From 0c5fae38d91de716e9dcd9f67c3d875540844925 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Mon, 19 Feb 2024 11:55:11 +0100
Subject: [PATCH 1/9] wip

---
 README.md               | 3 ++-
 imagebuilder/kiosk.toml | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 2a3467f..f4fe3eb 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,2 @@
-# red-hat-kiosk
\ No newline at end of file
+# A Kiosk based on Red Hat Device Edge and Microshift
+
diff --git a/imagebuilder/kiosk.toml b/imagebuilder/kiosk.toml
index 7ffef14..290de74 100644
--- a/imagebuilder/kiosk.toml
+++ b/imagebuilder/kiosk.toml
@@ -21,7 +21,7 @@ name = "firefox"
 version = "*"
 
 [[packages]]
-name = "google-chrome-stable-119.0.6045.199-1"
+name = "google-chrome-stable"
 version = "*"
 
 [[packages]]
@@ -57,13 +57,13 @@ ports = ["22:tcp", "30000:tcp", "9090:tcp", "6443:tcp"]
 [[customizations.user]]
 name = "kiosk"
 description = "kiosk"
-password = '<password hash obatained with:        python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'       >'
+password = '__KIOSK_PASSWORD__'
 
 [[customizations.user]]
 name = "admin"
 description = "admin"
-password = '<password hash obatained with:        python3 -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'       >'
-key = "<ssh public key>"
+password = '__ADMIN_PASSWORD__'
+key = "__ADMIN_SSH_PUBLIC_KEY__"
 home = "/home/admin/"
 shell = "/usr/bin/bash"
 groups = ["users", "wheel"]

From dd12a4ba98c8692309c27f159846b2d735645d12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Wed, 21 Feb 2024 11:20:50 +0100
Subject: [PATCH 2/9] doc

---
 documentation/INSTALL_RHEL9.md | 194 +++++++++++++++++++++++++++++++++
 documentation/LOCAL_DEV.md     |  69 ++++++++++++
 2 files changed, 263 insertions(+)
 create mode 100644 documentation/INSTALL_RHEL9.md
 create mode 100644 documentation/LOCAL_DEV.md

diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md
new file mode 100644
index 0000000..8fdbc20
--- /dev/null
+++ b/documentation/INSTALL_RHEL9.md
@@ -0,0 +1,194 @@
+# Installation on RHEL 9
+
+## Pre-requisites
+
+RHEL 9 pre-requisites :
+
+- RHEL 9 is installed
+- The Red Hat repositories **baseos** and **appstream** are reachable
+
+Microshift pre-requisites :
+
+- RHEL 9.2 or 9.3
+- LVM volume group (VG) with unused space
+
+## Install Pre-requisites
+
+```sh
+sudo subscription-manager register --username $RHN_LOGIN --auto-attach
+sudo subscription-manager attach --pool=$RHN_POOL_ID
+sudo dnf install -y osbuild-composer composer-cli cockpit-composer
+sudo systemctl enable --now osbuild-composer.socket
+sudo systemctl enable --now cockpit.socket
+sudo systemctl restart osbuild-composer
+sudo usermod -a -G weldr nmasse
+```
+
+Check that **os-composer** is working.
+
+```
+$ source /etc/bash_completion.d/composer-cli
+$ composer-cli status show
+API server status:
+    Database version:   0
+    Database supported: true
+    Schema version:     0
+    API version:        1
+    Backend:            osbuild-composer
+    Build:              NEVRA:osbuild-composer-88.3-1.el9_3.x86_64
+
+$ composer-cli sources list
+appstream
+baseos
+```
+
+## Clone this repository
+
+```sh
+git clone https://github.com/nmasse-itix/red-hat-kiosk.git
+cd red-hat-kiosk
+export GIT_REPO_CLONE="$PWD"
+```
+
+## Nginx configuration
+
+```sh
+sudo dnf install -y nginx
+sudo systemctl enable --now nginx.service
+sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp}
+sudo firewall-cmd --reload
+sudo mkdir -p /var/www
+sudo restorecon -Rv /var/www
+sudo sed -i.bak 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf
+sudo systemctl restart nginx.service
+```
+
+## Rebuild of Google Chrome
+
+```sh
+sudo dnf install -y git rpm-build
+sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
+sudo dnf install -y rpmrebuild
+cd "$GIT_REPO_CLONE/chrome_repackage"
+curl -s -Lo google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
+rpmrebuild -s google-chrome-stable.spec -p google-chrome-stable_current_x86_64.rpm
+rpm2cpio google-chrome-stable_current_x86_64.rpm | cpio -idmv
+mv opt/google/ usr/bin/
+cd usr/bin/
+rm -f google-chrome-stable
+ln -s google/chrome/google-chrome google-chrome-stable
+ln -s google/chrome/google-chrome chrome
+cd ../..
+RPM=$(rpm -q google-chrome-stable_current_x86_64.rpm)
+mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/
+for i in etc usr; do cp -r $i $HOME/rpmbuild/BUILDROOT/$RPM/; done
+sed -i.bak 's|/opt/google|/usr/bin/google|g' google-chrome-stable.spec
+rpmbuild -bb google-chrome-stable.spec
+ls -l $HOME/rpmbuild/RPMS/x86_64/
+```
+
+## Repository Creation
+
+```sh
+export REPO_LOCATION="/opt/custom-rpms/"
+sudo dnf install -y createrepo
+sudo mkdir -p "$REPO_LOCATION"
+sudo cp $HOME/rpmbuild/RPMS/x86_64/* "$REPO_LOCATION"
+sudo createrepo "$REPO_LOCATION"
+sudo tee /etc/yum.repos.d/custom.repo <<EOF
+[custom]  
+name = Custom RPMS  
+baseurl = file://$REPO_LOCATION
+enabled = 1  
+gpgcheck = 0
+EOF
+sudo dnf info google-chrome-stable
+```
+
+## os-builer configuration
+
+```sh
+sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms --enable fast-datapath-for-rhel-9-$(uname -m)-rpms
+sudo dnf info microshift
+sudo dnf install -y mkpasswd podman
+cd "$GIT_REPO_CLONE/imagebuilder"
+KIOSK_PASSWORD="$(openssl rand -base64 9)"
+KIOSK_PASSWORD_HASH="$(mkpasswd -m bcrypt "$KIOSK_PASSWORD")"
+echo "Kiosk password is '$KIOSK_PASSWORD'"
+ADMIN_PASSWORD="$(openssl rand -base64 9)"
+ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")"
+echo "Admin password is '$ADMIN_PASSWORD'"
+sed -i.orig1 "s|__KIOSK_PASSWORD__|$KIOSK_PASSWORD_HASH|" kiosk.toml
+sed -i.orig2 "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml
+ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)"
+echo "Admin SSH public key: $ADMIN_SSH_PUBLIC_KEY"
+sed -i.orig3 "s|__ADMIN_SSH_PUBLIC_KEY__|$ADMIN_SSH_PUBLIC_KEY|" kiosk.toml
+composer-cli sources add /dev/fd/0 <<EOF
+check_gpg = false
+check_ssl = false
+id = "custom"
+name = "custom packages for RHEL"
+system = false
+type = "yum-baseurl"
+url = "file://$REPO_LOCATION"
+EOF
+composer-cli sources add /dev/fd/0 <<EOF
+id = "rhocp-4.14"
+name = "Red Hat OpenShift Container Platform 4.14 for RHEL 9"
+type = "yum-baseurl"
+url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/rhocp/4.14/os"
+check_gpg = true
+check_ssl = true
+system = false
+rhsm = true
+EOF
+composer-cli sources add /dev/fd/0 <<EOF
+id = "fast-datapath"
+name = "Fast Datapath for RHEL 9"
+type = "yum-baseurl"
+url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/fast-datapath/os"
+check_gpg = true
+check_ssl = true
+system = false
+rhsm = true
+EOF
+composer-cli blueprints push kiosk.toml
+```
+
+## Ostree construction
+
+Create the ostree image.
+
+```sh
+composer-cli blueprints depsolve kiosk
+BUILDID=$(composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" kiosk edge-container | awk '{print $2}')
+echo "Build $BUILDID is running..."
+composer-cli compose status
+```
+
+Download the ostree server and run it.
+
+```sh
+CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")"
+IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')"
+echo "Using image with id = $IMAGEID"
+podman run -d --name=minimal-microshift-server -p 8085:8080 ${IMAGEID}
+```
+
+## Build the ISO
+
+```sh
+composer-cli blueprints push /dev/fd/0 <<EOF
+name = "microshift-installer"
+
+description = ""
+version = "0.0.0"
+modules = []
+groups = []
+packages = []
+EOF
+BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}')
+composer-cli compose status
+composer-cli compose image "${BUILDID}"
+
+```
diff --git a/documentation/LOCAL_DEV.md b/documentation/LOCAL_DEV.md
new file mode 100644
index 0000000..2d5cf29
--- /dev/null
+++ b/documentation/LOCAL_DEV.md
@@ -0,0 +1,69 @@
+# Local development
+
+## Create a RHEL 9 Virtual Machine
+
+Pre-requisites :
+- Fedora 39 [with Libvirt installed](https://docs.fedoraproject.org/en-US/quick-docs/virtualization-getting-started/)
+
+Download [RHEL 9.3](https://access.redhat.com/downloads/content/rhel) and save `rhel-9.3-x86_64-kvm.qcow2` in `/var/lib/libvirt/images/base-images`.
+
+Create a file named `user-data.yaml` with the follwing content.
+
+```yaml
+#cloud-config
+
+users:
+- name: nmasse
+  gecos: Nicolas MASSE
+  groups: wheel
+  lock_passwd: false
+  passwd: $6$...123 # generate the hash with the "mkpasswd" command
+  ssh_authorized_keys:
+  - ssh-ed25519 123...456
+
+write_files:
+- path: /etc/sudoers
+  content: |
+    Defaults   !visiblepw
+    Defaults    always_set_home
+    Defaults    match_group_by_gid
+    Defaults    always_query_group_plugin
+    Defaults    env_reset
+    Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
+    Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
+    Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
+    Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
+    Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
+    Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
+    root    ALL=(ALL)       ALL
+    %wheel  ALL=(ALL)       NOPASSWD: ALL
+    #includedir /etc/sudoers.d
+  permissions: '0440'
+  append: false
+```
+
+Create the RHEL9 VM.
+
+```sh
+sudo mkdir -p /var/lib/libvirt/images/rhel9 /var/lib/libvirt/images/base-images
+sudo dnf install -y cloud-utils genisoimage
+sudo cloud-localds /var/lib/libvirt/images/rhel9/cloud-init.iso user-data.yaml
+
+sudo virt-install --name rhel9 --autostart --noautoconsole --cpu host-passthrough \
+             --vcpus 4 --ram 8192 --os-variant rhel9.3 \
+             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=20 \
+             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,size=20 \
+             --network network=default \
+             --console pty,target.type=virtio --serial pty --import \
+             --disk path=/var/lib/libvirt/images/rhel9/cloud-init.iso,readonly=on \
+             --sysinfo system.serial=ds=nocloud
+
+sudo virsh console rhel9
+```
+
+Create a PV and a VG for Microshift.
+
+```
+sudo pvcreate /dev/vdb
+sudo vgcreate data /dev/vdb
+```

