Compare commits
45 Commits
Author | SHA256 | Date | |
---|---|---|---|
d67dfe997f | |||
d45695db40 | |||
3f4caddcfb | |||
fb3e20de48 | |||
a7208259fd | |||
60df37f09a | |||
c82cf86531 | |||
a3f99f45a5 | |||
3a4a663a28 | |||
960cb1e375 | |||
49b4cd327d | |||
3731b3ac8f | |||
23892eda9a | |||
3133ff6892 | |||
8a6c640ec4 | |||
d26d5019d5 | |||
0f2e128911 | |||
416aa9163d | |||
|
17cc1c2b4c | ||
cb83e616ae | |||
|
95f291257b | ||
14257e4afc | |||
7a757b6f61 | |||
f835006e9a | |||
b82fac98a6 | |||
c3c4cf7dbd | |||
1d20b4fe9c | |||
4764a1f351 | |||
|
65dce311ed | ||
fe42484136 | |||
9cd3339ac8 | |||
e1de0007dd | |||
515e11446a | |||
c9f440fd0a | |||
08a644cfac | |||
|
cf6b9d622c | ||
3d9fd349c1 | |||
|
8431607bf3 | ||
177e09963d | |||
0c0c25465c | |||
ff82b18669 | |||
|
3446d5f747 | ||
bcc1337237 | |||
3f20b38bf2 | |||
0cd8feeb78 |
3
.gitattributes
vendored
3
.gitattributes
vendored
@ -21,3 +21,6 @@
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
||||
## Specific LFS patterns
|
||||
cockpit-321.tar filter=lfs diff=lfs merge=lfs -text
|
||||
cockpit-suse-theme.tar filter=lfs diff=lfs merge=lfs -text
|
||||
|
@ -1,56 +0,0 @@
|
||||
From 93d0a6d4dbe97937e69b126870b4bd4675c326d5 Mon Sep 17 00:00:00 2001
|
||||
From: Luna <luna.dragon@suse.com>
|
||||
Date: Fri, 3 May 2024 11:56:22 +0530
|
||||
Subject: [PATCH] users: Support for watching lastlog2
|
||||
|
||||
---
|
||||
pkg/users/account-details.js | 30 +++++++++++++++++++++++-------
|
||||
1 file changed, 23 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/pkg/users/account-details.js b/pkg/users/account-details.js
|
||||
index 52255b474..11c7870af 100644
|
||||
--- a/pkg/users/account-details.js
|
||||
+++ b/pkg/users/account-details.js
|
||||
@@ -98,16 +98,32 @@ function get_expire(name) {
|
||||
|
||||
export function AccountDetails({ accounts, groups, current_user, user, shells }) {
|
||||
const [expiration, setExpiration] = useState(null);
|
||||
+ const [lastlogpath, setLastlogPath] = useState(null);
|
||||
+
|
||||
useEffect(() => {
|
||||
- get_expire(user).then(setExpiration);
|
||||
+ cockpit.spawn(["test", "-e", "/var/run/utmp"], { err: "ignore" }).then(() => {
|
||||
+ setLastlogPath("/var/run/utmp");
|
||||
+ }).catch(() => {
|
||||
+ cockpit.spawn(["test", "-e", "/var/lib/lastlog/lastlog2.db"], { err: "ignore" }).then(() => {
|
||||
+ setLastlogPath("/var/lib/lastlog/lastlog2.db");
|
||||
+ }).catch(() => {
|
||||
+ setLastlogPath(null);
|
||||
+ });
|
||||
+ });
|
||||
+ }, []);
|
||||
|
||||
- // Watch `/var/run/utmp` to register when user logs in or out
|
||||
- const handle = cockpit.file("/var/run/utmp", { superuser: "try", binary: true });
|
||||
- handle.watch(() => {
|
||||
+ useEffect(() => {
|
||||
+ if (lastlogpath !== null) {
|
||||
get_expire(user).then(setExpiration);
|
||||
- }, { read: false });
|
||||
- return handle.close;
|
||||
- }, [user, accounts]);
|
||||
+
|
||||
+ // Watch lastlog log to register when user logs in or out
|
||||
+ const handle = cockpit.file(lastlogpath, { superuser: "try", binary: true });
|
||||
+ handle.watch(() => {
|
||||
+ get_expire(user).then(setExpiration);
|
||||
+ }, { read: false });
|
||||
+ return handle.close;
|
||||
+ }
|
||||
+ }, [user, accounts, lastlogpath]);
|
||||
|
||||
const [edited_real_name, set_edited_real_name] = useState(null);
|
||||
const [committing_real_name, set_committing_real_name] = useState(false);
|
||||
--
|
||||
2.45.1
|
||||
|
@ -1,157 +0,0 @@
|
||||
From 059a8d35a3d9e54d86ff8178967a8fc98f428f11 Mon Sep 17 00:00:00 2001
|
||||
From: Luna <luna.dragon@suse.com>
|
||||
Date: Tue, 21 May 2024 13:21:54 +0530
|
||||
Subject: [PATCH] users: Support for watching lastlog2 and wutmp on overview
|
||||
page
|
||||
|
||||
---
|
||||
pkg/users/account-details.js | 26 ++++++++++----------------
|
||||
pkg/users/users.js | 27 +++++++++++++++++----------
|
||||
pkg/users/utils.js | 14 ++++++++++++++
|
||||
3 files changed, 41 insertions(+), 26 deletions(-)
|
||||
|
||||
diff --git a/pkg/users/account-details.js b/pkg/users/account-details.js
|
||||
index 11c7870af..8159a1cf3 100644
|
||||
--- a/pkg/users/account-details.js
|
||||
+++ b/pkg/users/account-details.js
|
||||
@@ -48,7 +48,8 @@ import { account_shell_dialog } from "./shell-dialog.js";
|
||||
import { set_password_dialog, reset_password_dialog } from "./password-dialogs.js";
|
||||
import { AccountLogs } from "./account-logs-panel.jsx";
|
||||
import { AuthorizedKeys } from "./authorized-keys-panel.js";
|
||||
-import { get_locked } from "./utils.js";
|
||||
+import { get_locked, getUtmpPath } from "./utils.js";
|
||||
+import { useInit } from 'hooks.js';
|
||||
|
||||
const _ = cockpit.gettext;
|
||||
|
||||
@@ -98,32 +99,25 @@ function get_expire(name) {
|
||||
|
||||
export function AccountDetails({ accounts, groups, current_user, user, shells }) {
|
||||
const [expiration, setExpiration] = useState(null);
|
||||
- const [lastlogpath, setLastlogPath] = useState(null);
|
||||
+ const [utmppath, setUtmpPath] = useState(null);
|
||||
|
||||
- useEffect(() => {
|
||||
- cockpit.spawn(["test", "-e", "/var/run/utmp"], { err: "ignore" }).then(() => {
|
||||
- setLastlogPath("/var/run/utmp");
|
||||
- }).catch(() => {
|
||||
- cockpit.spawn(["test", "-e", "/var/lib/lastlog/lastlog2.db"], { err: "ignore" }).then(() => {
