packages/cockpit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:44efe927b0db90d4f731caa393aa40ddd55ae94c
Branches Tags
packages:main
...
compare: packages:ab4dd6bcb8dc003ba9f06d249e9efa702cda1974
Branches Tags
packages:main

10 Commits
44efe927b0 ... ab4dd6bcb8

Author SHA1 Message Date
openeuler-ci-bot
ab4dd6bcb8
!79 [sync] PR-78: cockpit去掉错误的provides 
From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2024-12-19 02:07:29 +00:00
hanjinpeng
1ccd583860 Remove incorrect provides cockpit-machines and cockpit-machines-ovirt 
remove require libvirt and libvirt-client

(cherry picked from commit 1eed7969b43f6d9787c16321e4d239e7bf286efe)
 2024-12-18 17:11:18 +08:00
openeuler-ci-bot
f3634b8d3e
!73 Fix Add team Chinese translation 
From: @fuowang 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
 2024-08-15 05:48:55 +00:00
wangshuo
e4b050dbef Fix Add team Chinese translation 2024-08-15 11:39:22 +08:00
openeuler-ci-bot
8a4940c570
!63 [sync] PR-62: fix CVE-2024-6126 
From: @openeuler-sync-bot 
Reviewed-by: @weidongkl 
Signed-off-by: @weidongkl
 2024-07-04 05:35:52 +00:00
lingsheng
12440c960e fix CVE-2024-6126 
(cherry picked from commit db7bd85b2204926940e843df767e0f0f62b1750c)
 2024-07-04 11:24:50 +08:00
openeuler-ci-bot
97972aeeb4
!44 Update to upstream 309 release 
From: @zhouwenpei 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
 2024-02-07 06:18:36 +00:00
zhouwenpei
e271a4e7cc Update to upstream 309 release 2024-01-23 07:33:29 +00:00
openeuler-ci-bot
1fecb1ad7c
!42 [sync] PR-41: enable selinux to fix cockpit login failed 
From: @openeuler-sync-bot 
Reviewed-by: @leeffo 
Signed-off-by: @leeffo
 2023-03-29 01:25:38 +00:00
zhouwenpei
5fd406eb2f enable selinux to fix cockpit login failed 
(cherry picked from commit 092b8bad6677b56890f5a7f25d58e39ee490e9d4)
 2023-03-29 09:15:08 +08:00
4 changed files with 402 additions and 47 deletions
Show Stats Expand all files Collapse all files

39
6001-Fix-Add-team-Chinese-translation.patch Normal file
View File

@ -0,0 +1,39 @@
From 78f14332da6aee7c87027d6b18e9ac960ef25006 Mon Sep 17 00:00:00 2001
From: wangshuo <wangshuo@kylinos.cn>
Date: Thu, 15 Aug 2024 11:32:16 +0800
Subject: [PATCH] Fix Add team Chinese translation
---
dist/networkmanager/po.zh_CN.js | 2 +-
po/zh_CN.po | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dist/networkmanager/po.zh_CN.js b/dist/networkmanager/po.zh_CN.js
index 1d31e70..b504f3b 100644
--- a/dist/networkmanager/po.zh_CN.js
+++ b/dist/networkmanager/po.zh_CN.js
@@ -226,7 +226,7 @@ cockpit.locale({
],
"Add team": [
null,
- "添加绑定"
+ "添加组合"
],
"Add zone": [
null,
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 13f2c6c..08ff14d 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -817,7 +817,7 @@ msgstr "添加系统服务到安全区域 $0"
#: pkg/networkmanager/team.jsx:154 pkg/networkmanager/network-main.jsx:143
msgid "Add team"
-msgstr "添加绑定"
+msgstr "添加组合"
#: pkg/networkmanager/firewall.jsx:810 pkg/networkmanager/firewall.jsx:815
msgid "Add zone"
--
2.27.0