From 96738b8f1f8f5eb529b263ac3533ef62c0ac0d91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Thu, 22 Feb 2024 10:39:27 +0100
Subject: [PATCH 3/9] wip

---
 documentation/INSTALL_RHEL9.md | 58 ++++++++++++++++++++++++++++++----
 documentation/LOCAL_DEV.md     | 11 ++++---
 imagebuilder/kiosk.ks          | 39 ++++++++++++-----------
 3 files changed, 79 insertions(+), 29 deletions(-)

diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md
index 8fdbc20..b83eaee 100644
--- a/documentation/INSTALL_RHEL9.md
+++ b/documentation/INSTALL_RHEL9.md
@@ -21,7 +21,7 @@ sudo dnf install -y osbuild-composer composer-cli cockpit-composer
 sudo systemctl enable --now osbuild-composer.socket
 sudo systemctl enable --now cockpit.socket
 sudo systemctl restart osbuild-composer
-sudo usermod -a -G weldr nmasse
+sudo usermod -a -G weldr "$(id -un)"
 ```
 
 Check that **os-composer** is working.
@@ -89,8 +89,15 @@ ls -l $HOME/rpmbuild/RPMS/x86_64/
 
 ## Repository Creation
 
+Customize the desired location of the RPM repository:
+
+```sh
+REPO_LOCATION="/opt/custom-rpms/"
+```
+
+Create the custom RPM repository:
+
 ```sh
-export REPO_LOCATION="/opt/custom-rpms/"
 sudo dnf install -y createrepo
 sudo mkdir -p "$REPO_LOCATION"
 sudo cp $HOME/rpmbuild/RPMS/x86_64/* "$REPO_LOCATION"
@@ -105,19 +112,26 @@ EOF
 sudo dnf info google-chrome-stable
 ```
 
-## os-builer configuration
+## Blueprint preparation
+
+Customize the **kiosk** and **admin** user password if desired.
+
+```sh
+KIOSK_PASSWORD="$(openssl rand -base64 9)"
+echo "Kiosk password is '$KIOSK_PASSWORD'"
+ADMIN_PASSWORD="$(openssl rand -base64 9)"
+echo "Admin password is '$ADMIN_PASSWORD'"
+```
+
+Prepare the os-builder blueprint.
 
 ```sh
 sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms --enable fast-datapath-for-rhel-9-$(uname -m)-rpms
 sudo dnf info microshift
 sudo dnf install -y mkpasswd podman
 cd "$GIT_REPO_CLONE/imagebuilder"
-KIOSK_PASSWORD="$(openssl rand -base64 9)"
 KIOSK_PASSWORD_HASH="$(mkpasswd -m bcrypt "$KIOSK_PASSWORD")"
-echo "Kiosk password is '$KIOSK_PASSWORD'"
-ADMIN_PASSWORD="$(openssl rand -base64 9)"
 ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")"
-echo "Admin password is '$ADMIN_PASSWORD'"
 sed -i.orig1 "s|__KIOSK_PASSWORD__|$KIOSK_PASSWORD_HASH|" kiosk.toml
 sed -i.orig2 "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml
 ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)"
@@ -190,5 +204,35 @@ EOF
 BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}')
 composer-cli compose status
 composer-cli compose image "${BUILDID}"
+```
+
+## Prepare the Kickstart script
+
+Customize the **root** user password if desired.
 
+```sh
+ROOT_PASSWORD="$(openssl rand -base64 9)"
+echo "Root password is '$ROOT_PASSWORD'"
+```
+
+[Generate a registry token](https://access.redhat.com/terms-based-registry/) and set the `MICROSHIFT_PULL_SECRET` variable.
+
+```sh
+MICROSHIFT_PULL_SECRET="1.2.3" # Generated by https://access.redhat.com/terms-based-registry/
+```
+
+Prepare the Kickstart script.
+
+```sh
+cd "$GIT_REPO_CLONE/imagebuilder"
+__ROOT_PASSWORD_HASH__="$(mkpasswd -m bcrypt "$ROOT_PASSWORD")"
+sed -i.orig1 "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks
+sed -i.orig2 "s|__ROOT_PASSWORD_HASH__|$__ROOT_PASSWORD_HASH__|" kiosk.ks
+```
+
+## Inject the Kickstart in the ISO
+
+```sh
+sudo dnf install -y lorax
+mkksiso kiosk.ks "${BUILDID}-installer.iso" kiosk.iso
 ```
diff --git a/documentation/LOCAL_DEV.md b/documentation/LOCAL_DEV.md
index 2d5cf29..855e68c 100644
--- a/documentation/LOCAL_DEV.md
+++ b/documentation/LOCAL_DEV.md
@@ -1,6 +1,6 @@
 # Local development
 
-## Create a RHEL 9 Virtual Machine
+## Create a RHEL 9 Virtual Machine to play with os-builder and microshift
 
 Pre-requisites :
 - Fedora 39 [with Libvirt installed](https://docs.fedoraproject.org/en-US/quick-docs/virtualization-getting-started/)
@@ -51,8 +51,8 @@ sudo cloud-localds /var/lib/libvirt/images/rhel9/cloud-init.iso user-data.yaml
 
 sudo virt-install --name rhel9 --autostart --noautoconsole --cpu host-passthrough \
              --vcpus 4 --ram 8192 --os-variant rhel9.3 \
-             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=20 \
-             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,size=20 \
+             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=100 \
+             --disk path=/var/lib/libvirt/images/rhel9/data.qcow2,size=20 \
              --network network=default \
              --console pty,target.type=virtio --serial pty --import \
              --disk path=/var/lib/libvirt/images/rhel9/cloud-init.iso,readonly=on \
@@ -63,7 +63,10 @@ sudo virsh console rhel9
 
 Create a PV and a VG for Microshift.
 
-```
+```sh
 sudo pvcreate /dev/vdb
 sudo vgcreate data /dev/vdb
 ```
+
+## Create a VM to install RHEL for Edge
+
diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks
index 8e6a8ae..31ce460 100644
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@@ -8,21 +8,22 @@ zerombr
 clearpart --all --initlabel
 autopart --type=plain --fstype=xfs --nohome
 network --bootproto=dhcp
-rootpw --iscrypted $6$vnnc7bdpgCJMBDB.$TRBsboYscXsKPv57IHnKuy1BzLhuejJgft17s07ZQRSsgFhPI9QLPX6Spt4AiND4TaolQAR8FzMV2Osf2dhj10 
-#Use this line if creating an Edge Installer ISO that includes a local ostree commit
-#ostreesetup --osname=rhel --url=file:///ostree/repo --ref=rhel/9/x86_64/edge --nogpg
-#Use this to fetch from a remote URL
-ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg
-
-%post
-#Default to graphical boot target
-systemctl set-default graphical.target
+rootpw --iscrypted __ROOT_PASSWORD_HASH__
+
+# Use this line if creating an Edge Installer ISO that includes a local ostree commit
+ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge
+
+# Use this to fetch from a remote URL
+#ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg
 
-#Enable autologin for the user kiosk
+%post --log=/var/log/anaconda/post-install.log --erroronfail
+# Default to graphical boot target
+systemctl set-default graphical.target
 
+# Enable autologin for the user kiosk
 sed -i '/^\[daemon\]/a AutomaticLoginEnable=True\nAutomaticLogin=kiosk\n' /etc/gdm/custom.conf
 
-#Configure user kiosk to use the kiosk session
+# Configure user kiosk to use the kiosk session
 mkdir -p /var/lib/AccountsService/users
 cat > /var/lib/AccountsService/users/kiosk << 'EOF'
 [User]
@@ -30,12 +31,12 @@ Session=gnome-kiosk-script
 SystemAccount=false
 EOF
 
-#Add url environment variable
+# Add url environment variable
 cat >> /home/kiosk/.bashrc << 'EOF'
 export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
 EOF
 
-#Configure the kiosk script to run firefox in kiosk mode and display our example URL
+# Configure the kiosk script to run firefox in kiosk mode and display our example URL
 mkdir -p /home/kiosk/.local/bin/
 cat > /home/kiosk/.local/bin/gnome-kiosk-script << 'EOF'
 #!/bin/sh
@@ -45,16 +46,18 @@ while true; do
 done
 EOF
 
-#Ensure the files are owned by our unprivileged user and the script is executable 
+# Ensure the files are owned by our unprivileged user and the script is executable 
 chown -R 1001:1001 /home/kiosk
 chmod 555 /home/kiosk/.local/bin/gnome-kiosk-script
 
-/etc/crio/openshift-pull-secret
-
+# Add the pull secret to CRI-O and set root user-only read/write permissions
 cat > /etc/crio/openshift-pull-secret << 'EOF'
-<YOUR_PULL_SECRET>
+__MICROSHIFT_PULL_SECRET__
 EOF
+chmod 600 /etc/crio/openshift-pull-secret
 
-
+# Configure the firewall with the mandatory rules for MicroShift
+firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16
+firewall-offline-cmd --zone=trusted --add-source=169.254.169.1
 
 %end

From da6101d5a1022d6bcdadf2800058d2afddee9c57 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Thu, 22 Feb 2024 11:56:48 +0100
Subject: [PATCH 4/9] be pedantic

---
 imagebuilder/kiosk.ks | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks
index 31ce460..2a91918 100644
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@@ -1,6 +1,6 @@
 lang fr_FR.UTF-8
 keyboard fr
-timezone UTC --isUtc --ntpservers=rhel.pool.ntp.org
+timezone UTC --utc --ntpservers=rhel.pool.ntp.org
 reboot
 text
 

From 9b47b91c00e1301d7a72cd7ef6bf8cdbd5b29ba2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Thu, 22 Feb 2024 12:03:29 +0100
Subject: [PATCH 5/9] be pedantic

---
 imagebuilder/kiosk.ks | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks
index 2a91918..2cff89a 100644
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@@ -1,6 +1,7 @@
 lang fr_FR.UTF-8
 keyboard fr
-timezone UTC --utc --ntpservers=rhel.pool.ntp.org
+timezone UTC --utc
+timesource --ntp-server=rhel.pool.ntp.org
 reboot
 text
 

From a9ada2c4dfd784cfbd695fb3cd832d8bf0ce8d37 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Thu, 22 Feb 2024 13:54:39 +0100
Subject: [PATCH 6/9] add comments

---
 imagebuilder/kiosk.ks | 55 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 52 insertions(+), 3 deletions(-)

diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks
index 2cff89a..eef95bb 100644
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@@ -1,15 +1,61 @@
+##
+## Environment setup
+##
+
+# French I18n
 lang fr_FR.UTF-8
+
+# French keyboard layout
 keyboard fr
+
+# Timezone is UTC to avoid issue with DST
 timezone UTC --utc
+
+# Configure NTP
 timesource --ntp-server=rhel.pool.ntp.org
+
+# Which action to perform after install: poweroff or reboot
 reboot
+
+# Install mode: text (interactive installs) or cmdline (unattended installs)
 text
 
