cockpit-beiboot: don't try to do explicit-superuser

This doesn't currently work in Cockpit Client — cockpit-ws always returns the empty string as the password. Don't even attempt it. That prevents us from having to deal with the resulting transport control messages and also prevents the delayed appearance of the "Limited access" as described in cockpit-project#18927.
allisonkarlitskaya · Jun 13, 2023 · a4e56fb · a4e56fb
1 parent e8f4687
commit a4e56fb
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/client/cockpit-beiboot b/src/client/cockpit-beiboot
@@ -269,6 +269,7 @@ class SshBridge(Router):
         pass  # wait for the peer to do it first
 
     def do_init(self, message):
+        assert 'superuser' not in message  # see 'capabilities' below
         self.ssh_peer.write_control(**message)
 
 
@@ -280,6 +281,9 @@ async def run(args) -> None:
 
     try:
         message = await bridge.ssh_peer.start()
+        # https://github.com/cockpit-project/cockpit/issues/18927
+        if 'capabilities' in message:
+            message['capabilities']['explicit-superuser'] = False
         bridge.write_control(**dict(message, packages={p: None for p in bridge.packages.packages}))
         bridge.ssh_peer.thaw_endpoint()
     except ferny.InteractionError as exc: