Compare commits

...

45 Commits

Author SHA256 Message Date
d67dfe997f
Update spec file from upstream 2025-02-11 08:32:56 +00:00
d45695db40
Update cockpit.changes for 332 bump 2025-02-10 16:32:42 +00:00
3f4caddcfb
Update provides users and groups to match the dynamic user changes 2025-02-10 16:32:42 +00:00
fb3e20de48
Update cockpit to 332 2025-02-10 16:32:40 +00:00
a7208259fd
Fix botched suse_docs.patch, once patched this generated invalid json 2025-02-10 16:31:48 +00:00
60df37f09a
Update cockpit.changes to include this patchset 2025-02-10 16:31:48 +00:00
c82cf86531
Properly fix autoconf build issue on leap
This was due to a macro issue in autoconf, that lead to it
generating an invalid configure
2025-02-10 16:31:45 +00:00
a3f99f45a5
Revert "build without checking for pidfd_getpid on Leap 15.6"
This reverts commit 8a6c640ec42ddf0cde3ee26fbcf31156cc181960deae28b4059ccba18300476a.
2025-02-10 16:30:30 +00:00
3a4a663a28
Don't include pam_oath motd when we don't ship pam_oath 2025-02-10 16:29:34 +00:00
960cb1e375
Ship a new pam file, this is the same except it's pam_oath-less 2025-02-10 16:29:34 +00:00
49b4cd327d
Dynamic users are completely different on this version of cockpit
We need to do various changes to get these fixed since we don't
ship systemd in nsswitch.conf
2025-02-10 16:29:21 +00:00
3731b3ac8f
Remove 0005-cockpit-ws-user-remove-default-deps.patch as this is no
longer called
2025-01-30 10:21:16 +00:00
23892eda9a
don't move cockpit-session to tests. 2025-01-08 15:44:18 +05:30
3133ff6892
don't depend on pam_oauth on 15.6 2025-01-08 15:44:18 +05:30
8a6c640ec4
build without checking for pidfd_getpid on Leap 15.6 2024-12-13 13:14:51 +05:30
d26d5019d5
update to 330, fix suse_docs.patch 2024-12-09 13:38:45 +05:30
0f2e128911
update to 329.1 2024-12-03 12:14:18 +05:30
416aa9163d
Add various patches for slfo-1.1
- suse_docs.patch: update documentation to point at new links (bsc#1226050)
- remove_rh_links.patch: remove additional hardcoded RH refs (bsc#1221336)
- hide-pcp.patch: correct patch to properly disable pcp on micro
  (bsc#1226049)
- suse-microos-branding.patch: use suse ID as branding instead of sle-micro
  (bsc#1227441)
2024-10-09 13:18:59 +01:00
Adam Majer
17cc1c2b4c Merge branch 'motd-otp' of https://src.opensuse.org/abrooks/cockpit
Fixed .changes
2024-10-09 12:46:08 +02:00
cb83e616ae
Add motd guidance for setting up otp 2024-10-01 10:52:34 +01:00
Jan Zerebecki
95f291257b
support optional TOTP for authentication
It requires a pam_oath in a version that implements the
no_usersfile_okay argument. Provisionally using 2.6.11.12 as a version
to indicate it, the patch is not yet merged upstream, but this is likely
a version upstream will not assign. Patch:
https://gitlab.com/oath-toolkit/oath-toolkit/-/merge_requests/42

Upstream: https://github.com/openSUSE/cockpit/pull/27
2024-09-18 17:18:43 +02:00
14257e4afc Remove Requires on pam_oath
Some checks are pending
obs/scm/build
Sync with github spec file
2024-08-20 15:25:05 +02:00
7a757b6f61 Re-add empty .changes entry separator 2024-08-20 15:21:42 +02:00
f835006e9a
Add 0005-cockpit-ws-user-remove-default-deps.patch (bsc#1229146)
All checks were successful
obs/scm/build
2024-08-20 12:16:56 +01:00
b82fac98a6 .changes updates 2024-08-19 15:52:36 +02:00
c3c4cf7dbd
update spec file to latest from github and update suse_docs.patch to point to live urls 2024-08-16 11:13:14 +05:30
1d20b4fe9c
update spec file to latest from github and update suse_docs.patch to point to live urls 2024-08-13 16:30:11 +05:30
4764a1f351
update to cockpit 322 2024-08-13 11:37:43 +05:30
Dominique Leuenberger
65dce311ed Accepting request 1192625 from systemsmanagement:cockpit
fix changes file to not delete a changes entry for Factory (forwarded request 1192616 from jzerebecki)

OBS-URL: https://build.opensuse.org/request/show/1192625
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cockpit?expand=0&rev=49
2024-08-10 17:06:02 +00:00
fe42484136 Accepting request 1192616 from home:jzerebecki:branches:systemsmanagement:cockpit
fix changes file to not delete a changes entry for Factory

OBS-URL: https://build.opensuse.org/request/show/1192616
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=197
2024-08-08 12:53:02 +00:00
9cd3339ac8 - fix-libexecdir.patch: Fix libexecdir for leap and sle (bsc#1223533)
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=196
2024-08-08 11:06:27 +00:00
e1de0007dd OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=195 2024-08-08 11:05:27 +00:00
515e11446a temporary remove pam_oath, so we can update factory/15.6
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=194
2024-08-08 11:04:59 +00:00
c9f440fd0a Accepting request 1192526 from home:pallaswept:branches:systemsmanagement:cockpit
- Recommend cockpit-packagekit if zypper is installed

OBS-URL: https://build.opensuse.org/request/show/1192526
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=193
2024-08-08 10:51:03 +00:00
08a644cfac - Fix libexecdir for leap and sle (bsc#1223533)
- Fix systemd units folder for leap and sle (bsc#1226541)

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=192
2024-08-08 10:48:31 +00:00
Dominique Leuenberger
cf6b9d622c Accepting request 1192178 from systemsmanagement:cockpit
OBS-URL: https://build.opensuse.org/request/show/1192178
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cockpit?expand=0&rev=48
2024-08-08 08:57:06 +00:00
3d9fd349c1 Accepting request 1192177 from home:jzerebecki:branches:systemsmanagement:cockpit
- load pam_oath for optional TOTP for authentication

OBS-URL: https://build.opensuse.org/request/show/1192177
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=190
2024-08-07 09:47:04 +00:00
Dominique Leuenberger
8431607bf3 Accepting request 1190945 from systemsmanagement:cockpit
- new version 321:
  * Bug fixes and performance improvements
- vendor.tar.gz: dropped. Bundling now part of main tarball.
- update_version.sh: use instead of `osc service mr` to do version
  updates. updated README.packaging

OBS-URL: https://build.opensuse.org/request/show/1190945
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cockpit?expand=0&rev=47
2024-08-02 15:25:35 +00:00
177e09963d OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=188 2024-07-31 11:49:42 +00:00
0c0c25465c OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=187 2024-07-31 09:24:27 +00:00
ff82b18669 - new version 321:
* Bug fixes and performance improvements
- vendor.tar.gz: dropped. Bundling now part of main tarball.
- update_version.sh: use instead of `osc service mr` to do version
  updates. updated README.packaging