|
||||
- setLastlogPath("/var/lib/lastlog/lastlog2.db");
|
||||
- }).catch(() => {
|
||||
- setLastlogPath(null);
|
||||
- });
|
||||
- });
|
||||
- }, []);
|
||||
+ // react wants sync functions that wrap async ones to prevent race conditions
|
||||
+ useInit(async () => {
|
||||
+ setUtmpPath(await getUtmpPath());
|
||||
+ });
|
||||
|
||||
useEffect(() => {
|
||||
- if (lastlogpath !== null) {
|
||||
+ if (utmppath !== null) {
|
||||
get_expire(user).then(setExpiration);
|
||||
|
||||
// Watch lastlog log to register when user logs in or out
|
||||
- const handle = cockpit.file(lastlogpath, { superuser: "try", binary: true });
|
||||
+ const handle = cockpit.file(utmppath, { superuser: "try", binary: true });
|
||||
handle.watch(() => {
|
||||
get_expire(user).then(setExpiration);
|
||||
}, { read: false });
|
||||
return handle.close;
|
||||
}
|
||||
- }, [user, accounts, lastlogpath]);
|
||||
+ }, [user, accounts, utmppath]);
|
||||
|
||||
const [edited_real_name, set_edited_real_name] = useState(null);
|
||||
const [committing_real_name, set_committing_real_name] = useState(false);
|
||||
diff --git a/pkg/users/users.js b/pkg/users/users.js
|
||||
index 08029bdfa..006acf1c3 100755
|
||||
--- a/pkg/users/users.js
|
||||
+++ b/pkg/users/users.js
|
||||
@@ -31,7 +31,7 @@ import { usePageLocation, useLoggedInUser, useFile, useInit } from "hooks.js";
|
||||
import { etc_passwd_syntax, etc_group_syntax, etc_shells_syntax } from "pam_user_parser.js";
|
||||
import { EmptyStatePanel } from "cockpit-components-empty-state.jsx";
|
||||
|
||||
-import { get_locked } from "./utils.js";
|
||||
+import { get_locked, getUtmpPath } from "./utils.js";
|
||||
import { AccountsMain } from "./accounts-list.js";
|
||||
import { AccountDetails } from "./account-details.js";
|
||||
|
||||
@@ -69,15 +69,19 @@ function AccountsPage() {
|
||||
const [max_uid, setMaxUid] = useState(60000);
|
||||
const [details, setDetails] = useState(null);
|
||||
|
||||
- useInit(() => {
|
||||
+ useInit(async () => {
|
||||
+ const utmppath = await getUtmpPath();
|
||||
const debouncedGetLogins = debounce(100, () => {
|
||||
getLogins().then(setDetails);
|
||||
});
|
||||
|
||||
- // Watch `/var/run/utmp` to register when user logs in or out
|
||||
- const handleUtmp = cockpit.file("/var/run/utmp", { superuser: "try", binary: true });
|
||||
- handleUtmp.watch(() => debouncedGetLogins(), { read: false });
|
||||
+ let handleUtmp;
|
||||
|
||||
+ if (utmppath !== null) {
|
||||
+ // Watch `/var/run/utmp` or `/var/lib/wtmpdb/wtmp.db` to register when user logs in or out
|
||||
+ handleUtmp = cockpit.file(utmppath, { superuser: "try", binary: true });
|
||||
+ handleUtmp.watch(() => debouncedGetLogins(), { read: false });
|
||||
+ }
|
||||
// Watch /etc/shadow to register lock/unlock/expire changes; but avoid reading it, it's sensitive data
|
||||
const handleShadow = cockpit.file("/etc/shadow", { superuser: "try" });
|
||||
handleShadow.watch(() => debouncedGetLogins(), { read: false });
|
||||
@@ -153,19 +157,22 @@ function AccountsPage() {
|
||||
} else if (path.length === 1) {
|
||||
return (
|
||||
<AccountDetails accounts={accountsInfo} groups={groupsExtraInfo}
|
||||
- current_user={current_user_info?.name} user={path[0]} shells={shells} />
|
||||
+ current_user={current_user_info?.name} user={path[0]} shells={shells} />
|
||||
);
|
||||
} else return null;
|
||||
}
|
||||
|
||||
async function getLogins() {
|
||||
- let lastlog = "";
|
||||
+ let LastLogPath;
|
||||
try {
|
||||
- lastlog = await cockpit.spawn(["lastlog"], { environ: ["LC_ALL=C"] });
|
||||
- } catch (err) {
|
||||
- console.warn("Unexpected error when getting last login information", err);
|
||||
+ await cockpit.spawn(["test", "-e", "/var/lib/lastlog/lastlog2.db"], { err: "ignore" });
|
||||
+ LastLogPath = "lastlog2";
|
||||
+ } catch (err1) {
|
||||
+ LastLogPath = "lastlog";
|
||||
}
|
||||
|
||||
+ const lastlog = await cockpit.spawn([LastLogPath], { environ: ["LC_ALL=C"] });
|
||||
+
|
||||
let currentLogins = [];
|
||||
try {
|
||||
const w = await cockpit.spawn(["w", "-sh"], { environ: ["LC_ALL=C"] });
|
||||
diff --git a/pkg/users/utils.js b/pkg/users/utils.js
|
||||
index a3837ef3c..b28c6188e 100644
|
||||
--- a/pkg/users/utils.js
|
||||
+++ b/pkg/users/utils.js
|
||||
@@ -12,3 +12,17 @@ export const get_locked = name =>
|
||||
console.warn(`Failed to obtain account lock information for ${name}`, exc);
|
||||
}
|
||||
});
|
||||
+
|
||||
+export async function getUtmpPath() {
|
||||
+ try {
|
||||
+ await cockpit.spawn(["test", "-e", "/var/run/utmp"], { err: "ignore" });
|
||||
+ return "/var/run/utmp";
|
||||
+ } catch (err1) {
|
||||
+ try {
|
||||
+ await cockpit.spawn(["test", "-e", "/var/lib/wtmpdb/wtmp.db"], { err: "ignore" });
|
||||
+ return "/var/lib/wtmpdb/wtmp.db";
|
||||
+ } catch (err2) {
|
||||
+ return null;
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
--
|
||||
2.45.1
|
||||
|
10
0006-totp-motd.patch
Normal file
10
0006-totp-motd.patch
Normal file
@ -0,0 +1,10 @@
|
||||
--- a/src/systemd/inactive.issue
|
||||
+++ b/src/systemd/inactive.issue
|
||||
@@ -1,2 +1,7 @@
|
||||
Activate the web console with: systemctl enable --now cockpit.socket
|
||||
|
||||
+Note: Cockpit disallows root login by default.
