I ran all of cockpit's realmd tests (FreeIPA and AD) against this update, and it works fine again. Thank you!

BZ#1934124 F34: regressed from authselect to unavailable authconfig, joining AD domain fails: Couldn't join realm: Enabling SSSD in nsswitch.conf and PAM failed.

@kalev: Ack, sorry about that. Thank you! I rebuilt my tree with -8, and firefox works.


New package dropped the libXt dependency, which is still needed. Firefox does not start up any more. Reported as

Thanks a lot @spot for your work in maintaining chromium. I can assure you that we (cockpit team) depend on having a good Chromium Fedora package, and that your effort is much appreciated!

Honestly I have a hard time shedding a lot of emotions about this. People who care about not using Google proprietary stuff (like me, although I use Firefox on desktop and phone) shouldn't/won't use the proprietary bookmark sync either; and people who don't care will either not care much about using chrome vs. chromium?


My current fedora-32 VM still has pam-1.3.1-28.fc32.x86_64. I don't see the root:wheel/0640 cockpit motd for neither unprivileged nor wheel users.

Upgrading to pam 1.3.1-29.fc32 in updates, same result.

Upgrading to 1.3.1-30.fc32 in updates-testing (this bodhi update), I see the motd for a wheel user, but not for an unpriv user. So this works exactly as advertised. Thank you!

BZ#1896452 [PATCH] libpam: add supplementary groups on priv drop


Without this fix, the upgrade fails:

$ podman run -it --rm dnf install -y vim
Error: Transaction test error:
  file /etc/profile.d/ from install of vim-enhanced-2:8.2.2115-1.fc33.x86_64 conflicts with file from package vim-minimal-2:8.2.1885-1.fc33.x86_64

With this fix, it works fine:

$ podman run -it --rm dnf install --enablerepo=updates-testing -y vim
  Preparing        :                                                                                                                   1/1 
  Installing       : gpm-libs-1.20.7-24.fc33.x86_64                                                                                    1/6 
  Installing       : vim-filesystem-2:8.2.2143-1.fc33.noarch                                                                           2/6 
  Installing       : vim-common-2:8.2.2143-1.fc33.x86_64                                                                               3/6 
  Installing       : vim-enhanced-2:8.2.2143-1.fc33.x86_64                                                                             4/6 
  Upgrading        : vim-minimal-2:8.2.2143-1.fc33.x86_64                                                                              5/6 
  Cleanup          : vim-minimal-2:8.2.1885-1.fc33.x86_64                                                                              6/6 
  Running scriptlet: vim-minimal-2:8.2.1885-1.fc33.x86_64                                                                              6/6 
  Verifying        : vim-common-2:8.2.2143-1.fc33.x86_64                                                                               1/6 
  Verifying        : vim-enhanced-2:8.2.2143-1.fc33.x86_64                                                                             2/6 
  Verifying        : vim-filesystem-2:8.2.2143-1.fc33.noarch                                                                           3/6 
  Verifying        : gpm-libs-1.20.7-24.fc33.x86_64                                                                                    4/6 
  Verifying        : vim-minimal-2:8.2.2143-1.fc33.x86_64                                                                              5/6 
  Verifying        : vim-minimal-2:8.2.1885-1.fc33.x86_64                                                                              6/6 


  gpm-libs-1.20.7-24.fc33.x86_64                  vim-common-2:8.2.2143-1.fc33.x86_64         vim-enhanced-2:8.2.2143-1.fc33.x86_64        


BZ#1907335 installing vim no longer works, due to package conflicts with vim-minimal

Missing comma in this commit:

--- /usr/share/containers/seccomp.json  1970-01-01 01:00:00.000000000 +0100
+++ /tmp/seccomp.json   2020-10-25 20:09:18.724815976 +0100
@@ -760,7 +760,7 @@
            "names": [
-               "clock_settime"
+               "clock_settime",
            "action": "SCMP_ACT_ALLOW",

Indeed, completely broken, same error. It's a syntax error in the seccomp profile:

❱❱❱ json_reformat < /usr/share/containers/seccomp.json
parse error: after array element, I expect ',' or ']'
                                        {   "defaultAction": "SCMP_ACT_
                     (right here) ------^

This was pilot error in our test infrastructure. Argh, how do I unpush this? :-(

Installs fine now, many thanks!

BZ#1876318 Please relax dependencies, in particular python3-PyDrive

Weird.. This was submitted two days ago, and is still not "visible" by dnf updates. Apparently the upload → testing propagation already took 1½ days. I'll test this ASAP.

Thanks for your fast fix, @limb!


Awesome, this is the first-ever toolbox version that Just Works™ for me for both Fedora and Debian containers. I dropped all my hacks. Well done!

BZ#1785244 /etc/resolv.conf is broken when it's an absolute symbolic link on the host

Works well and unbreaks cockpit-podman.


I'm still investigating why the libvirt default network disappears. This happens upstream as well in rare occasions, but is some race condition.

Oops, this looks like a regression in sssd:

+ busctl call org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users FindByCertificate s -- "$(cat /var/lib/cockpittest/alice.pem)" | sed 's/^o "//; s/"$//' 
?[0;1;31mCall failed: The name is not activatable?[0m

I tested downloading and unpacking the previous podman-1.9.3 and running it with toolbox-0.0.18-3.fc32.noarch and conmon-2.0.18-1.fc32.x86_64 , but that does not work either. I rebuilt my OSTree entirely without updates-testing, now with podman-1.9.3-1.fc32.x86_64, toolbox-0.0.18-2.fc32.noarch, and conmon-2.0.17-1.fc32.x86_64 and things work again.


This completely breaks toolbox --verbose enter:

toolbox: /home is a symbolic link to /var/home
toolbox: calling org.freedesktop.Flatpak.SessionHelper.RequestSession
toolbox: creating container fedora-toolbox-32
Error: invalid config provided: Groups and privileged are mutually exclusive options
toolbox: failed to create container fedora-toolbox-32

This is happens on a system with rm -rf ~/.local/share/containers ~/.config/containers. On my previously existing config and fedora toolboxes, toolbox enter fails with

toolbox: invalid entry point PID of container sid

and I get all sorts of "permission denied" errors, like

+ echo toolbox: binding /etc/machine-id to /run/host/etc/machine-id
toolbox: binding /etc/machine-id to /run/host/etc/machine-id
+ [ ro =  ]
+ mount_o=-o ro
+ mount --rbind -o ro /run/host/etc/machine-id /etc/machine-id
mount: drop permissions failed.
+ echo toolbox: failed to bind /etc/machine-id to /run/host/etc/machine-id
toolbox: failed to bind /etc/machine-id to /run/host/etc/machine-id
+ return 1


+ echo toolbox: removing password for user martin
toolbox: removing password for user martin
+ passwd --delete martin
passwd: Permission denied.

I verified that FIPS mode works again, thanks!

BZ#1845806 gnutls 3.6.14 broken in FIPS mode: FIPS140-2 self testing part 2 failed

cockpit-bridge is missing patternfly.css, which breaks cockpit-composer and every other consumer of that. Tracked in