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=186
2024-07-31 08:50:16 +00:00
Ana Guerrero
3446d5f747 Accepting request 1185171 from systemsmanagement:cockpit
- new version 320:
  * pam-ssh-add: Fix insecure killing of session ssh-agent
    (bsc#1226040, CVE-2024-6126)
- changes in older versions:
  * Storage: Btrfs snapshots
  * Podman: Add image pull action
  * Files: Bookmark support
  * webserver: System user changes
  * Metrics: Grafana setup now prefers Valkey
- 0001-users-Support-for-watching-lastlog2.patch,
  0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch
  removed, upstreamed

- fix suse_docs.patch causing invalid json against the storaged manifest bsc#1227299

OBS-URL: https://build.opensuse.org/request/show/1185171
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cockpit?expand=0&rev=46
2024-07-04 14:22:17 +00:00
bcc1337237 * pam-ssh-add: Fix insecure killing of session ssh-agent
(bsc#1226040, CVE-2024-6126)
- changes in older versions:
  * Storage: Btrfs snapshots
  * Podman: Add image pull action
  * Files: Bookmark support
  * webserver: System user changes
  * Metrics: Grafana setup now prefers Valkey
- 0001-users-Support-for-watching-lastlog2.patch,
  0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch
  removed, upstreamed

OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=184
2024-07-03 16:10:47 +00:00
3f20b38bf2 Accepting request 1185135 from home:ldragon:branches:systemsmanagement:cockpit
- new version 320:
    * pam-ssh-add: Fix insecure killing of session ssh-agent [CVE-2024-6126] (bsc#1226040)

OBS-URL: https://build.opensuse.org/request/show/1185135
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=183
2024-07-03 15:00:29 +00:00
0cd8feeb78 Accepting request 1185097 from home:abrooks:branches:systemsmanagement:cockpit
Fix suse_docs.patch causing invalid json against the storaged manifest bsc#1227299

OBS-URL: https://build.opensuse.org/request/show/1185097
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:cockpit/cockpit?expand=0&rev=182
2024-07-03 10:51:49 +00:00
29 changed files with 3962 additions and 3254 deletions

3
.gitattributes vendored
View File

@ -21,3 +21,6 @@
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
## Specific LFS patterns
cockpit-321.tar filter=lfs diff=lfs merge=lfs -text
cockpit-suse-theme.tar filter=lfs diff=lfs merge=lfs -text

View File

@ -1,56 +0,0 @@
From 93d0a6d4dbe97937e69b126870b4bd4675c326d5 Mon Sep 17 00:00:00 2001
From: Luna <luna.dragon@suse.com>
Date: Fri, 3 May 2024 11:56:22 +0530
Subject: [PATCH] users: Support for watching lastlog2
---
pkg/users/account-details.js | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/pkg/users/account-details.js b/pkg/users/account-details.js
index 52255b474..11c7870af 100644
--- a/pkg/users/account-details.js
+++ b/pkg/users/account-details.js
@@ -98,16 +98,32 @@ function get_expire(name) {
export function AccountDetails({ accounts, groups, current_user, user, shells }) {
const [expiration, setExpiration] = useState(null);
+ const [lastlogpath, setLastlogPath] = useState(null);
+
useEffect(() => {
- get_expire(user).then(setExpiration);
+ cockpit.spawn(["test", "-e", "/var/run/utmp"], { err: "ignore" }).then(() => {
+ setLastlogPath("/var/run/utmp");
+ }).catch(() => {
+ cockpit.spawn(["test", "-e", "/var/lib/lastlog/lastlog2.db"], { err: "ignore" }).then(() => {
+ setLastlogPath("/var/lib/lastlog/lastlog2.db");
+ }).catch(() => {
+ setLastlogPath(null);
+ });
+ });
+ }, []);
- // Watch `/var/run/utmp` to register when user logs in or out
- const handle = cockpit.file("/var/run/utmp", { superuser: "try", binary: true });
- handle.watch(() => {
+ useEffect(() => {
+ if (lastlogpath !== null) {
get_expire(user).then(setExpiration);
- }, { read: false });
- return handle.close;
- }, [user, accounts]);
+
+ // Watch lastlog log to register when user logs in or out
+ const handle = cockpit.file(lastlogpath, { superuser: "try", binary: true });
+ handle.watch(() => {
+ get_expire(user).then(setExpiration);
+ }, { read: false });
+ return handle.close;
+ }
+ }, [user, accounts, lastlogpath]);
const [edited_real_name, set_edited_real_name] = useState(null);
const [committing_real_name, set_committing_real_name] = useState(false);
--
2.45.1