|
||||
+To create a regular user and optionally enable 2FA run both:
|
||||
+
|
||||
+jeos-config user
|
||||
+jeos-config otp
|
@ -0,0 +1,57 @@
|
||||
From 730d204ff5a1f0382c3edffe51ce62c890cf86f2 Mon Sep 17 00:00:00 2001
|
||||
From: Alice Brooks <alice.brooks@suse.com>
|
||||
Date: Thu, 30 Jan 2025 10:45:46 +0000
|
||||
Subject: [PATCH 1/1] Remove DynamicUser setting as these conflict with real
|
||||
users
|
||||
|
||||
Real users are having to be created due to Leap15.6's nsswitch not
|
||||
containing systemd, so dynamic users cannot be resolved inter
|
||||
service due to this we must manually create the users postinstall
|
||||
---
|
||||
src/systemd/cockpit-wsinstance-http.service.in | 2 +-
|
||||
src/systemd/cockpit-wsinstance-https@.service.in | 2 +-
|
||||
src/systemd/cockpit.service.in | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/systemd/cockpit-wsinstance-http.service.in b/src/systemd/cockpit-wsinstance-http.service.in
|
||||
index 539b90345..17ab21df1 100644
|
||||
--- a/src/systemd/cockpit-wsinstance-http.service.in
|
||||
+++ b/src/systemd/cockpit-wsinstance-http.service.in
|
||||
@@ -7,7 +7,7 @@ After=cockpit-session.socket
|
||||
|
||||
[Service]
|
||||
ExecStart=@libexecdir@/cockpit-ws --no-tls --port=0
|
||||
-DynamicUser=yes
|
||||
+DynamicUser=no
|
||||
Group=cockpit-session-socket
|
||||
|
||||
PrivateDevices=yes
|
||||
diff --git a/src/systemd/cockpit-wsinstance-https@.service.in b/src/systemd/cockpit-wsinstance-https@.service.in
|
||||
index f66c9f874..db53247c0 100644
|
||||
--- a/src/systemd/cockpit-wsinstance-https@.service.in
|
||||
+++ b/src/systemd/cockpit-wsinstance-https@.service.in
|
||||
@@ -8,7 +8,7 @@ After=cockpit-session.socket
|
||||
[Service]
|
||||
Slice=system-cockpithttps.slice
|
||||
ExecStart=@libexecdir@/cockpit-ws --for-tls-proxy --port=0
|
||||
-DynamicUser=yes
|
||||
+DynamicUser=no
|
||||
Group=cockpit-session-socket
|
||||
|
||||
PrivateDevices=yes
|
||||
diff --git a/src/systemd/cockpit.service.in b/src/systemd/cockpit.service.in
|
||||
index 97adda221..ec50118aa 100644
|
||||
--- a/src/systemd/cockpit.service.in
|
||||
+++ b/src/systemd/cockpit.service.in
|
||||
@@ -10,7 +10,7 @@ After=cockpit-wsinstance-http.socket cockpit-wsinstance-https-factory.socket
|
||||
RuntimeDirectory=cockpit/tls
|
||||
ExecStartPre=+@libexecdir@/cockpit-certificate-ensure --for-cockpit-tls
|
||||
ExecStart=@libexecdir@/cockpit-tls
|
||||
-DynamicUser=yes
|
||||
+DynamicUser=no
|
||||
# otherwise systemd uses 'cockpit' even if it exists as a normal user account
|
||||
User=cockpit-systemd-service
|
||||
Group=cockpit-wsinstance-socket
|
||||
--
|
||||
2.48.1
|
||||
|
@ -3,7 +3,7 @@ contain information we need though, such as the bundled node
|
||||
modules. Therefore the package reuses the upstream spec file and
|
||||
applies openSUSE specifics that upstream doesn't accept on top. For
|
||||
that purpose a git repo tracks the spec file changes:
|
||||
https://github.com/lnussel/cockpit
|
||||
https://github.com/openSUSE/cockpit
|
||||
|
||||
There' an opensuse-$VERSION branch for each release
|
||||
|
||||
@ -33,6 +33,9 @@ version:
|
||||
into the git tree and commit there. Amend and reorder as needed.
|
||||
- When done, push the git repo.
|
||||
|
||||
Updates are now mostly automated with the update_version.sh script.
|
||||
You still need to follow last 3 steps manually.
|
||||
|
||||
Sending fixes upstream:
|
||||
|
||||
if you have any changes that should go upstream, create a new, clean
|
||||
|
25
_service
25
_service
@ -1,32 +1,7 @@
|
||||
<services>
|
||||
<service name="obs_scm" mode="manual">
|
||||
<param name="url">https://github.com/dgdavid/cockpit-suse-theme.git</param>
|
||||
<param name="versionformat"></param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">main</param>
|
||||
</service>
|
||||
<service mode="buildtime" name="tar">
|
||||
<param name="obsinfo">cockpit-suse-theme.obsinfo</param>
|
||||
<!-- On SLE15.4 extra '-' gets added to the filename so we need to
|
||||
define the name explicitly -->
|
||||
<param name="filename">cockpit-suse-theme</param>
|
||||
</service>
|
||||
<service name="obs_scm" mode="manual">
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="url">https://github.com/cockpit-project/cockpit.git/</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">316</param>
|
||||
<param name="submodules">disable</param>
|
||||
</service>
|
||||
<service name="node_modules" mode="manual">
|
||||
<param name="cpio">node_modules.obscpio</param>
|
||||
<param name="output">node_modules.spec.inc</param>
|
||||
<param name="source-offset">1000</param>
|
||||
</service>
|
||||
<service mode="buildtime" name="tar">
|
||||
<param name="obsinfo">cockpit.obsinfo</param>
|
||||
</service>
|
||||
<service mode="buildtime" name="set_version">
|
||||
<param name="basename">cockpit</param>
|
||||
</service>
|
||||
</services>
|
||||
|
BIN
cockpit-316.obscpio
(Stored with Git LFS)
BIN
cockpit-316.obscpio
(Stored with Git LFS)
Binary file not shown.
BIN
cockpit-332.tar.gz
(Stored with Git LFS)
Normal file
BIN
cockpit-332.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
10
cockpit-no-pamoath.pam
Normal file
10
cockpit-no-pamoath.pam
Normal file
@ -0,0 +1,10 @@
|
||||
#%PAM-1.0
|
||||
auth substack common-auth
|
||||
# List of users to deny access to Cockpit, by default root is included.
|
||||
auth required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
|
||||
account required pam_nologin.so
|
||||
account include common-account
|
||||
password include common-password
|
||||
session required pam_loginuid.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include common-session
|
BIN
cockpit-suse-theme.obscpio
(Stored with Git LFS)
BIN
cockpit-suse-theme.obscpio
(Stored with Git LFS)
Binary file not shown.
BIN
cockpit-suse-theme.tar
(Stored with Git LFS)
Normal file
BIN
cockpit-suse-theme.tar
(Stored with Git LFS)
Normal file
Binary file not shown.
148
cockpit.changes
148
cockpit.changes
@ -1,3 +1,151 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 7 09:24:33 UTC 2025 - Alice Brooks <alice.brooks@suse.com>
|
||||
|
||||
- Update to 332
|
||||
- Updated naming convention for motd to issue and relevant patches
|
||||
- Correct provides for dynamic users
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 30 12:59:34 UTC 2025 - Alice Brooks <alice.brooks@suse.com>
|
||||
|
||||
- Remove 0005-cockpit-ws-user-remove-default-deps.patch
|
||||
- Fix dynamic users for 330 since systemd isn't included in the
|
||||
nsswitch.conf
|
||||
- Tidy up pam_oath removal for leap
|
||||
- Ship a new pam file since Leap15 doesn't have pam_oath
|
||||
- Don't change motd if we don't have pam_oath
|
||||
- Properly fix pidfd_getpid
|
||||
- This can be dropped once we update again as it's been upstreamed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 6 06:32:31 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
|
||||
|
||||
- Update to 330
|
||||
- Web server: Increased sandboxing, setuid removal, bootc support
|
||||
- Development: New install mode using systemd-sysext
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 25 06:18:44 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
|
||||
|
||||
- update to 329.1:
|
||||
- cockpit.js: Put back cockpit.{resolve,reject}() to fix subscription-manager-cockpit
|
||||
- Past updates:
|
||||
* 329
|
||||
- Shell: Extra warnings when connecting to remote hosts
|
||||
* 328:
|
||||
- Bug fixes and performance improvements
|
||||
* 327:
|
||||
- Connect to similar servers without Cockpit installed
|
||||
* 326:
|
||||
- cockpit-pcp package is now obsolete
|
||||
- cockpit/ws container: Connect to servers without installed Cockpit
|
||||
- cockpit/ws container: Support host specific SSH keys
|
||||
- Storage: Support for Stratis filesystem sizes and limits
|
||||
* 325:
|
||||
- client: Properly handle unknown SSH host keys
|
||||
* 324:
|
||||
- Bug fixes and performance improvements
|
||||
* 323.1:
|
||||
- Translation updates
|
||||
* 323:
|
||||
- login: Prevent multiple logins in a single browser session
|
||||
- Update documentation links
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 9 12:14:14 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
|
||||
|
||||
- suse_docs.patch: update documentation to point at new links (bsc#1226050)
|
||||
- remove_rh_links.patch: remove additional hardcoded RH refs (bsc#1221336)
|
||||
- hide-pcp.patch: correct patch to properly disable pcp on micro
|
||||
(bsc#1226049)
|
||||
- suse-microos-branding.patch: use suse ID as branding instead of sle-micro
|
||||
(bsc#1227441)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 30 07:08:12 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
|
||||
|
||||
- add 0006-totp-motd.patch for guidance to enabling totp to the mtod
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 18 12:37:18 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
|
||||
|
||||
- support optional TOTP for authentication, requires pam_oath
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 20 13:24:06 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
||||
|
||||
- remove requires on pam_oath completely. It will be re-introduced
|
||||
later when it works with optional enrollment
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 20 11:44:33 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
|
||||
|
||||
- add 0005-cockpit-ws-user-remove-default-deps.patch (bsc#1229146)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 12 13:47:26 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
|
||||
|
||||
- new version 322:
|
||||
* shell: Deprecate host switcher
|
||||
* files: Permissions column in details view
|
||||
- suse_docs.patch: refreshed
|
||||
|
||||
For details, see https://cockpit-project.org/blog/cockpit-322.html
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 8 12:21:51 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
|
||||
|
||||
- revert load pam_oath, because it enforces the file for otp secrets to exist,
|
||||
will try again once pam_oath can have that optional
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 7 20:25:34 UTC 2024 - Herbert Graeber <herbert@graeber-clan.de>
|
||||
|
||||
- fix-libexecdir.patch: Fix libexecdir for leap and sle (bsc#1223533)
|
||||
- Fix systemd units folder for leap and sle (bsc#1226541)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Aug 7 09:37:00 UTC 2024 - pallas wept <pallaswept@proton.me>
|
||||
|
||||
- Recommend cockpit-packagekit if zypper is installed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 7 09:36:58 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
|
||||
|
||||
- load pam_oath for optional TOTP for authentication
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 31 08:23:43 UTC 2024 - Adam Majer <adam.majer@suse.de>
|
||||
|
||||
- new version 321:
|
||||
* Bug fixes and performance improvements
|
||||
|
||||
- vendor.tar.gz: dropped. Bundling now part of main tarball.