+##
+## Storage configuration
+##
+
+# Clear the target disk
 zerombr
+
+# Remove existing partitions
 clearpart --all --initlabel
-autopart --type=plain --fstype=xfs --nohome
-network --bootproto=dhcp
-rootpw --iscrypted __ROOT_PASSWORD_HASH__
+
+# Automatically create partitions required by hardware platform
+# and add a separate /boot partition
+reqpart --add-boot
+
+# Create a PV, VG add LV for the system
+part pv.01 --size=1 --grow --ondisk=vda
+volgroup system pv.01
+logvol /  --fstype="xfs" --size=1 --grow --name=root --vgname=system
+
+# Create a PV and VG for Microshift
+part pv.02 --size=1 --grow --ondisk=vdb
+volgroup data pv.02
+
+##
+## Network configuration
+##
+
+# Configure the first network device
+network  --bootproto=dhcp --device=enp1s0 --noipv6 --activate
+
+# Configure hostname
+network  --hostname=kiosk.localdomain
+
+##
+## Ostree installation
+##
 
 # Use this line if creating an Edge Installer ISO that includes a local ostree commit
 ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge
@@ -17,6 +63,9 @@ ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/o
 # Use this to fetch from a remote URL
 #ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg
 
+##
+## Post install scripts
+##
 %post --log=/var/log/anaconda/post-install.log --erroronfail
 # Default to graphical boot target
 systemctl set-default graphical.target

From 356d1903ebe2da4a35beee38cd04dcde733fe199 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Thu, 22 Feb 2024 23:34:07 +0100
Subject: [PATCH 7/9] work in progress

---
 chrome_repackage/README.md                    |   70 -
 chrome_repackage/google_chrome_repackage.spec | 1555 -----------------
 documentation/INSTALL_RHEL9.md                |  106 +-
 documentation/LOCAL_DEV.md                    |   44 +-
 imagebuilder/kiosk.ks                         |   33 -
 imagebuilder/kiosk.toml                       |   19 +-
 rpms/.gitignore                               |    4 +
 rpms/README.md                                |   42 +
 .../com.redhat.Kiosk.SampleApp.desktop        |    5 +
 .../com.redhat.Kiosk.SampleApp.service        |    9 +
 rpms/SOURCES/kiosk-environment                |    1 +
 rpms/SOURCES/redhat-kiosk-sampleapp.desktop   |    8 +
 rpms/SOURCES/redhat-kiosk-sampleapp.session   |    3 +
 rpms/SOURCES/session.conf                     |    3 +
 rpms/SOURCES/user-template                    |   13 +
 rpms/SPECS/kiosk-config.spec                  |   88 +
 16 files changed, 284 insertions(+), 1719 deletions(-)
 delete mode 100644 chrome_repackage/README.md
 delete mode 100644 chrome_repackage/google_chrome_repackage.spec
 create mode 100644 rpms/.gitignore
 create mode 100644 rpms/README.md
 create mode 100644 rpms/SOURCES/com.redhat.Kiosk.SampleApp.desktop
 create mode 100644 rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
 create mode 100644 rpms/SOURCES/kiosk-environment
 create mode 100644 rpms/SOURCES/redhat-kiosk-sampleapp.desktop
 create mode 100644 rpms/SOURCES/redhat-kiosk-sampleapp.session
 create mode 100644 rpms/SOURCES/session.conf
 create mode 100644 rpms/SOURCES/user-template
 create mode 100644 rpms/SPECS/kiosk-config.spec

