIRS.patch Patch1: 0001-openSUSE-Tumbleweed-branding.patch +# backport from upstream +Patch2: 0001-bridge-Pass-connectable-to-TLS-client-connection.patch BuildRequires: gcc BuildRequires: pkgconfig(gio-unix-2.0) @@ -87,14 +89,14 @@ BuildRequires: libssh-devel >= 0.8 BuildRequires: openssl-devel BuildRequires: gnutls-devel >= 3.4.3 BuildRequires: zlib-devel -BuildRequires: krb5-devel >= 1.11 +BuildRequires: pkgconfig(krb5) >= 1.11 BuildRequires: libxslt-devel BuildRequires: glib-networking BuildRequires: sed BuildRequires: glib2-devel >= 2.37.4 # this is for runtimedir in the tls proxy ace21c8879 -BuildRequires: systemd-devel >= 235 +BuildRequires: pkgconfig(libsystemd) >= 235 %if 0%{?suse_version} BuildRequires: distribution-release BuildRequires: libpcp-devel @@ -288,10 +290,10 @@ rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-docker. sed -i "s|%{buildroot}||" *.list %if 0%{?suse_version} -# remove brandings that don't match the distro as they may contain -# stale symlinks +# remove brandings with stale symlinks. Means they don't match +# the distro. pushd %{buildroot}/%{_datadir}/cockpit/branding -ls -1 | (. /etc/os-release; grep -v "default\|$ID") | xargs rm -vr +find -L * -type l -printf "%H\n" | sort -u | xargs rm -rv popd # need this in SUSE as post build checks dislike stale symlinks install -m 644 -D /dev/null %{buildroot}/run/cockpit/motd