`kdumpctl` moved from the kexec-tools to the kdump-utils package in
Fedora Rawhide, and the former does not require the latter. To make sure
we get the one we want, depend on the program path directly.
https://bugzilla.redhat.com/show_bug.cgi?id=2275385
Now that we gate our ruff updates via the tasks container, we can afford
to be a bit more future-oriented here.
This brings in a nice raft of fix-ups, including my personal favourite:
RUF003 Comment contains ambiguous `µ` (MICRO SIGN). Did you mean `μ` (GREEK SMALL LETTER MU)?
Sure... why not?
The majority of fixes here are from a single rule suggesting to rewrite
a and b or c
as
(a and b) or c
But in most (but not all) cases in our code we actually want to write
that as
b if a else c
I've also added some type annotations to help me make the right choice
in places where it wasn't immediately clear.
Introduces a helper function which handles uploading a ReadableStream to
a server with `fsreplace1`, sending data in chunks, with proper flow
control and progress reporting. This is made to be used for
cockpit-files but is re-usable for other plugins.
Add a React component to the playground as a proof of concept, and add a
couple of integration tests based on it.
Co-authored-by: Allison Karlitskaya <allison.karlitskaya@redhat.com>
This is a new script for building Cockpit releases. It essentially does
what we do now, except:
- we use the container version specified in our .cockpit-ci/container
file
- we download everything with a single invocation of `git clone`, which
downloads all the required submodules, but only does a shallow fetch
- we run the build process entirely offline, inside of its own
container
The new script is meant to be more accessible to anyone who may be
interested in running it, including outside of GitHub, and is written in
a way that attempts to convince its reader that nothing tricky is going
on. It should always produce a byte-for-byte identical release as the
official one. It acts as a convenient way to verify the reproducibility
and validity of a Cockpit release, and also as an alternative to
downloading the tarball from GitHub.
This should be in "account" (aka. "denied access"), not "auth" (aka.
"provided wrong credentials"). Thanks to Stephen Gallagher for pointing
out!
Adjust testPamAccess accordingly, which now shows the corresponding
message.
Ubuntu 24.04 LTS restricts user name spaces by default. Add an AppArmor
profile for cockpit-desktop to allow it. This is a no-op for older
releases.
See https://launchpad.net/bugs/2046477 for details.
We won't add a lot of new C code any more, valgrinding Python code isn't
very useful (or architecture specific), and more and more distributions
drop i386 support. Also, we still run the unit tests during RPM package
build through packit/COPR, which cover even more architectures.
This paves the way for dropping the unit test container altogether in
favor of running the tests in the cockpit/tasks container, once we agree
on how to build a proper staging setup.
Drop tools/valgrind.supp which was only relevant for i386.
New ruff warns to stderr that the old way is deprecated. That's enough
to convince test/static-code that an error is being reported.
Let's move this over.
Also make a minor tweak to literal handling so we can write `fnmatch=*`
instead of `fnmatch="'*'"`. A `*` would never indicate an attempt to
express a complex Python literal and is invalid unless quoted.
You can now rather comfortably do something like:
cpf fsinfo / type size user mode fnmatch=* | cockpit-bridge
All our supported distros have a newer version: Ubuntu 22.04 LTS has
2.6.3, Debian stable has 2.8.2, RHEL 8/9 have 2.9.3. So we can finally
drop support for the unsafe `FindByCertificate()` call which doesn't
validate certificates against the CA.
Add type annotations/ignores to clean up mypy errors in scripts in src/
and tools/.
Rename the second `files` variable in build-debian-copyright as it was
previously shadowing an earlier `files` global variable with a different
type.
We want to lint all our JavaScript code, this would trip over
tools/webpack-make.js as it's a shell script. Ignorning it still gives
an eslint warning so this has to be converted to a proper JavaScript
file.
Move the ssh manifest out of pkg/; there is nothing to be esbuilt or
watched, it's just a single configuration file for the cockpit-ssh
program.
We also don't need it with the Python bridge, as that handles remote
hosts internally. Direct remote logins from the login page call
cockpit-ssh directly, not via the manifest. So conditionalize its
installation on the C bridge.