156
backport-CVE-2024-6126.patch Normal file
View File

@ -0,0 +1,156 @@
From 08965365ac311f906a520cbf65427742d5f84ba4 Mon Sep 17 00:00:00 2001
From: Martin Pitt <mpitt@redhat.com>
Date: Mon, 10 Jun 2024 10:49:56 +0200
Subject: [PATCH] pam-ssh-add: Fix insecure killing of session ssh-agent
[CVE-2024-6126]
Some distributions like Debian 12, or possibly some administrators
enable pam_env's deprecated `user_readenv` option [1]. The user session
can change the `$SSH_AGENT_PID`, so that it can pass an arbitrary pid to
`pam_sm_close_session()`. This is a local authenticated DoS.
Avoid this by storing the agent pid in a global variable. The
cockpit-session process stays around for the entire session time, so we
don't need to put the pid into the PAM data.
It can also happen that the user session's ssh-agent gets killed, and
some other process later on recycles the PID. Temporarily drop
privileges to the target user so that we at least don't kill anyone
else's process.
Add an integration test which checks that changing the env variable
works, pointing it to a different process doesn't kill that, and
ssh-agent (the original pid) is still cleaned up correctly. However, as
pam_so.env in Fedora crashes hard, skip the test there.
Many thanks to Paolo Perego <paolo.perego@suse.com> for discovering,
and Luna Dragon <luna.dragon@suse.com> for reporting this issue!
[1] https://man7.org/linux/man-pages/man8/pam_env.8.html
CVE-2024-6126
https://bugzilla.redhat.com/show_bug.cgi?id=2290859
---
src/pam-ssh-add/pam-ssh-add.c | 46 ++++++++++++++++++++++++++++-------
test/verify/check-session | 33 +++++++++++++++++++++++++
2 files changed, 70 insertions(+), 9 deletions(-)
diff --git a/src/pam-ssh-add/pam-ssh-add.c b/src/pam-ssh-add/pam-ssh-add.c
index a9159d71004..839b797d215 100644
--- a/src/pam-ssh-add/pam-ssh-add.c
+++ b/src/pam-ssh-add/pam-ssh-add.c
@@ -54,6 +54,9 @@ const char *pam_ssh_agent_arg = NULL;
const char *pam_ssh_add_program = PATH_SSH_ADD;
const char *pam_ssh_add_arg = NULL;
+static unsigned long ssh_agent_pid;
+static uid_t ssh_agent_uid;
+
/* Environment */
#define ENVIRON_SIZE 5
#define PATH "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
@@ -866,6 +869,25 @@ start_agent (pam_handle_t *pamh,
error ("couldn't set agent environment: %s",
pam_strerror (pamh, res));
}
+
+ /* parse and store the agent pid for later cleanup */
+ if (strncmp (auth_pid, "SSH_AGENT_PID=", 14) == 0)
+ {
+ unsigned long pid = strtoul (auth_pid + 14, NULL, 10);
+ if (pid > 0 && pid != ULONG_MAX)
+ {
+ ssh_agent_pid = pid;
+ ssh_agent_uid = auth_pwd->pw_uid;
+ }
+ else
+ {
+ error ("invalid SSH_AGENT_PID value: %s", auth_pid);
+ }
+ }
+ else
+ {
+ error ("unexpected agent pid format: %s", auth_pid);
+ }
}
free (auth_socket);
@@ -952,19 +974,25 @@ pam_sm_close_session (pam_handle_t *pamh,
int argc,
const char *argv[])
{
- const char *s_pid;
- int pid = 0;
parse_args (argc, argv);
/* Kill the ssh agent we started */
- s_pid = pam_getenv (pamh, "SSH_AGENT_PID");
- if (s_pid)
- pid = atoi (s_pid);
-
- if (pid > 0)
+ if (ssh_agent_pid > 0)
{
- debug ("Closing %d", pid);
- kill (pid, SIGTERM);
+ debug ("Closing %lu", ssh_agent_pid);
+ /* kill as user to guard against crashing ssh-agent and PID reuse */
+ if (setresuid (ssh_agent_uid, ssh_agent_uid, -1) < 0)
+ {
+ error ("could not drop privileges for killing ssh agent: %m");
+ return PAM_SESSION_ERR;
+ }
+ if (kill (ssh_agent_pid, SIGTERM) < 0 && errno != ESRCH)
+ message ("could not kill ssh agent %lu: %m", ssh_agent_pid);
+ if (setresuid (0, 0, -1) < 0)
+ {
+ error ("could not restore privileges after killing ssh agent: %m");
+ return PAM_SESSION_ERR;
+ }
}
return PAM_SUCCESS;
}
diff --git a/test/verify/check-session b/test/verify/check-session
index 56a0fc08c04..21812f32507 100755
--- a/test/verify/check-session
+++ b/test/verify/check-session
@@ -86,6 +86,39 @@ class TestSession(testlib.MachineCase):
b.logout()
wait_session(should_exist=False)
+ # try to pwn $SSH_AGENT_PID via pam_env's user_readenv=1 (CVE-2024-6126)
+
+ if m.image in ["fedora-39", "fedora-40", "centos-10", "rhel-10-0"]:
+ # pam_env user_readenv crashes in Fedora/RHEL 10, skip the test
+ # https://bugzilla.redhat.com/show_bug.cgi?id=2293045
+ return
+ if m.ostree_image:
+ # not using cockpit's PAM config
+ return
+
+ # this is enabled by default in tools/cockpit.debian.pam, as well as
+ # Debian/Ubuntu's /etc/pam.d/sshd; but not in Fedora/RHEL
+ if "debian" not in m.image and "ubuntu" not in m.image:
+ self.write_file("/etc/pam.d/cockpit", "session required pam_env.so user_readenv=1\n", append=True)
+ victim_pid = m.spawn("sleep infinity", "sleep.log")
+ self.addCleanup(m.execute, f"kill {victim_pid} || true")
+ self.write_file("/home/admin/.pam_environment", f"SSH_AGENT_PID={victim_pid}\n", owner="admin")
+
+ b.login_and_go()
+ wait_session(should_exist=True)
+ # starts ssh-agent in session
+ m.execute("pgrep -u admin ssh-agent")
+ # but the session has the modified SSH_AGENT_PID
+ bridge = m.execute("pgrep -u admin cockpit-bridge").strip()
+ agent = m.execute(f"grep --null-data SSH_AGENT_PID /proc/{bridge}/environ | xargs -0 | sed 's/.*=//'").strip()
+ self.assertEqual(agent, str(victim_pid))
+
+ # logging out still kills the actual ssh-agent, not the victim pid
+ b.logout()
+ wait_session(should_exist=False)
+ m.execute("while pgrep -u admin ssh-agent; do sleep 1; done", timeout=10)
+ m.execute(f"test -e /proc/{victim_pid}")
+
if __name__ == '__main__':
testlib.test_main()

