forked from pool/patterns-base
Compare commits
27 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
|
c948dae9f1 | ||
| 2bf0f31e3c | |||
|
|
a557aa295e | ||
| b2a5254457 | |||
|
|
03328c38ad | ||
| f23ee05d6f | |||
|
64f492cfca | ||
| 768a180d99 | |||
|
|
edf568776e | ||
| 3763f00fd8 | |||
|
|
cfdea02182 | ||
| 1cc61a9e18 | |||
| ae25b951c3 | |||
| f89e9cc568 | |||
|
|
46e0d1f084 | ||
| ca46ca8676 | |||
|
|
12c5a3807d | ||
| 571ea4a41a | |||
|
|
fb368bbbe2 | ||
| fdb1dcf8cb | |||
|
|
a6cc6afbc3 | ||
| ee92f95867 | |||
|
|
e998b4e709 | ||
| ed0974cd7a | |||
| b74e5798d6 | |||
| 2464db8e12 | |||
|
a42463bf89 |
@ -1,3 +1,4 @@
|
||||
%if 0%{?is_opensuse}
|
||||
%package apparmor-32bit
|
||||
Summary: AppArmor
|
||||
Recommends: apparmor-abstractions-32bit
|
||||
@ -19,6 +20,7 @@ Supplements: packageand(patterns-base-32bit:patterns-base-apparmor)
|
||||
|
||||
%description apparmor-32bit
|
||||
The 32bit pattern complementing apparmor.
|
||||
%endif
|
||||
#
|
||||
#-------------------------------------------------------------------
|
||||
#
|
||||
|
||||
@ -1,3 +1,78 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 26 14:21:46 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
- Change some core packages to Requires [bsc#1237513]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 21 13:36:23 UTC 2025 - Frederic Crozat <fcrozat@suse.com>
|
||||
|
||||
- Only requires busybox on openSUSE MicroOS, not SL Micro.
|
||||
- Don't build apparmor pattern for SLFO.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 13 13:32:24 UTC 2025 - Frederic Crozat <fcrozat@suse.com>
|
||||
|
||||
- Disable 32bit pattern on aarch64 and ppc64le.
|
||||
- Build selinux pattern everywhere and requires targeted policy
|
||||
on SLE.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 6 13:55:16 UTC 2025 - Frederic Crozat <fcrozat@suse.com>
|
||||
|
||||
- Merge MicroOS and SL Micro base patterns into existing base
|
||||
patterns.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 16 12:52:36 UTC 2025 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
- selinux: Turn recommends for container-selinux into a hard but
|
||||
conditional dependency
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 19 13:12:09 UTC 2024 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
- base: suggest tar to avoid busybox-tar in default installs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 26 13:17:40 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- fips: change description from 140-2 to 140-3
|
||||
- fips: require crypto-policies-scripts when openssh is used
|
||||
(bsc#1224802)
|
||||
- fips: drop -hmac packages as they have been merged into the main
|
||||
package (bsc#1185116)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 5 16:29:38 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
|
||||
|
||||
- Remove "Recommends: restorecond" from selinux pattern as we don't
|
||||
want it to be installed by default.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 31 14:44:43 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
- Agama does not install chrony, add it to the pattern like on all
|
||||
other products, so that it is always there, including on images.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 24 07:10:58 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- Remove openssl 1.0 related fips dependencies: openssl 1.0 is EOL
|
||||
and removed from Factory.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 23 07:16:07 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
- In case of doubt, also favor libz1-32bit over libz-ng1-compat for
|
||||
the time being.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 16 14:17:27 UTC 2024 - Cathy Hu <cathy.hu@suse.com>
|
||||
|
||||
- Add "Requires: selinux-policy-base" to selinux pattern so that
|
||||
selinux-policy-targeted will be installed on systems that disable