diff --git a/chrome_repackage/README.md b/chrome_repackage/README.md
deleted file mode 100644
index 3775dce..0000000
--- a/chrome_repackage/README.md
+++ /dev/null
@@ -1,70 +0,0 @@
-# Google Chrome RPM Installation Guide
-
-This guide provides step-by-step instructions for downloading and rebuilding the Google Chrome RPM package on a RPM-based Linux distribution.
-
-## Prerequisites
-
-Before you proceed, ensure that you have the following prerequisites installed on your system:
-
-- `rpmrebuild`: A tool for rebuilding RPM packages.
-- `rpmbuild`: The RPM Package Manager build tool.
-
-## Installation Steps
-
-1. **Download Google RPM**
-
-    ```bash
-    # Replace <URL> with the actual download URL
-    wget <URL>/google-chrome-stable-119.0.6045.199-1.x86_64.rpm
-    ```
-
-2. **Rebuild the RPM Package**
-
-    ```bash
-    rpmrebuild -s google-chrome-stable.spec -p google-chrome-stable-119.0.6045.199-1.x86_64.rpm
-    ```
-
-3. **Extract the Contents**
-
-    ```bash
-    rpm2cpio google-chrome-stable-119.0.6045.199-1.x86_64.rpm | cpio -idmv
-    ```
-
-4. **Move Google Chrome to the Desired Location**
-
-    ```bash
-    mv opt/google usr/bin/
-    ```
-
-5. **Create Symbolic Links**
-
-    ```bash
-    cd usr/bin/
-    rm -f google-chrome-stable
-    ln -s google/chrome/google-chrome google-chrome-stable
-    ln -s google/chrome/google-chrome chrome
-    cd ../..
-    ```
-
-6. **Create RPM Build Directory**
-
-    ```bash
-    mkdir -p $HOME/rpmbuild/BUILDROOT/google-chrome-stable-119.0.6045.199-1.x86_64
-    ```
-
-7. **Copy Files to RPM Build Directory**
-
-    ```bash
-    for i in etc usr; do cp -r $i $HOME/rpmbuild/BUILDROOT/google-chrome-stable-119.0.6045.199-1.x86_64/; done
-    ```
-
-8. **Build the RPM Package**
-
-    ```bash
-    rpmbuild -bb google-chrome-stable.spec
-    ```
-
-After completing these steps, you should have successfully downloaded, rebuilt, and repackaged the Google Chrome RPM for your system. The resulting RPM package will be available in the RPM build directory (`$HOME/rpmbuild/RPMS/x86_64/`).
-
-Note: Ensure that you replace `<URL>` with the actual download URL of the Google Chrome RPM.
-
diff --git a/chrome_repackage/google_chrome_repackage.spec b/chrome_repackage/google_chrome_repackage.spec
deleted file mode 100644
index 18660c6..0000000
--- a/chrome_repackage/google_chrome_repackage.spec
+++ /dev/null
@@ -1,1555 +0,0 @@
-# rpmrebuild autogenerated specfile
-
-BuildRoot: /home/cloud-user/.tmp/rpmrebuild.469989/work/root
-AutoProv: no
-%undefine __find_provides
-AutoReq: no
-%undefine __find_requires
-# Do not try autogenerate prereq/conflicts/obsoletes and check files
-%undefine __check_files
-%undefine __find_prereq
-%undefine __find_conflicts
-%undefine __find_obsoletes
-# Be sure buildpolicy set to do nothing
-%define __spec_install_post %{nil}
-# Something that need for rpm-4.1
-%define _missing_doc_files_terminate_build 0
-#dummy
-#dummy
-#BUILDHOST:    NSJAIL
-#BUILDTIME:    Mon Nov 27 16:02:46 2023
-#SOURCERPM:    google-chrome-stable-119.0.6045.199-1.src.rpm
-
-#RPMVERSION:   4.14.1
-
-
-
-#OS:           linux
-#SIZE:           334068301
-#ARCHIVESIZE:           334084684
-#ARCH:         x86_64
-BuildArch:     x86_64
-Name:          google-chrome-stable
-Version:       119.0.6045.199
-Release:       1
-License:       Multiple, see https://chrome.google.com/ 
-Group:         Applications/Internet
-Summary:       Google Chrome
-
-
-URL:           https://chrome.google.com/
-Vendor:        Google LLC
-Packager:      Chrome Linux Team <chromium-dev@chromium.org>
-
-
-
-
-
-Prefix:        /usr/bin
-Provides:      google-chrome = 119.0.6045.199
-Provides:      google-chrome-stable = 119.0.6045.199-1
-Provides:      google-chrome-stable(x86-64) = 119.0.6045.199-1
-Requires(pre): /bin/sh  
-Requires(post): /bin/sh  
-Requires(preun): /bin/sh  
-Requires(postun): /bin/sh  
-Requires(post): /usr/sbin/update-alternatives  
-Requires(preun): /usr/sbin/update-alternatives  
-Requires:      ca-certificates  
-Requires:      ld-linux-x86-64.so.2()(64bit)  
-Requires:      ld-linux-x86-64.so.2(GLIBC_2.2.5)(64bit)  
-Requires:      ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)  
-Requires:      libX11.so.6()(64bit)  
-Requires:      libXcomposite.so.1()(64bit)  
-Requires:      libXdamage.so.1()(64bit)  
-Requires:      libXext.so.6()(64bit)  
-Requires:      libXfixes.so.3()(64bit)  
-Requires:      libXrandr.so.2()(64bit)  
-Requires:      libasound.so.2()(64bit)  
-Requires:      libasound.so.2(ALSA_0.9)(64bit)  
-Requires:      libasound.so.2(ALSA_0.9.0rc4)(64bit)  
-Requires:      libatk-1.0.so.0()(64bit)  
-Requires:      libatk-bridge-2.0.so.0()(64bit)  
-Requires:      libatspi.so.0()(64bit)  
-Requires:      libc.so.6()(64bit)  
-Requires:      libc.so.6(GLIBC_2.10)(64bit)  
-Requires:      libc.so.6(GLIBC_2.11)(64bit)  
-Requires:      libc.so.6(GLIBC_2.14)(64bit)  
-Requires:      libc.so.6(GLIBC_2.15)(64bit)  
-Requires:      libc.so.6(GLIBC_2.16)(64bit)  
-Requires:      libc.so.6(GLIBC_2.17)(64bit)  
-Requires:      libc.so.6(GLIBC_2.2.5)(64bit)  
-Requires:      libc.so.6(GLIBC_2.3)(64bit)  
-Requires:      libc.so.6(GLIBC_2.3.2)(64bit)  
-Requires:      libc.so.6(GLIBC_2.3.3)(64bit)  
-Requires:      libc.so.6(GLIBC_2.3.4)(64bit)  
-Requires:      libc.so.6(GLIBC_2.4)(64bit)  
-Requires:      libc.so.6(GLIBC_2.6)(64bit)  
-Requires:      libc.so.6(GLIBC_2.7)(64bit)  
-Requires:      libc.so.6(GLIBC_2.8)(64bit)  
-Requires:      libc.so.6(GLIBC_2.9)(64bit)  
-Requires:      libcairo.so.2()(64bit)  
-Requires:      libcups.so.2()(64bit)  
-Requires:      libcurl.so.4()(64bit)  
-Requires:      libdbus-1.so.3()(64bit)  
-Requires:      libdbus-1.so.3(LIBDBUS_1_3)(64bit)  
-Requires:      libdl.so.2()(64bit)  
-Requires:      libdl.so.2(GLIBC_2.2.5)(64bit)  
-Requires:      libdrm.so.2()(64bit)  
-Requires:      liberation-fonts  
-Requires:      libexpat.so.1()(64bit)  
-Requires:      libgbm.so.1()(64bit)  
-Requires:      libgcc_s.so.1()(64bit)  
-Requires:      libgcc_s.so.1(GCC_3.0)(64bit)  
-Requires:      libgio-2.0.so.0()(64bit)  
-Requires:      libglib-2.0.so.0()(64bit)  
-Requires:      libgobject-2.0.so.0()(64bit)  
-Requires:      libgtk-3.so.0()(64bit)  
-Requires:      libm.so.6()(64bit)  
-Requires:      libm.so.6(GLIBC_2.2.5)(64bit)  
-Requires:      libnspr4.so()(64bit)  
-Requires:      libnss3.so()(64bit)  
-Requires:      libnss3.so(NSS_3.11)(64bit)  
-Requires:      libnss3.so(NSS_3.12)(64bit)  
-Requires:      libnss3.so(NSS_3.12.1)(64bit)  
-Requires:      libnss3.so(NSS_3.12.4)(64bit)  
-Requires:      libnss3.so(NSS_3.2)(64bit)  
-Requires:      libnss3.so(NSS_3.22)(64bit)  
-Requires:      libnss3.so(NSS_3.3)(64bit)  
-Requires:      libnss3.so(NSS_3.30)(64bit)  
-Requires:      libnss3.so(NSS_3.31)(64bit)  
-Requires:      libnss3.so(NSS_3.39)(64bit)  
-Requires:      libnss3.so(NSS_3.4)(64bit)  
-Requires:      libnss3.so(NSS_3.5)(64bit)  
-Requires:      libnss3.so(NSS_3.6)(64bit)  
-Requires:      libnss3.so(NSS_3.7)(64bit)  
-Requires:      libnss3.so(NSS_3.9.2)(64bit)  
-Requires:      libnssutil3.so()(64bit)  
-Requires:      libnssutil3.so(NSSUTIL_3.12.3)(64bit)  
-Requires:      libpango-1.0.so.0()(64bit)  
-Requires:      libpthread.so.0()(64bit)  
-Requires:      libpthread.so.0(GLIBC_2.12)(64bit)  
-Requires:      libpthread.so.0(GLIBC_2.2.5)(64bit)  
-Requires:      libpthread.so.0(GLIBC_2.3.2)(64bit)  
-Requires:      libpthread.so.0(GLIBC_2.3.3)(64bit)  
-Requires:      libpthread.so.0(GLIBC_2.3.4)(64bit)  
-Requires:      librt.so.1()(64bit)  
-Requires:      librt.so.1(GLIBC_2.2.5)(64bit)  
-Requires:      libsmime3.so()(64bit)  
-Requires:      libsmime3.so(NSS_3.10)(64bit)  
-Requires:      libsmime3.so(NSS_3.2)(64bit)  
-Requires:      libvulkan.so.1()(64bit)  
-Requires:      libxcb.so.1()(64bit)  
-Requires:      libxkbcommon.so.0()(64bit)  
-Requires:      libxkbcommon.so.0(V_0.5.0)(64bit)  
-#Requires:      rpmlib(CompressedFileNames) <= 3.0.4-1
-#Requires:      rpmlib(FileDigests) <= 4.6.0-1
-#Requires:      rpmlib(PayloadFilesHavePrefix) <= 4.0-1
-#Requires:      rpmlib(PayloadIsXz) <= 5.2-1
-Requires:      rtld(GNU_HASH)  
-Requires:      wget  
-Requires:      xdg-utils  
-
-
-
-
-
-%description
-The web browser from Google
-
-Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
-%files
-%attr(0755, root, root) "/etc/cron.daily/google-chrome"
-%dir %attr(0755, root, root) "/usr/bin/google/chrome"
-%dir %attr(0755, root, root) "/usr/bin/google/chrome/MEIPreload"
-%attr(0644, root, root) "/usr/bin/google/chrome/MEIPreload/manifest.json"
-%attr(0644, root, root) "/usr/bin/google/chrome/MEIPreload/preloaded_data.pb"
-%dir %attr(0755, root, root) "/usr/bin/google/chrome/WidevineCdm"
-%attr(0644, root, root) "/usr/bin/google/chrome/WidevineCdm/LICENSE"
-%dir %attr(0755, root, root) "/usr/bin/google/chrome/WidevineCdm/_platform_specific"
-%dir %attr(0755, root, root) "/usr/bin/google/chrome/WidevineCdm/_platform_specific/linux_x64"
-%attr(0755, root, root) "/usr/bin/google/chrome/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
-%attr(0644, root, root) "/usr/bin/google/chrome/WidevineCdm/manifest.json"
-%attr(0755, root, root) "/usr/bin/google/chrome/chrome"
-%attr(0755, root, root) "/usr/bin/google/chrome/chrome-management-service"
-%attr(4755, root, root) "/usr/bin/google/chrome/chrome-sandbox"
-%attr(0644, root, root) "/usr/bin/google/chrome/chrome_100_percent.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/chrome_200_percent.pak"
-%attr(0755, root, root) "/usr/bin/google/chrome/chrome_crashpad_handler"
-%attr(0644, root, root) "/usr/bin/google/chrome/default-app-block"
-%dir %attr(0755, root, root) "/usr/bin/google/chrome/default_apps"
-%attr(0644, root, root) "/usr/bin/google/chrome/default_apps/external_extensions.json"
-%attr(0755, root, root) "/usr/bin/google/chrome/google-chrome"
-%attr(0644, root, root) "/usr/bin/google/chrome/icudtl.dat"
-%attr(0755, root, root) "/usr/bin/google/chrome/libEGL.so"
-%attr(0755, root, root) "/usr/bin/google/chrome/libGLESv2.so"
-%attr(0755, root, root) "/usr/bin/google/chrome/liboptimization_guide_internal.so"
-%attr(0755, root, root) "/usr/bin/google/chrome/libqt5_shim.so"
-%attr(0755, root, root) "/usr/bin/google/chrome/libqt6_shim.so"
-%attr(0755, root, root) "/usr/bin/google/chrome/libvk_swiftshader.so"
-%attr(0755, root, root) "/usr/bin/google/chrome/libvulkan.so.1"
-%dir %attr(0755, root, root) "/usr/bin/google/chrome/locales"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/af.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/am.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ar.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/bg.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/bn.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ca.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/cs.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/da.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/de.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/el.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/en-GB.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/en-US.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/es-419.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/es.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/et.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/fa.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/fi.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/fil.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/fr.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/gu.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/he.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/hi.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/hr.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/hu.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/id.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/it.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ja.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/kn.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ko.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/lt.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/lv.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ml.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/mr.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ms.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/nb.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/nl.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/pl.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/pt-BR.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/pt-PT.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ro.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ru.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/sk.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/sl.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/sr.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/sv.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/sw.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ta.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/te.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/th.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/tr.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/uk.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/ur.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/vi.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/zh-CN.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/locales/zh-TW.pak"
-%attr(0755, root, root) "/usr/bin/google/chrome/nacl_helper"
-%attr(0755, root, root) "/usr/bin/google/chrome/nacl_helper_bootstrap"
-%attr(0644, root, root) "/usr/bin/google/chrome/nacl_irt_x86_64.nexe"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_128.png"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_16.png"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_24.png"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_256.png"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_32.png"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_32.xpm"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_48.png"
-%attr(0644, root, root) "/usr/bin/google/chrome/product_logo_64.png"
-%attr(0644, root, root) "/usr/bin/google/chrome/resources.pak"
-%attr(0644, root, root) "/usr/bin/google/chrome/v8_context_snapshot.bin"
-%attr(0644, root, root) "/usr/bin/google/chrome/vk_swiftshader_icd.json"
-%attr(0755, root, root) "/usr/bin/google/chrome/xdg-mime"
-%attr(0755, root, root) "/usr/bin/google/chrome/xdg-settings"
-%ghost %attr(0755, root, root) %verify(not md5 size link mtime) "/usr/bin/google-chrome"
-%attr(0777, root, root) "/usr/bin/google-chrome-stable"
-%attr(0644, root, root) "/usr/share/appdata/google-chrome.appdata.xml"
-%attr(0644, root, root) "/usr/share/applications/google-chrome.desktop"
-%attr(0644, root, root) "/usr/share/gnome-control-center/default-apps/google-chrome.xml"
-%doc %attr(0644, root, root) "/usr/share/man/man1/google-chrome-stable.1.gz"
-%doc %attr(0777, root, root) "/usr/share/man/man1/google-chrome.1.gz"
-
-
-%pre -p /bin/sh
-
-exit 0
-
-
-
-
-#------------------------------------------------------------------------------
-#   Post install script
-#------------------------------------------------------------------------------
-
-
-%post -p /bin/sh
-
-# System-wide package configuration.
-DEFAULTS_FILE="/etc/default/google-chrome"
-
-# Add icons to the system icons
-XDG_ICON_RESOURCE="`command -v xdg-icon-resource 2> /dev/null || true`"
-if [ ! -x "$XDG_ICON_RESOURCE" ]; then
-  echo "Error: Could not find xdg-icon-resource" >&2
-  exit 1
-fi
