Accepting request 1238249 from system:install:head

OBS-URL: https://build.opensuse.org/request/show/1238249
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/patterns-base?expand=0&rev=116

patterns-base.changes

@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Thu Jan 16 12:52:36 UTC 2025 - Fabian Vogt <fvogt@suse.com>
+
+- selinux: Turn recommends for container-selinux into a hard but
+  conditional dependency
+
+-------------------------------------------------------------------
+Thu Dec 19 13:12:09 UTC 2024 - Fabian Vogt <fvogt@suse.com>
+
+- base: suggest tar to avoid busybox-tar in default installs
+
+-------------------------------------------------------------------
+Tue Nov 26 13:17:40 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- fips: change description from 140-2 to 140-3
+- fips: require crypto-policies-scripts when openssh is used
+  (bsc#1224802)
+- fips: drop -hmac packages as they have been merged into the main
+  package (bsc#1185116)
+
+-------------------------------------------------------------------
+Tue Nov  5 16:29:38 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Remove "Recommends: restorecond" from selinux pattern as we don't
+  want it to be installed by default.
+
+-------------------------------------------------------------------
+Thu Oct 31 14:44:43 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Agama does not install chrony, add it to the pattern like on all
+  other products, so that it is always there, including on images.
+
+-------------------------------------------------------------------
+Thu Oct 24 07:10:58 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Remove openssl 1.0 related fips dependencies: openssl 1.0 is EOL
+  and removed from Factory.
+
+-------------------------------------------------------------------
+Wed Oct 23 07:16:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- In case of doubt, also favor libz1-32bit over libz-ng1-compat for
+  the time being.
+
+-------------------------------------------------------------------
+Wed Oct 16 14:17:27 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
+
+- Add "Requires: selinux-policy-base" to selinux pattern so that
+  selinux-policy-targeted will be installed on systems that disable
+  "Recommends" (bsc#1231720)
+
 -------------------------------------------------------------------
 Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
 
@@ -8,7 +59,7 @@ Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
 Thu Aug 15 10:03:27 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
 
 - Remove nfsidmap, package got dropped
-- Remove nfs-client and autofs: in most scenarios, especially 
+- Remove nfs-client and autofs: in most scenarios, especially
   desktops, no longer used, but pull in many "deprecated" packages
 
 -------------------------------------------------------------------

patterns-base.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package patterns-base
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -120,6 +120,7 @@ Provides:       pattern-visible()
 Requires:       aaa_base
 Requires:       bash
 Requires:       ca-certificates-mozilla
+Requires:       chrony
 Requires:       coreutils
 Requires:       coreutils-systemd
 Requires:       glibc
@@ -173,6 +174,8 @@ Suggests:       openssl-1_1
 Suggests:       postfix
 # We have two providers of psmisc, favour the regular one (not the busybox one)
 Suggests:       psmisc
+# rather than busybox-tar
+Suggests:       tar
 # we have two providers for 'pulseaudio' - prefer pipewire or pipewire depending on suse_version
 # we have two providers for 'service(network)' - prefer NM or wicked depending on suse_version
 %if 0%{?suse_version} > 1500
@@ -542,28 +545,17 @@ This is the enhanced base runtime system with lots of convenience packages.
 
 %package fips
 %pattern_primaryfunctions
-Summary:        FIPS 140-2 specific packages
+Summary:        FIPS 140-3 specific packages
 Group:          Metapackages
 Provides:       pattern() = fips
 Provides:       pattern-icon() = pattern-basis-addon
 Provides:       pattern-order() = 3010
 Provides:       pattern-visible()
+Requires:       (crypto-policies-scripts if openssh-clients)
+Requires:       (crypto-policies-scripts if openssh-common)
+Requires:       (crypto-policies-scripts if openssh-server)
 Requires:       (dracut-fips if dracut)
-Requires:       (libcryptsetup12-hmac if libcryptsetup12)
-Requires:       (libcryptsetup12-hmac-32bit if libcryptsetup12-32bit)
-Requires:       (libfreebl3-hmac if libfreebl3)
-Requires:       (libfreebl3-hmac-32bit if libfreebl3-32bit)
-Requires:       (libgcrypt20-hmac if libgcrypt20)
-Requires:       (libgnutls30-hmac if libgnutls30)
-Requires:       (libgnutls30-hmac-32bit if libgnutls30-32bit)
 Requires:       (libopenssl-3-fips-provider if libopenssl3)
-Requires:       (libopenssl-fips-provider if libopenssl)
-Requires:       (libopenssl1_0_0-hmac if libopenssl1_0_0)
-Requires:       (libopenssl1_0_0-hmac-32bit if libopenssl1_0_0-32bit)
-Requires:       (libopenssl1_1-hmac if libopenssl1_1)
-Requires:       (libopenssl1_1-hmac-32bit if libopenssl1_1-32bit)
-Requires:       (libsoftokn3-hmac if libsoftokn3)
-Requires:       (libsoftokn3-hmac-32bit if libsoftokn3-32bit)
 Requires:       (openssh-fips if openssh-clients)
 Requires:       (openssh-fips if openssh-server)
 Requires:       (strongswan-hmac if strongswan)
@@ -575,14 +567,13 @@ Provides:       patterns-server-enterprise-fips-32bit = %{version}
 Obsoletes:      patterns-server-enterprise-fips-32bit < %{version}
 
 %description fips
-This pattern installs the FIPS 140-2 specific packages that complete the various
-cryptographic modules in use. It is required if you want to run the
-machine with "fips=1".
+This pattern installs the FIPS 140-3 specific packages that are required
+if you want to run the machine with "fips=1".
 
-Please note that this pattern only enables FIPS 140-2 compliant operation, it does
-not directly make the system FIPS 140-2 certified nor validated.
+Please note that this pattern only enables FIPS 140-3 compliant operation, it does
+not directly make the system FIPS 140-3 certified nor validated.
 
-Please refer to SUSE official statements on the state of FIPS 140-2 certification.
+Please refer to SUSE official statements on the state of FIPS 140-3 certification.
 
 %files fips
 %dir %{_docdir}/patterns
@@ -606,6 +597,7 @@ Requires:       distribution-release
 Requires:       filesystem
 # We have two providers for libz.so.1: libz1 and libz1-ng-compat1. Favor the legacy one for now
 Suggests:       libz1
+Suggests:       libz1-32bit
 # Tell the solver to default to the main product
 Suggests:       openSUSE-release
 %{obsolete_legacy_pattern minimal_base}
@@ -677,12 +669,14 @@ Provides:       pattern-visible()
 Requires:       policycoreutils
 Requires:       selinux-autorelabel
 Requires:       selinux-policy
+Requires:       selinux-policy-base
 Requires:       selinux-tools
 Requires:       pattern() = minimal_base
+# Needed for podman et al.
+Requires:       (container-selinux if libcontainers-common)
 Recommends:     checkpolicy
-Recommends:     container-selinux
-Recommends:     restorecond
-Recommends:     selinux-policy-targeted
+# Use targeted as default policy if none was explicitly requested.
+Suggests:       selinux-policy-targeted
 
 %description selinux
 Security-Enhanced Linux (SELinux) provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).