pool/patterns-base
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory
pool:devel
rpm:factory
rpm:devel
..
compare: rpm:factory
Branches Tags
rpm:factory
rpm:devel
pool:factory
pool:devel

No commits in common. "factory" and "factory" have entirely different histories.
factory ... factory

3 changed files with 61 additions and 223 deletions
Show Stats Expand all files Collapse all files

2
pattern-definition-32bit.txt
View File

@ -1,4 +1,3 @@
%if 0%{?is_opensuse}
%package apparmor-32bit
Summary: AppArmor
Recommends: apparmor-abstractions-32bit
@ -20,7 +19,6 @@ Supplements: packageand(patterns-base-32bit:patterns-base-apparmor)
%description apparmor-32bit
The 32bit pattern complementing apparmor.
%endif
#
#-------------------------------------------------------------------
#

77
patterns-base.changes
View File

@ -1,78 +1,3 @@
-------------------------------------------------------------------
Wed Feb 26 14:21:46 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
- Change some core packages to Requires [bsc#1237513]
-------------------------------------------------------------------
Fri Feb 21 13:36:23 UTC 2025 - Frederic Crozat <fcrozat@suse.com>
- Only requires busybox on openSUSE MicroOS, not SL Micro.
- Don't build apparmor pattern for SLFO.
-------------------------------------------------------------------
Thu Feb 13 13:32:24 UTC 2025 - Frederic Crozat <fcrozat@suse.com>
- Disable 32bit pattern on aarch64 and ppc64le.
- Build selinux pattern everywhere and requires targeted policy
on SLE.
-------------------------------------------------------------------
Thu Feb 6 13:55:16 UTC 2025 - Frederic Crozat <fcrozat@suse.com>
- Merge MicroOS and SL Micro base patterns into existing base
patterns.
-------------------------------------------------------------------
Thu Jan 16 12:52:36 UTC 2025 - Fabian Vogt <fvogt@suse.com>
- selinux: Turn recommends for container-selinux into a hard but
conditional dependency
-------------------------------------------------------------------
Thu Dec 19 13:12:09 UTC 2024 - Fabian Vogt <fvogt@suse.com>
- base: suggest tar to avoid busybox-tar in default installs
-------------------------------------------------------------------
Tue Nov 26 13:17:40 UTC 2024 - Dirk Müller <dmueller@suse.com>
- fips: change description from 140-2 to 140-3
- fips: require crypto-policies-scripts when openssh is used
(bsc#1224802)
- fips: drop -hmac packages as they have been merged into the main
package (bsc#1185116)
-------------------------------------------------------------------
Tue Nov 5 16:29:38 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Remove "Recommends: restorecond" from selinux pattern as we don't
want it to be installed by default.
-------------------------------------------------------------------
Thu Oct 31 14:44:43 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Agama does not install chrony, add it to the pattern like on all
other products, so that it is always there, including on images.
-------------------------------------------------------------------
Thu Oct 24 07:10:58 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Remove openssl 1.0 related fips dependencies: openssl 1.0 is EOL
and removed from Factory.
-------------------------------------------------------------------
Wed Oct 23 07:16:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- In case of doubt, also favor libz1-32bit over libz-ng1-compat for
the time being.
-------------------------------------------------------------------
Wed Oct 16 14:17:27 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
- Add "Requires: selinux-policy-base" to selinux pattern so that
selinux-policy-targeted will be installed on systems that disable
"Recommends" (bsc#1231720)
-------------------------------------------------------------------
Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
@ -83,7 +8,7 @@ Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
Thu Aug 15 10:03:27 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
- Remove nfsidmap, package got dropped
- Remove nfs-client and autofs: in most scenarios, especially
- Remove nfs-client and autofs: in most scenarios, especially
desktops, no longer used, but pull in many "deprecated" packages
-------------------------------------------------------------------