-for icon in product_logo_32.png product_logo_48.png product_logo_256.png product_logo_128.png product_logo_16.png product_logo_64.png product_logo_24.png ; do
-  size="$(echo ${icon} | sed 's/[^0-9]//g')"
-  "$XDG_ICON_RESOURCE" install --size "${size}" "/usr/bin/google/chrome/${icon}" \
-    "google-chrome"
-done
-
-UPDATE_MENUS="`command -v update-menus 2> /dev/null || true`"
-if [ -x "$UPDATE_MENUS" ]; then
-  update-menus
-fi
-
-# Update cache of .desktop file MIME types. Non-fatal since it's just a cache.
-update-desktop-database > /dev/null 2>&1 || true
-
-# Updates defaults.list file if present.
-update_defaults_list() {
-  # $1: name of the .desktop file
-
-  local DEFAULTS_LIST="/usr/share/applications/defaults.list"
-
-  if [ ! -f "${DEFAULTS_LIST}" ]; then
-    return
-  fi
-
-  # Split key-value pair out of MimeType= line from the .desktop file,
-  # then split semicolon-separated list of mime types (they should not contain
-  # spaces).
-  mime_types="$(grep MimeType= /usr/share/applications/${1} |
-                cut -d '=' -f 2- |
-                tr ';' ' ')"
-  for mime_type in ${mime_types}; do
-    if egrep -q "^${mime_type}=" "${DEFAULTS_LIST}"; then
-      if ! egrep -q "^${mime_type}=.*${1}" "${DEFAULTS_LIST}"; then
-        default_apps="$(grep ${mime_type}= "${DEFAULTS_LIST}" |
-                        cut -d '=' -f 2-)"
-        egrep -v "^${mime_type}=" "${DEFAULTS_LIST}" > "${DEFAULTS_LIST}.new"
-        echo "${mime_type}=${default_apps};${1}" >> "${DEFAULTS_LIST}.new"
-        mv "${DEFAULTS_LIST}.new" "${DEFAULTS_LIST}"
-      fi
-    else
-      # If there's no mention of the mime type in the file, add it.
-      echo "${mime_type}=${1};" >> "${DEFAULTS_LIST}"
-    fi
-  done
-}
-
-update_defaults_list "google-chrome.desktop"
-
-# This function uses sed to insert the contents of one file into another file,
-# after the first line matching a given regular expression. If there is no
-# matching line, then the file is unchanged.
-insert_after_first_match() {
-  # $1: file to update
-  # $2: regular expression
-  # $3: file to insert
-  sed -i -e "1,/$2/ {
-    /$2/ r $3
-    }" "$1"
-}
-
-# If /usr/share/gnome-control-center/default-apps/gnome-default-applications.xml
-# exists, it may need to be updated to add ourselves to the default applications
-# list. If we find the file and it does not seem to contain our patch already
-# (the patch is safe to leave even after uninstall), update it.
-GNOME_DFL_APPS=/usr/share/gnome-control-center/default-apps/gnome-default-applications.xml
-if [ -f "$GNOME_DFL_APPS" ]; then
-# Conditionally insert the contents of the file "default-app-block" after the
-# first "<web-browsers>" line we find in gnome-default-applications.xml
-  fgrep -q "Google Chrome" "$GNOME_DFL_APPS" || insert_after_first_match \
-    "$GNOME_DFL_APPS" \
-    "^[ 	]*<web-browsers>[ 	]*$" \
-    "/usr/bin/google/chrome/default-app-block"
-fi
-
-# This function performs the setup for the chrome management service process.
-# It creates a new chromemgmt group, creates the signing key file, and updates
-# permissions for both the signing key file and the binary.
-chrome_management_service_setup() {
-  if [ ! -f "$DEFAULTS_FILE" ]; then
-    return
-  fi
-
-  if ! grep -q "install_device_trust_key_management_command=true" \
-    "$DEFAULTS_FILE"; then
-    return
-  fi
-
-  getent group chromemgmt > /dev/null || groupadd chromemgmt
-
-  chgrp chromemgmt "/usr/bin/google/chrome/chrome-management-service"
-  chmod 2755 "/usr/bin/google/chrome/chrome-management-service"
-
-  mkdir -p "/etc/usr/bin/chrome/policies/enrollment"
-  SIGNING_KEY_FILE="/etc/usr/bin/chrome/policies/enrollment/DeviceTrustSigningKey"
-  if [ ! -e "$SIGNING_KEY_FILE" ]; then
-    touch "$SIGNING_KEY_FILE"
-  fi
-
-  chgrp chromemgmt "$SIGNING_KEY_FILE"
-  chmod 664 "$SIGNING_KEY_FILE"
-}
-
-chrome_management_service_setup
-
-# sources.list setting for google-chrome updates.
-REPOCONFIG="https://dl.google.com/linux/chrome/rpm/stable"
-REPOCONFIGREGEX=""
-
-# Install the repository signing key (see also:
-# https://www.google.com/linuxrepositories/)
-install_rpm_key() {
-  KEY_PACKAGE="gpg-pubkey-d38b4796-570c8cd3"
-  # Check to see if all keys already exists.
-  # Make sure all the most recent signing subkeys are installed.
-  NEED_KEYS=0
-
-  SUB_KEY_LIST=(
-    # 2017 signing subkey
-    "6494C6D6997C215E"
-    # 2019 signing subkey
-    "78BD65473CB3BD13"
-    # 2021 signing subkey
-    "4EB27DB2A3B88B8B"
-    # 2023 signing subkey
-    "E88979FB9B30ACF2"
-  )
-
-  for SUB_KEY in "${SUB_KEY_LIST[@]}"; do
-    rpm -q ${KEY_PACKAGE} --qf '%%{Pubkeys:armor}\n' | \
-      gpg --with-colons - 2>/dev/null | \
-      grep -q "$SUB_KEY"
-    if [ "$?" -ne "0" ]; then
-      NEED_KEYS=1
-    fi
-  done
-
-  if [ $NEED_KEYS -ne 1 ]; then
-    return
-  fi
-
-  # Make sure no older version of the key is installed because it appears
-  # 'rpm --import' won't overwrite an existing key package.
-  rpm -q ${KEY_PACKAGE} >/dev/null 2>&1
-  if [ "$?" -eq "0" ]; then
-    # Note, if this is run during the package install, it will fail because rpm
-    # can't recursively run rpm, but it should work when run later as part of
-    # the installed cron job (and probably nothing needs the new keys before
-    # then).
-    rpm -e --allmatches ${KEY_PACKAGE} >/dev/null 2>&1 || return
-  fi
-
-  # RPM on Mandriva 2009 is dumb and does not understand "rpm --import -"
-  TMPKEY=$(mktemp /tmp/google.sig.XXXXXX)
-  if [ -n "$TMPKEY" ]; then
-    cat > "$TMPKEY" <<KEYDATA
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.2.2 (GNU/Linux)
-
-mQGiBEXwb0YRBADQva2NLpYXxgjNkbuP0LnPoEXruGmvi3XMIxjEUFuGNCP4Rj/a
-kv2E5VixBP1vcQFDRJ+p1puh8NU0XERlhpyZrVMzzS/RdWdyXf7E5S8oqNXsoD1z
-fvmI+i9b2EhHAA19Kgw7ifV8vMa4tkwslEmcTiwiw8lyUl28Wh4Et8SxzwCggDcA
-feGqtn3PP5YAdD0km4S4XeMEAJjlrqPoPv2Gf//tfznY2UyS9PUqFCPLHgFLe80u
-QhI2U5jt6jUKN4fHauvR6z3seSAsh1YyzyZCKxJFEKXCCqnrFSoh4WSJsbFNc4PN
-b0V0SqiTCkWADZyLT5wll8sWuQ5ylTf3z1ENoHf+G3um3/wk/+xmEHvj9HCTBEXP
-78X0A/0Tqlhc2RBnEf+AqxWvM8sk8LzJI/XGjwBvKfXe+l3rnSR2kEAvGzj5Sg0X
-4XmfTg4Jl8BNjWyvm2Wmjfet41LPmYJKsux3g0b8yzQxeOA4pQKKAU3Z4+rgzGmf
-HdwCG5MNT2A5XxD/eDd+L4fRx0HbFkIQoAi1J3YWQSiTk15fw7RMR29vZ2xlLCBJ
-bmMuIExpbnV4IFBhY2thZ2UgU2lnbmluZyBLZXkgPGxpbnV4LXBhY2thZ2VzLWtl
-eW1hc3RlckBnb29nbGUuY29tPohjBBMRAgAjAhsDBgsJCAcDAgQVAggDBBYCAwEC
-HgECF4AFAkYVdn8CGQEACgkQoECDD3+sWZHKSgCfdq3HtNYJLv+XZleb6HN4zOcF
-AJEAniSFbuv8V5FSHxeRimHx25671az+uQINBEXwb0sQCACuA8HT2nr+FM5y/kzI
-A51ZcC46KFtIDgjQJ31Q3OrkYP8LbxOpKMRIzvOZrsjOlFmDVqitiVc7qj3lYp6U
-rgNVaFv6Qu4bo2/ctjNHDDBdv6nufmusJUWq/9TwieepM/cwnXd+HMxu1XBKRVk9
-XyAZ9SvfcW4EtxVgysI+XlptKFa5JCqFM3qJllVohMmr7lMwO8+sxTWTXqxsptJo
-pZeKz+UBEEqPyw7CUIVYGC9ENEtIMFvAvPqnhj1GS96REMpry+5s9WKuLEaclWpd
-K3krttbDlY1NaeQUCRvBYZ8iAG9YSLHUHMTuI2oea07Rh4dtIAqPwAX8xn36JAYG
-2vgLAAMFB/wKqaycjWAZwIe98Yt0qHsdkpmIbarD9fGiA6kfkK/UxjL/k7tmS4Vm
-CljrrDZkPSQ/19mpdRcGXtb0NI9+nyM5trweTvtPw+HPkDiJlTaiCcx+izg79Fj9
-KcofuNb3lPdXZb9tzf5oDnmm/B+4vkeTuEZJ//IFty8cmvCpzvY+DAz1Vo9rA+Zn
-cpWY1n6z6oSS9AsyT/IFlWWBZZ17SpMHu+h4Bxy62+AbPHKGSujEGQhWq8ZRoJAT
-G0KSObnmZ7FwFWu1e9XFoUCt0bSjiJWTIyaObMrWu/LvJ3e9I87HseSJStfw6fki
-5og9qFEkMrIrBCp3QGuQWBq/rTdMuwNFiEkEGBECAAkFAkXwb0sCGwwACgkQoECD
-D3+sWZF/WACfeNAu1/1hwZtUo1bR+MWiCjpvHtwAnA1R3IHqFLQ2X3xJ40XPuAyY
-/FJG
-=Quqp
------END PGP PUBLIC KEY BLOCK-----
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFcMjNMBEAC6Wr5QuLIFgz1V1EFPlg8ty2TsjQEl4VWftUAqWlMevJFWvYEx
-BOsOZ6kNFfBfjAxgJNWTkxZrHzDl74R7KW/nUx6X57bpFjUyRaB8F3/NpWKSeIGS
-pJT+0m2SgUNhLAn1WY/iNJGNaMl7lgUnaP+/ZsSNT9hyTBiH3Ev5VvAtMGhVI/u8
-P0EtTjXp4o2U+VqFTBGmZ6PJVhCFjZUeRByloHw8dGOshfXKgriebpioHvU8iQ2U
-GV3WNIirB2Rq1wkKxXJ/9Iw+4l5m4GmXMs7n3XaYQoBj28H86YA1cYWSm5LR5iU2
-TneI1fJ3vwF2vpSXVBUUDk67PZhg6ZwGRT7GFWskC0z8PsWd5jwK20mA8EVKq0vN
-BFmMK6i4fJU+ux17Rgvnc9tDSCzFZ1/4f43EZ41uTmmNXIDsaPCqwjvSS5ICadt2
-xeqTWDlzONUpOs5yBjF1cfJSdVxsfshvln2JXUwgIdKl4DLbZybuNFXnPffNLb2v
