From 035dc2d9be846320bbe4b2be75c3227793735ed8 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Wed, 20 Nov 2024 12:21:28 +0100 Subject: [PATCH] containers/ws: Drop cockpit-session `cockpit-session` isn't meant to work in the container: ws runs with `--local-ssh` and everything happens via SSH, so we can just as well drop it. This gets rid of the useless initial cockpit-session call for the opportunistic "Negotiate" (Kerberos) authentication. We temporarily also have to remove the program in test/ws-container.install, until our Fedora 40 image gets a cockpit/ws version which doesn't have it installed any more, i.e. when this commit lands, gets released, published to quay.io, and into the fedora-40 image rebuild. --- containers/ws/install.sh | 2 ++ test/ws-container.install | 2 ++ 2 files changed, 4 insertions(+) diff --git a/containers/ws/install.sh b/containers/ws/install.sh index a42afb3bf3a6..c0e30a89dfdd 100755 --- a/containers/ws/install.sh +++ b/containers/ws/install.sh @@ -40,6 +40,8 @@ else dnf download cockpit-$rpm unpack cockpit-$rpm-*.rpm done + # do everything through SSH, no local authentication in the container + rm $INSTALLROOT/usr/libexec/cockpit-session fi rm -rf /build/var/cache/dnf /build/var/lib/dnf /build/var/lib/rpm* /build/var/log/* diff --git a/test/ws-container.install b/test/ws-container.install index c6279201f39c..76dfc7c2f1f0 100644 --- a/test/ws-container.install +++ b/test/ws-container.install @@ -28,6 +28,8 @@ podman run --name build-cockpit -i \ quay.io/cockpit/ws sh -exc ' cp -a /run/build/install/* / cp /run/build/containers/ws/label-* /run/build/containers/ws/default-bastion.conf /run/build/containers/ws/cockpit-auth-ssh-key /container/ +# done in containers/ws/install.sh; this can be removed once that change is in our VM images +rm -f /usr/libexec/cockpit-session ' podman commit --change CMD=/container/label-run build-cockpit localhost/cockpit/ws podman rm -f build-cockpit