BIN
cockpit-285.tar.xz → cockpit-309.tar.xz
View File

Binary file not shown.

254
cockpit.spec
View File

@ -1,29 +1,49 @@
%global __requires_exclude_from ^%{_libexecdir}/cockpit-client$
%define required_base 266
%define _hardened_build 1
%define __lib lib
%if %{defined _pamdir}
%define pamdir %{_pamdir}
%else
%define pamdir %{_libdir}/security
%endif
%bcond_with pcp
Name: cockpit
Version: 285
Release: 1
Version: 309
Release: 4
Summary: A easy-to-use, integrated, glanceable, and open web-based interface for Linux servers
License: LGPLv2+
URL: https://cockpit-project.org/
Source0: https://github.com/cockpit-project/cockpit/releases/download/%{version}/cockpit-%{version}.tar.xz
Patch6000: backport-CVE-2024-6126.patch
Patch6001: 6001-Fix-Add-team-Chinese-translation.patch
%define build_basic 1
%define build_optional 1
%if "%{name}" == "cockpit"
%define selinuxtype targeted
%define selinux_configure_arg --enable-selinux-policy=%{selinuxtype}
%endif
BuildRequires: gcc
BuildRequires: pkgconfig(gio-unix-2.0) pkgconfig(json-glib-1.0) pkgconfig(polkit-agent-1) >= 0.105 pam-devel
BuildRequires: autoconf automake python3 intltool libssh-devel >= 0.7.1 openssl-devel zlib-devel krb5-devel
BuildRequires: libxslt-devel docbook-style-xsl glib-networking sed glib2-devel >= 2.50.0
BuildRequires: systemd-devel krb5-server xmlto gnutls-devel >= 3.6.0
BuildRequires: gettext >= 0.21 openssh-clients gdb
BuildRequires: python3-pip
%if %{with pcp}
BuildRequires: pcp-libs-devel
%endif
BuildRequires: selinux-policy selinux-policy-devel
Requires: glib-networking shadow-utils grep libpwquality coreutils NetworkManager kexec-tools openssl glib2 >= 2.50.0
Requires: python3 python3-dbus systemd udisks2 >= 2.6 libvirt libvirt-client PackageKit
Requires: python3 python3-dbus systemd udisks2 >= 2.6 PackageKit
Requires: cockpit-bridge cockpit-ws cockpit-system
Provides: %{name}-networkmanager %{name}-selinux %{name}-sosreport %{name}-dashboard = %{version}-%{release}
Provides: %{name}-machines = %{version}-%{release} %{name}-machines-ovirt = %{version}-%{release} %{name}-shell %{name}-systemd
Provides: %{name}-shell %{name}-systemd
Provides: %{name}-bridge = %{version}-%{release} %{name}-packagekit = %{version}-%{release} %{name}-storaged = %{version}-%{release}
Provides: %{name}-system = %{version}-%{release} %{name}-ws = %{version}-%{release} %{name}-ssh %{name}-realmd
Provides: %{name}-tuned %{name}-users %{name}-kdump
@ -31,7 +51,7 @@ Provides: bundled(js-jquery) = 3.3.1 bundled(js-moment) = 2.22.2 bundled(n
Provides: bundled(nodejs-promise) = 8.0.2 bundled(nodejs-requirejs) = 2.1.22 bundled(xstatic-bootstrap-datepicker-common) = 1.8.0
Obsoletes: %{name}-networkmanager %{name}-selinux %{name}-sosreport %{name}-dashboard < %{version}-%{release}
Obsoletes: %{name}-machines < %{version}-%{release} %{name}-machines-ovirt < %{version}-%{release} %{name}-shell %{name}-systemd
Obsoletes: %{name}-shell %{name}-systemd
Obsoletes: %{name}-bridge < %{version}-%{release} %{name}-packagekit < %{version}-%{release} %{name}-storaged < %{version}-%{release}
Obsoletes: %{name}-system < %{version}-%{release} %{name}-ws < %{version}-%{release} %{name}-ssh %{name}-realmd
Obsoletes: %{name}-tuned %{name}-users %{name}-kdump
