Allow cockpit through the firewall on install

cockpit.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Jul 10 07:18:57 UTC 2025 - Alice Brooks <alice.brooks@suse.com>
+
+- Allow Cockpit through the filewall by default
+
 -------------------------------------------------------------------
 Thu Jun 19 08:30:49 UTC 2025 - Alice Brooks <alice.brooks@suse.com>
 

cockpit.spec

@@ -684,6 +684,11 @@ if [ "$1" = 1 ]; then
     printf "# List of users which are not allowed to login to Cockpit\n" > /etc/cockpit/disallowed-users
     printf "root\n" >> /etc/cockpit/disallowed-users
     chmod 644 /etc/cockpit/disallowed-users
+
+    # Allow cockpit through the firewall
+    %if 0%{?suse_version} >= 1600
+    test -f %{_bindir}/firewall-cmd && firewall-cmd --quiet --permanent --add-service=cockpit && firewall-cmd --reload --quiet || true
+    %endif
 fi
 
 if [ "$1" = 2 ]; then
@@ -705,8 +710,6 @@ fi
 %endif
 %tmpfiles_create cockpit-ws.conf
 %systemd_post cockpit.socket cockpit.service
-# firewalld only partially picks up changes to its services files without this
-test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true
 
 # check for deprecated PAM config
 if test -f %{_sysconfdir}/pam.d/cockpit &&  grep -q pam_cockpit_cert %{_sysconfdir}/pam.d/cockpit; then
@@ -898,7 +901,6 @@ Summary: Cockpit user interface for packages
 BuildArch: noarch
 Requires: cockpit-bridge >= %{required_base}
 Requires: PackageKit
-Requires: libzypp-plugin-appdata
 Recommends: python3-tracer
 # HACK: https://bugzilla.redhat.com/show_bug.cgi?id=1800468
 Requires: polkit