View File

@ -1,157 +0,0 @@
From 059a8d35a3d9e54d86ff8178967a8fc98f428f11 Mon Sep 17 00:00:00 2001
From: Luna <luna.dragon@suse.com>
Date: Tue, 21 May 2024 13:21:54 +0530
Subject: [PATCH] users: Support for watching lastlog2 and wutmp on overview
page
---
pkg/users/account-details.js | 26 ++++++++++----------------
pkg/users/users.js | 27 +++++++++++++++++----------
pkg/users/utils.js | 14 ++++++++++++++
3 files changed, 41 insertions(+), 26 deletions(-)
diff --git a/pkg/users/account-details.js b/pkg/users/account-details.js
index 11c7870af..8159a1cf3 100644
--- a/pkg/users/account-details.js
+++ b/pkg/users/account-details.js
@@ -48,7 +48,8 @@ import { account_shell_dialog } from "./shell-dialog.js";
import { set_password_dialog, reset_password_dialog } from "./password-dialogs.js";
import { AccountLogs } from "./account-logs-panel.jsx";
import { AuthorizedKeys } from "./authorized-keys-panel.js";
-import { get_locked } from "./utils.js";
+import { get_locked, getUtmpPath } from "./utils.js";
+import { useInit } from 'hooks.js';
const _ = cockpit.gettext;
@@ -98,32 +99,25 @@ function get_expire(name) {
export function AccountDetails({ accounts, groups, current_user, user, shells }) {
const [expiration, setExpiration] = useState(null);
- const [lastlogpath, setLastlogPath] = useState(null);
+ const [utmppath, setUtmpPath] = useState(null);
- useEffect(() => {
- cockpit.spawn(["test", "-e", "/var/run/utmp"], { err: "ignore" }).then(() => {
- setLastlogPath("/var/run/utmp");
- }).catch(() => {
- cockpit.spawn(["test", "-e", "/var/lib/lastlog/lastlog2.db"], { err: "ignore" }).then(() => {
- setLastlogPath("/var/lib/lastlog/lastlog2.db");
- }).catch(() => {
- setLastlogPath(null);
- });
- });
- }, []);
+ // react wants sync functions that wrap async ones to prevent race conditions
+ useInit(async () => {
+ setUtmpPath(await getUtmpPath());
+ });
useEffect(() => {
- if (lastlogpath !== null) {
+ if (utmppath !== null) {
get_expire(user).then(setExpiration);
// Watch lastlog log to register when user logs in or out
- const handle = cockpit.file(lastlogpath, { superuser: "try", binary: true });
+ const handle = cockpit.file(utmppath, { superuser: "try", binary: true });
handle.watch(() => {
get_expire(user).then(setExpiration);
}, { read: false });
return handle.close;
}
- }, [user, accounts, lastlogpath]);
+ }, [user, accounts, utmppath]);
const [edited_real_name, set_edited_real_name] = useState(null);
const [committing_real_name, set_committing_real_name] = useState(false);
diff --git a/pkg/users/users.js b/pkg/users/users.js
index 08029bdfa..006acf1c3 100755
--- a/pkg/users/users.js
+++ b/pkg/users/users.js
@@ -31,7 +31,7 @@ import { usePageLocation, useLoggedInUser, useFile, useInit } from "hooks.js";
import { etc_passwd_syntax, etc_group_syntax, etc_shells_syntax } from "pam_user_parser.js";
import { EmptyStatePanel } from "cockpit-components-empty-state.jsx";
-import { get_locked } from "./utils.js";
+import { get_locked, getUtmpPath } from "./utils.js";
import { AccountsMain } from "./accounts-list.js";
import { AccountDetails } from "./account-details.js";
@@ -69,15 +69,19 @@ function AccountsPage() {
const [max_uid, setMaxUid] = useState(60000);
const [details, setDetails] = useState(null);
- useInit(() => {
+ useInit(async () => {
+ const utmppath = await getUtmpPath();
const debouncedGetLogins = debounce(100, () => {
getLogins().then(setDetails);
});
- // Watch `/var/run/utmp` to register when user logs in or out
- const handleUtmp = cockpit.file("/var/run/utmp", { superuser: "try", binary: true });
- handleUtmp.watch(() => debouncedGetLogins(), { read: false });
+ let handleUtmp;
+ if (utmppath !== null) {
+ // Watch `/var/run/utmp` or `/var/lib/wtmpdb/wtmp.db` to register when user logs in or out
+ handleUtmp = cockpit.file(utmppath, { superuser: "try", binary: true });
+ handleUtmp.watch(() => debouncedGetLogins(), { read: false });
+ }
// Watch /etc/shadow to register lock/unlock/expire changes; but avoid reading it, it's sensitive data
const handleShadow = cockpit.file("/etc/shadow", { superuser: "try" });
handleShadow.watch(() => debouncedGetLogins(), { read: false });
@@ -153,19 +157,22 @@ function AccountsPage() {
} else if (path.length === 1) {
return (
<AccountDetails accounts={accountsInfo} groups={groupsExtraInfo}
- current_user={current_user_info?.name} user={path[0]} shells={shells} />
+ current_user={current_user_info?.name} user={path[0]} shells={shells} />
);
} else return null;
}
async function getLogins() {
- let lastlog = "";
+ let LastLogPath;
try {
- lastlog = await cockpit.spawn(["lastlog"], { environ: ["LC_ALL=C"] });
- } catch (err) {
- console.warn("Unexpected error when getting last login information", err);
+ await cockpit.spawn(["test", "-e", "/var/lib/lastlog/lastlog2.db"], { err: "ignore" });
+ LastLogPath = "lastlog2";
+ } catch (err1) {
+ LastLogPath = "lastlog";
}
+ const lastlog = await cockpit.spawn([LastLogPath], { environ: ["LC_ALL=C"] });
+
let currentLogins = [];
try {
const w = await cockpit.spawn(["w", "-sh"], { environ: ["LC_ALL=C"] });
diff --git a/pkg/users/utils.js b/pkg/users/utils.js
index a3837ef3c..b28c6188e 100644
--- a/pkg/users/utils.js
+++ b/pkg/users/utils.js
@@ -12,3 +12,17 @@ export const get_locked = name =>
console.warn(`Failed to obtain account lock information for ${name}`, exc);
}
});
+
+export async function getUtmpPath() {
+ try {
+ await cockpit.spawn(["test", "-e", "/var/run/utmp"], { err: "ignore" });
+ return "/var/run/utmp";
+ } catch (err1) {
+ try {
+ await cockpit.spawn(["test", "-e", "/var/lib/wtmpdb/wtmp.db"], { err: "ignore" });
+ return "/var/lib/wtmpdb/wtmp.db";
+ } catch (err2) {
+ return null;
+ }
+ }
+}
--
2.45.1

10
0006-totp-motd.patch Normal file
View File

@ -0,0 +1,10 @@
--- a/src/systemd/inactive.issue
+++ b/src/systemd/inactive.issue
@@ -1,2 +1,7 @@
Activate the web console with: systemctl enable --now cockpit.socket
+Note: Cockpit disallows root login by default.
+To create a regular user and optionally enable 2FA run both:
+
+jeos-config user
+jeos-config otp

View File

@ -0,0 +1,57 @@
From 730d204ff5a1f0382c3edffe51ce62c890cf86f2 Mon Sep 17 00:00:00 2001
From: Alice Brooks <alice.brooks@suse.com>
Date: Thu, 30 Jan 2025 10:45:46 +0000
Subject: [PATCH 1/1] Remove DynamicUser setting as these conflict with real
users
Real users are having to be created due to Leap15.6's nsswitch not
containing systemd, so dynamic users cannot be resolved inter
service due to this we must manually create the users postinstall
---
src/systemd/cockpit-wsinstance-http.service.in | 2 +-
src/systemd/cockpit-wsinstance-https@.service.in | 2 +-
src/systemd/cockpit.service.in | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/systemd/cockpit-wsinstance-http.service.in b/src/systemd/cockpit-wsinstance-http.service.in
index 539b90345..17ab21df1 100644
--- a/src/systemd/cockpit-wsinstance-http.service.in
+++ b/src/systemd/cockpit-wsinstance-http.service.in
@@ -7,7 +7,7 @@ After=cockpit-session.socket
[Service]
ExecStart=@libexecdir@/cockpit-ws --no-tls --port=0
-DynamicUser=yes
+DynamicUser=no
Group=cockpit-session-socket
PrivateDevices=yes
diff --git a/src/systemd/cockpit-wsinstance-https@.service.in b/src/systemd/cockpit-wsinstance-https@.service.in
index f66c9f874..db53247c0 100644
--- a/src/systemd/cockpit-wsinstance-https@.service.in
+++ b/src/systemd/cockpit-wsinstance-https@.service.in
@@ -8,7 +8,7 @@ After=cockpit-session.socket
[Service]
Slice=system-cockpithttps.slice
ExecStart=@libexecdir@/cockpit-ws --for-tls-proxy --port=0
-DynamicUser=yes
+DynamicUser=no
Group=cockpit-session-socket
PrivateDevices=yes
diff --git a/src/systemd/cockpit.service.in b/src/systemd/cockpit.service.in
index 97adda221..ec50118aa 100644
--- a/src/systemd/cockpit.service.in
+++ b/src/systemd/cockpit.service.in
@@ -10,7 +10,7 @@ After=cockpit-wsinstance-http.socket cockpit-wsinstance-https-factory.socket
RuntimeDirectory=cockpit/tls
ExecStartPre=+@libexecdir@/cockpit-certificate-ensure --for-cockpit-tls
ExecStart=@libexecdir@/cockpit-tls
-DynamicUser=yes
+DynamicUser=no
# otherwise systemd uses 'cockpit' even if it exists as a normal user account
User=cockpit-systemd-service
Group=cockpit-wsinstance-socket
--
2.48.1