@ -41,6 +61,134 @@ Conflicts: %{name}-dashboard < 170.x %{name}-ws < 135 firewalld < 0.6.0-1
Recommends: polkit NetworkManager-team setroubleshoot-server >= 3.3.3 sscg >= 2.3 system-logos
Recommends: udisks2-lvm2 >= 2.6 udisks2-iscsi >= 2.6 device-mapper-multipath clevis-luks virt-install
%prep
%setup -n cockpit-%{version}
%patch 6000 -p1
gzip -d ./dist/networkmanager/po.zh_CN.js.gz
%patch 6001 -p1
gzip ./dist/networkmanager/po.zh_CN.js
%build
%configure \
%{?selinux_configure_arg} \
--with-cockpit-user=cockpit-ws \
--with-cockpit-ws-instance-user=cockpit-wsinstance \
--with-pamdir='%{pamdir}' \
--docdir=%_defaultdocdir/%{name} \
%if 0%{?build_basic} == 0
--disable-ssh \
%endif
%if %{without pcp}
--disable-pcp
%endif
%make_build
%check
%if %{?_with_check:1}%{!?_with_check:0}
%make_build check
%endif
%install
%make_install
make install-tests DESTDIR=%{buildroot}
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
install -p -m 644 tools/cockpit.pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/cockpit
rm -f %{buildroot}/%{_libdir}/cockpit/*.so
install -D -p -m 644 AUTHORS COPYING README.md %{buildroot}%{_docdir}/cockpit/
# Build the package lists for resource packages
# cockpit-bridge is the basic dependency for all cockpit-* packages, so centrally own the page directory
echo '%dir %{_datadir}/cockpit' > base.list
echo '%dir %{_datadir}/cockpit/base1' >> base.list
find %{buildroot}%{_datadir}/cockpit/base1 -type f -o -type l >> base.list
echo '%{_sysconfdir}/cockpit/machines.d' >> base.list
echo %{buildroot}%{_datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy >> base.list
echo '%dir %{_datadir}/cockpit/ssh' >> base.list
%if %{with pcp}
echo '%dir %{_datadir}/cockpit/pcp' > pcp.list
find %{buildroot}%{_datadir}/cockpit/pcp -type f >> pcp.list
%endif
echo '%dir %{_datadir}/cockpit/shell' >> system.list
find %{buildroot}%{_datadir}/cockpit/shell -type f >> system.list
echo '%dir %{_datadir}/cockpit/systemd' >> system.list
find %{buildroot}%{_datadir}/cockpit/systemd -type f >> system.list
echo '%dir %{_datadir}/cockpit/users' >> system.list
find %{buildroot}%{_datadir}/cockpit/users -type f >> system.list
echo '%dir %{_datadir}/cockpit/metrics' >> system.list
find %{buildroot}%{_datadir}/cockpit/metrics -type f >> system.list
echo '%dir %{_datadir}/cockpit/kdump' > kdump.list
find %{buildroot}%{_datadir}/cockpit/kdump -type f >> kdump.list
echo '%dir %{_datadir}/cockpit/sosreport' > sosreport.list
find %{buildroot}%{_datadir}/cockpit/sosreport -type f >> sosreport.list
echo '%dir %{_datadir}/cockpit/storaged' > storaged.list
find %{buildroot}%{_datadir}/cockpit/storaged -type f >> storaged.list
echo '%dir %{_datadir}/cockpit/networkmanager' > networkmanager.list
find %{buildroot}%{_datadir}/cockpit/networkmanager -type f >> networkmanager.list
echo '%dir %{_datadir}/cockpit/packagekit' > packagekit.list
find %{buildroot}%{_datadir}/cockpit/packagekit -type f >> packagekit.list
echo '%dir %{_datadir}/cockpit/apps' >> packagekit.list
find %{buildroot}%{_datadir}/cockpit/apps -type f >> packagekit.list
echo '%dir %{_datadir}/cockpit/selinux' > selinux.list
find %{buildroot}%{_datadir}/cockpit/selinux -type f >> selinux.list
echo '%dir %{_datadir}/cockpit/playground' > tests.list