|
||||
"Recommends" (bsc#1231720)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
|
||||
|
||||
@ -8,7 +83,7 @@ Thu Aug 29 13:57:22 UTC 2024 - Dominique Leuenberger <dleuenberger@suse.com>
|
||||
Thu Aug 15 10:03:27 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
- Remove nfsidmap, package got dropped
|
||||
- Remove nfs-client and autofs: in most scenarios, especially
|
||||
- Remove nfs-client and autofs: in most scenarios, especially
|
||||
desktops, no longer used, but pull in many "deprecated" packages
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package patterns-base
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -18,7 +18,7 @@
|
||||
|
||||
%bcond_with betatest
|
||||
Name: patterns-base
|
||||
Version: 20200505
|
||||
Version: 20241218
|
||||
Release: 0
|
||||
Summary: Patterns for Installation (base patterns)
|
||||
License: MIT
|
||||
@ -60,6 +60,7 @@ This will install the 32-bit variant of all selected patterns. This allows to ex
|
||||
|
||||
################################################################################
|
||||
|
||||
%if 0%{?is_opensuse}
|
||||
%package apparmor
|
||||
%pattern_basetechnologies
|
||||
Summary: AppArmor
|
||||
@ -89,6 +90,7 @@ AppArmor is an application security framework that provides mandatory access con
|
||||
%files apparmor
|
||||
%dir %{_docdir}/patterns
|
||||
%{_docdir}/patterns/apparmor.txt
|
||||
%endif
|
||||
|
||||
################################################################################
|
||||
|
||||
@ -120,6 +122,7 @@ Provides: pattern-visible()
|
||||
Requires: aaa_base
|
||||
Requires: bash
|
||||
Requires: ca-certificates-mozilla
|
||||
Requires: chrony
|
||||
Requires: coreutils
|
||||
Requires: coreutils-systemd
|
||||
Requires: glibc
|
||||
@ -128,37 +131,56 @@ Requires: pam
|
||||
Requires: pam-config
|
||||
Requires: pattern() = minimal_base
|
||||
# Support multiversion(kernel) (jsc#SLE-10162)
|
||||
Requires: purge-kernels-service
|
||||
# FIXME remove if opensuse when package is in SLFO
|
||||
%if 0%{?is_opensuse}
|
||||
%{requires_on_traditional purge-kernels-service}
|
||||
%endif
|
||||
Requires: rpm
|
||||
Requires: system-user-nobody
|
||||
Requires: systemd
|
||||
Requires: util-linux
|
||||
# Add some static base tool in case system explodes; Recommend only, as users are free to uninstall it
|
||||
Recommends: busybox-static
|
||||
Recommends: elfutils
|
||||
Recommends: glibc-locale-base
|
||||
Recommends: hostname
|
||||
Recommends: iproute2
|
||||
Recommends: issue-generator
|
||||
Recommends: lastlog2
|
||||
Recommends: pam_pwquality
|
||||
Recommends: shadow
|
||||
Recommends: system-group-trusted
|
||||
Recommends: system-group-wheel
|
||||
Recommends: system-user-bin
|
||||
Recommends: system-user-daemon
|
||||
Recommends: terminfo
|
||||
Recommends: terminfo-iterm
|
||||
Recommends: terminfo-screen
|
||||
Recommends: timezone
|
||||
Recommends: wtmpdb
|
||||
Recommends: service(network)
|
||||
Requires: user(nobody)
|
||||
# Add some static base tool in case system explodes; Recommend only on traditional systems, as users are free to uninstall it
|
||||
%if 0%{?is_opensuse}
|
||||
%{requires_on_transactional busybox}
|
||||
%endif
|
||||
%{recommends_on_traditional busybox-static}
|
||||
%{recommends_on_traditional elfutils}
|
||||
Requires: glibc-locale-base
|
||||
%{recommends_on_traditional hostname}
|
||||
%{requires_on_transactional /usr/bin/hostname}
|
||||
%{requires_on_transactional_recommends_otherwise iproute2}
|
||||
%{requires_on_transactional_recommends_otherwise issue-generator}
|
||||
%{requires_on_transactional_recommends_otherwise lastlog2}
|
||||
%if 0%{?sle_version}
|
||||
%{requires_on_transactional pam_pwquality}
|
||||
%else
|
||||
%{recommends_on_traditional pam_pwquality}
|
||||
%endif
|
||||
Requires: shadow
|
||||
%{recommends_on_traditional system-group-trusted}
|
||||