View File

@ -3,7 +3,7 @@ contain information we need though, such as the bundled node
modules. Therefore the package reuses the upstream spec file and
applies openSUSE specifics that upstream doesn't accept on top. For
that purpose a git repo tracks the spec file changes:
https://github.com/lnussel/cockpit
https://github.com/openSUSE/cockpit
There' an opensuse-$VERSION branch for each release
@ -33,6 +33,9 @@ version:
into the git tree and commit there. Amend and reorder as needed.
- When done, push the git repo.
Updates are now mostly automated with the update_version.sh script.
You still need to follow last 3 steps manually.
Sending fixes upstream:
if you have any changes that should go upstream, create a new, clean

View File

@ -1,32 +1,7 @@
<services>
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/dgdavid/cockpit-suse-theme.git</param>
<param name="versionformat"></param>
<param name="scm">git</param>
<param name="revision">main</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">cockpit-suse-theme.obsinfo</param>
<!-- On SLE15.4 extra '-' gets added to the filename so we need to
define the name explicitly -->
<param name="filename">cockpit-suse-theme</param>
</service>
<service name="obs_scm" mode="manual">
<param name="versionformat">@PARENT_TAG@</param>
<param name="url">https://github.com/cockpit-project/cockpit.git/</param>
<param name="scm">git</param>
<param name="revision">316</param>
<param name="submodules">disable</param>
</service>
<service name="node_modules" mode="manual">
<param name="cpio">node_modules.obscpio</param>
<param name="output">node_modules.spec.inc</param>
<param name="source-offset">1000</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">cockpit.obsinfo</param>
</service>
<service mode="buildtime" name="set_version">
<param name="basename">cockpit</param>
</service>
</services>

BIN
cockpit-316.obscpio (Stored with Git LFS)

Binary file not shown.

BIN
cockpit-332.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

10
cockpit-no-pamoath.pam Normal file
View File

@ -0,0 +1,10 @@
#%PAM-1.0
auth substack common-auth
# List of users to deny access to Cockpit, by default root is included.
auth required pam_listfile.so item=user sense=deny file=/etc/cockpit/disallowed-users onerr=succeed
account required pam_nologin.so
account include common-account
password include common-password
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session

BIN
cockpit-suse-theme.obscpio (Stored with Git LFS)

Binary file not shown.

BIN
cockpit-suse-theme.tar (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,151 @@
-------------------------------------------------------------------
Fri Feb 7 09:24:33 UTC 2025 - Alice Brooks <alice.brooks@suse.com>
- Update to 332
- Updated naming convention for motd to issue and relevant patches
- Correct provides for dynamic users
-------------------------------------------------------------------
Thu Jan 30 12:59:34 UTC 2025 - Alice Brooks <alice.brooks@suse.com>
- Remove 0005-cockpit-ws-user-remove-default-deps.patch
- Fix dynamic users for 330 since systemd isn't included in the
nsswitch.conf
- Tidy up pam_oath removal for leap
- Ship a new pam file since Leap15 doesn't have pam_oath
- Don't change motd if we don't have pam_oath
- Properly fix pidfd_getpid
- This can be dropped once we update again as it's been upstreamed
-------------------------------------------------------------------
Fri Dec 6 06:32:31 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
- Update to 330
- Web server: Increased sandboxing, setuid removal, bootc support
- Development: New install mode using systemd-sysext
-------------------------------------------------------------------
Mon Nov 25 06:18:44 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
- update to 329.1:
- cockpit.js: Put back cockpit.{resolve,reject}() to fix subscription-manager-cockpit
- Past updates:
* 329
- Shell: Extra warnings when connecting to remote hosts
* 328:
- Bug fixes and performance improvements
* 327:
- Connect to similar servers without Cockpit installed
* 326:
- cockpit-pcp package is now obsolete
- cockpit/ws container: Connect to servers without installed Cockpit
- cockpit/ws container: Support host specific SSH keys
- Storage: Support for Stratis filesystem sizes and limits
* 325:
- client: Properly handle unknown SSH host keys
* 324:
- Bug fixes and performance improvements
* 323.1:
- Translation updates
* 323:
- login: Prevent multiple logins in a single browser session
- Update documentation links
-------------------------------------------------------------------
Wed Oct 9 12:14:14 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
- suse_docs.patch: update documentation to point at new links (bsc#1226050)
- remove_rh_links.patch: remove additional hardcoded RH refs (bsc#1221336)
- hide-pcp.patch: correct patch to properly disable pcp on micro
(bsc#1226049)
- suse-microos-branding.patch: use suse ID as branding instead of sle-micro
(bsc#1227441)
-------------------------------------------------------------------
Mon Sep 30 07:08:12 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
- add 0006-totp-motd.patch for guidance to enabling totp to the mtod
-------------------------------------------------------------------
Wed Sep 18 12:37:18 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
- support optional TOTP for authentication, requires pam_oath
-------------------------------------------------------------------
Tue Aug 20 13:24:06 UTC 2024 - Adam Majer <adam.majer@suse.de>
- remove requires on pam_oath completely. It will be re-introduced
later when it works with optional enrollment
-------------------------------------------------------------------
Mon Aug 20 11:44:33 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
- add 0005-cockpit-ws-user-remove-default-deps.patch (bsc#1229146)
-------------------------------------------------------------------
Mon Aug 12 13:47:26 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
- new version 322:
* shell: Deprecate host switcher
* files: Permissions column in details view
- suse_docs.patch: refreshed
For details, see https://cockpit-project.org/blog/cockpit-322.html
-------------------------------------------------------------------
Thu Aug 8 12:21:51 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
- revert load pam_oath, because it enforces the file for otp secrets to exist,
will try again once pam_oath can have that optional
-------------------------------------------------------------------
Wed Aug 7 20:25:34 UTC 2024 - Herbert Graeber <herbert@graeber-clan.de>
- fix-libexecdir.patch: Fix libexecdir for leap and sle (bsc#1223533)
- Fix systemd units folder for leap and sle (bsc#1226541)
-------------------------------------------------------------------
Sat Aug 7 09:37:00 UTC 2024 - pallas wept <pallaswept@proton.me>
- Recommend cockpit-packagekit if zypper is installed
-------------------------------------------------------------------
Wed Aug 7 09:36:58 UTC 2024 - Jan Zerebecki <jan.suse@zerebecki.de>
- load pam_oath for optional TOTP for authentication
-------------------------------------------------------------------
Wed Jul 31 08:23:43 UTC 2024 - Adam Majer <adam.majer@suse.de>
- new version 321:
* Bug fixes and performance improvements
- vendor.tar.gz: dropped. Bundling now part of main tarball.
- update_version.sh: use instead of `osc service mr` to do version
updates. updated README.packaging
-------------------------------------------------------------------
Wed Jul 3 13:31:38 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>
- new version 320:
* pam-ssh-add: Fix insecure killing of session ssh-agent
(bsc#1226040, CVE-2024-6126)
- changes in older versions:
* Storage: Btrfs snapshots
* Podman: Add image pull action
* Files: Bookmark support
* webserver: System user changes
* Metrics: Grafana setup now prefers Valkey
- 0001-users-Support-for-watching-lastlog2.patch,
0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch
removed, upstreamed
-------------------------------------------------------------------
Wed Jul 3 10:26:08 UTC 2024 - Alice Brooks <alice.brooks@suse.com>
- fix suse_docs.patch causing invalid json against the storaged manifest bsc#1227299
-------------------------------------------------------------------
Thu Jun 13 11:02:10 UTC 2024 - Luna D Dragon <luna.dragon@suse.com>