find %{buildroot}%{_datadir}/cockpit/playground -type f >> tests.list
echo '%dir %{_datadir}/cockpit/static' > static.list
echo '%dir %{_datadir}/cockpit/static/fonts' >> static.list
find %{buildroot}%{_datadir}/cockpit/static -type f >> static.list
# when not building basic packages, remove their files
%if 0%{?build_basic} == 0
for pkg in base1 branding motd kdump networkmanager selinux shell sosreport ssh static systemd users metrics; do
rm -r %{buildroot}/%{_datadir}/cockpit/$pkg
rm -f %{buildroot}/%{_datadir}/metainfo/org.cockpit-project.cockpit-${pkg}.metainfo.xml
done
for data in doc man pixmaps polkit-1; do
rm -r %{buildroot}/%{_datadir}/$data
done
rm -r %{buildroot}/%{_prefix}/%{__lib}/tmpfiles.d
find %{buildroot}/%{_unitdir}/ -type f ! -name 'cockpit-session*' -delete
for libexec in cockpit-askpass cockpit-session cockpit-ws cockpit-tls cockpit-wsinstance-factory cockpit-client cockpit-client.ui cockpit-desktop cockpit-certificate-helper cockpit-certificate-ensure; do
rm %{buildroot}/%{_libexecdir}/$libexec
done
rm -r %{buildroot}/%{_sysconfdir}/pam.d %{buildroot}/%{_sysconfdir}/motd.d %{buildroot}/%{_sysconfdir}/issue.d
rm -f %{buildroot}/%{_libdir}/security/pam_*
rm %{buildroot}/usr/bin/cockpit-bridge
rm -f %{buildroot}%{_libexecdir}/cockpit-ssh
rm -f %{buildroot}%{_datadir}/metainfo/cockpit.appdata.xml
%endif
# when not building optional packages, remove their files
%if 0%{?build_optional} == 0
for pkg in apps packagekit playground storaged; do
rm -rf %{buildroot}/%{_datadir}/cockpit/$pkg
done
# files from -tests
rm -f %{buildroot}/%{pamdir}/mock-pam-conv-mod.so
rm -f %{buildroot}/%{_unitdir}/cockpit-session.socket
rm -f %{buildroot}/%{_unitdir}/cockpit-session@.service
# files from -storaged
rm -f %{buildroot}/%{_prefix}/share/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml
%endif
sed -i "s|%{buildroot}||" *.list
rm -rf %{buildroot}/usr/src/debug
%description
Cockpit makes GNU/Linux discoverable. See Linux server in a web browser and perform system tasks with a mouse.
Its easy to start containers, administer storage, configure networks, and inspect logs with this package.
@ -78,48 +226,27 @@ Obsoletes: %{name}-doc < %{version}-%{release}
This package helps you to deploy %{name} and contains some
man help files.
%prep
%autosetup -n %{name}-%{version} -p1
%build
%configure --disable-silent-rules --with-cockpit-user=cockpit-ws --with-selinux-config-type=etc_t \
--with-cockpit-ws-instance-user=cockpit-wsinstance \
--with-appstream-data-packages='[ "appstream-data" ]' --with-nfs-client-package='"nfs-utils"' --with-vdo-package='"vdo"' \
%if %{without pcp}
--disable-pcp
%endif
%make_build
%check
%if %{?_with_check:1}%{!?_with_check:0}
%make_build check
%endif
%install
%make_install
make install-tests DESTDIR=%{buildroot}
install -Dpm644 tools/cockpit.pam %{buildroot}%{_sysconfdir}/pam.d/cockpit
echo '{ "linguas": null }' > %{buildroot}%{_datadir}/cockpit/shell/override.json
%pre
getent group cockpit-ws >/dev/null || groupadd -r cockpit-ws
getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d / -s /sbin/nologin -c "User for cockpit-ws" cockpit-ws
getent passwd cockpit-ws >/dev/null || useradd -r -g cockpit-ws -d /nonexisting -s /sbin/nologin -c "User for cockpit web service" cockpit-ws