|
||||
- update_version.sh: use instead of `osc service mr` to do version
|
||||
updates. updated README.packaging
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 3 13:31:38 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
|
||||
|
||||
- new version 320:
|
||||
* pam-ssh-add: Fix insecure killing of session ssh-agent
|
||||
(bsc#1226040, CVE-2024-6126)
|
||||
|
||||
- changes in older versions:
|
||||
* Storage: Btrfs snapshots
|
||||
* Podman: Add image pull action
|
||||
* Files: Bookmark support
|
||||
* webserver: System user changes
|
||||
* Metrics: Grafana setup now prefers Valkey
|
||||
|
||||
- 0001-users-Support-for-watching-lastlog2.patch,
|
||||
0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch
|
||||
removed, upstreamed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 3 10:26:08 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
|
||||
|
||||
- fix suse_docs.patch causing invalid json against the storaged manifest bsc#1227299
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 13 11:02:10 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
name: cockpit
|
||||
version: 316
|
||||
mtime: 1714038358
|
||||
commit: 3a998b015807a33762fe40572665ea8a9a6481f4
|
||||
version: 320
|
||||
mtime: 1720008589
|
||||
commit: 08965365ac311f906a520cbf65427742d5f84ba4
|
||||
|
@ -8,3 +8,4 @@ password include common-password
|
||||
session required pam_loginuid.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include common-session
|
||||
auth [user_unknown=ignore success=ok] pam_oath.so usersfile=${HOME}/.pam_oath_usersfile no_usersfile_okay window=20 digits=6
|
||||
|
330
cockpit.spec
330
cockpit.spec
@ -12,7 +12,7 @@
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public License
|
||||
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
|
||||
# along with Cockpit; If not, see <https://www.gnu.org/licenses/>.
|
||||
#
|
||||
|
||||
#
|
||||
@ -50,13 +50,14 @@ Summary: Web Console for Linux servers
|
||||
License: LGPL-2.1-or-later
|
||||
URL: https://cockpit-project.org/
|
||||
|
||||
Version: 316
|
||||
Version: 332
|
||||
Release: 0
|
||||
Source0: cockpit-%{version}.tar
|
||||
Source0: cockpit-%{version}.tar.gz
|
||||
Source1: cockpit.pam
|
||||
Source2: cockpit-rpmlintrc
|
||||
Source3: cockpit-suse-theme.tar
|
||||
Source10: vendor.tar.gz
|
||||
Source4: cockpit-no-pamoath.pam
|
||||
Source10: update_version.sh
|
||||
Source99: README.packaging
|
||||
Source98: package-lock.json
|
||||
Source97: node_modules.spec.inc
|
||||
@ -66,14 +67,17 @@ Patch2: suse_docs.patch
|
||||
Patch3: suse-microos-branding.patch
|
||||
Patch4: css-overrides.patch
|
||||
Patch5: storage-btrfs.patch
|
||||
Patch6: 0001-users-Support-for-watching-lastlog2.patch
|
||||
Patch7: 0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch
|
||||
# SLE Micro specific patches
|
||||
Patch101: hide-pcp.patch
|
||||
Patch102: 0002-selinux-temporary-remove-setroubleshoot-section.patch
|
||||
Patch107: 0006-totp-motd.patch
|
||||
Patch108: 0007-Remove-DynamicUser-setting-as-these-conflict-with-re.patch
|
||||
# For anything based on SLES 15 codebase (including Leap, SLE Micro)
|
||||
Patch103: 0004-leap-gnu18-removal.patch
|
||||
Patch104: selinux_libdir.patch
|
||||
Patch105: fix-libexecdir.patch
|
||||
|
||||
Patch201: remove_rh_links.patch
|
||||
|
||||
%define build_all 1
|
||||
%if 0%{?rhel} == 8 && 0%{?epel} == 0 && !0%{?build_all}
|
||||
@ -94,13 +98,23 @@ Patch104: selinux_libdir.patch
|
||||
%if 0%{?build_optional} && 0%{?suse_version} == 0
|
||||
%define build_tests 1
|
||||
%endif
|
||||
# pcp stopped building on ix86
|
||||
%define build_pcp 1
|
||||
%if 0%{?fedora} >= 40 || 0%{?rhel} >= 10 || 0%{?suse_version} > 1500
|
||||
%ifarch %ix86
|
||||
%define build_pcp 0
|
||||
|
||||
# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH.