View File

@ -1,4 +1,4 @@
name: cockpit
version: 316
mtime: 1714038358
commit: 3a998b015807a33762fe40572665ea8a9a6481f4
version: 320
mtime: 1720008589
commit: 08965365ac311f906a520cbf65427742d5f84ba4

View File

@ -8,3 +8,4 @@ password include common-password
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session
auth [user_unknown=ignore success=ok] pam_oath.so usersfile=${HOME}/.pam_oath_usersfile no_usersfile_okay window=20 digits=6

View File

@ -12,7 +12,7 @@
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
# along with Cockpit; If not, see <https://www.gnu.org/licenses/>.
#
#
@ -50,13 +50,14 @@ Summary: Web Console for Linux servers
License: LGPL-2.1-or-later
URL: https://cockpit-project.org/
Version: 316
Version: 332
Release: 0
Source0: cockpit-%{version}.tar
Source0: cockpit-%{version}.tar.gz
Source1: cockpit.pam
Source2: cockpit-rpmlintrc
Source3: cockpit-suse-theme.tar
Source10: vendor.tar.gz
Source4: cockpit-no-pamoath.pam
Source10: update_version.sh
Source99: README.packaging
Source98: package-lock.json
Source97: node_modules.spec.inc
@ -66,14 +67,17 @@ Patch2: suse_docs.patch
Patch3: suse-microos-branding.patch
Patch4: css-overrides.patch
Patch5: storage-btrfs.patch
Patch6: 0001-users-Support-for-watching-lastlog2.patch
Patch7: 0002-users-Support-for-watching-lastlog2-and-wutmp-on-overview-page.patch
# SLE Micro specific patches
Patch101: hide-pcp.patch
Patch102: 0002-selinux-temporary-remove-setroubleshoot-section.patch
Patch107: 0006-totp-motd.patch
Patch108: 0007-Remove-DynamicUser-setting-as-these-conflict-with-re.patch
# For anything based on SLES 15 codebase (including Leap, SLE Micro)
Patch103: 0004-leap-gnu18-removal.patch
Patch104: selinux_libdir.patch
Patch105: fix-libexecdir.patch
Patch201: remove_rh_links.patch
%define build_all 1
%if 0%{?rhel} == 8 && 0%{?epel} == 0 && !0%{?build_all}
@ -94,13 +98,23 @@ Patch104: selinux_libdir.patch
%if 0%{?build_optional} && 0%{?suse_version} == 0
%define build_tests 1
%endif
# pcp stopped building on ix86
%define build_pcp 1
%if 0%{?fedora} >= 40 || 0%{?rhel} >= 10 || 0%{?suse_version} > 1500
%ifarch %ix86
%define build_pcp 0
# Allow root login in Cockpit on RHEL 8 and lower as it also allows password login over SSH.
%if 0%{?rhel} && 0%{?rhel} <= 8
%define disallow_root 0
%else
%define disallow_root 1
%endif
%if 0%{?fedora} >= 41 || 0%{?rhel}
ExcludeArch: %{ix86}
%endif
%define enable_multihost 1
%if 0%{?fedora} >= 41 || 0%{?rhel} >= 10
%define enable_multihost 0
%endif
%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1500
# Ship custom SELinux policy
%define selinuxtype targeted
@ -121,7 +135,6 @@ BuildRequires: make
BuildRequires: /usr/bin/python3
BuildRequires: python3-devel
BuildRequires: gettext >= 0.21
BuildRequires: libssh-devel >= 0.8.5
BuildRequires: openssl-devel
BuildRequires: gnutls-devel >= 3.4.3
BuildRequires: zlib-devel
@ -135,21 +148,12 @@ BuildRequires: glib2-devel >= 2.50.0
BuildRequires: pkgconfig(libsystemd) >= 235
%if 0%{?suse_version}
BuildRequires: distribution-release
%if %{build_pcp}
BuildRequires: libpcp-devel
BuildRequires: pcp-devel
BuildRequires: libpcp3
BuildRequires: libpcp_import1
%endif
BuildRequires: openssh
BuildRequires: distribution-logos
BuildRequires: wallpaper-branding
# needed for /var/lib/pcp directory ownership
BuildRequires: pcp
%else
%if %{build_pcp}
BuildRequires: pcp-libs-devel
%endif
BuildRequires: openssh-clients
BuildRequires: docbook-style-xsl
%endif
@ -179,8 +183,8 @@ Requires: cockpit-system
# Optional components
Recommends: (cockpit-storaged if udisks2)
Recommends: (cockpit-packagekit if dnf)
Suggests: cockpit-pcp
Recommends: (cockpit-packagekit if (dnf or zypper))
Suggests: python3-pcp
%if 0%{?rhel} == 0
Recommends: (cockpit-networkmanager if NetworkManager)
@ -197,11 +201,8 @@ BuildRequires: python3-pip
%if 0%{?rhel} == 0 && !0%{?suse_version}
# All of these are only required for running pytest (which we only do on Fedora)
BuildRequires: procps-ng
BuildRequires: pyproject-rpm-macros
BuildRequires: python3-pytest-asyncio
BuildRequires: python3-pytest-cov
BuildRequires: python3-pytest-timeout
BuildRequires: python3-tox-current-env
%endif
%prep
@ -211,12 +212,12 @@ BuildRequires: python3-tox-current-env
%patch -P 3 -p1
%patch -P 4 -p1
%patch -P 5 -p1
%patch -P 6 -p1
%patch -P 7 -p1
# SLE Micro specific patches
%if 0%{?is_smo}
%patch -P 101 -p1
%patch -P 107 -p1
# Patches for versions lower then SLE Micro 5.5
%if 0%{?sle_version} < 150500
%patch -P 102 -p1
@ -225,14 +226,22 @@ BuildRequires: python3-tox-current-env
# For anything based on SLES 15 codebase (including Leap, SLEM)
%if 0%{?suse_version} == 1500
%patch -P 103 -p1
%patch -P 104 -p0
%patch -P 104 -p1
%patch -P 105 -p1
%patch -P 108 -p1
%else
%patch -P 107 -p1
%endif
%patch -P 201 -p1
%if 0%{?suse_version} > 1500
cp %SOURCE1 tools/cockpit.pam
%else
cp %SOURCE4 tools/cockpit.pam
%endif
#
rm -rf node_modules package-lock.json
local-npm-registry %{_sourcedir} install --also=dev --legacy-peer-deps
cd vendor; tar zxfO %SOURCE10 | tar xvi; cd ..
local-npm-registry %{_sourcedir} install --include=dev --ignore-scripts
%build
find node_modules -name \*.node -print -delete
@ -245,15 +254,13 @@ autoreconf -fvi -I tools
#
%configure \
%{?selinux_configure_arg} \
--with-cockpit-user=cockpit-ws \
--with-cockpit-ws-instance-user=cockpit-wsinstance \
%if 0%{?suse_version}
--docdir=%_defaultdocdir/%{name} \
--libexecdir=%_libexecdir \
%endif
--with-pamdir='%{pamdir}' \
%if %{build_pcp} == 0
--disable-pcp \
%if %{enable_multihost}
--enable-multihost \
%endif
%if 0%{?with_selinux}
@ -301,6 +308,11 @@ cp src/fonts.css %{buildroot}%{_datadir}/cockpit/branding/suse
cp -a src/fonts %{buildroot}%{_datadir}/cockpit/branding/suse
popd
%if 0%{?suse_version} == 1500
sed -i -e 's#"/lib/systemd/system#"%{_unitdir}#' \
%{buildroot}%{_datadir}/cockpit/packagekit/manifest.json
%endif
# Build the package lists for resource packages
# cockpit-bridge is the basic dependency for all cockpit-* packages, so centrally own the page directory
echo '%dir %{_datadir}/cockpit' > base.list
@ -308,57 +320,6 @@ echo '%dir %{_datadir}/cockpit/base1' >> base.list
find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list
echo '%{_sysconfdir}/cockpit/machines.d' >> base.list
echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list
echo '%{_libexecdir}/cockpit-ssh' >> base.list
%if %{build_pcp}
echo '%dir %{_datadir}/cockpit/pcp' > pcp.list
find %{buildroot}%{_datadir}/cockpit/pcp -type f >> pcp.list
%endif
# when not building basic packages, remove their files
%if 0%{?build_basic} == 0
for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do
rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
done
for data in doc man pixmaps polkit-1; do
rm -r %{buildroot}/%{_datadir}/$data
done
rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete
for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
rm -f %{buildroot}/%{_libexecdir}/$libexec
done
rm -rf %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
%if 0%{?suse_version} > 1500
rm -rf %{buildroot}/%{_pam_vendordir}
%else
rm -rf %{buildroot}/%{_sysconfdir}/pam.d
%endif
rm -f %{buildroot}/%{_libdir}/security/pam_*
rm -f %{buildroot}/usr/bin/cockpit-bridge
rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
rm -rf %{buildroot}%{python3_sitelib}/cockpit*
%endif
# when not building optional packages, remove their files
%if 0%{?build_optional} == 0
