The repository that contains the weekly builds for Debian now supports
Debian Jessie. You can see instructions here:
http://cockpit-project.org/running.html
Or use the following repository in your sources.list:
deb http://repo-cockpitproject.rhcloud.com/debian/ jessie main
Unfortunately at the same time Debian Unstable has had dependency
problems and the last few releases of Cockpit did not build properly
there. Hopefully that will resolve itself soon.
Cheers,
Stef
http://cockpit-project.org/blog/cockpit-127.html
Cockpit is the modern Linux admin interface. We release regularly. Here
are the release notes from version 126 and 127
Show security scan information about container images
-----------------------------------------------------
Lars did work to show security scan information about container images.
The displayed scans happen via the atomic scan [1] tools and the data
comes from the OpenSCAP [2] system. Take a look at the video below.
Demo: https://www.youtube.com/watch?v=zANUkEmfaAk
Change: https://github.com/cockpit-project/cockpit/pull/4952https://github.com/cockpit-project/cockpit/pull/5259https://github.com/cockpit-project/cockpit/pull/5686
[1]
https://developers.redhat.com/blog/2016/05/02/introducing-atomic-scan-conta…
[2] https://www.open-scap.org/
Choose whether password is cached and reused on the login screen
----------------------------------------------------------------
The typical workflow for peforming privileged tasks on a Linux system is
to log in as a non-root user and then use sudo or Polkit to escalate
privileges.
Stef did work to make Cockpit's privilege escalation reflect this
properly. Cockpit now has an option on the login screen to
"Reuse my password for privileged tasks". Checking this option
automatically performs reuses the login password as necessary to
escalate privileges. If you leave this box unchecked then Cockpit will
behave exactly as a normal user login without special privileges.
In the future we'll have a way to enable this option once logged in, and
retype your password inside of the logged in session.
Demo: https://www.youtube.com/watch?v=TW6UsPbNkV4
Change: https://github.com/cockpit-project/cockpit/pull/5522
The remotectl command can now combine certificate and key files
---------------------------------------------------------------
Peter did work to make it easier to use TLS certificate and key files
with Cockpit for port 9090. Normally the server certificate(s) and key
need to be combined into a single file and placed into the
/etc/cockpit/ws-certs.d directory. The remotectl command that comes with
Cockpit can now be used to build such a combined file.
Due to this, when Cockpit is deployed as an Openshift Pod it can use
certificates provided by Openshift.
Docs: man remotectl
Change: https://github.com/cockpit-project/cockpit/pull/5525
Cockpit respects /etc/shells
----------------------------
Martin fixed Cockpit so it only allows the user to log in if the user
has a valid shell listed in /etc/shells. In addition bugs on Ubuntu and
Debian have been fixed where users were created without valid shells.
Change: https://github.com/cockpit-project/cockpit/pull/5665
Allow renaming of active devices in networking interface
--------------------------------------------------------
You can now rename network devices like bonds or bridges while they're
active. The change will apply immediately and without any interruption
in service.
Change: https://github.com/cockpit-project/cockpit/pull/5570
Rename cockpit-shell to cockpit-system
--------------------------------------
The cockpit-shell subpackage has been renamed to cockpit-system to
better reflect its focus: configuring and troubleshooting the local system.
Change: https://github.com/cockpit-project/cockpit/pull/5600
Kerberos authentication now work even if gss-proxy is in use
------------------------------------------------------------
Sometimes Kerberos (or GSSAPI) single-sign-on authentication requires
multiple round trips to the server. Cockpit now supports this properly,
and the end result is that SSO works even when fancy things like
GSS-Proxy [3] are in use.
Change: https://github.com/cockpit-project/cockpit/pull/5495
[3] https://fedorahosted.org/gss-proxy/
Get it
------
You can get Cockpit here:
http://cockpit-project.org/running.html
Cockpit 127 is available in Fedora 25:
https://bodhi.fedoraproject.org/updates/cockpit-127-1.fc25
Or download the tarball here:
https://github.com/cockpit-project/cockpit/releases/tag/127
Take care,
Stef
Hello all,
first, a quick intro of myself: I'm Martin Pitt (nicknamed "pitti" on IRC and
IRL) and joined Red Hat's Cockpit team yesterday. Until then I've been a Debian
developer for about 14 years and an Ubuntu developer for about 12½. I've
touched a lot of things over the years, but most recently I've mostly been
involved in plumbing (systemd, networking, udisks and the like) and Ubuntu's CI.
While learning about cockpit and how to test it I put together a small script [1]
that creates a Fedora 25 based Cockpit development VM out of thin air (using
mkosi). This contains a running cockpit (as it comes with F25) as well as all
build and test dependencies. This helped me personally to figure out some
issues with setting up the tests (like [2]), gives me a tool to get a
reproducible dev environment without cluttering my host system with lots of
build/test depends, and I can use QEMU's snapshots to reset to a clean state. Stef
mentioned that this might also be useful for improving our isolation in
GitHub's integration tests.
How does it look like? You call it with the output VM path and cockpit's git
checkout directory as arguments, it will do some grinding and eventually give
you some info how to use it:
| $ ~/cockpit-dev-vm.sh /srv/vm/cockpit.img ~/upstream/cockpit
| [...]
| Run the VM (possibly with appending "-snapshot"):
|
| qemu-system-x86_64 -enable-kvm -cpu host -nographic -m 6144 -bios /usr/share/edk2/ovmf/OVMF_CODE.fd \
| -virtfs local,id=src,path=.,security_model=none,mount_tag=src,readonly \
| -net nic,model=virtio -net user,hostfwd=tcp::22000-:22,hostfwd=tcp::9099-:9090 /srv/vm/cockpit.img
|
| Cockpit: https://localhost:9099
| SSH: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no -p 22000 test@localhost
| (password "test")
|
| Read-only view of . is at /src
After booting the VM and ssh'ing in, you can copy the read-only view of outside
cockpit tree to writable place:
| cp -a /src cockpit
| cd cockpit
... and run some integration test:
| $ sudo test/vm-prep
| $ test/verify/testsuite-prepare
| # the following is a bug [2], PR is pending
| $ npm install phantomjs-prebuilt
|
| $ test/verify/check-login
The binding of the outside checkout dir is useful so that the VM doesn't have
to re-download the large test VMs, and you don't need to spend so much VM disk
space on them. I'm not too happy about the read-only /src yet, I'll see if it's
feasible to automatically set up an overlayfs for ~test/cockpit instead.
Note that the VM gets 6 GiB of RAM, as some of its inner VMs are quite large.
So you need sufficient RAM on your host. Also note that this requires booting
with "kvm-intel.nested=1" option on the kernel command line -- while
/etc/modprobe.d/kvm-intel.conf apparently intends to supply that option, it
doesn't work at least in F25.
Maybe this is useful for someone/something else, please let me know if you have
ideas for improvements.
Thanks,
Martin
[1] http://www.piware.de/tools/cockpit-dev-vm
[2] https://github.com/cockpit-project/cockpit/issues/5676
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
Hello everyone!
I am Bhakti Bhikne and I am an Outreachy intern working on the firewall support of Cockpit. I've been working on this for sometime now and have created a few wireframes [1] for the same .I would really appreciate if I could get some feedback on the wireframes.
1.https://github.com/cockpit-project/cockpit/wiki/Feature:-Firewall#wirefra…
Thank You for your time and feedback!
Regards,
Bhakti