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 8
|
||||
%define disallow_root 0
|
||||
%else
|
||||
%define disallow_root 1
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 41 || 0%{?rhel}
|
||||
ExcludeArch: %{ix86}
|
||||
%endif
|
||||
|
||||
%define enable_multihost 1
|
||||
%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10
|
||||
%define enable_multihost 0
|
||||
%endif
|
||||
|
||||
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1500
|
||||
# Ship custom SELinux policy
|
||||
%define selinuxtype targeted
|
||||
@ -121,7 +135,6 @@ BuildRequires: make
|
||||
BuildRequires: /usr/bin/python3
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: gettext >= 0.21
|
||||
BuildRequires: libssh-devel >= 0.8.5
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: gnutls-devel >= 3.4.3
|
||||
BuildRequires: zlib-devel
|
||||
@ -135,21 +148,12 @@ BuildRequires: glib2-devel >= 2.50.0
|
||||
BuildRequires: pkgconfig(libsystemd) >= 235
|
||||
%if 0%{?suse_version}
|
||||
BuildRequires: distribution-release
|
||||
%if %{build_pcp}
|
||||
BuildRequires: libpcp-devel
|
||||
BuildRequires: pcp-devel
|
||||
BuildRequires: libpcp3
|
||||
BuildRequires: libpcp_import1
|
||||
%endif
|
||||
BuildRequires: openssh
|
||||
BuildRequires: distribution-logos
|
||||
BuildRequires: wallpaper-branding
|
||||
# needed for /var/lib/pcp directory ownership
|
||||
BuildRequires: pcp
|
||||
%else
|
||||
%if %{build_pcp}
|
||||
BuildRequires: pcp-libs-devel
|
||||
%endif
|
||||
BuildRequires: openssh-clients
|
||||
BuildRequires: docbook-style-xsl
|
||||
%endif
|
||||
@ -179,8 +183,8 @@ Requires: cockpit-system
|
||||
|
||||
# Optional components
|
||||
Recommends: (cockpit-storaged if udisks2)
|
||||
Recommends: (cockpit-packagekit if dnf)
|
||||
Suggests: cockpit-pcp
|
||||
Recommends: (cockpit-packagekit if (dnf or zypper))
|
||||
Suggests: python3-pcp
|
||||
|
||||
%if 0%{?rhel} == 0
|
||||
Recommends: (cockpit-networkmanager if NetworkManager)
|
||||
@ -197,11 +201,8 @@ BuildRequires: python3-pip
|
||||
%if 0%{?rhel} == 0 && !0%{?suse_version}
|
||||
# All of these are only required for running pytest (which we only do on Fedora)
|
||||
BuildRequires: procps-ng
|
||||
BuildRequires: pyproject-rpm-macros
|
||||
BuildRequires: python3-pytest-asyncio
|
||||
BuildRequires: python3-pytest-cov
|
||||
BuildRequires: python3-pytest-timeout
|
||||
BuildRequires: python3-tox-current-env
|
||||
%endif
|
||||
|
||||
%prep
|
||||
@ -211,12 +212,12 @@ BuildRequires: python3-tox-current-env
|
||||
%patch -P 3 -p1
|
||||
%patch -P 4 -p1
|
||||
%patch -P 5 -p1
|
||||
%patch -P 6 -p1
|
||||
%patch -P 7 -p1
|
||||
|
||||
|
||||
# SLE Micro specific patches
|
||||
%if 0%{?is_smo}
|
||||
%patch -P 101 -p1
|
||||
%patch -P 107 -p1
|
||||
# Patches for versions lower then SLE Micro 5.5
|
||||
%if 0%{?sle_version} < 150500
|
||||
%patch -P 102 -p1
|
||||
@ -225,14 +226,22 @@ BuildRequires: python3-tox-current-env
|
||||
# For anything based on SLES 15 codebase (including Leap, SLEM)
|
||||
%if 0%{?suse_version} == 1500
|
||||
%patch -P 103 -p1
|
||||
%patch -P 104 -p0
|
||||
%patch -P 104 -p1
|
||||
%patch -P 105 -p1
|
||||
%patch -P 108 -p1
|
||||
%else
|
||||
%patch -P 107 -p1
|
||||
%endif
|
||||
|
||||
%patch -P 201 -p1
|
||||
|
||||
%if 0%{?suse_version} > 1500
|
||||
cp %SOURCE1 tools/cockpit.pam
|
||||
%else
|
||||
cp %SOURCE4 tools/cockpit.pam
|
||||
%endif
|
||||
#
|
||||
rm -rf node_modules package-lock.json
|
||||
local-npm-registry %{_sourcedir} install --also=dev --legacy-peer-deps
|
||||
cd vendor; tar zxfO %SOURCE10 | tar xvi; cd ..
|
||||
local-npm-registry %{_sourcedir} install --include=dev --ignore-scripts
|
||||
|
||||
%build
|
||||
find node_modules -name \*.node -print -delete
|
||||
@ -245,15 +254,13 @@ autoreconf -fvi -I tools
|
||||
#
|
||||
%configure \
|
||||
%{?selinux_configure_arg} \
|
||||
--with-cockpit-user=cockpit-ws \
|
||||
--with-cockpit-ws-instance-user=cockpit-wsinstance \
|
||||
%if 0%{?suse_version}
|
||||
--docdir=%_defaultdocdir/%{name} \
|
||||
--libexecdir=%_libexecdir \
|
||||
%endif
|
||||
--with-pamdir='%{pamdir}' \
|
||||
%if %{build_pcp} == 0
|
||||
--disable-pcp \
|
||||
%if %{enable_multihost}
|
||||
--enable-multihost \
|
||||
%endif
|
||||
|
||||
%if 0%{?with_selinux}
|
||||
@ -301,6 +308,11 @@ cp src/fonts.css %{buildroot}%{_datadir}/cockpit/branding/suse
|
||||
cp -a src/fonts %{buildroot}%{_datadir}/cockpit/branding/suse
|
||||
popd
|
||||
|
||||
%if 0%{?suse_version} == 1500
|
||||
sed -i -e 's#"/lib/systemd/system#"%{_unitdir}#' \
|
||||
%{buildroot}%{_datadir}/cockpit/packagekit/manifest.json
|
||||
%endif
|
||||
|
||||
# Build the package lists for resource packages
|
||||
# cockpit-bridge is the basic dependency for all cockpit-* packages, so centrally own the page directory
|
||||
echo '%dir %{_datadir}/cockpit' > base.list
|
||||
@ -308,57 +320,6 @@ echo '%dir %{_datadir}/cockpit/base1' >> base.list
|
||||
find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list
|
||||
echo '%{_sysconfdir}/cockpit/machines.d' >> base.list
|
||||
echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list
|
||||
echo '%{_libexecdir}/cockpit-ssh' >> base.list
|
||||
|
||||
%if %{build_pcp}
|
||||
echo '%dir %{_datadir}/cockpit/pcp' > pcp.list
|
||||
find %{buildroot}%{_datadir}/cockpit/pcp -type f >> pcp.list
|
||||
%endif
|
||||
|
||||
# when not building basic packages, remove their files
|
||||
%if 0%{?build_basic} == 0
|
||||
for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do
|
||||
rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
|
||||
rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
|
||||
done
|
||||
for data in doc man pixmaps polkit-1; do
|
||||
rm -r %{buildroot}/%{_datadir}/$data
|
||||
done
|
||||
rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
|
||||
find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete
|
||||
for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
|
||||
rm -f %{buildroot}/%{_libexecdir}/$libexec
|
||||
done
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
|
||||
%if 0%{?suse_version} > 1500
|
||||
rm -rf %{buildroot}/%{_pam_vendordir}
|
||||
%else
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/pam.d
|
||||
%endif
|
||||
rm -f %{buildroot}/%{_libdir}/security/pam_*
|
||||
rm -f %{buildroot}/usr/bin/cockpit-bridge
|
||||
rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
|
||||
rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
|
||||
rm -rf %{buildroot}%{python3_sitelib}/cockpit*
|
||||
%endif
|
||||
|
||||
# when not building optional packages, remove their files
|
||||
%if 0%{?build_optional} == 0
|
||||
for pkg in apps packagekit pcp playground storaged; do
|
||||
rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
|
||||
done
|
||||
# files from -pcp
|
||||
rm -rf %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/
|
||||
# files from -storaged
|
||||
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
|
||||
%endif
|
||||
|
||||
%if 0%{?build_tests} == 0
|
||||
rm -rf %{buildroot}%{_datadir}/cockpit/playground
|
||||
rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
|
||||
rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket
|
||||
rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service
|
||||
%endif
|
||||
|
||||
echo '%dir %{_datadir}/cockpit/shell' >> system.list
|
||||
find %{buildroot}%{_datadir}/cockpit/shell -type f >> system.list
|
||||
@ -393,30 +354,69 @@ find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list