for pkg in apps packagekit pcp playground storaged; do
rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
done
# files from -pcp
rm -rf %{buildroot}/%{_libexecdir}/cockpit-pcp %{buildroot}/%{_localstatedir}/lib/pcp/
# files from -storaged
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
%endif
%if 0%{?build_tests} == 0
rm -rf %{buildroot}%{_datadir}/cockpit/playground
rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket
rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service
%endif
echo '%dir %{_datadir}/cockpit/shell' >> system.list
find %{buildroot}%{_datadir}/cockpit/shell -type f >> system.list
@ -393,30 +354,69 @@ find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list
echo '%dir %{_datadir}/cockpit/selinux' > selinux.list
find %{buildroot}%{_datadir}/cockpit/selinux -type f >> selinux.list
# echo '%dir %{_datadir}/cockpit/playground' > tests.list
# find %{buildroot}%{_datadir}/cockpit/playground -type f >> tests.list
echo '%dir %{_datadir}/cockpit/static' > static.list
echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list
find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list
# when not building basic packages, remove their files
%if 0%{?build_basic} == 0
for pkg in base1 branding motd kdump networkmanager selinux shell sosreport static systemd users metrics; do
rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
done
for data in doc man pixmaps polkit-1; do
rm -r %{buildroot}/%{_datadir}/$data
done
rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
rm -f %{buildroot}/%{_libexecdir}/$libexec
done
rm -rf %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
%if 0%{?suse_version} > 1500
rm -rf %{buildroot}/%{_pam_vendordir}
%else
rm -rf %{buildroot}/%{_sysconfdir}/pam.d
%endif
rm -f %{buildroot}/%{_libdir}/security/pam_*
rm -f %{buildroot}/usr/bin/cockpit-bridge
rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
rm -rf %{buildroot}%{python3_sitelib}/cockpit*
%endif
# when not building optional packages, remove their files
%if 0%{?build_optional} == 0
for pkg in apps packagekit playground storaged; do
rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
done
# files from -storaged
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
%endif
%if 0%{?build_tests} == 0
rm -rf %{buildroot}%{_datadir}/cockpit/playground
rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
%endif
sed -i "s|%{buildroot}||" *.list
%if 0%{?suse_version}
# remove brandings with stale symlinks. Means they don't match
# the distro.
pushd %{buildroot}/%{_datadir}/cockpit/branding
ls --hide={default,kubernetes,opensuse,registry,sle-micro,suse} | xargs rm -rv
ls --hide={default,kubernetes,opensuse,registry,suse} | xargs rm -rv
popd
# need this in SUSE as post build checks dislike stale symlinks
install -m 644 -D /dev/null %{buildroot}/run/cockpit/motd
install -m 644 -D /dev/null %{buildroot}/run/cockpit/issue
test -e %{buildroot}/usr/share/cockpit/branding/opensuse/default-1920x1200.jpg || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/opensuse/default-1920x1200.jpg
test -e %{buildroot}/usr/share/cockpit/branding/sle-micro/apple-touch-icon.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/sle-micro/apple-touch-icon.png
test -e %{buildroot}/usr/share/cockpit/branding/sle-micro/default-1920x1200.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/sle-micro/default-1920x1200.png
test -e %{buildroot}/usr/share/cockpit/branding/suse/apple-touch-icon.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/suse/apple-touch-icon.png
test -e %{buildroot}/usr/share/cockpit/branding/suse/default-1920x1200.png || install -m 644 -D /dev/null %{buildroot}/usr/share/cockpit/branding/suse/default-1920x1200.png
# remove files of not installable packages
rm -r %{buildroot}%{_datadir}/cockpit/sosreport
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml
rm -f %{buildroot}%{_datadir}/pixmaps/cockpit-sosreport.png
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit_project.cockpit_sosreport.metainfo.xml
rm -f %{buildroot}%{_datadir}/icons/hicolor/64x64/apps/cockpit-sosreport.png
%else
%global _debugsource_packages 1
%global _debuginfo_subpackages 0
@ -454,22 +454,16 @@ troubleshooting, interactive command-line sessions, and more.
%{_docdir}/cockpit/AUTHORS
%{_docdir}/cockpit/COPYING
%{_docdir}/cockpit/README.md
%{_datadir}/metainfo/cockpit.appdata.xml
%{_datadir}/pixmaps/cockpit.png
%{_datadir}/metainfo/org.cockpit_project.cockpit.appdata.xml
%dir %{_datadir}/icons/hicolor/128x128/apps
%dir %{_datadir}/icons/hicolor/128x128
%dir %{_datadir}/icons/hicolor
%{_datadir}/icons/hicolor/128x128/apps/cockpit.png
%doc %{_mandir}/man1/cockpit.1.gz
%package bridge
Summary: Cockpit bridge server-side component
Requires: glib-networking
Provides: cockpit-ssh = %{version}-%{release}
# 233 dropped jquery.js, pages started to bundle it (commit 049e8b8dce)
Conflicts: cockpit-dashboard < 233
Conflicts: cockpit-networkmanager < 233
Conflicts: cockpit-storaged < 233
Conflicts: cockpit-system < 233
Conflicts: cockpit-tests < 233
Conflicts: cockpit-docker < 233
%description bridge
The Cockpit bridge component installed server side and runs commands on the
@ -504,26 +498,28 @@ Requires: cockpit-bridge >= %{version}-%{release}
Requires: shadow-utils
%endif
Requires: grep
Requires: jeos-firstboot
Requires: /usr/bin/pwscore
Requires: /usr/bin/date
Provides: cockpit-shell = %{version}-%{release}
Provides: cockpit-systemd = %{version}-%{release}
Provides: cockpit-tuned = %{version}-%{release}
Provides: cockpit-users = %{version}-%{release}
Obsoletes: cockpit-dashboard < %{version}-%{release}
%if 0%{?rhel}
Requires: NetworkManager >= 1.6
Requires: kexec-tools
Requires: sos
Requires: sudo
Recommends: PackageKit
Recommends: setroubleshoot-server >= 3.3.3
Recommends: kexec-tools
Suggests: NetworkManager-team
Suggests: python3-pcp
Provides: cockpit-kdump = %{version}-%{release}
Provides: cockpit-networkmanager = %{version}-%{release}
Provides: cockpit-selinux = %{version}-%{release}
Provides: cockpit-sosreport = %{version}-%{release}
%endif
Obsoletes: cockpit-tests < %{version}
%if 0%{?fedora}
Recommends: (reportd if abrt)
%endif
@ -548,18 +544,23 @@ Requires(post): (policycoreutils if selinux-policy-%{selinuxtype})
Conflicts: firewalld < 0.6.0-1
Recommends: sscg >= 2.3
Recommends: system-logos
Suggests: sssd-dbus >= 2.6.2
Suggests: sssd-dbus
%if 0%{?suse_version}
Requires(pre): permissions
Requires: distribution-logos
%if 0%{?suse_version} > 1500
Requires: pam_oath >= 2.6.11.12
%endif
Requires: wallpaper-branding
%endif
# for cockpit-desktop
Suggests: python3
Provides: group(cockpit-ws)
Provides: group(cockpit-wsinstance)
Provides: user(cockpit-ws)
Provides: user(cockpit-wsinstance)
Obsoletes: cockpit-tests < 331
Provides: group(cockpit-wsinstance-socket)
Provides: group(cockpit-session-socket)
Provides: user(cockpit-wsinstance-socket)
Provides: user(cockpit-session-socket)
Provides: user(cockpit-systemd-service)
# prevent hard python3 dependency for cockpit-desktop, it falls back to other browsers
%global __requires_exclude_from ^%{_libexecdir}/cockpit-client$
@ -590,21 +591,25 @@ authentication via sssd/FreeIPA.
%ghost %{_sysconfdir}/motd.d/cockpit
%ghost %attr(0644, root, root) %{_sysconfdir}/cockpit/disallowed-users
%ghost %dir /run/cockpit
%ghost /run/cockpit/motd
