From 426ac08ad9debcee7df0d388c521f4e51ee832a3 Mon Sep 17 00:00:00 2001 From: Michael Haener Date: Wed, 29 Apr 2020 15:11:51 +0200 Subject: [PATCH] cockpit: Add recipe version 217 Cockpit is a server manager that makes it easy to administer your GNU/Linux servers via a web browser. Signed-off-by: Michael Haener --- .../recipes-webadmin/cockpit/cockpit_217.bb | 178 ++++++++++++++++++ ...01-remove-tests-dep-on-gobject-intro.patch | 77 ++++++++ ...e-use-copy-rule-for-unmodified-files.patch | 47 +++++ ...t-add-option-to-build-without-polkit.patch | 108 +++++++++++ .../cockpit/files/cockpit.pam | 8 + 5 files changed, 418 insertions(+) create mode 100644 meta-webserver/recipes-webadmin/cockpit/cockpit_217.bb create mode 100644 meta-webserver/recipes-webadmin/cockpit/files/0001-remove-tests-dep-on-gobject-intro.patch create mode 100644 meta-webserver/recipes-webadmin/cockpit/files/0002-fix-makefile-use-copy-rule-for-unmodified-files.patch create mode 100644 meta-webserver/recipes-webadmin/cockpit/files/0003-feat-add-option-to-build-without-polkit.patch create mode 100644 meta-webserver/recipes-webadmin/cockpit/files/cockpit.pam diff --git a/meta-webserver/recipes-webadmin/cockpit/cockpit_217.bb b/meta-webserver/recipes-webadmin/cockpit/cockpit_217.bb new file mode 100644 index 00000000000..d530924561d --- /dev/null +++ b/meta-webserver/recipes-webadmin/cockpit/cockpit_217.bb @@ -0,0 +1,178 @@ +SUMMARY = "Admin interface for Linux machines" +DESCRIPTION = "Cockpit makes it easy to administer your GNU/Linux servers via a web browser" + +LICENSE = "LGPLv2.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c" + +SRC_URI += " \ + https://github.com/cockpit-project/cockpit/releases/download/${PV}/cockpit-${PV}.tar.xz \ + file://0001-remove-tests-dep-on-gobject-intro.patch \ + file://0002-fix-makefile-use-copy-rule-for-unmodified-files.patch \ + file://0003-feat-add-option-to-build-without-polkit.patch \ + file://cockpit.pam \ + " +SRC_URI[md5sum] = "048fe1f3d9211786b6888e9d2d8db53c" +SRC_URI[sha256sum] = "6bf41e2ccaebf8b2ede98937750bd33f3d9b369a1de18a1ac17170b59132136c" + +inherit gettext pkgconfig autotools systemd distro_features_check + +DEPENDS += "glib-2.0-native intltool-native gnutls" +DEPENDS += "virtual/gettext json-glib krb5 libpam" + +RDEPENDS_${PN} += "glib-networking" + +REQUIRED_DISTRO_FEATURES = "pam" + +COCKPIT_USER_GROUP ?= "root" +COCKPIT_WS_USER_GROUP ?= "${COCKPIT_USER_GROUP}" + +EXTRA_AUTORECONF = "-I tools" +EXTRA_OECONF = " \ + --with-cockpit-user=${COCKPIT_USER_GROUP} \ + --with-cockpit-group=${COCKPIT_USER_GROUP} \ + --with-cockpit-ws-instance-user=${COCKPIT_WS_USER_GROUP} \ + --with-cockpit-ws-instance-group=${COCKPIT_WS_USER_GROUP} \ + --disable-doc \ + --with-systemdunitdir=${systemd_system_unitdir} \ +" + +PACKAGECONFIG[pcp] = "--enable-pcp,--disable-pcp,pcp" +PACKAGECONFIG[dashboard] = "--enable-ssh,--disable-ssh,libssh" + +PACKAGES =+ " \ + ${PN}-pcp \ + ${PN}-realmd \ + ${PN}-tuned \ + ${PN}-shell \ + ${PN}-systemd \ + ${PN}-users \ + ${PN}-kdump \ + ${PN}-sosreport \ + ${PN}-storaged \ + ${PN}-networkmanager \ + ${PN}-machines \ + ${PN}-selinux \ + ${PN}-playground \ + ${PN}-docker \ + ${PN}-dashboard \ + ${PN}-bridge \ + ${PN}-ws \ + ${PN}-desktop \ +" +SYSTEMD_PACKAGES = "${PN}-ws" + +FILES_${PN}-pcp = " \ + ${libexecdir}/cockpit-pcp \ + ${datadir}/cockpit/pcp \ + ${localstatedir}/lib/pcp/config/pmlogconf/tools/cockpit \ +" +FILES_${PN}-realmd = "${datadir}/cockpit/realmd" +FILES_${PN}-tuned = "${datadir}/cockpit/tuned" +FILES_${PN}-shell = "${datadir}/cockpit/shell" +FILES_${PN}-systemd = "${datadir}/cockpit/systemd" +FILES_${PN}-users = "${datadir}/cockpit/users" +FILES_${PN}-kdump = " \ + ${datadir}/cockpit/kdump \ + ${datadir}/metainfo/org.cockpit-project.cockpit-kdump.metainfo.xml \ +" +FILES_${PN}-sosreport = " \ + ${datadir}/cockpit/sosreport \ + ${datadir}/metainfo/org.cockpit-project.cockpit-sosreport.metainfo.xml \ + ${datadir}/pixmaps/cockpit-sosreport.png \ +" +FILES_${PN}-storaged = " \ + ${datadir}/cockpit/storaged \ + ${datadir}/metainfo/org.cockpit-project.cockpit-storaged.metainfo.xml \ +" +FILES_${PN}-networkmanager = "${datadir}/cockpit/networkmanager" +RDEPENDS_${PN}-networkmanager = "networkmanager" + +FILES_${PN}-machines = " \ + ${datadir}/cockpit/machines \ + ${datadir}/metainfo/org.cockpit-project.cockpit-machines.metainfo.xml \ +" +FILES_${PN}-selinux = " \ + ${datadir}/cockpit/selinux \ + ${datadir}/metainfo/org.cockpit-project.cockpit-selinux.metainfo.xml \ +" +FILES_${PN}-playground = "${datadir}/cockpit/playground" +FILES_${PN}-docker = " \ + ${datadir}/cockpit/docker \ + ${datadir}/metainfo/org.cockpit-project.cockpit-docker.metainfo.xml \ +" +FILES_${PN}-dashboard = "${datadir}/cockpit/dashboard" +ALLOW_EMPTY_${PN}-dashboard = "1" + +FILES_${PN}-bridge = " \ + ${bindir}/cockpit-bridge \ + ${libexec}/cockpit-askpass \ +" +RDEPENDS_${PN}-bridge = "" + +FILES_${PN}-desktop = "${libexecdir}/cockpit-desktop" +RDEPENDS_${PN}-desktop += "bash" + +FILES_${PN}-ws = " \ + ${sysconfdir}/cockpit/ws-certs.d \ + ${sysconfdir}/pam.d/cockpit \ + ${sysconfdir}/issue.d/cockpit.issue \ + ${sysconfdir}/motd.d/cockpit \ + ${datadir}/cockpit/motd/update-motd \ + ${datadir}/cockpit/motd/inactive.motd \ + ${systemd_system_unitdir}/cockpit.service \ + ${systemd_system_unitdir}/cockpit-motd.service \ + ${systemd_system_unitdir}/cockpit.socket \ + ${systemd_system_unitdir}/cockpit-wsinstance-http.socket \ + ${systemd_system_unitdir}/cockpit-wsinstance-http.service \ + ${systemd_system_unitdir}/cockpit-wsinstance-http-redirect.socket \ + ${systemd_system_unitdir}/cockpit-wsinstance-http-redirect.service \ + ${systemd_system_unitdir}/cockpit-wsinstance-https-factory.socket \ + ${systemd_system_unitdir}/cockpit-wsinstance-https-factory@.service \ + ${systemd_system_unitdir}/cockpit-wsinstance-https@.socket \ + ${systemd_system_unitdir}/cockpit-wsinstance-https@.service \ + ${systemd_system_unitdir}/system-cockpithttps.slice \ + ${libdir}/tmpfiles.d/cockpit-tempfiles.conf \ + ${sbindir}/remotectl \ + ${libdir}/security/pam_ssh_add.so \ + ${libdir}/security/pam_cockpit_cert.so \ + ${libexecdir}/cockpit-ws \ + ${libexecdir}/cockpit-wsinstance-factory \ + ${libexecdir}/cockpit-tls \ + ${libexecdir}/cockpit-session \ + ${localstatedir}/lib/cockpit \ + ${datadir}/cockpit/static \ + ${datadir}/cockpit/branding \ +" +CONFFILES_${PN}-ws += " \ + ${sysconfdir}/issue.d/cockpit.issue \ + ${sysconfdir}/motd.d/cockpit \ +" +RDEPENDS_${PN}-ws += "openssl-bin" +SYSTEMD_SERVICE_${PN}-ws = "cockpit.socket" + +FILES_${PN} += " \ + ${datadir}/cockpit/base1 \ + ${sysconfdir}/cockpit/machines.d \ + ${datadir}/polkit-1/actions/org.cockpit-project.cockpit-bridge.policy \ + ${datadir}/cockpit/ssh \ + ${libexecdir}/cockpit-ssh \ + ${datadir}/cockpit \ + ${datadir}/metainfo/cockpit.appdata.xml \ + ${datadir}/pixmaps/cockpit.png \ +" +RDEPENDS_${PN} += "${PN}-bridge" + +do_install_append() { + pkgdatadir=${datadir}/cockpit + + # avoid host contamination + find ${D}${datadir}/cockpit -name manifest.json -exec chown root:root {} \; + + chmod 4750 ${D}${libexecdir}/cockpit-session + + install -d "${D}${sysconfdir}/pam.d" + install -p -m 0644 ${WORKDIR}/cockpit.pam ${D}${sysconfdir}/pam.d/cockpit + + # provided by firewalld + rm -rf ${D}${libdir}/firewalld +} diff --git a/meta-webserver/recipes-webadmin/cockpit/files/0001-remove-tests-dep-on-gobject-intro.patch b/meta-webserver/recipes-webadmin/cockpit/files/0001-remove-tests-dep-on-gobject-intro.patch new file mode 100644 index 00000000000..2242190a38c --- /dev/null +++ b/meta-webserver/recipes-webadmin/cockpit/files/0001-remove-tests-dep-on-gobject-intro.patch @@ -0,0 +1,77 @@ +From 788aace494f79e8201b18ebcdf1592b5030c5295 Mon Sep 17 00:00:00 2001 +From: Adrian Freihofer +Date: Wed, 4 Dec 2019 17:23:46 +0100 +Subject: [PATCH] remove tests dep on gobject-intro + +--- + src/ws/Makefile-ws.am | 54 --------------------------------------------------- + 1 file changed, 54 deletions(-) + +diff --git a/src/ws/Makefile-ws.am b/src/ws/Makefile-ws.am +index 009130941..34e13d7fe 100644 +--- a/src/ws/Makefile-ws.am ++++ b/src/ws/Makefile-ws.am +@@ -246,60 +246,6 @@ EXTRA_DIST += \ + + # ---------------------------------------------------------------------------------------------------- + +-noinst_PROGRAMS += test-server +-check_PROGRAMS += test-server +- +-GDBUS_CODEGEN_XML = $(srcdir)/src/ws/com.redhat.Cockpit.DBusTests.xml +- +-GDBUS_CODEGEN_GENERATED = \ +- src/ws/mock-dbus-tests.h \ +- src/ws/mock-dbus-tests.c \ +- $(NULL) +- +-# FIXME: --header/--body and --output are only available from GLib 2.56. +-# just use --generate-c-code and a bit of dependency ugliness for now +-GDBUS_CODEGEN_INVOCATION = \ +- $(AM_V_GEN) gdbus-codegen \ +- --interface-prefix com.redhat.Cockpit.DBusTests \ +- --c-namespace Test \ +- --c-generate-object-manager \ +- --generate-c-code src/ws/mock-dbus-tests \ +- $(GDBUS_CODEGEN_XML) +- +-BUILT_SOURCES += $(GDBUS_CODEGEN_GENERATED) +-CLEANFILES += $(GDBUS_CODEGEN_GENERATED) +-EXTRA_DIST += $(GDBUS_CODEGEN_XML) +- +-src/ws/mock-dbus-tests.h: $(GDBUS_CODEGEN_XML) +- $(GDBUS_CODEGEN_INVOCATION) +- +-src/ws/mock-dbus-tests.c: $(GDBUS_CODEGEN_XML) src/ws/mock-dbus-tests.h +- $(GDBUS_CODEGEN_INVOCATION) +- +-test_server_SOURCES = \ +- src/ws/mock-service.c \ +- src/ws/mock-service.h \ +- src/ws/test-server.c \ +- $(NULL) +- +-nodist_test_server_SOURCES = \ +- $(GDBUS_CODEGEN_GENERATED) \ +- $(NULL) +- +-test_server_CFLAGS = \ +- -I$(builddir)/src/ws \ +- -I$(top_srcdir)/src/ws \ +- -DG_LOG_DOMAIN=\"test-server\" \ +- $(GIO_CFLAGS) \ +- $(COCKPIT_WS_CFLAGS) \ +- $(NULL) +- +-test_server_LDADD = \ +- $(libcockpit_ws_LIBS) \ +- $(GIO_LIBS) \ +- -lpam \ +- $(NULL) +- + WS_CHECKS = \ + test-base64 \ + test-creds \ +-- +2.11.0 + diff --git a/meta-webserver/recipes-webadmin/cockpit/files/0002-fix-makefile-use-copy-rule-for-unmodified-files.patch b/meta-webserver/recipes-webadmin/cockpit/files/0002-fix-makefile-use-copy-rule-for-unmodified-files.patch new file mode 100644 index 00000000000..a1ea9bcfdcb --- /dev/null +++ b/meta-webserver/recipes-webadmin/cockpit/files/0002-fix-makefile-use-copy-rule-for-unmodified-files.patch @@ -0,0 +1,47 @@ +From 1edf0756bf4fd002f5b60cf2b86d4b97a00aff20 Mon Sep 17 00:00:00 2001 +From: Michael Haener +Date: Wed, 25 Mar 2020 08:32:07 +0100 +Subject: [PATCH] fix(makefile): use copy rule for unmodified files + +--- + pkg/Makefile.am | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/pkg/Makefile.am b/pkg/Makefile.am +index 192b785..03b9787 100644 +--- a/pkg/Makefile.am ++++ b/pkg/Makefile.am +@@ -13,6 +13,33 @@ playground_DATA = \ + dist/playground/extra.de.po: pkg/playground/extra.de.po + $(COPY_RULE) + ++dist/playground/hammer.gif: pkg/playground/hammer.gif ++ $(COPY_RULE) ++ ++dist/sosreport/sosreport.png: pkg/sosreport/sosreport.png ++ $(COPY_RULE) ++ ++dist/apps/default.png: pkg/apps/default.png ++ $(COPY_RULE) ++ ++dist/storaged/images/storage-array.png: pkg/storaged/images/storage-array.png ++ $(COPY_RULE) ++ ++dist/storaged/images/storage-disk.png: pkg/storaged/images/storage-disk.png ++ $(COPY_RULE) ++ ++dist/shell/images/server-error.png: pkg/shell/images/server-error.png ++ $(COPY_RULE) ++ ++dist/shell/images/server-large.png: pkg/shell/images/server-large.png ++ $(COPY_RULE) ++ ++dist/shell/images/server-small.png: pkg/shell/images/server-small.png ++ $(COPY_RULE) ++ ++dist/shell/index.html: pkg/shell/index.html ++ $(COPY_RULE) ++ + metainfodir = ${datarootdir}/metainfo + metainfo_DATA = pkg/sosreport/org.cockpit-project.cockpit-sosreport.metainfo.xml \ + pkg/kdump/org.cockpit-project.cockpit-kdump.metainfo.xml \ diff --git a/meta-webserver/recipes-webadmin/cockpit/files/0003-feat-add-option-to-build-without-polkit.patch b/meta-webserver/recipes-webadmin/cockpit/files/0003-feat-add-option-to-build-without-polkit.patch new file mode 100644 index 00000000000..d540cdcfe9d --- /dev/null +++ b/meta-webserver/recipes-webadmin/cockpit/files/0003-feat-add-option-to-build-without-polkit.patch @@ -0,0 +1,108 @@ +From df05830ffbb48b5d087b49dd642b5095667cf7a5 Mon Sep 17 00:00:00 2001 +From: Michael Haener +Date: Fri, 24 Apr 2020 11:26:12 +0200 +Subject: [PATCH] feat: add option to build without polkit + +--- + configure.ac | 14 +++++++++++--- + src/bridge/Makefile.am | 9 +++++++-- + src/bridge/bridge.c | 6 +++++- + 3 files changed, 23 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index dd74987..db6ce42 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -82,7 +82,7 @@ GIO_CFLAGS="$GIO_CFLAGS -DGLIB_VERSION_MAX_ALLOWED=$GLIB_VERSION_DEF" + + PKG_CHECK_MODULES(LIBSYSTEMD, [$LIBSYSTEMD_REQUIREMENT]) + PKG_CHECK_MODULES(JSON_GLIB, [$JSON_GLIB_REQUIREMENT]) +-PKG_CHECK_MODULES(POLKIT, [$POLKIT_REQUIREMENT]) ++PKG_CHECK_MODULES(POLKIT, [$POLKIT_REQUIREMENT],enable_polkit="yes",enable_polkit="no") + PKG_CHECK_MODULES(GNUTLS, [$GNUTLS_REQUIREMENT]) + PKG_CHECK_MODULES(KRB5, [$KRB5_REQUIREMENT]) + +@@ -91,8 +91,16 @@ COCKPIT_LIBS="$GIO_LIBS $JSON_GLIB_LIBS $LIBSYSTEMD_LIBS -lutil -lm" + AC_SUBST(COCKPIT_CFLAGS) + AC_SUBST(COCKPIT_LIBS) + +-COCKPIT_BRIDGE_CFLAGS="$COCKPIT_CFLAGS $POLKIT_CFLAGS" +-COCKPIT_BRIDGE_LIBS="$COCKPIT_LIBS $POLKIT_LIBS" ++# bridge with optional polkit ++if test "$enable_polkit" = "yes"; then ++ COCKPIT_BRIDGE_CFLAGS="$COCKPIT_CFLAGS $POLKIT_CFLAGS" ++ COCKPIT_BRIDGE_LIBS="$COCKPIT_LIBS $POLKIT_LIBS" ++ AC_DEFINE_UNQUOTED([WITH_POLKIT], [], [Build with polkit]) ++else ++ COCKPIT_BRIDGE_CFLAGS="$COCKPIT_CFLAGS" ++ COCKPIT_BRIDGE_LIBS="$COCKPIT_LIBS" ++fi ++AM_CONDITIONAL(WITH_POLKIT, test "$enable_polkit" = "yes") + AC_SUBST(COCKPIT_BRIDGE_CFLAGS) + AC_SUBST(COCKPIT_BRIDGE_LIBS) + +diff --git a/src/bridge/Makefile.am b/src/bridge/Makefile.am +index dd67770..1bfd24e 100644 +--- a/src/bridge/Makefile.am ++++ b/src/bridge/Makefile.am +@@ -71,8 +71,6 @@ libcockpit_bridge_a_SOURCES = \ + src/bridge/cockpitpeer.h \ + src/bridge/cockpitpipechannel.c \ + src/bridge/cockpitpipechannel.h \ +- src/bridge/cockpitpolkitagent.c \ +- src/bridge/cockpitpolkitagent.h \ + src/bridge/cockpitrouter.c \ + src/bridge/cockpitrouter.h \ + src/bridge/cockpitstream.c \ +@@ -82,6 +80,13 @@ libcockpit_bridge_a_SOURCES = \ + $(libcockpit_bridge_METRICS) \ + $(NULL) + ++if WITH_POLKIT ++libcockpit_bridge_a_SOURCES += \ ++ src/bridge/cockpitpolkitagent.c \ ++ src/bridge/cockpitpolkitagent.h \ ++ $(NULL) ++endif ++ + libcockpit_bridge_a_CFLAGS = \ + -I$(srcdir)/src/bridge \ + -DG_LOG_DOMAIN=\"cockpit-bridge\" \ +diff --git a/src/bridge/bridge.c b/src/bridge/bridge.c +index d117106..c030b44 100644 +--- a/src/bridge/bridge.c ++++ b/src/bridge/bridge.c +@@ -472,7 +472,6 @@ run_bridge (const gchar *interactive, + gboolean terminated = FALSE; + gboolean interupted = FALSE; + gboolean closed = FALSE; +- gpointer polkit_agent = NULL; + const gchar *directory; + struct passwd *pwd; + GPid daemon_pid = 0; +@@ -557,11 +556,14 @@ run_bridge (const gchar *interactive, + transport = cockpit_pipe_transport_new_fds ("stdio", 0, outfd); + } + ++#ifdef WITH_POLKIT ++ gpointer polkit_agent = NULL; + if (uid != 0) + { + if (!interactive) + polkit_agent = cockpit_polkit_agent_register (transport, NULL); + } ++#endif + + g_resources_register (cockpitassets_get_resource ()); + cockpit_web_failure_resource = "/org/cockpit-project/Cockpit/fail.html"; +@@ -598,8 +600,10 @@ run_bridge (const gchar *interactive, + while (!terminated && !closed && !interupted) + g_main_context_iteration (NULL, TRUE); + ++#ifdef WITH_POLKIT + if (polkit_agent) + cockpit_polkit_agent_unregister (polkit_agent); ++#endif + + g_object_unref (router); + g_object_unref (transport); diff --git a/meta-webserver/recipes-webadmin/cockpit/files/cockpit.pam b/meta-webserver/recipes-webadmin/cockpit/files/cockpit.pam new file mode 100644 index 00000000000..dd09e29ee0c --- /dev/null +++ b/meta-webserver/recipes-webadmin/cockpit/files/cockpit.pam @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth required pam_unix.so nullok + +account required pam_unix.so + +-session optional pam_systemd.so +session required pam_unix.so +session optional pam_keyinit.so force revoke