Cockpit 126 and 127

by Stef Walter
category: release

Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 126 and 127.

Show security scan information about container images

Lars did work to show security scan information about container images. The displayed scans happen via the atomic scan tools and the data comes from the OpenSCAP system. Take a look at the video below.

Choose whether password is cached and reused on the login screen

The typical workflow for performing privileged tasks on a Linux system is to log in as a non-root user and then use sudo or Polkit to escalate privileges.

Stef did work to make Cockpit’s privilege escalation reflect this properly. Cockpit now has an option on the login screen to Reuse my password for privileged tasks. Checking this option automatically performs reuses the login password as necessary to escalate privileges. If you leave this box unchecked then Cockpit will behave exactly as a normal user login without special privileges.

In the future we’ll have a way to enable this option once logged in, and retype your password inside of the logged in session.

Here’s a video which shows how this works:

The remotectl command can now combine certificate and key files

Peter did work to make it easier to use TLS certificate and key files with Cockpit for port 9090. Normally the server certificate(s) and key need to be combined into a single file and placed into the /etc/cockpit/ws-certs.d directory. The remotectl command that comes with Cockpit can now be used to build such a combined file:

remotectl certificate server.pem chain.pem key.pem

Due to this, when Cockpit is deployed as an Openshift Pod it can use certificates provided by Openshift.

Cockpit respects /etc/shells

Martin fixed Cockpit so it only allows the user to log in if the user has a valid shell listed in /etc/shells. In addition bugs on Ubuntu and Debian have been fixed where users were created without valid shells.

Allow renaming of active devices in networking interface

You can now rename network devices like bonds or bridges while they’re active. The change will apply immediately and without any interruption in service.

Rename cockpit-shell to cockpit-system

The cockpit-shell subpackage has been renamed to cockpit-system to better reflect its focus: configuring and troubleshooting the local system.

Kerberos authentication now work even if gss-proxy is in use

Sometimes Kerberos (or GSSAPI) single-sign-on authentication requires multiple round trips to the server. Cockpit now supports this properly, and the end result is that SSO works even when fancy things like GSS-Proxy are in use.

Try it out

Cockpit 127 is available now: