Compare commits
No commits in common. "factory" and "factory" have entirely different histories.
@ -1,54 +1,3 @@
|
|||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jan 16 12:52:36 UTC 2025 - Fabian Vogt <fvogt@suse.com>
|
|
||||||
|
|
||||||
- selinux: Turn recommends for container-selinux into a hard but
|
|
||||||
conditional dependency
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Dec 19 13:12:09 UTC 2024 - Fabian Vogt <fvogt@suse.com>
|
|
||||||
|
|
||||||
- base: suggest tar to avoid busybox-tar in default installs
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Nov 26 13:17:40 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|
||||||
|
|
||||||
- fips: change description from 140-2 to 140-3
|
|
||||||
- fips: require crypto-policies-scripts when openssh is used
|
|
||||||
(bsc#1224802)
|
|
||||||
- fips: drop -hmac packages as they have been merged into the main
|
|
||||||
package (bsc#1185116)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Nov 5 16:29:38 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
|
|
||||||
|
|
||||||
- Remove "Recommends: restorecond" from selinux pattern as we don't
|
|
||||||
want it to be installed by default.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Oct 31 14:44:43 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
|
|
||||||
|
|
||||||
- Agama does not install chrony, add it to the pattern like on all
|
|
||||||
other products, so that it is always there, including on images.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Oct 24 07:10:58 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
||||||
|
|
||||||
- Remove openssl 1.0 related fips dependencies: openssl 1.0 is EOL
|
|
||||||
and removed from Factory.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Oct 23 07:16:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
||||||
|
|
||||||
- In case of doubt, also favor libz1-32bit over libz-ng1-compat for
|
|
||||||
the time being.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Oct 16 14:17:27 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
|
|
||||||
|
|
||||||
- Add "Requires: selinux-policy-base" to selinux pattern so that
|
|
||||||
selinux-policy-targeted will be installed on systems that disable
|
|
||||||
"Recommends" (bsc#1231720)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
|
Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package patterns-base
|
# spec file for package patterns-base
|
||||||
#
|
#
|
||||||
# Copyright (c) 2025 SUSE LLC
|
# Copyright (c) 2024 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -120,7 +120,6 @@ Provides: pattern-visible()
|
|||||||
Requires: aaa_base
|
Requires: aaa_base
|
||||||
Requires: bash
|
Requires: bash
|
||||||
Requires: ca-certificates-mozilla
|
Requires: ca-certificates-mozilla
|
||||||
Requires: chrony
|
|
||||||
Requires: coreutils
|
Requires: coreutils
|
||||||
Requires: coreutils-systemd
|
Requires: coreutils-systemd
|
||||||
Requires: glibc
|
Requires: glibc
|
||||||
@ -174,8 +173,6 @@ Suggests: openssl-1_1
|
|||||||
Suggests: postfix
|
Suggests: postfix
|
||||||
# We have two providers of psmisc, favour the regular one (not the busybox one)
|
# We have two providers of psmisc, favour the regular one (not the busybox one)
|
||||||
Suggests: psmisc
|
Suggests: psmisc
|
||||||
# rather than busybox-tar
|
|
||||||
Suggests: tar
|
|
||||||
# we have two providers for 'pulseaudio' - prefer pipewire or pipewire depending on suse_version
|
# we have two providers for 'pulseaudio' - prefer pipewire or pipewire depending on suse_version
|
||||||
# we have two providers for 'service(network)' - prefer NM or wicked depending on suse_version
|
# we have two providers for 'service(network)' - prefer NM or wicked depending on suse_version
|
||||||
%if 0%{?suse_version} > 1500
|
%if 0%{?suse_version} > 1500
|
||||||
@ -545,17 +542,28 @@ This is the enhanced base runtime system with lots of convenience packages.