getent group cockpit-wsinstance >/dev/null || groupadd -r cockpit-wsinstance
getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d / -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance
getent passwd cockpit-wsinstance >/dev/null || useradd -r -g cockpit-wsinstance -d /nonexisting -s /sbin/nologin -c "User for cockpit-ws instances" cockpit-wsinstance
if %{_sbindir}/selinuxenabled 2>/dev/null; then
%selinux_relabel_pre -s %{selinuxtype}
fi
%post
if [ ! -f "%{_sysconfdir}/%{name}/ws-certs.d/0-self-signed.key" ]; then
# The certificate is not available when upgrading from an older version and needs to be recreated
%{__rm} -f %{_sysconfdir}/%{name}/ws-certs.d/{0-self-signed.cert,0-self-signed-ca.pem}
if [ -x %{_sbindir}/selinuxenabled ]; then
%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%selinux_relabel_post -s %{selinuxtype}
fi
%tmpfiles_create cockpit-tempfiles.conf
%systemd_post cockpit.socket cockpit.service
# cannot use systemctl because it might be out of sync with reality
# firewalld only partially picks up changes to its services files without this
test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
# check for deprecated PAM config
if grep --color=auto pam_cockpit_cert %{_sysconfdir}/pam.d/cockpit; then
echo '**** WARNING:'
@ -128,17 +255,15 @@ if grep --color=auto pam_cockpit_cert %{_sysconfdir}/pam.d/cockpit; then
echo '**** WARNING:'
fi
%if %{with pcp}
%post pcp
/usr/share/pcp/lib/pmlogger condrestart
%endif
%preun
%systemd_preun cockpit.socket cockpit.service
%postun
%systemd_postun_with_restart cockpit.socket
%systemd_postun_with_restart cockpit.service
if [ -x %{_sbindir}/selinuxenabled ]; then
%selinux_modules_uninstall -s %{selinuxtype} %{name}
%selinux_relabel_post -s %{selinuxtype}
fi
%systemd_postun_with_restart cockpit.socket cockpit.service
%files
%if %{without pcp}
@ -181,6 +306,10 @@ fi
%{_unitdir}/cockpit-session.socket
%{_unitdir}/cockpit-session@.service
%{_datadir}/metainfo/org.cockpit-project.cockpit-networkmanager.metainfo.xml
%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2
%{_mandir}/man8/%{name}_session_selinux.8cockpit.*
%{_mandir}/man8/%{name}_ws_selinux.8cockpit.*
%{python3_sitelib}/cockpit*
%if %{with pcp}
%files pcp
@ -200,6 +329,37 @@ fi
%doc %{_mandir}/man8/{cockpit-ws.8.gz,remotectl.8.gz,pam_ssh_add.8.gz,cockpit-tls.8.gz}
%changelog
* Tue Dec 17 2024 Han Jinpeng <hanjinpeng@kylinos.cn> - 309-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC: remove incorrect provides cockpit-machines and cockpit-machines-ovirt
remove require libvirt and libvirt-client
* Thu Aug 15 2024 wangshuo <wangshuo@kylinos.cn> - 309-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:Fix Add team Chinese translation
* Thu Jul 04 2024 lingsheng <lingsheng1@h-partners.com> - 309-2
- Type:CVE
- ID:CVE-2024-6126
- SUG:restart
- DESC:fix CVE-2024-6126
* Tue Jan 23 2024 zhouwenpei <zhouwenpei1@h-partners.com> - 309-1
- Type:NA
- ID:NA
- SUG:NA
- DESC:Update to upstream 309 release
* Tue Mar 28 2023 zhouwenpei <zhouwenpei1@h-partners.com> - 285-2
- Type:NA
- ID:NA
- SUG:NA
- DESC:enable selinux to fix cockpit login failed
* Mon Feb 27 2023 lvcongqing <lvcongqing@uniontech.com> - 285-1
- Type:NA
- ID:NA