205
patterns-base.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package patterns-base
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@
%bcond_with betatest
Name: patterns-base
Version: 20241218
Version: 20200505
Release: 0
Summary: Patterns for Installation (base patterns)
License: MIT
@ -60,7 +60,6 @@ This will install the 32-bit variant of all selected patterns. This allows to ex
################################################################################
%if 0%{?is_opensuse}
%package apparmor
%pattern_basetechnologies
Summary: AppArmor
@ -90,7 +89,6 @@ AppArmor is an application security framework that provides mandatory access con
%files apparmor
%dir %{_docdir}/patterns
%{_docdir}/patterns/apparmor.txt
%endif
################################################################################
@ -122,7 +120,6 @@ Provides: pattern-visible()
Requires: aaa_base
Requires: bash
Requires: ca-certificates-mozilla
Requires: chrony
Requires: coreutils
Requires: coreutils-systemd
Requires: glibc
@ -131,56 +128,37 @@ Requires: pam
Requires: pam-config
Requires: pattern() = minimal_base
# Support multiversion(kernel) (jsc#SLE-10162)
# FIXME remove if opensuse when package is in SLFO
%if 0%{?is_opensuse}
%{requires_on_traditional purge-kernels-service}
%endif
Requires: purge-kernels-service
Requires: rpm
Requires: system-user-nobody
Requires: systemd
Requires: util-linux
Requires: user(nobody)
# Add some static base tool in case system explodes; Recommend only on traditional systems, as users are free to uninstall it
%if 0%{?is_opensuse}
%{requires_on_transactional busybox}
%endif
%{recommends_on_traditional busybox-static}
%{recommends_on_traditional elfutils}
Requires: glibc-locale-base
%{recommends_on_traditional hostname}
%{requires_on_transactional /usr/bin/hostname}
%{requires_on_transactional_recommends_otherwise iproute2}
%{requires_on_transactional_recommends_otherwise issue-generator}
%{requires_on_transactional_recommends_otherwise lastlog2}
%if 0%{?sle_version}
%{requires_on_transactional pam_pwquality}
%else
%{recommends_on_traditional pam_pwquality}
%endif
Requires: shadow
%{recommends_on_traditional system-group-trusted}
%if 0%{?sle_version}
%{requires_on_transactional system-group-wheel}
%else
%{recommends_on_traditional system-group-wheel}
%endif
%{recommends_on_traditional system-user-bin}
%{recommends_on_traditional system-user-daemon}
Requires: terminfo-base
%{recommends_on_traditional terminfo}
%{recommends_on_traditional terminfo-iterm}
%{recommends_on_traditional terminfo-screen}
Requires: timezone
Requires: wtmpdb
%{recommends_on_traditional service(network)}
%{requires_on_transactional NetworkManager}
%{requires_on_transactional NetworkManager-wifi}
%if 0%{?is_opensuse}
%{requires_on_transactional NetworkManager-bluetooth}
%endif
# Add some static base tool in case system explodes; Recommend only, as users are free to uninstall it
Recommends: busybox-static
Recommends: elfutils
Recommends: glibc-locale-base
Recommends: hostname
Recommends: iproute2
Recommends: issue-generator
Recommends: lastlog2
Recommends: pam_pwquality
Recommends: shadow
Recommends: system-group-trusted
Recommends: system-group-wheel
Recommends: system-user-bin
Recommends: system-user-daemon
Recommends: terminfo
Recommends: terminfo-iterm
Recommends: terminfo-screen
Recommends: timezone
Recommends: wtmpdb
Recommends: service(network)
# We don't necessarily want zypper in specific minimal environments
# e.g. buildroots and locked down appliance environments
%{recommends_on_traditional zypper}
Requires: procps
Recommends: zypper
# We don't necessarily want procps but it's highly useful in default
# installations
Recommends: procps
# If anything requests "kernel", pick the full kernel package by default
Suggests: kernel-default
# we have two providers for 'pkgconfig(jack)' - prefer the real one to the one from pipewire
@ -195,8 +173,6 @@ Suggests: openssl-1_1