%if 0%{?sle_version}
|
||||
%{requires_on_transactional system-group-wheel}
|
||||
%else
|
||||
%{recommends_on_traditional system-group-wheel}
|
||||
%endif
|
||||
%{recommends_on_traditional system-user-bin}
|
||||
%{recommends_on_traditional system-user-daemon}
|
||||
Requires: terminfo-base
|
||||
%{recommends_on_traditional terminfo}
|
||||
%{recommends_on_traditional terminfo-iterm}
|
||||
%{recommends_on_traditional terminfo-screen}
|
||||
Requires: timezone
|
||||
Requires: wtmpdb
|
||||
%{recommends_on_traditional service(network)}
|
||||
%{requires_on_transactional NetworkManager}
|
||||
%{requires_on_transactional NetworkManager-wifi}
|
||||
%if 0%{?is_opensuse}
|
||||
%{requires_on_transactional NetworkManager-bluetooth}
|
||||
%endif
|
||||
# We don't necessarily want zypper in specific minimal environments
|
||||
# e.g. buildroots and locked down appliance environments
|
||||
Recommends: zypper
|
||||
# We don't necessarily want procps but it's highly useful in default
|
||||
# installations
|
||||
Recommends: procps
|
||||
%{recommends_on_traditional zypper}
|
||||
Requires: procps
|
||||
# If anything requests "kernel", pick the full kernel package by default
|
||||
Suggests: kernel-default
|
||||
# we have two providers for 'pkgconfig(jack)' - prefer the real one to the one from pipewire
|
||||
@ -173,6 +195,8 @@ Suggests: openssl-1_1
|
||||
Suggests: postfix
|
||||
# We have two providers of psmisc, favour the regular one (not the busybox one)
|
||||
Suggests: psmisc
|
||||
# rather than busybox-tar
|
||||
Suggests: tar
|
||||
# we have two providers for 'pulseaudio' - prefer pipewire or pipewire depending on suse_version
|
||||
# we have two providers for 'service(network)' - prefer NM or wicked depending on suse_version
|
||||
%if 0%{?suse_version} > 1500
|
||||
@ -542,28 +566,17 @@ This is the enhanced base runtime system with lots of convenience packages.
|
||||
|
||||
%package fips
|
||||
%pattern_primaryfunctions
|
||||
Summary: FIPS 140-2 specific packages
|
||||
Summary: FIPS 140-3 specific packages
|
||||
Group: Metapackages
|
||||
Provides: pattern() = fips
|
||||
Provides: pattern-icon() = pattern-basis-addon
|
||||
Provides: pattern-order() = 3010
|
||||
Provides: pattern-visible()
|
||||
Requires: (crypto-policies-scripts if openssh-clients)
|
||||
Requires: (crypto-policies-scripts if openssh-common)
|
||||
Requires: (crypto-policies-scripts if openssh-server)
|
||||
Requires: (dracut-fips if dracut)
|
||||
Requires: (libcryptsetup12-hmac if libcryptsetup12)
|
||||
Requires: (libcryptsetup12-hmac-32bit if libcryptsetup12-32bit)
|
||||
Requires: (libfreebl3-hmac if libfreebl3)
|
||||
Requires: (libfreebl3-hmac-32bit if libfreebl3-32bit)
|
||||
Requires: (libgcrypt20-hmac if libgcrypt20)
|
||||
Requires: (libgnutls30-hmac if libgnutls30)
|
||||
Requires: (libgnutls30-hmac-32bit if libgnutls30-32bit)
|
||||
Requires: (libopenssl-3-fips-provider if libopenssl3)
|
||||
Requires: (libopenssl-fips-provider if libopenssl)
|
||||
Requires: (libopenssl1_0_0-hmac if libopenssl1_0_0)
|
||||
Requires: (libopenssl1_0_0-hmac-32bit if libopenssl1_0_0-32bit)
|
||||
Requires: (libopenssl1_1-hmac if libopenssl1_1)
|
||||
Requires: (libopenssl1_1-hmac-32bit if libopenssl1_1-32bit)
|
||||
Requires: (libsoftokn3-hmac if libsoftokn3)
|
||||
Requires: (libsoftokn3-hmac-32bit if libsoftokn3-32bit)
|
||||
Requires: (openssh-fips if openssh-clients)
|
||||
Requires: (openssh-fips if openssh-server)
|
||||
Requires: (strongswan-hmac if strongswan)
|
||||
@ -575,14 +588,13 @@ Provides: patterns-server-enterprise-fips-32bit = %{version}
|
||||
Obsoletes: patterns-server-enterprise-fips-32bit < %{version}
|
||||
|
||||
%description fips
|
||||
This pattern installs the FIPS 140-2 specific packages that complete the various
|
||||
cryptographic modules in use. It is required if you want to run the
|
||||
machine with "fips=1".