%dir %{_datadir}/cockpit/motd
%{_datadir}/cockpit/motd/update-motd
%{_datadir}/cockpit/motd/inactive.motd
%ghost /run/cockpit/issue
%dir %{_datadir}/cockpit/issue
%{_datadir}/cockpit/issue/update-issue
%{_datadir}/cockpit/issue/inactive.issue
%{_unitdir}/cockpit.service
%{_unitdir}/cockpit-motd.service
%{_unitdir}/cockpit-issue.service
%{_unitdir}/cockpit.socket
%{_unitdir}/cockpit-session-socket-user.service
%{_unitdir}/cockpit-session.socket
%{_unitdir}/cockpit-session@.service
%{_unitdir}/cockpit-wsinstance-http.socket
%{_unitdir}/cockpit-wsinstance-http.service
%{_unitdir}/cockpit-wsinstance-https-factory.socket
%{_unitdir}/cockpit-wsinstance-https-factory@.service
%{_unitdir}/cockpit-wsinstance-https@.socket
%{_unitdir}/cockpit-wsinstance-https@.service
%{_unitdir}/cockpit-wsinstance-socket-user.service
%{_unitdir}/system-cockpithttps.slice
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-tempfiles.conf
%{_prefix}/%{__lib}/tmpfiles.d/cockpit-ws.conf
%{pamdir}/pam_ssh_add.so
%{pamdir}/pam_cockpit_cert.so
%{_libexecdir}/cockpit-ws
@ -615,7 +620,7 @@ authentication via sssd/FreeIPA.
%{_libexecdir}/cockpit-desktop
%{_libexecdir}/cockpit-certificate-ensure
%{_libexecdir}/cockpit-certificate-helper
%{?suse_version:%verify(not mode) }%attr(4750, root, cockpit-wsinstance) %{_libexecdir}/cockpit-session
%{?suse_version:%verify(not mode) }%attr(4750, root, cockpit-wsinstance-socket) %{_libexecdir}/cockpit-session
%{_datadir}/cockpit/branding
%if 0%{?with_selinux}
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
@ -625,10 +630,13 @@ authentication via sssd/FreeIPA.
%endif
%pre ws
getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws
getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws
getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance
getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance
# HACK: old RPM and even Fedora's current RPM don't properly support sysusers
# https://github.com/rpm-software-management/rpm/issues/3073
getent group cockpit-wsinstance-socket >/dev/null || groupadd -r cockpit-wsinstance-socket
getent group cockpit-session-socket >/dev/null || groupadd -r cockpit-session-socket
getent passwd cockpit-wsinstance-socket >/dev/null || useradd -r -g cockpit-wsinstance-socket -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance-socket
getent passwd cockpit-session-socket >/dev/null || useradd -r -g cockpit-session-socket -d /nonexisting -s /sbin/nologin -c "User for cockpit-session instances" cockpit-session-socket
getent passwd cockpit-systemd-service >/dev/null || useradd -r -g cockpit-wsinstance-socket -d /nonexisting -s /sbin/nologin -c "User for cockpit.service" cockpit-systemd-service
if %{_sbindir}/selinuxenabled 2>/dev/null; then
%selinux_relabel_pre -s %{selinuxtype}
@ -650,22 +658,31 @@ fi
# disable root login on first-time install; so existing installations aren't changed
if [ "$1" = 1 ]; then
mkdir -p /etc/motd.d /etc/issue.d
ln -s ../../run/cockpit/motd /etc/motd.d/cockpit
ln -s ../../run/cockpit/motd /etc/issue.d/cockpit.issue
ln -s ../../run/cockpit/issue /etc/motd.d/cockpit
ln -s ../../run/cockpit/issue /etc/issue.d/cockpit.issue
printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
printf "root\n" >> /etc/cockpit/disallowed-users
chmod 644 /etc/cockpit/disallowed-users
fi
# switch old self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade
if [ "$1" = 2 ]; then
# switch old self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade
certfile=/etc/cockpit/ws-certs.d/0-self-signed.cert
test -f $certfile && stat -c '%G' $certfile | grep -q cockpit-wsinstance && chgrp cockpit-ws $certfile
# on upgrades, adjust motd/issue links to changed target if they still exist (changed in 331)
if [ "$(readlink /etc/motd.d/cockpit 2>/dev/null)" = "../../run/cockpit/motd" ]; then
ln -sfn ../../run/cockpit/issue /etc/motd.d/cockpit
fi
if [ "$(readlink /etc/issue.d/cockpit.issue 2>/dev/null)" = "../../run/cockpit/motd" ]; then
ln -sfn ../../run/cockpit/issue /etc/issue.d/cockpit.issue
fi
fi
%if 0%{?suse_version}
%set_permissions %{_libexecdir}/cockpit-session
%endif
%tmpfiles_create cockpit-tempfiles.conf
%tmpfiles_create cockpit-ws.conf
%systemd_post cockpit.socket cockpit.service
# firewalld only partially picks up changes to its services files without this
test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
@ -678,6 +695,11 @@ if test -f %{_sysconfdir}/pam.d/cockpit && grep -q pam_cockpit_cert %{_sysconfd
echo '**** WARNING:'
fi
# remove obsolete system user on upgrade (replaced with DynamicUser in version 330)
if getent passwd cockpit-wsinstance >/dev/null; then
userdel cockpit-wsinstance
fi
%preun ws
%systemd_preun cockpit.socket cockpit.service
@ -717,7 +739,7 @@ BuildArch: noarch
The Cockpit component for configuring kernel crash dumping.
%files kdump -f kdump.list
%{_datadir}/metainfo/org.cockpit-project.cockpit-kdump.metainfo.xml
%{_datadir}/metainfo/org.cockpit_project.cockpit_kdump.metainfo.xml
%if !0%{?suse_version}
%package sosreport
@ -750,7 +772,7 @@ BuildArch: noarch
The Cockpit component for managing networking. This package uses NetworkManager.
%files networkmanager -f networkmanager.list
%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml
%{_datadir}/metainfo/org.cockpit_project.cockpit_networkmanager.metainfo.xml
%endif
@ -772,7 +794,7 @@ This package contains the Cockpit user interface integration with the
utility setroubleshoot to diagnose and resolve SELinux issues.
%files selinux -f selinux.list
%{_datadir}/metainfo/org.cockpit-project.cockpit-selinux.metainfo.xml
%{_datadir}/metainfo/org.cockpit_project.cockpit_selinux.metainfo.xml
%endif
@ -802,27 +824,13 @@ BuildArch: noarch
The Cockpit component for managing storage. This package uses udisks.
%files -n cockpit-storaged -f storaged.list
%{_datadir}/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
%{_datadir}/metainfo/org.cockpit_project.cockpit_storaged.metainfo.xml
%if 0%{?build_tests}
%package -n cockpit-tests
Summary: Tests for Cockpit
Requires: cockpit-bridge >= %{required_base}
Requires: cockpit-system >= %{required_base}
Requires: openssh-clients
Provides: cockpit-test-assets = %{version}-%{release}
%description -n cockpit-tests
This package contains tests and files used while testing Cockpit.
These files are not required for running Cockpit.
%files -n cockpit-tests -f tests.list
%{pamdir}/mock-pam-conv-mod.so
%{_unitdir}/cockpit-session.socket
%{_unitdir}/cockpit-session@.service
# /build_tests
%endif
%post storaged
# version 332 moved the btrfs temp mounts db to /run
if [ "$1" = 2 ] && [ -d /var/lib/cockpit/btrfs ]; then
rm -rf --one-file-system /var/lib/cockpit/btrfs || true
fi
%package devel
Summary: Development files for for Cockpit
@ -833,24 +841,6 @@ This package contains files used to develop cockpit modules
%files devel
%{_datadir}/cockpit/devel
%if %{build_pcp}
%package -n cockpit-pcp
Summary: Cockpit PCP integration
Requires: cockpit-bridge >= %{required_base}
Requires: pcp
%description -n cockpit-pcp
Cockpit support for reading PCP metrics and loading PCP archives.
%files -n cockpit-pcp -f pcp.list
%{_libexecdir}/cockpit-pcp
%{_localstatedir}/lib/pcp/config/pmlogconf/tools/cockpit
%post -n cockpit-pcp
systemctl reload-or-try-restart pmlogger
%endif
%package -n cockpit-packagekit
Summary: Cockpit user interface for packages
BuildArch: noarch