|
||||
echo '%dir %{_datadir}/cockpit/selinux' > selinux.list
|
||||
find %{buildroot}%{_datadir}/cockpit/selinux -type f >> selinux.list
|
||||
|
||||
# echo '%dir %{_datadir}/cockpit/playground' > tests.list
|
||||
# find %{buildroot}%{_datadir}/cockpit/playground -type f >> tests.list
|
||||
|
||||
echo '%dir %{_datadir}/cockpit/static' > static.list
|
||||
echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list
|
||||
find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list
|
||||
|
||||
# when not building basic packages, remove their files
|
||||
%if 0%{?build_basic} == 0
|
||||
for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do
|
||||
rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
|
||||
rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
|
||||
done
|
||||
for data in doc man pixmaps polkit-1; do
|
||||
rm -r %{buildroot}/%{_datadir}/$data
|
||||
done
|
||||
rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
|
||||
for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
|
||||
rm -f %{buildroot}/%{_libexecdir}/$libexec
|
||||
done
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
|
||||
%if 0%{?suse_version} > 1500
|
||||
rm -rf %{buildroot}/%{_pam_vendordir}
|
||||
%else
|
||||
rm -rf %{buildroot}/%{_sysconfdir}/pam.d
|
||||
%endif
|
||||
rm -f %{buildroot}/%{_libdir}/security/pam_*
|
||||
rm -f %{buildroot}/usr/bin/cockpit-bridge
|
||||
rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
|
||||
rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
|
||||
rm -rf %{buildroot}%{python3_sitelib}/cockpit*
|
||||
%endif
|
||||
|
||||
# when not building optional packages, remove their files
|
||||
%if 0%{?build_optional} == 0
|
||||
for pkg in apps packagekit playground storaged; do
|
||||
rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
|
||||
done
|
||||
# files from -storaged
|
||||
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
|
||||
%endif
|
||||
|
||||
%if 0%{?build_tests} == 0
|
||||
rm -rf %{buildroot}%{_datadir}/cockpit/playground
|
||||
rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
|
||||
%endif
|
||||
|
||||
sed -i "s|%{buildroot}||" *.list
|
||||
|
||||
%if 0%{?suse_version}
|
||||
# remove brandings with stale symlinks. Means they don't match
|
||||
# the distro.
|
||||
pushd %{buildroot}/%{_datadir}/cockpit/branding
|
||||
ls --hide={default,kubernetes,opensuse,registry,sle-micro,suse} | xargs rm -rv
|
||||
ls --hide={default,kubernetes,opensuse,registry,suse} | xargs rm -rv
|
||||
popd
|
||||
# need this in SUSE as post build checks dislike stale symlinks
|
||||
install -m 644 -D /dev/null %{buildroot}/run/cockpit/motd
|
||||
install -m 644 -D /dev/null %{buildroot}/run/cockpit/issue
|
||||
|
||||
test -e %{buildroot}/usr/share/cockpit/branding/opensuse/default-1920x1200.jpg || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/opensuse/default-1920x1200.jpg
|
||||
test -e %{buildroot}/usr/share/cockpit/branding/sle-micro/apple-touch-icon.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/sle-micro/apple-touch-icon.png
|
||||
test -e %{buildroot}/usr/share/cockpit/branding/sle-micro/default-1920x1200.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/sle-micro/default-1920x1200.png
|
||||
test -e %{buildroot}/usr/share/cockpit/branding/suse/apple-touch-icon.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/suse/apple-touch-icon.png
|
||||
test -e %{buildroot}/usr/share/cockpit/branding/suse/default-1920x1200.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/suse/default-1920x1200.png
|
||||
|
||||
# remove files of not installable packages
|
||||
rm -r %{buildroot}%{_datadir}/cockpit/sosreport
|
||||
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml
|
||||
rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png
|
||||
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit_project.cockpit_sosreport.metainfo.xml
|
||||
rm -f %{buildroot}%{_datadir}/icons/hicolor/64x64/apps/cockpit-sosreport.png
|
||||
%else
|
||||
%global _debugsource_packages 1
|
||||
%global _debuginfo_subpackages 0
|
||||
@ -454,22 +454,16 @@ troubleshooting, interactive command-line sessions, and more.
|
||||
%{_docdir}/cockpit/AUTHORS
|
||||
%{_docdir}/cockpit/COPYING
|
||||
%{_docdir}/cockpit/README.md
|
||||
%{_datadir}/metainfo/cockpit.appdata.xml
|
||||
%{_datadir}/pixmaps/cockpit.png
|
||||
%{_datadir}/metainfo/org.cockpit_project.cockpit.appdata.xml
|
||||
%dir %{_datadir}/icons/hicolor/128x128/apps
|
||||
%dir %{_datadir}/icons/hicolor/128x128
|
||||
%dir %{_datadir}/icons/hicolor
|
||||
%{_datadir}/icons/hicolor/128x128/apps/cockpit.png
|
||||
%doc %{_mandir}/man1/cockpit.1.gz
|
||||
|
||||
|
||||
%package bridge
|
||||
Summary: Cockpit bridge server-side component
|
||||
Requires: glib-networking
|
||||
Provides: cockpit-ssh = %{version}-%{release}
|
||||
# 233 dropped jquery.js, pages started to bundle it (commit 049e8b8dce)
|
||||
Conflicts: cockpit-dashboard < 233
|
||||
Conflicts: cockpit-networkmanager < 233
|
||||
Conflicts: cockpit-storaged < 233
|
||||
Conflicts: cockpit-system < 233
|
||||
Conflicts: cockpit-tests < 233
|
||||
Conflicts: cockpit-docker < 233
|
||||
|
||||
%description bridge
|
||||
The Cockpit bridge component installed server side and runs commands on the
|
||||
@ -504,26 +498,28 @@ Requires: cockpit-bridge >= %{version}-%{release}
|
||||
Requires: shadow-utils
|
||||
%endif
|
||||
Requires: grep
|
||||
Requires: jeos-firstboot
|
||||
Requires: /usr/bin/pwscore
|
||||
Requires: /usr/bin/date
|
||||
Provides: cockpit-shell = %{version}-%{release}
|
||||
Provides: cockpit-systemd = %{version}-%{release}
|
||||
Provides: cockpit-tuned = %{version}-%{release}
|
||||
Provides: cockpit-users = %{version}-%{release}
|
||||
Obsoletes: cockpit-dashboard < %{version}-%{release}
|
||||
%if 0%{?rhel}
|
||||
Requires: NetworkManager >= 1.6
|
||||
Requires: kexec-tools
|
||||
Requires: sos
|
||||
Requires: sudo
|
||||
Recommends: PackageKit
|
||||
Recommends: setroubleshoot-server >= 3.3.3
|
||||
Recommends: kexec-tools
|
||||
Suggests: NetworkManager-team
|
||||
Suggests: python3-pcp
|
||||
Provides: cockpit-kdump = %{version}-%{release}
|
||||
Provides: cockpit-networkmanager = %{version}-%{release}
|
||||
Provides: cockpit-selinux = %{version}-%{release}
|
||||
Provides: cockpit-sosreport = %{version}-%{release}
|
||||
%endif
|
||||
Obsoletes: cockpit-tests < %{version}
|
||||
%if 0%{?fedora}
|
||||
Recommends: (reportd if abrt)
|
||||
%endif
|
||||
@ -548,18 +544,23 @@ Requires(post): (policycoreutils if selinux-policy-%{selinuxtype})
|
||||
Conflicts: firewalld < 0.6.0-1
|
||||
Recommends: sscg >= 2.3
|
||||
Recommends: system-logos
|
||||
Suggests: sssd-dbus >= 2.6.2
|
||||
Suggests: sssd-dbus
|
||||
%if 0%{?suse_version}
|
||||
Requires(pre): permissions
|
||||
Requires: distribution-logos
|
||||
%if 0%{?suse_version} > 1500
|
||||
Requires: pam_oath >= 2.6.11.12
|
||||
%endif
|
||||
Requires: wallpaper-branding
|
||||
%endif
|
||||
# for cockpit-desktop
|
||||
Suggests: python3
|
||||
Provides: group(cockpit-ws)
|
||||
Provides: group(cockpit-wsinstance)
|
||||
Provides: user(cockpit-ws)
|
||||
Provides: user(cockpit-wsinstance)
|
||||
Obsoletes: cockpit-tests < 331
|
||||
Provides: group(cockpit-wsinstance-socket)
|
||||
Provides: group(cockpit-session-socket)
|
||||
Provides: user(cockpit-wsinstance-socket)
|
||||
Provides: user(cockpit-session-socket)
|
||||
Provides: user(cockpit-systemd-service)
|
||||
|
||||
# prevent hard python3 dependency for cockpit-desktop, it falls back to other browsers
|
||||
%global __requires_exclude_from ^%{_libexecdir}/cockpit-client$
|
||||
@ -590,21 +591,25 @@ authentication via sssd/FreeIPA.