Suggests: postfix
# We have two providers of psmisc, favour the regular one (not the busybox one)
Suggests: psmisc
# rather than busybox-tar
Suggests: tar
# we have two providers for 'pulseaudio' - prefer pipewire or pipewire depending on suse_version
# we have two providers for 'service(network)' - prefer NM or wicked depending on suse_version
%if 0%{?suse_version} > 1500
@ -566,17 +542,28 @@ This is the enhanced base runtime system with lots of convenience packages.
%package fips
%pattern_primaryfunctions
Summary: FIPS 140-3 specific packages
Summary: FIPS 140-2 specific packages
Group: Metapackages
Provides: pattern() = fips
Provides: pattern-icon() = pattern-basis-addon
Provides: pattern-order() = 3010
Provides: pattern-visible()
Requires: (crypto-policies-scripts if openssh-clients)
Requires: (crypto-policies-scripts if openssh-common)
Requires: (crypto-policies-scripts if openssh-server)
Requires: (dracut-fips if dracut)
Requires: (libcryptsetup12-hmac if libcryptsetup12)
Requires: (libcryptsetup12-hmac-32bit if libcryptsetup12-32bit)
Requires: (libfreebl3-hmac if libfreebl3)
Requires: (libfreebl3-hmac-32bit if libfreebl3-32bit)
Requires: (libgcrypt20-hmac if libgcrypt20)
Requires: (libgnutls30-hmac if libgnutls30)
Requires: (libgnutls30-hmac-32bit if libgnutls30-32bit)
Requires: (libopenssl-3-fips-provider if libopenssl3)
Requires: (libopenssl-fips-provider if libopenssl)
Requires: (libopenssl1_0_0-hmac if libopenssl1_0_0)
Requires: (libopenssl1_0_0-hmac-32bit if libopenssl1_0_0-32bit)
Requires: (libopenssl1_1-hmac if libopenssl1_1)
Requires: (libopenssl1_1-hmac-32bit if libopenssl1_1-32bit)
Requires: (libsoftokn3-hmac if libsoftokn3)
Requires: (libsoftokn3-hmac-32bit if libsoftokn3-32bit)
Requires: (openssh-fips if openssh-clients)
Requires: (openssh-fips if openssh-server)
Requires: (strongswan-hmac if strongswan)
@ -588,13 +575,14 @@ Provides: patterns-server-enterprise-fips-32bit = %{version}
Obsoletes: patterns-server-enterprise-fips-32bit < %{version}
%description fips
This pattern installs the FIPS 140-3 specific packages that are required
if you want to run the machine with "fips=1".
This pattern installs the FIPS 140-2 specific packages that complete the various
cryptographic modules in use. It is required if you want to run the
machine with "fips=1".
Please note that this pattern only enables FIPS 140-3 compliant operation, it does
not directly make the system FIPS 140-3 certified nor validated.
Please note that this pattern only enables FIPS 140-2 compliant operation, it does
not directly make the system FIPS 140-2 certified nor validated.
Please refer to SUSE official statements on the state of FIPS 140-3 certification.
Please refer to SUSE official statements on the state of FIPS 140-2 certification.
%files fips
%dir %{_docdir}/patterns
@ -610,10 +598,7 @@ Provides: pattern() = minimal_base
Provides: pattern-icon() = pattern-basis
Provides: pattern-order() = 5190
Provides: pattern-visible()
# FIXME, to be enabled for SLFO too
%if 0%{?is_opensuse}
Requires: branding
%endif
# those packages are actually useless as they don't use
# %_keyringpath but we need them eg for kiwi
Requires: build-key
@ -621,7 +606,6 @@ Requires: distribution-release
Requires: filesystem
# We have two providers for libz.so.1: libz1 and libz1-ng-compat1. Favor the legacy one for now
Suggests: libz1
Suggests: libz1-32bit
# Tell the solver to default to the main product
Suggests: openSUSE-release
%{obsolete_legacy_pattern minimal_base}
@ -681,9 +665,10 @@ This pattern holds files required for booting the system
################################################################################
%if 0%{?is_opensuse}
%package selinux
%pattern_basetechnologies
Summary: SELinux Support
Summary: SELinux
Group: Metapackages
Provides: pattern() = selinux