View File

@ -200,16 +200,16 @@ Index: cockpit/pkg/playground/test.html
</head>
Index: cockpit/pkg/shell/index.html
===================================================================
--- cockpit.orig/pkg/shell/index.html
+++ cockpit/pkg/shell/index.html
--- a/pkg/shell/index.html
+++ b/pkg/shell/index.html
@@ -6,6 +6,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="shell.css" rel="stylesheet" />
<link href="../../static/branding.css" rel="stylesheet" />
+ <link href="../../static/css-overrides.css" type="text/css" rel="stylesheet" />
<script src="../base1/cockpit.js"></script>
<script src="../manifests.js"></script>
<!-- HACK: C bridge loads translations via glob and Python via manifest.js -->
<script src="../manifests-i18n.js"></script>
<script src="po.js"></script>
Index: cockpit/pkg/shell/shell.html
===================================================================
--- cockpit.orig/pkg/shell/shell.html

12
fix-libexecdir.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up cockpit-320/src/cockpit/packages.py.org cockpit-320/src/cockpit/packages.py
--- cockpit-320/src/cockpit/packages.py.org 2024-07-14 21:06:50.378400822 +0200
+++ cockpit-320/src/cockpit/packages.py 2024-07-14 21:07:40.568245119 +0200
@@ -127,7 +127,7 @@ def get_libexecdir() -> str:
This only works for systems which have cockpit-ws installed.
"""
- for candidate in ['/usr/local/libexec', '/usr/libexec', '/usr/local/lib/cockpit', '/usr/lib/cockpit']:
+ for candidate in ['/usr/local/libexec', '/usr/libexec', '/usr/local/lib/cockpit', '/usr/lib/cockpit', '/usr/lib']:
if os.path.exists(os.path.join(candidate, 'cockpit-askpass')):
return candidate
else:

View File

@ -2,11 +2,33 @@ Index: cockpit/pkg/metrics/metrics.jsx
===================================================================
--- cockpit.orig/pkg/metrics/metrics.jsx
+++ cockpit/pkg/metrics/metrics.jsx
@@ -1551,6 +1551,7 @@ const PCPConfig = ({ buttonVariant, fire
@@ -1565,6 +1565,7 @@ const PCPConfig = ({ buttonVariant, firewalldRequest, needsLogout, setNeedsLogou
return (
<Button variant={buttonVariant} icon={<CogIcon />}
+ className="pf-u-display-none"
isDisabled={ invalidService(s_pmlogger) || invalidService(s_pmproxy) || invalidService(s_redis) || invalidService(s_redis_server) }
isDisabled={ invalidService(s_pmlogger) || invalidService(s_pmproxy) ||
invalidService(s_redis) || invalidService(s_redis_server) || invalidService(s_valkey) }
onClick={show_dialog}>
{ _("Metrics settings") }
Index: cockpit-309/pkg/metrics/metrics.jsx
===================================================================
--- cockpit-309.orig/pkg/metrics/metrics.jsx
+++ cockpit-309/pkg/metrics/metrics.jsx
@@ -1824,7 +1825,8