|
||||
%ghost %{_sysconfdir}/motd.d/cockpit
|
||||
%ghost %attr(0644, root, root) %{_sysconfdir}/cockpit/disallowed-users
|
||||
%ghost %dir /run/cockpit
|
||||
%ghost /run/cockpit/motd
|
||||
%dir %{_datadir}/cockpit/motd
|
||||
%{_datadir}/cockpit/motd/update-motd
|
||||
%{_datadir}/cockpit/motd/inactive.motd
|
||||
%ghost /run/cockpit/issue
|
||||
%dir %{_datadir}/cockpit/issue
|
||||
%{_datadir}/cockpit/issue/update-issue
|
||||
%{_datadir}/cockpit/issue/inactive.issue
|
||||
%{_unitdir}/cockpit.service
|
||||
%{_unitdir}/cockpit-motd.service
|
||||
%{_unitdir}/cockpit-issue.service
|
||||
%{_unitdir}/cockpit.socket
|
||||
%{_unitdir}/cockpit-session-socket-user.service
|
||||
%{_unitdir}/cockpit-session.socket
|
||||
%{_unitdir}/cockpit-session@.service
|
||||
%{_unitdir}/cockpit-wsinstance-http.socket
|
||||
%{_unitdir}/cockpit-wsinstance-http.service
|
||||
%{_unitdir}/cockpit-wsinstance-https-factory.socket
|
||||
%{_unitdir}/cockpit-wsinstance-https-factory@.service
|
||||
%{_unitdir}/cockpit-wsinstance-https@.socket
|
||||
%{_unitdir}/cockpit-wsinstance-https@.service
|
||||
%{_unitdir}/cockpit-wsinstance-socket-user.service
|
||||
%{_unitdir}/system-cockpithttps.slice
|
||||
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf
|
||||
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-ws.conf
|
||||
%{pamdir}/pam_ssh_add.so
|
||||
%{pamdir}/pam_cockpit_cert.so
|
||||
%{_libexecdir}/cockpit-ws
|
||||
@ -615,7 +620,7 @@ authentication via sssd/FreeIPA.
|
||||
%{_libexecdir}/cockpit-desktop
|
||||
%{_libexecdir}/cockpit-certificate-ensure
|
||||
%{_libexecdir}/cockpit-certificate-helper
|
||||
%{?suse_version:%verify(not mode) }%attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session
|
||||
%{?suse_version:%verify(not mode) }%attr(4750, root, cockpit-wsinstance-socket) %{_libexecdir}/cockpit-session
|
||||
%{_datadir}/cockpit/branding
|
||||
%if 0%{?with_selinux}
|
||||
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
|
||||
@ -625,10 +630,13 @@ authentication via sssd/FreeIPA.
|
||||
%endif
|
||||
|
||||
%pre ws
|
||||
getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws
|
||||
getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws
|
||||
getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance
|
||||
getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance
|
||||
# HACK: old RPM and even Fedora's current RPM don't properly support sysusers
|
||||
# https://github.com/rpm-software-management/rpm/issues/3073
|
||||
getent group cockpit-wsinstance-socket >/dev/null || groupadd -r cockpit-wsinstance-socket
|
||||
getent group cockpit-session-socket >/dev/null || groupadd -r cockpit-session-socket
|
||||
getent passwd cockpit-wsinstance-socket >/dev/null || useradd -r -g cockpit-wsinstance-socket -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance-socket
|
||||
getent passwd cockpit-session-socket >/dev/null || useradd -r -g cockpit-session-socket -d /nonexisting -s /sbin/nologin -c "User for cockpit-session instances" cockpit-session-socket
|
||||
getent passwd cockpit-systemd-service >/dev/null || useradd -r -g cockpit-wsinstance-socket -d /nonexisting -s /sbin/nologin -c "User for cockpit.service" cockpit-systemd-service
|
||||
|
||||
if %{_sbindir}/selinuxenabled 2>/dev/null; then
|
||||
%selinux_relabel_pre -s %{selinuxtype}
|
||||
@ -650,22 +658,31 @@ fi
|
||||
# disable root login on first-time install; so existing installations aren't changed
|
||||
if [ "$1" = 1 ]; then
|
||||
mkdir -p /etc/motd.d /etc/issue.d
|
||||
ln -s ../../run/cockpit/motd /etc/motd.d/cockpit
|
||||
ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue
|
||||
ln -s ../../run/cockpit/issue /etc/motd.d/cockpit
|
||||
ln -s ../../run/cockpit/issue /etc/issue.d/cockpit.issue
|
||||
printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
|
||||
printf "root\n" >> /etc/cockpit/disallowed-users
|
||||
chmod 644 /etc/cockpit/disallowed-users
|
||||
fi
|
||||
# switch old self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade
|
||||
|
||||
if [ "$1" = 2 ]; then
|
||||
# switch old self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade
|
||||
certfile=/etc/cockpit/ws-certs.d/0-self-signed.cert
|
||||
test -f $certfile && stat -c '%G' $certfile | grep -q cockpit-wsinstance && chgrp cockpit-ws $certfile
|
||||
|
||||
# on upgrades, adjust motd/issue links to changed target if they still exist (changed in 331)
|
||||
if [ "$(readlink /etc/motd.d/cockpit 2>/dev/null)" = "../../run/cockpit/motd" ]; then
|
||||
ln -sfn ../../run/cockpit/issue /etc/motd.d/cockpit
|
||||
fi
|
||||
if [ "$(readlink /etc/issue.d/cockpit.issue 2>/dev/null)" = "../../run/cockpit/motd" ]; then
|
||||
ln -sfn ../../run/cockpit/issue /etc/issue.d/cockpit.issue
|
||||
fi
|
||||
fi
|
||||
|
||||
%if 0%{?suse_version}
|
||||
%set_permissions %{_libexecdir}/cockpit-session
|
||||
%endif
|
||||
%tmpfiles_create cockpit-tempfiles.conf
|
||||
%tmpfiles_create cockpit-ws.conf
|
||||
%systemd_post cockpit.socket cockpit.service
|
||||
# firewalld only partially picks up changes to its services files without this
|
||||
test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
|
||||
@ -678,6 +695,11 @@ if test -f %{_sysconfdir}/pam.d/cockpit && grep -q pam_cockpit_cert %{_sysconfd
|
||||
echo '**** WARNING:'
|
||||
fi
|
||||
|
||||
# remove obsolete system user on upgrade (replaced with DynamicUser in version 330)
|
||||
if getent passwd cockpit-wsinstance >/dev/null; then
|
||||
userdel cockpit-wsinstance
|
||||
fi
|
||||
|
||||
%preun ws
|
||||
%systemd_preun cockpit.socket cockpit.service
|
||||
|
||||
@ -717,7 +739,7 @@ BuildArch: noarch
|
||||
The Cockpit component for configuring kernel crash dumping.