-PtRJHO48O2UbeXS8n27PcuMoLRd7+r7TsqG2vBH4t/cB/1vsvWMbqnQlaJ5VsjeW
-Tp8Gv9FJiKuU8PKiWsF4EGR/kAFyCB8QbJeQ6HrOT0CXLOaYHRu2TvJ4taY9doXn
-98TgU03XTLcYoSp49cdkkis4K+9hd2dUqARVCG7UVd9PY60VVCKi47BVKQARAQAB
-tFRHb29nbGUgSW5jLiAoTGludXggUGFja2FnZXMgU2lnbmluZyBBdXRob3JpdHkp
-IDxsaW51eC1wYWNrYWdlcy1rZXltYXN0ZXJAZ29vZ2xlLmNvbT6JAjgEEwECACIF
-AlcMjNMCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEHch9jvTi0eW5CAP
-/RELE/OAoA4o1cMBxJsljWgCgDig2Ge91bFCN0vExLcP0iByra7qPWJowXDJ5sCj
-UBnCkrxGo5D15U7cW5FC0+qWU73q0AuG3OjKDQ49ecdRkYHwcvwWQvT5Lz3DwOGW
-4armfEuzWXcUDeShR7AgfcTq+Pfoo3dHqdB8TmtNySu/AdJFmVH/xTiWYWrOSibh
-yLuaSW/0cTkHW0GDk06MlDkcdkTzhO5GMDO7PUxBgCysTXFR0T9TVWDo9VwvuMww
-2pE5foleA0X6PD/6GQpy3aX2xry8rhFvYplEa5zwXhqsscdKXlp1ZPZ4PMvvwe49
-5mY9n/1Rx1TmMvIcLHKP61sURMOve97Gipk/iD6oaeeT8I0khexHCQy7JMROoPMr
-z5onVOt2rAGZScIZsm5FYGSt9eDKBWI6qpJ/5QoVhkRWjOXOchZlJHo+kLdg6jq2
-vOnIlFnXo0p6Rqf/IEq5PMh70vVZpk4tNYNy4zRx03ZTA9qXRLW+ftxSQIYMY5eC
-Z31lqSH4EjqgtUG+zn2A6juKayb1nkt2O3F1wWOm6oTzNsAP5LdReJRlw151Jp4U
-4ftGtw7ygq+nvokXL7YLuu8sbFqfFXcTPrAZa5M9gnC7GCnIQyF/WvqUnrcaC1jp
-qBc+pkSJhROhN12QY8Po8AT8/UaUh/dPIiW5A4o8pOPEiEYEEBECAAYFAlcNtn8A
-CgkQoECDD3+sWZGy3wCfWTMZWsipX+yG/VB4Q1FunIfEVHYAnimEXCjZ3IVyy5F1
-yU36PihDCjWqiEYEEBECAAYFAlcNtvEACgkQMUcsOzG36APnRwCeJ/bfGf8FBa4q
-5TMw8p1GS1jWT5EAn2sc02481HHdTmZiW/CGWXmgE+OPuQINBFcMjcgBEACrL9gH
-hdr6gQX4ZMA5slp628xOrHCsdLO54WNdPRKeFHXJqSSJi3fs8FxBWI4FnejeKUGb
-F+MrOlFpKqELxaMje7bwZyap3izztZHszP3YmOoTBJvREGKdCkL82cLsChYD/Prg
-E8crvkhSnq9evcsKAnziMxg/wDCChUL3Evqo29BeoB81f+E9wkrUTMCT/kVxt3pG
-RalKX0UhrtKrpm8yRfjufJfwjkdwgvinkRGZ2GrWHj4LzMbi9/udYaJZ66Yw0hEU
-4USxUB9vNtmSFrb4EB91T2rhc68dgQ4jYBI7K4Ebb8XaWAxb+IAq31l1UkiEA32F
-4qUMoL6rChB4y6nHxOnTvs+XEb5TBwXVogjLRKTQs5U/HV9l7j+HAchk5y3im2N2
-UKmMxHqotvPZZUZPdaCRxUedQf9gR0yLZV+U9BcDuwjzL/zjrthNZYlEGJ6HZ/TL
-STp4dDH+uXuLqMVWy5iquKtnbrnNTQtv5twD+Ajpgy60YLOJ9YaiJ4GjifOpzSk8
-3e1rJ3p/pX6B5NWQinVLZJzxyeOoh3iMjdmCDSnEXLrCmYv5g6jyV/Wbd4GYFuMK
-8TT7+PQdWLcbZ/Lxc5w0s+c7+f5OfmKXO5KPHnnUsrF5DBaKRPjScpwePQitxeIg
-lUgEMDkNruBhu1PzCxd3BtXgu++K3WdoH3VcgwARAQABiQREBBgBAgAPBQJXDI3I
-AhsCBQkFo5qAAikJEHch9jvTi0eWwV0gBBkBAgAGBQJXDI3IAAoJEBOXvFNkDbVR
-QSYP/0Ewr3T7e0soTz8g4QJLLVqZDZdX8Iez04idNHuvAu0AwdZ2wl0C+tMkD7l4
-R2aI6BKe/9wPndk/NJe+ZYcD/uzyiKIJQD48PrifNnwvHu9A80rE4BppQnplENeh
-ibbWaGNJQONGFJx7QTYlFjS5LNlG1AX6mQjxvb423zOWSOmEamYXYBmYyMG6vkr/
-XTPzsldky8XFuPrJUZslL/Wlx31XQ1IrtkHHOYqWwr0hTc50/2O8H0ewl/dBZLq3
-EminZZ+tsTugof0j4SbxYhplw99nGwbN1uXy4L8/dWOUXnY5OgaTKZPF15zRMxXN
-9FeylBVYpp5kzre/rRI6mQ2lafYHdbjvd7ryHF5JvYToSDXd0mzF2nLzm6jwsO84
-7ZNd5GdTD6/vcef1IJta1nSwA/hhLtgtlz6/tNncp3lEdCjAMx29jYPDX+Lqs9JA
-xcJHufr82o6wM9TF24Q8ra8NbvB63odVidCfiHoOsIFDUrazH8XuaQzyZkI0bbzL
-mgMAvMO6u1zPfe/TK6LdJg7AeAKScOJS38D5mmwaD1bABr67ebA/X5HdaomSDKVd
-UYaewfTGBIsrWmCmKpdb+WfX4odFpNzXW/qskiBp5WSesKvN1QUkLJZDZD1kz2++
-Xul5B97s5LxLTLRwvgLoNaUFr3lnejzNLgdBpf6FnkA59syRUuIP/jiAZ2uJzXVK
-PeRJqMGL+Ue2HiVEe8ima3SQIceqW8jKS7c7Nic6dMWxgnDpk5tJmVjrgfc0a9c1
-FY4GomUBbZFj+j73+WRk3EaVKIsty+xz48+rlJjdYFVCJo0Jp67jjjXOt6EOHTni
-OA/ANtzRIzDMnWrwJZ7AxCGJ4YjLShkcRM9S30X0iuAkxNILX++SNOd8aqc2bFof
-yTCkcbk6CIc1W00vffv1QGTNjstNpVSl9+bRmlJDqJWnDGk5Nl4Ncqd8X51V0tYE
-g6WEK4OM83wx5Ew/TdTRq5jJkbCu2GYNaNNNgXW7bXSvT5VINbuP6dmbi1/8s0jK
-JQOEBI3RxxoB+01Dgx9YdNfjsCM3hvQvykaWMALeZIpzbXxV118Y9QQUIRe2L+4X
-ZACEAhWjj2K1wP7ODGTQrrM4q4sIw1l3l7yO9aXXN7likAAddT4WEpGV0CiorReO
-J1y/sKJRJSI/npN1UK7wMazZ+yzhxN0qzG8sqREKJQnNuuGQQ/qIGb/oe4dPO0Fi
-hAUGkWoa0bgtGVijN5fQSbMbV50kZYqaa9GnNQRnchmZb+pK2xLcK85hD1np37/A
-m5o2ggoONj3qI3JaRHsZaOs1qPQcyd46OyIFUpHJIfk4nezDCoQYd93bWUGqDwxI
-/n/CsdO0365yqDO/ADscehlVqdAupVv2uQINBFiGv8wBEACtrmK7c12DfxkPAJSD
-12VanxLLvvjYW0KEWKxN6TMRQCawLhGwFf7FLNpab829DFMhBcNVgJ8aU0YIIu9f
-HroIaGi+bkBkDkSWEhSTlYa6ISfBn6Zk9AGBWB/SIelOncuAcI/Ik6BdDzIXnDN7
-cXsMgV1ql7jIbdbsdX63wZEFwqbaiL1GWd4BUKhj0H46ZTEVBLl0MfHNlYl+X3ib
-9WpRS6iBAGOWs8Kqw5xVE7oJm9DDXXWOdPUE8/FVti+bmOz+ICwQETY9I2EmyNXy
-UG3iaKs07VAf7SPHhgyBEkMngt5ZGcH4gs1m2l/HFQ0StNFNhXuzlHvQhDzd9M1n
-qpstEe+f8AZMgyNnM+uGHJq9VVtaNnwtMDastvNkUOs+auMXbNwsl5y/O6ZPX5I5
-IvJmUhbSh0UOguGPJKUu/bl65theahz4HGBA0Q5nzgNLXVmU6aic143iixxMk+/q
-A59I6KelgWGj9QBPAHU68//J4dPFtlsRKZ7vI0vD14wnMvaJFv6tyTSgNdWsQOCW
-i+n16rGfMx1LNZTO1bO6TE6+ZLuvOchGJTYP4LbCeWLL8qDbdfz3oSKHUpyalELJ
-ljzin6r3qoA3TqvoGK5OWrFozuhWrWt3tIto53oJ34vJCsRZ0qvKDn9PQX9r3o56
-hKhn8G9z/X5tNlfrzeSYikWQcQARAQABiQREBBgBAgAPBQJYhr/MAhsCBQkFo5qA
-AikJEHch9jvTi0eWwV0gBBkBAgAGBQJYhr/MAAoJEGSUxtaZfCFeW4kP/iZq+blR
-DzgRzOw16x80vyBjfPOUKd++dSUkcr4Khi5vjBygNdVSWcKZaBKVkdBmCvf+p9bY
-wzfL+RdxvGEv8WKNTNjdaWcJ2chU2O4H5Am3QsduQ/sSf+jTzlnMe7NpfF9n3uo3
-4o+xEFOOcnyF3cHrhxWOCde9rX6kbnUQriIMXZteJY8e9Rs+Iv46DoL1eOlavAgD
-UJbIf/iLt219OdtWI7ZqopA0d+tcn7FL3fwuvyvn5WZRYHIerB4EYgBI6bCwl5JQ
-ejORlhuYx1oknyPjnzPJ9Los74chrf7OHOJ06iIQf1zlC9V/niA2xiM9NwePtTQO
-CTEJVB6IEoEtH6rozpAdriprH9fRnZkJxINNnCoYk1op9wVh3xfUHbOCvGQbB54c
-qN+amp9dEquCAe6Yt1WodTspL1zPXJ5Mv43Dud76TNEwQDywuebg4NFQnBTPXZGp
-LQYbUVhXSuMlVZXNEUx8xSz7vECm0S4x2h12RBKbK2RfI4oCq/wpD1dQRsZaKSYL
-FbZw5j2yk6nBBrtfahd7sWVX1F+YdisbTeT5iUhESAWqW9bCyCnNRFy6V34IgW9P
-e9yLu8WbVSJAFvnALxsc6hGyvs5dbXbruWKmi5mvk6tCFWdFlBVrrhx1QgqMtcS3
-jv3S7GHyCA3CS1lEgsifYkeOARAgJ1hZ5BvUurUP+wb66lIhDB0U9NuFdJUTc6nO
-/1cy3i9mGCVoqwmTcB1BJ9E1hncMUP1/MvrAgkBBrAWJiD2Xj9QV/uBozA7nLxrV
-7cf1de9OLgH4eNEfX25xj8BBPYnyVyHsyk5ZHDhjj9SaurfvlFWYi13i5ieMpyLV
-JV4+r2Wi1x1UgKVAlB78sHYnbDzSoHPLBcIxtIKp30LJ0PEkat8SG7G2wgtv1Rdh
-mcZEBV05vMnrGGO991e+pKzRNPYH8rD3VQKJlvaFwsJuBTW42gZ3KfpUNKI2ugCc
-nRNpoHFWNCrzlJ0CFI48LMlmUSs+7i/l+QGleaLKQxRTNNpAmevLrS7ga4Iq0IEq
-xey6VW6RSk/Z1Z37J8B7PISSR0rZn6TeyQgFWf/FOLw6OtwOquGmMeGSqj2Uzxyb
-ygtsvUZz0BxYymoWFd4F8sp43oL2TXU6Wp7QIpBaFgkSf/UQxfR6wcQ3ivafeS1l
-g8vUFuMfuMLto6T0JiZw8uKSuDWltSReF+FXVnhawz72BZMy8RIoshGdpWHn/YbN
-6L+JOuxZnvkMAZvSLT3c0H4XCDYtEfK2mJMqD2ynX5tGR8Fy3GAaEjhx36TvzTjC
-XRmJ+FnlSW1p77x+UjFUFcpY8skv+f0Gip30iynAb1hoAdibIDab612OWi/4vX0D
-aM6t68Uq8rsabeJYsZG4uQINBF01/K4BEACskZL08crrKfX2aD2w8OUS3jVGSW7K
-10Jr/dgl6ZB7Xx/y3c9lhBim7oRIsl6tpR/DBP50UnTIgBbvynbJ6tbWGptt64Az
-nI7el9pH0k63DOKcfqRUgJKTM4OUZSkcuqQ2qnkvn+g0oiJ3VhaVYOJdJfJF/pLj
-5Oi3UEL2afoEd048/lZEaATRvEqLj+h2pSfETEl5wCWyRnuMSu6ay9NmVzRxiJhP
-DGW2ppQTxJuaKj+6Vqw5WISu9nsRxTPE1DW8f7LYyPBwgultuSYKZoCdfoYE8ff4
-71oZIuCKcGSSBHQbR6MBTD6KJtqzBzpfJ8zZJmVO4lg0CJgp9xX2QZ8hPkpaBbnq
-2JCMS1zriCMN8iGhW6ZHYmZQJtWuubuZt51VL9QmEUUhCF1t+3ld11SaowY4NFKI
-LUdYbC2zAOQIEEJkWRIHKleuc2zYSNSoXl06oGgwCKQb5l+LlcYHx4+/F3+KzyAq
-0NqBC1rMnhbn3tcckdZyhLEpnx9/y33ypo6ZZ0s6dLGrmSpJpedEz6zr8siBa4uT
-3IvVF4xjfpzSt3cMD/Lzhbnk5onUfkmoCmQ/pkuKpMr35hHtdDxshLcLPFkTncMj
-EVAOBToHDbKDSplueyJm48ELPi9ZmuyNu7WsB8TWVEAkUShxdeHALVpY1D+MjXK+
-Z5ap6/tppj+fmwARAQABiQREBBgBCAAPBQJdNfyuAhsCBQkFo5qAAikJEHch9jvT
-i0eWwV0gBBkBCAAGBQJdNfyuAAoJEHi9ZUc8s70TzUAP/1Qq69M1CMd302TMnp1Y
-h1O06wkCPFGnMFMVwYRXH5ggoYUb3IoCOmIAHOEn6v9fho0rYImS+oRDFeE08dOx
-eI+Co0xVisVHJ1JJvdnu216BaXEsztZ0KGyUlFidXROrwndlpE3qlz4t1wh/EEaU
-H2TaQjRJ+O1mXJtF6vLB1+YvMTMz3+/3aeX/elDz9aatHSpjBVS2NzbHurb9g7mq
-D45nB80yTBsPYT7439O9m70OqsxjoDqe0bL/XlIXsM9w3ei/Us7rSfSY5zgIKf7/
-iu+aJcMAQC9Zir7XASUVsbBZywfpo2v4/ACWCHJ63lFST2Qrlf4Rjj1PhF0ifvB2
-XMR6SewNkDgVlQV+YRPO1XwTOmloFU8qepkt8nm0QM1lhdOQdKVe0QyNn6btyUCK
-I7p4pKc8/yfZm5j6EboXiGAb3XCcSFhR6pFrad12YMcKBhFYvLCaCN6g1q5sSDxv
-xqfRETvEFVwqOzlfiUH9KVY3WJcOZ3Cpbeu3QCpPkTiVZgbnR+WU9JSGQFEi7iZT
-rT8tct4hIg1Pa35B1lGZIlpYmzvdN5YoV9ohJoa1Bxj7qialTT/Su1Eb/toOOkOl
-qQ7B+1NBXzv9FmiBntC4afykHIeEIESNX9LdmvB+kQMW7d1d7Bs0aW2okPDt02vg
-wH2VEtQTtfq5B98jbwNW9mbXTvMQAKKCKl+H8T72WdueqgPKHEkXDZtJmTn6nyne
-YlETvdmHGEIb1ejxuJ5URlAYnciY+kvSQ/boKjVHNGmf6+JBexd+HqPhkeextV6J
-cnmi47HDvIU/TSynhuqZeK/3SZAV7ESqQl42q7wm7Pqw0dkv4jjFCRxDA+Qq2aH6
-szJ7DZxTRWqfR3Zbe78NyFVXKxhFQO72zHzC3pFu/Ak59hmTU23yoXVo5t+5O+Q2
-1kX2dbuLd6Px1bnT+EmyneoPP1Emea5jgsw2/ECqHnvNt6cbp+42XYldGh+PBHBm
-ucC3Mn7sALajHe5k2XkNlfbjSNlmutxQFH1qq9rh/JVyxJNHeGzV5G0timAwfdJF
-UzE1vNU5P0w4O8HrCsX5Ecfgcw2BQ9vPCE3OfG+11xp6oiNMRVsR5pTu7RiI1BQA
-yICWUW/wXuhhHkkwNTiwfciJfVA8ckOiRubik8geEH5boOxgeAaBu6yusQVHnRRy
-G4wjQ+qsWo+wDI9WMdtpNG1toJrSUL4OYa4oX3YogSv5hGrbYIaP4HwO6O2oTMnS