|
||||
This pattern installs the FIPS 140-3 specific packages that are required
|
||||
if you want to run the machine with "fips=1".
|
||||
|
||||
Please note that this pattern only enables FIPS 140-2 compliant operation, it does
|
||||
not directly make the system FIPS 140-2 certified nor validated.
|
||||
Please note that this pattern only enables FIPS 140-3 compliant operation, it does
|
||||
not directly make the system FIPS 140-3 certified nor validated.
|
||||
|
||||
Please refer to SUSE official statements on the state of FIPS 140-2 certification.
|
||||
Please refer to SUSE official statements on the state of FIPS 140-3 certification.
|
||||
|
||||
%files fips
|
||||
%dir %{_docdir}/patterns
|
||||
@ -598,7 +610,10 @@ Provides: pattern() = minimal_base
|
||||
Provides: pattern-icon() = pattern-basis
|
||||
Provides: pattern-order() = 5190
|
||||
Provides: pattern-visible()
|
||||
# FIXME, to be enabled for SLFO too
|
||||
%if 0%{?is_opensuse}
|
||||
Requires: branding
|
||||
%endif
|
||||
# those packages are actually useless as they don't use
|
||||
# %_keyringpath but we need them eg for kiwi
|
||||
Requires: build-key
|
||||
@ -606,6 +621,7 @@ Requires: distribution-release
|
||||
Requires: filesystem
|
||||
# We have two providers for libz.so.1: libz1 and libz1-ng-compat1. Favor the legacy one for now
|
||||
Suggests: libz1
|
||||
Suggests: libz1-32bit
|
||||
# Tell the solver to default to the main product
|
||||
Suggests: openSUSE-release
|
||||
%{obsolete_legacy_pattern minimal_base}
|
||||
@ -665,10 +681,9 @@ This pattern holds files required for booting the system
|
||||
|
||||
################################################################################
|
||||
|
||||
%if 0%{?is_opensuse}
|
||||
%package selinux
|
||||
%pattern_basetechnologies
|
||||
Summary: SELinux
|
||||
Summary: SELinux Support
|
||||
Group: Metapackages
|
||||
Provides: pattern() = selinux
|
||||
Provides: pattern-icon() = pattern-selinux
|
||||
@ -677,12 +692,19 @@ Provides: pattern-visible()
|
||||
Requires: policycoreutils
|
||||
Requires: selinux-autorelabel
|
||||
Requires: selinux-policy
|
||||
%if 0%{?is_opensuse}
|
||||
Requires: selinux-policy-base
|
||||
# Use targeted as default policy if none was explicitly requested.
|
||||
Suggests: selinux-policy-targeted
|
||||
%else
|
||||
Requires: selinux-policy-targeted
|
||||
%endif
|
||||
|
||||
Requires: selinux-tools
|
||||
Requires: pattern() = minimal_base
|
||||
# Needed for podman et al.
|
||||
Requires: (container-selinux if libcontainers-common)
|
||||
Recommends: checkpolicy
|
||||
Recommends: container-selinux
|
||||
Recommends: restorecond
|
||||
Recommends: selinux-policy-targeted
|
||||
|
||||
%description selinux
|
||||
Security-Enhanced Linux (SELinux) provides a mechanism for supporting access control security policies, including mandatory access controls (MAC).