|
||||
|
||||
%files kdump -f kdump.list
|
||||
%{_datadir}/metainfo/org.cockpit-project.cockpit-kdump.metainfo.xml
|
||||
%{_datadir}/metainfo/org.cockpit_project.cockpit_kdump.metainfo.xml
|
||||
|
||||
%if !0%{?suse_version}
|
||||
%package sosreport
|
||||
@ -750,7 +772,7 @@ BuildArch: noarch
|
||||
The Cockpit component for managing networking. This package uses NetworkManager.
|
||||
|
||||
%files networkmanager -f networkmanager.list
|
||||
%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml
|
||||
%{_datadir}/metainfo/org.cockpit_project.cockpit_networkmanager.metainfo.xml
|
||||
|
||||
%endif
|
||||
|
||||
@ -772,7 +794,7 @@ This package contains the Cockpit user interface integration with the
|
||||
utility setroubleshoot to diagnose and resolve SELinux issues.
|
||||
|
||||
%files selinux -f selinux.list
|
||||
%{_datadir}/metainfo/org.cockpit-project.cockpit-selinux.metainfo.xml
|
||||
%{_datadir}/metainfo/org.cockpit_project.cockpit_selinux.metainfo.xml
|
||||
|
||||
%endif
|
||||
|
||||
@ -802,27 +824,13 @@ BuildArch: noarch
|
||||
The Cockpit component for managing storage. This package uses udisks.
|
||||
|
||||
%files -n cockpit-storaged -f storaged.list
|
||||
%{_datadir}/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
|
||||
%{_datadir}/metainfo/org.cockpit_project.cockpit_storaged.metainfo.xml
|
||||
|
||||
%if 0%{?build_tests}
|
||||
%package -n cockpit-tests
|
||||
Summary: Tests for Cockpit
|
||||
Requires: cockpit-bridge >= %{required_base}
|
||||
Requires: cockpit-system >= %{required_base}
|
||||
Requires: openssh-clients
|
||||
Provides: cockpit-test-assets = %{version}-%{release}
|
||||
|
||||
%description -n cockpit-tests
|
||||
This package contains tests and files used while testing Cockpit.
|
||||
These files are not required for running Cockpit.
|
||||
|
||||
%files -n cockpit-tests -f tests.list
|
||||
%{pamdir}/mock-pam-conv-mod.so
|
||||
%{_unitdir}/cockpit-session.socket
|
||||
%{_unitdir}/cockpit-session@.service
|
||||
|
||||
# /build_tests
|
||||
%endif
|
||||
%post storaged
|
||||
# version 332 moved the btrfs temp mounts db to /run
|
||||
if [ "$1" = 2 ] && [ -d /var/lib/cockpit/btrfs ]; then
|
||||
rm -rf --one-file-system /var/lib/cockpit/btrfs || true
|
||||
fi
|
||||
|
||||
%package devel
|
||||
Summary: Development files for for Cockpit
|
||||
@ -833,24 +841,6 @@ This package contains files used to develop cockpit modules
|
||||
%files devel
|
||||
%{_datadir}/cockpit/devel
|
||||
|
||||
%if %{build_pcp}
|
||||
%package -n cockpit-pcp
|
||||
Summary: Cockpit PCP integration
|
||||
Requires: cockpit-bridge >= %{required_base}
|
||||
Requires: pcp
|
||||
|
||||
%description -n cockpit-pcp
|
||||
Cockpit support for reading PCP metrics and loading PCP archives.
|
||||
|
||||
%files -n cockpit-pcp -f pcp.list
|
||||
%{_libexecdir}/cockpit-pcp
|
||||
%{_localstatedir}/lib/pcp/config/pmlogconf/tools/cockpit
|
||||
|
||||
%post -n cockpit-pcp
|
||||
systemctl reload-or-try-restart pmlogger
|
||||
|
||||
%endif
|
||||
|
||||
%package -n cockpit-packagekit
|
||||
Summary: Cockpit user interface for packages
|
||||
BuildArch: noarch
|
||||
|
@ -200,16 +200,16 @@ Index: cockpit/pkg/playground/test.html
|
||||
</head>
|
||||
Index: cockpit/pkg/shell/index.html
|
||||
===================================================================
|
||||
--- cockpit.orig/pkg/shell/index.html
|
||||
+++ cockpit/pkg/shell/index.html
|
||||
--- a/pkg/shell/index.html
|
||||
+++ b/pkg/shell/index.html
|
||||
@@ -6,6 +6,7 @@
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<link href="shell.css" rel="stylesheet" />
|
||||
<link href="../../static/branding.css" rel="stylesheet" />
|
||||
+ <link href="../../static/css-overrides.css" type="text/css" rel="stylesheet" />
|
||||
<script src="../base1/cockpit.js"></script>
|
||||
<script src="../manifests.js"></script>
|
||||
<!-- HACK: C bridge loads translations via glob and Python via manifest.js -->
|
||||
<script src="../manifests-i18n.js"></script>
|
||||
<script src="po.js"></script>
|
||||
Index: cockpit/pkg/shell/shell.html
|
||||
===================================================================
|
||||
--- cockpit.orig/pkg/shell/shell.html
|
||||
|
12
fix-libexecdir.patch
Normal file
12
fix-libexecdir.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up cockpit-320/src/cockpit/packages.py.org cockpit-320/src/cockpit/packages.py
|
||||
--- cockpit-320/src/cockpit/packages.py.org 2024-07-14 21:06:50.378400822 +0200
|
||||
+++ cockpit-320/src/cockpit/packages.py 2024-07-14 21:07:40.568245119 +0200
|
||||
@@ -127,7 +127,7 @@ def get_libexecdir() -> str:
|
||||
|
||||
This only works for systems which have cockpit-ws installed.
|
||||
"""
|
||||
- for candidate in ['/usr/local/libexec', '/usr/libexec', '/usr/local/lib/cockpit', '/usr/lib/cockpit']:
|
||||
+ for candidate in ['/usr/local/libexec', '/usr/libexec', '/usr/local/lib/cockpit', '/usr/lib/cockpit', '/usr/lib']:
|
||||
if os.path.exists(os.path.join(candidate, 'cockpit-askpass')):
|
||||
return candidate
|
||||
else:
|
@ -2,11 +2,33 @@ Index: cockpit/pkg/metrics/metrics.jsx
|
||||
===================================================================
|
||||
--- cockpit.orig/pkg/metrics/metrics.jsx
|
||||
+++ cockpit/pkg/metrics/metrics.jsx
|
||||
@@ -1551,6 +1551,7 @@ const PCPConfig = ({ buttonVariant, fire
|
||||
@@ -1565,6 +1565,7 @@ const PCPConfig = ({ buttonVariant, firewalldRequest, needsLogout, setNeedsLogou
|
||||
|
||||
return (
|
||||
<Button variant={buttonVariant} icon={<CogIcon />}
|
||||
+ className="pf-u-display-none"
|
||||
isDisabled={ invalidService(s_pmlogger) || invalidService(s_pmproxy) || invalidService(s_redis) || invalidService(s_redis_server) }
|
||||
isDisabled={ invalidService(s_pmlogger) || invalidService(s_pmproxy) ||
|
||||
invalidService(s_redis) || invalidService(s_redis_server) || invalidService(s_valkey) }
|
||||
onClick={show_dialog}>
|
||||
{ _("Metrics settings") }
|
||||
Index: cockpit-309/pkg/metrics/metrics.jsx
|
||||
===================================================================
|
||||
--- cockpit-309.orig/pkg/metrics/metrics.jsx
|
||||
+++ cockpit-309/pkg/metrics/metrics.jsx
|
||||
@@ -1824,7 +1825,8 |