Provides: pattern-icon() = pattern-selinux
@ -692,19 +677,12 @@ Provides: pattern-visible()
Requires: policycoreutils
Requires: selinux-autorelabel
Requires: selinux-policy
%if 0%{?is_opensuse}
Requires: selinux-policy-base
# Use targeted as default policy if none was explicitly requested.
Suggests: selinux-policy-targeted
%else
Requires: selinux-policy-targeted
%endif
Requires: selinux-tools
Requires: pattern() = minimal_base
# Needed for podman et al.
Requires: (container-selinux if libcontainers-common)
Recommends: checkpolicy
Recommends: container-selinux
Recommends: restorecond
Recommends: selinux-policy-targeted
%description selinux
Security-Enhanced Linux (SELinux) provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).
@ -713,6 +691,7 @@ Its architecture strives to separate enforcement of security decisions from the
%files selinux
%dir %{_docdir}/patterns
%{_docdir}/patterns/selinux.txt
%endif
################################################################################
@ -749,73 +728,13 @@ Group: Metapackages
Provides: pattern() = transactional_base
Provides: pattern-icon() = pattern-kubic
Provides: pattern-order() = 1050
Requires: /usr/bin/gzip
Requires: openssh
Requires: read-only-root-fs
Requires: rebootmgr
Requires: yast2-logs
Requires: zypp-boot-plugin
Requires: (health-checker if grub2)
Requires: (health-checker-plugins-MicroOS if health-checker)
# FIXME
%if 0%{?is_opensuse}
Requires: MicroOS-release
Requires: systemd-presets-branding-MicroOS
Suggests: busybox-gzip
Requires: less
Requires: sudo
# tpm2 tools are required for FDE+TPM
Requires: tpm2-0-tss
Requires: libtss2-tcti-device0
Requires: tpm2.0-tools
# probably needed for fsck.fat on efi partitions
Requires: dosfstools
%else
Requires: supportutils
Requires: systemd-presets-branding-ALP-transactional
Requires: toolbox
Requires: group(wheel)
# zypper ps is useless in transactional mode. It also checks for
# /run/reboot-needed though which is created by transactional-update
Requires: zypper-needs-restarting
# jsc#PED-6478 (2 packages)
Requires: mailx
Requires: systemd-status-mail
# jsc#SMO-79
Requires: tpm2.0-tools
Requires: tpm2-0-tss
Requires: tpm2-tss-engine
Requires: tpm2.0-abrmd
# jsc#SMO-50
%ifarch x86_64 aarch64
Requires: libmbim
Requires: libmbim-glib4
Requires: libqmi-glib5
Requires: libqmi-tools
%endif
# jsc#CSD-121
Requires: udica
# jsc#SMO-120
Requires: pam_u2f
%ifarch s390x
Requires: libica
Requires: openCryptoki
Requires: openssl-ibmca
%endif
# bsc#1217991
#FIXME
Requires: crypto-policies-scripts
%endif
Requires: systemd-presets-branding-transactional-server
Requires: transactional-update
Requires: transactional-update-zypp-config
# Useful outside of MicroOS and needed for e.g. SELinux relabelling
Requires: microos-tools
%ifnarch %{arm}
Requires: kdump
%endif
Requires: vim-small
Requires: pattern() = base
Suggests: health-checker
@ -1112,11 +1031,7 @@ The X Window System provides the only standard platform-independent networked gr
%install
mkdir -p %{buildroot}%{_docdir}/patterns
for i in \
%if 0%{?is_opensuse}
apparmor \
%endif
base enhanced_base minimal_base sw_management x11 x11_enhanced; do
for i in apparmor base enhanced_base minimal_base sw_management x11 x11_enhanced; do
echo "This file marks the pattern $i to be installed." \
>"%{buildroot}%{_docdir}/patterns/$i.txt"
echo "This file marks the pattern $i to be installed." \
@ -1124,11 +1039,11 @@ base enhanced_base minimal_base sw_management x11 x11_enhanced; do
done
# These packages don't generate a 32bit pattern
for i in basesystem bootloader basic_desktop documentation fips transactional_base selinux \
for i in basesystem bootloader basic_desktop documentation fips transactional_base \
%if 0%{?is_opensuse}
console update_test \
console selinux update_test \
%else
%ifnarch s390 s390x aarch64 ppc64le
%ifnarch s390 s390x
32bit \
%endif
%endif