Debian wants to change the value of systemdsystemunitdir in systemd.pc
to point below /usr. cockpit's upstream build system consumes this
variable while the Debian packaging hardcoded its current value.
The .pc file was moved out into systemd-dev in systemd 253-2, so add an
alternative build dependency to reduce the build dependency footprint on
new Debian/Ubuntu releases.
https://bugs.debian.org/1053112
The Python bridge is now default enabled in 14c07d7087 and
this also removed cockpit_enable_python in favour of explicitly enabling
the old bridge. As RHEL 8 ships the old bridge by default we need to
toggle this for the pybridge scenario.
Upstream split cockpit-storaged/cockpit-packagekit into a new package
and has an alternative approach for disallowing root login where users
no longer opt in but get it by default.
By now we have enough faith in it that we can drop the special case.
This only leaves the C bridge for RHEL/CentOS 8, which will be branched
off and thus disappear in about half a year.
Invoking pytests on Ubuntu 22.04 requires a special case for the old
pytest version unfortunately, but this will go away in ~ 9 months.
Replace --enable-pybridge with --enable-old-bridge, and flip the logic.
That way, it will slowly disappear as old distro releases become
unsupported. This also means that builders from upstream now get the
Python bridge by default.
The distcheck scenarios now apply to the Python bridge. Add a
`$DEB_PYTHON_INSTALL_LAYOUT` hack to work around
https://bugs.debian.org/1035546 to unbreak the installation of the
generated wrapper binaries, as by default they'd go into
prefix/usr/local/bin on Debian.
Add a new distcheck scenario for the C bridge, to ensure that we don't
break that.
https://issues.redhat.com/browse/COCKPIT-1037
This simplifies the hack: We no longer need the temporary symlink dance,
but let the upstream build system put the Python module directly into
the distro target path that `dh_python` will use anyway.
Similarly to commit 584cdfb6a0, remove the installed cockpit-beiboot
from the temporary install tree for arch-indep builds. That file was
added in commit fb673e0a7.
Start shipping it in the cockpit-bridge rpm/deb in libexecdir. This
paves the way for enabling this functionality in the cockpit/ws
container and other places, and reduces the flatpak special cases.
Note that this still keeps the beiboot functionality disabled for
standard package installs, as desired -- this needs to be explicitly
configured in `cockpit.conf`.
Building the binary and running the tests creates tmp/wheel and
.pytest_cache/, which are considered as unrepresentable source changes.
Let dh_clean remove them before building a source package.
Moreover, running the unit tests changes the "dev@cockpit-project.org"
in src/ssh/mock_rsa_key.pub to the local user@hostname. Our tests don't
explicitly do that, this smells like some libssh bug/weirdness. Until
this is investigated, just ignore the changes in that file for building
a source package.
https://bugs.debian.org/1044095
As of groff 1.23.0 "an-trap" macro was renamed to "an-input-trap". This
change is already present in debian-testing.
However, xsltproc which we use to generate manpages still uses the old
macro, since it runs on Fedora 38 docbook.
The latest libblockdev-mdraid package does not depend on `mdraid` any
more. That is okay, as it comes with some initrd and boot baggage, so we
don't want to force it upon every cockpit user either. Trying to create
an md array without mdadm installed gives a clear error message:
Error creating RAID array: The 'mdadm' utility is not available
So just add a Suggests for it.
Thanks to Michael Biebl for pointing this out!
...and fix up some handling of arguments on D-Bus commands.
Also: change all pass-through **kwargs to be typed as 'Any' instead of
'object. This is more correct, since the kwargs might contain values
that are destined to be captured by the optional arguments of the nested
function calls, without further type checking.
The most recent udisks2 version moved to libblockdev 3.0, which bumped
its soname to libblockdev-mdraid3. udisks2 2.10 has a hard dependency to
libblockdev-mdraid3, so we don't need to depend on the latter directly
any more. But keep an alternative dependency for older releases.
Fixes https://bugs.debian.org/1040803
Allison Karlitskaya