|
|||||||
|
|
||||||
%package fips
|
%package fips
|
||||||
%pattern_primaryfunctions
|
%pattern_primaryfunctions
|
||||||
Summary: FIPS 140-3 specific packages
|
Summary: FIPS 140-2 specific packages
|
||||||
Group: Metapackages
|
Group: Metapackages
|
||||||
Provides: pattern() = fips
|
Provides: pattern() = fips
|
||||||
Provides: pattern-icon() = pattern-basis-addon
|
Provides: pattern-icon() = pattern-basis-addon
|
||||||
Provides: pattern-order() = 3010
|
Provides: pattern-order() = 3010
|
||||||
Provides: pattern-visible()
|
Provides: pattern-visible()
|
||||||
Requires: (crypto-policies-scripts if openssh-clients)
|
|
||||||
Requires: (crypto-policies-scripts if openssh-common)
|
|
||||||
Requires: (crypto-policies-scripts if openssh-server)
|
|
||||||
Requires: (dracut-fips if dracut)
|
Requires: (dracut-fips if dracut)
|
||||||
|
Requires: (libcryptsetup12-hmac if libcryptsetup12)
|
||||||
|
Requires: (libcryptsetup12-hmac-32bit if libcryptsetup12-32bit)
|
||||||
|
Requires: (libfreebl3-hmac if libfreebl3)
|
||||||
|
Requires: (libfreebl3-hmac-32bit if libfreebl3-32bit)
|
||||||
|
Requires: (libgcrypt20-hmac if libgcrypt20)
|
||||||
|
Requires: (libgnutls30-hmac if libgnutls30)
|
||||||
|
Requires: (libgnutls30-hmac-32bit if libgnutls30-32bit)
|
||||||
Requires: (libopenssl-3-fips-provider if libopenssl3)
|
Requires: (libopenssl-3-fips-provider if libopenssl3)
|
||||||
|
Requires: (libopenssl-fips-provider if libopenssl)
|
||||||
|
Requires: (libopenssl1_0_0-hmac if libopenssl1_0_0)
|
||||||
|
Requires: (libopenssl1_0_0-hmac-32bit if libopenssl1_0_0-32bit)
|
||||||
|
Requires: (libopenssl1_1-hmac if libopenssl1_1)
|
||||||
|
Requires: (libopenssl1_1-hmac-32bit if libopenssl1_1-32bit)
|
||||||
|
Requires: (libsoftokn3-hmac if libsoftokn3)
|
||||||
|
Requires: (libsoftokn3-hmac-32bit if libsoftokn3-32bit)
|
||||||
Requires: (openssh-fips if openssh-clients)
|
Requires: (openssh-fips if openssh-clients)
|
||||||
Requires: (openssh-fips if openssh-server)
|
Requires: (openssh-fips if openssh-server)
|
||||||
Requires: (strongswan-hmac if strongswan)
|
Requires: (strongswan-hmac if strongswan)
|
||||||
@ -567,13 +575,14 @@ Provides: patterns-server-enterprise-fips-32bit = %{version}
|
|||||||
Obsoletes: patterns-server-enterprise-fips-32bit < %{version}
|
Obsoletes: patterns-server-enterprise-fips-32bit < %{version}
|
||||||
|
|
||||||
%description fips
|
%description fips
|
||||||
This pattern installs the FIPS 140-3 specific packages that are required
|
This pattern installs the FIPS 140-2 specific packages that complete the various
|
||||||
if you want to run the machine with "fips=1".
|
cryptographic modules in use. It is required if you want to run the
|
||||||
|
machine with "fips=1".
|
||||||
|
|
||||||
Please note that this pattern only enables FIPS 140-3 compliant operation, it does
|
Please note that this pattern only enables FIPS 140-2 compliant operation, it does
|
||||||
not directly make the system FIPS 140-3 certified nor validated.
|
not directly make the system FIPS 140-2 certified nor validated.
|
||||||
|
|
||||||
Please refer to SUSE official statements on the state of FIPS 140-3 certification.
|
Please refer to SUSE official statements on the state of FIPS 140-2 certification.
|
||||||
|
|
||||||
%files fips
|
%files fips
|
||||||
%dir %{_docdir}/patterns
|
%dir %{_docdir}/patterns
|
||||||
@ -597,7 +606,6 @@ Requires: distribution-release
|
|||||||
Requires: filesystem
|
Requires: filesystem
|
||||||
# We have two providers for libz.so.1: libz1 and libz1-ng-compat1. Favor the legacy one for now
|
# We have two providers for libz.so.1: libz1 and libz1-ng-compat1. Favor the legacy one for now
|
||||||
Suggests: libz1
|
Suggests: libz1
|
||||||
Suggests: libz1-32bit
|
|
||||||
# Tell the solver to default to the main product
|
# Tell the solver to default to the main product
|
||||||
Suggests: openSUSE-release
|
Suggests: openSUSE-release
|
||||||
%{obsolete_legacy_pattern minimal_base}
|
%{obsolete_legacy_pattern minimal_base}
|
||||||
@ -669,14 +677,12 @@ Provides: pattern-visible()
|
|||||||
Requires: policycoreutils
|
Requires: policycoreutils
|
||||||
Requires: selinux-autorelabel
|
Requires: selinux-autorelabel
|
||||||
Requires: selinux-policy
|
Requires: selinux-policy
|
||||||
Requires: selinux-policy-base
|
|
||||||
Requires: selinux-tools
|
Requires: selinux-tools
|
||||||
Requires: pattern() = minimal_base
|
Requires: pattern() = minimal_base
|
||||||
# Needed for podman et al.
|
|
||||||
Requires: (container-selinux if libcontainers-common)
|
|
||||||
Recommends: checkpolicy
|
Recommends: checkpolicy
|
||||||
# Use targeted as default policy if none was explicitly requested.
|
Recommends: container-selinux
|
||||||
Suggests: selinux-policy-targeted
|
Recommends: restorecond
|
||||||
|
Recommends: selinux-policy-targeted
|
||||||
|
|
||||||
%description selinux
|
%description selinux
|
||||||
Security-Enhanced Linux (SELinux) provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).
|
Security-Enhanced Linux (SELinux) provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user