|
||||
@ -691,7 +713,6 @@ Its architecture strives to separate enforcement of security decisions from the
|
||||
%files selinux
|
||||
%dir %{_docdir}/patterns
|
||||
%{_docdir}/patterns/selinux.txt
|
||||
%endif
|
||||
|
||||
################################################################################
|
||||
|
||||
@ -728,13 +749,73 @@ Group: Metapackages
|
||||
Provides: pattern() = transactional_base
|
||||
Provides: pattern-icon() = pattern-kubic
|
||||
Provides: pattern-order() = 1050
|
||||
Requires: /usr/bin/gzip
|
||||
Requires: openssh
|
||||
Requires: read-only-root-fs
|
||||
Requires: rebootmgr
|
||||
Requires: systemd-presets-branding-transactional-server
|
||||
Requires: yast2-logs
|
||||
Requires: zypp-boot-plugin
|
||||
Requires: (health-checker if grub2)
|
||||
Requires: (health-checker-plugins-MicroOS if health-checker)
|
||||
# FIXME
|
||||
%if 0%{?is_opensuse}
|
||||
Requires: MicroOS-release
|
||||
Requires: systemd-presets-branding-MicroOS
|
||||
Suggests: busybox-gzip
|
||||
Requires: less
|
||||
Requires: sudo
|
||||
# tpm2 tools are required for FDE+TPM
|
||||
Requires: tpm2-0-tss
|
||||
Requires: libtss2-tcti-device0
|
||||
Requires: tpm2.0-tools
|
||||
# probably needed for fsck.fat on efi partitions
|
||||
Requires: dosfstools
|
||||
%else
|
||||
Requires: supportutils
|
||||
Requires: systemd-presets-branding-ALP-transactional
|
||||
Requires: toolbox
|
||||
Requires: group(wheel)
|
||||
# zypper ps is useless in transactional mode. It also checks for
|
||||
# /run/reboot-needed though which is created by transactional-update
|
||||
Requires: zypper-needs-restarting
|
||||
# jsc#PED-6478 (2 packages)
|
||||
Requires: mailx
|
||||
Requires: systemd-status-mail
|
||||
|
||||
# jsc#SMO-79
|
||||
Requires: tpm2.0-tools
|
||||
Requires: tpm2-0-tss
|
||||
Requires: tpm2-tss-engine
|
||||
Requires: tpm2.0-abrmd
|
||||
# jsc#SMO-50
|
||||
%ifarch x86_64 aarch64
|
||||
Requires: libmbim
|
||||
Requires: libmbim-glib4
|
||||
Requires: libqmi-glib5
|
||||
Requires: libqmi-tools
|
||||
%endif
|
||||
# jsc#CSD-121
|
||||
Requires: udica
|
||||
# jsc#SMO-120
|
||||
Requires: pam_u2f
|
||||
%ifarch s390x
|
||||
Requires: libica
|
||||
Requires: openCryptoki
|
||||
Requires: openssl-ibmca
|
||||
%endif
|
||||
# bsc#1217991
|
||||
#FIXME
|
||||
Requires: crypto-policies-scripts
|
||||
|
||||
%endif
|
||||
Requires: transactional-update
|
||||
Requires: transactional-update-zypp-config
|
||||
# Useful outside of MicroOS and needed for e.g. SELinux relabelling
|
||||
Requires: microos-tools
|
||||
%ifnarch %{arm}
|
||||
Requires: kdump
|
||||
%endif
|
||||
Requires: vim-small
|
||||
Requires: pattern() = base
|
||||
Suggests: health-checker
|
||||
|
||||
@ -1031,7 +1112,11 @@ The X Window System provides the only standard platform-independent networked gr
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}%{_docdir}/patterns
|
||||
for i in apparmor base enhanced_base minimal_base sw_management x11 x11_enhanced; do
|
||||
for i in \
|
||||
%if 0%{?is_opensuse}
|
||||
apparmor \
|
||||
%endif
|
||||
base enhanced_base minimal_base sw_management x11 x11_enhanced; do
|
||||
echo "This file marks the pattern $i to be installed." \
|
||||
>"%{buildroot}%{_docdir}/patterns/$i.txt"
|
||||
echo "This file marks the pattern $i to be installed." \
|
||||
@ -1039,11 +1124,11 @@ for i in apparmor base enhanced_base minimal_base sw_management x11 x11_enhanced
|
||||
done
|
||||
|
||||
# These packages don't generate a 32bit pattern
|
||||
for i in basesystem bootloader basic_desktop documentation fips transactional_base \
|
||||
for i in basesystem bootloader basic_desktop documentation fips transactional_base selinux \
|
||||
%if 0%{?is_opensuse}
|
||||
console selinux update_test \
|
||||
console update_test \
|
||||
%else
|
||||
%ifnarch s390 s390x
|
||||
%ifnarch s390 s390x aarch64 ppc64le
|
||||
32bit \
|
||||
%endif
|
||||
%endif
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user