-0lRIGJOqbEQcmKUa/nWT/3NipTnYzyMjMlEQe89YKjd+32tjMfOSdIOvwCGaTizd
-WnKPF77qB9D0v8C/7AdHmEFqf2ZX8vK31aaY+ZpPWG5IHlf6f/buIMBalJOxIBev
-eBqxcHwQuQINBGF4DJ8BEACk2Gwau+s/pKmOTnGLMnB3ybQsiVGLRhsw2SqSTvSy
-BthAyW1UAqdRqNA8/FdMlvVuppG8+vCLXPmpP63C+9M2tyQeOR2aVQp+u1EIwN4l
-Pu4wrh6vdtgSRim8uxBdLIHG16z0xxVhE2rM/Ot/gucfkpoEw289VaR7sPmIxfVT
-m1QcqCGiFQl3rZnma6Bz8UOXJoE8wO+LK5WkcdmFz6+Z3BLSb5IL9lhsArFToNq5
-dN2SSTbCTdHRzrRuoCdefYHdxoLCM4kJfggRRgWhKoEJro+ZipESq1T5yHV/iAJy
-+3DuC8LbYLvsjt9VZYARw8xIGb90Vj3ThWuMoVr/IVmKT7foC5Whe0PTI/b2frNa
-WCxxC4cRVxMusiBX66mclQ4Mvzwj50G1WKygULYcvPQ81Tg0pvgTKqgxwL9luN9M
-iDVtkn9CZx7NFlszVr+ic7nVJjANnJebFHCEZfJbQo4uIwKfYbhopUkCa41iXpes
-bVzAKqNwePgyNTAMFyYnjAUE8FVUmx7ZJVb15iEbMs38gJKJ/Wb8wtJRflAfkhrE
-zh1M/43WUAU3RfPmXTrGeyDCYKTHiXTnj748uH6U40sB9q+qeEhZdTj0KufjgtWa
-FWsZTkVrtGOaI6xfX6py/k3hjU3es+7ddElxhPBcqNE3pkPRqb9wz+exSdM7hiUz
-NwARAQABiQREBBgBCAAPBQJheAyfAhsCBQkFo5qAAikJEHch9jvTi0eWwV0gBBkB
-CAAGBQJheAyfAAoJEE6yfbKjuIuLggkP/1INRyRToLmY1ms9DTWMQ0lwbBL8J3xu
-/neKIOKVGOdw9zcWlGugUoOthSbT8bjvuybH1Vjx4wFM+cnuMVfjD58Xu6ZpgCHN
-1wXYMuzYweBFKaMg4oSwTKuAJBJ2IhfEm/cAryVvKY2zY+uyzgizx3vAg3sjkAPD
-crSCJP2nkuHcJ3nzUbKNAjmdMsnWDrqqZVwP99nuyMk8bAtueZ0SKvIpCv2wIeYO
-7zkj61vuQOFOGhl98OBui5wUhtgQw//esTWYiGNKSmD3derd2JHVA01tBmCWV4KM
-LDbg3CcMMQ1x3V1me6EG3giwBL1I9xTsBUbEa6eEN9U0zdKvoMbSogON5wCuxAzO
-/CXGMreJtBUupHEc69oTuwe426Ihi3AbRrPAg3tnGGFCt11HoQFNnRPWb3unF8Ul
-A2rSytvwFyQi3pzBYt5VsTIA7NEHGuJs+/Oor6AOInzht1cp7AfmDGfGy2N5ow+4
-GI6FPe2UqIg2+nFiGr9hRZOvXRgLQL8dlDnFChymldxm/J/UFdJGSWRldEDsPrzH
-QESKvsV9EjnJQR5p5zkQK6jx0zqSlDgiNG2GT3/CSvwIdCih6Cl9HThHtYNm3ZYN
-0bU9W2jeoLh3AINNTcrp0tAHZuQLFxukbj56O5eB+nfk67/X2iNii46ZdJQNwbT9
-YN6CstQz+Cnqg7YP/3G6Y6NHIQggXnlYIi3iwN72hEgEqz6vIRK87lBGW2r3eQ0c
-DZuE3+5Q4FYciw+B2RKeDhjdmPHypA5o+RiAyI7JOZwJalqHO3nwJG5sr0rRzcJs
-bGvpbzso2JuTyTURv4tBNq45b9y0Qdzt5PpNrPJbQADJWn+HWsbVJB5gWBTdoQYg
-pyTr84nQyscWAUFTRbmHvtjCCfLdvU8wM7ubAQ5Dwi1pABRttRAMuPA94HzaBF5y
-XkghxHpnW0IcXGiwgch9LQyaO9VSRhiPH6r5Zuk7KvGhHph7SC5JgUn9vJmmp1zc
-d0mXQ2Zh8M81J3Ri3iGPHM2CqplAxXNbIrnztbEJhN2I+77m73Z4d+K1ivg6xQht
-eSZhwhx7/Z3Tl+U2jYOEFIn/UFmV3UxRSJa/jQRcjvMKprSp4tAZ2yJI3babjRbi
-xgUEtlK105/JepxcAdw9vosxO/rR7VqCzu0copdxC0GAH8og+A9/3LPhlRGy3Qhf
-zjy9JHWHj4EIsol02BS8+dWvAoYerkve9O9+h6/B5wM/Yng9BjT+OrNvkfmqK2cs
-pBXwYedOrC4uWcUmueEVrv5P4FF36wJ+ejvPS6vdTxVTdLXjouUHwTQQZVlNjWY3
-cIyj03nZ19c+b30+2FzG/uSnb/ePWsRLY7Iyz4ygr8etweBPnEIvjwpAZxOuuQIN
-BGPs+VgBEADKbgLL+vAabKV2rGSDgY+IttTAtg9w9Uor1+Q/CIWGxi/JQy7l7XTK
-jmS0wvdwU+9f/eGsjxigbvAcSsV1szyKfVQQFT2m9KhDrBqNCAvQ5Tg6ZQdNe51o
-HwjiIQ1i7z8QoT22VucdTYqcMLAHe+g0aNqLLSSWLAiW4z+nerclinjiTRCw/aWZ
-JR1ozQd2eKwAw6rk19bHcihXo2E0K1EDmdHcNA8ytypxwWWXBftCYRWXi5J02GeZ
-azxmx/DULnFgy2J4G0ULTqGWsbf/tCt22jqgyX+vFj/sJPn+l3IJqpyNY5yBG6Gc
-ejeP9vRoQrapGqHkcx+37f2vjwmpj5548JI52KEC1yZeFwp8HjGLp+zGajpnokrK
-d4XJHniW9+bPLq7Yp7PNn65MaYvZUjv5enKd45fFK6vJ3Ys/fx6PBXKKBs9flRIg
-dXOKSvtV+bGIG0I/p/JEZ/wPxRgxHPDK5jbcI6KBVm3Uk+CHFC4IBAtzdSh6H4Zf
-w1EH3dQZMLVBB/Sj34UQhlwAOlAXtZH3vks/KpclWK8gnqz3i8HN0ezvcnQlRiRO
-8IqlN9/PmFqZeNTerklT7Tt0jXqiopLHL0FXR2LsndeORfxDE1rhVOUxloeuIsY8
-x6gO8h2bGg41YapROjYxZZEcakg9Nch4XAlxeqB4ISttfbiVxeL2DQARAQABiQRE
-BBgBCAAPBQJj7PlYAhsCBQkFo5qAAikJEHch9jvTi0eWwV0gBBkBCAAGBQJj7PlY
-AAoJEOiJefubMKzyRuUP/jzITdamLoLDxEHOra7Mt2S6peHr3XMbpWEdRlA1vzl7
-AaMYO78Pbm7YkWuEByaXM6vGCC8vhrxZq09dBo+oNlpKHjV6UzVhrQLtw1CrvE1U
-DSlw3ltD4pddky5BoDz0EKVNJchPPqPg7im+EAbzLxDYT0y/tRhqzQ6EODNUivLa
-zWjY+aXWqOVv2Ny071ytFSIXq/1G71pCSAYdi3i7I/cfMoN+g27Nf9Zfc7QWbw02
-mcmTqpmwsrCDu6RR0k4gQhsss0tT1libKzfA20Mox+bhPv1ptI3A0ifh13mFqkf0
-EC4MmeThacU5qn0BBk+AlfZZcoLYNdBl5JfVVekjeuvsVJtJ5zx3luK3DuzbRdbJ
-AHb5mh61HE2BHXTgYiH8tqO1q0soVz02c/1KaF7LyevFVkXHoe5eycY4+RuOyIVg
-yzG09Vic7vacENMM/hl6Ms5prLYq0JvykmQIfxTSC6q4MZV35LTZfH3jt6/K8eoa
-3lXTJUU8Pu4C7sDlAFhe+1y3Or3dLWNkMigw/3c57xWlStcEF+LPMdXE/pVSbEz3
-sgT6CNVGo30+4yunYP3IQFQaTjh9BbnPK66iZhpzsynHZ+daAYD8CX26Da69Ligj
-NTIsQnGlzozxFiW5pxIiMWAKKC5xGy9MHLqWhsbUUy+dDLN7r58B4ptusrzk64DU
-pbcQAJ+wzIvCe2qf5C7yveT/ohGfSL1dX9uFK0TbLqIdSaqzmx3t1+SZUjtuymg6
-4MoUgSt1N6mEfT0TSG9AMkRGcyb6uHxOVm05L/BjLDH7ZqFKHkm3d0jkvjyjNH5Y
-lsTGJerxmpOemf8RAZDwygz5LZ1L5zNfzlkv6beKD60ofBppd28ZxgjeHxbBCdfc
-gFQUK6vxZJ19ygbKJDhylNdwjXUaAaCTKnEzzDHGgtUJO22kIFEKk9/z88sowIrT
-+Te7hBKG2nVYMNBWEWb8Tqh8b1NIYgpwmawcdBjuu6QSnqVIi+YvRmMHJFqHicrn
-OhzaPz2w2nK56ZnCv1f5X0s6MXu9BM7/zLdwEE0K3RHmWvF4G9HN7XmTQPNKG4fI
-+GDY8Gp885LtGdSIXYV4j7NDvEWcuqgPpyQjvpFEB/vDSyqe8yUNGmNVT5wPK6lH
-k10Hv2g9cmkeW0qDiRpDg7nHoFcdUSkAyElzxs++Z8CJMVpzl/TJyJt/ZHm02XNs
-owP8HFWvNcyCGwnk9aYCJRuo+/UgjmQvDnVvoHO+XwrMkjSH7JKJQZvzrJ5x8cZs
-XvM9FyHYq3n7u3R+ASMBVwxF9yAex9CfwRg/3OhzOnkbDsu9HwEEOrV2xMQQQ9MO
-t74fIbGkM3hzws0asNoIV1ec52U1X/NP1W8GT9GRX5OX8uTi
-=RQb5
------END PGP PUBLIC KEY BLOCK-----
-KEYDATA
-    rpm --import "$TMPKEY"
-    rc=$?
-    rm -f "$TMPKEY"
-    if [ "$rc" -eq "0" ]; then
-      return 0
-    fi
-  fi
-  return 1
-}
-
-determine_rpm_package_manager() {
-  local RELEASE
-
-  # Modern method using os-release(5)
-  if [ -f "/etc/os-release" ]; then
-    RELEASE=$(. "/etc/os-release"; echo "$ID")
-    case $RELEASE in
-    "fedora"|"rhel"|"centos"|"amzn"|"mageia"|"openmandriva")
-      PACKAGEMANAGERS=(yum)
-      ;;
-    "suse"|"sles"|"sled"|"opensuse"|"opensuse-leap"|"opensuse-tumbleweed")
-      PACKAGEMANAGERS=(zypp)
-      ;;
-    esac
-  fi
-
-  if [ "$PACKAGEMANAGERS" ]; then
-    return
-  fi
-
-  # Fallback method using lsb_release(1)
-  LSB_RELEASE="$(command -v lsb_release 2> /dev/null)"
-  if [ -x "$LSB_RELEASE" ]; then
-    RELEASE=$(lsb_release -i 2> /dev/null | sed 's/:\t/:/' | cut -d ':' -f 2-)
-    case $RELEASE in
-    "Fedora"|"Amazon"|"Mageia"|"OpenMandrivaLinux")
-      PACKAGEMANAGERS=(yum)
-      ;;
-    "SUSE LINUX"|"openSUSE")
-      PACKAGEMANAGERS=(zypp)
-      ;;
-    esac
-  fi
-
-  if [ "$PACKAGEMANAGERS" ]; then
-    return
-  fi
-
-  # Fallback methods that are probably unnecessary on modern systems.
-  if [ -f "/etc/fedora-release" ] || [ -f "/etc/redhat-release" ]; then
-    PACKAGEMANAGERS=(yum)
-  elif [ -f "/etc/system-release" ] && grep -Fq "Amazon Linux" "/etc/system-release"; then
-    PACKAGEMANAGERS=(yum)
-  elif [ -f "/etc/SuSE-release" ]; then
-    PACKAGEMANAGERS=(zypp)
-  fi
-}
-
-DEFAULT_ARCH="x86_64"
-YUM_REPO_FILE="/etc/yum.repos.d/google-chrome.repo"
-ZYPPER_REPO_FILE="/etc/zypp/repos.d/google-chrome.repo"
-
-install_yum() {
-  install_rpm_key
-
-  if [ ! "$REPOCONFIG" ]; then
-    return 0
-  fi
-
-  if [ -d "/etc/yum.repos.d" ]; then
-cat > "$YUM_REPO_FILE" << REPOCONTENT
-[google-chrome]
-name=google-chrome
-baseurl=$REPOCONFIG/$DEFAULT_ARCH
-enabled=1
-gpgcheck=1
-gpgkey=https://dl.google.com/linux/linux_signing_key.pub
-REPOCONTENT
-  fi
-}
-
-install_zypp() {
-  if [ ! "$REPOCONFIG" ]; then
-    return 0
-  fi
-
-  # Ideally, we would run: zypper addrepo -t YUM -f \
-  # "$REPOCONFIG/$DEFAULT_ARCH" "google-chrome"
-  # but that does not work when zypper is running.
-  if [ -d "/etc/zypp/repos.d" ]; then
-cat > "$ZYPPER_REPO_FILE" << REPOCONTENT
-[google-chrome]
-name=google-chrome
-enabled=1
-autorefresh=1
-baseurl=$REPOCONFIG/$DEFAULT_ARCH
-gpgcheck=1
-gpgkey=https://dl.google.com/linux/linux_signing_key.pub
-type=rpm-md
-keeppackages=0
-REPOCONTENT
-  fi
-}
-
-# Check if the automatic repository configuration is done, so we know when to
-# stop trying.
-verify_install() {
-  # It's probably enough to see that the repo configs have been created. If they
-  # aren't configured properly, update_bad_repo should catch that when it's run.
-  case $1 in
-  "yum")
-    [ -f "$YUM_REPO_FILE" ]
-    ;;
-  "zypp")
-    [ -f "$ZYPPER_REPO_FILE" ]
-    ;;
-  esac
-}
-
-# Update the Google repository if it's not set correctly.
-update_bad_repo() {
-  if [ ! "$REPOCONFIG" ]; then
-    return 0
-  fi
-
-  determine_rpm_package_manager
-
-  for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
-  do
-    case $PACKAGEMANAGER in
-    "yum")
-      update_repo_file "$YUM_REPO_FILE"
-      ;;
-    "zypp")
-      update_repo_file "$ZYPPER_REPO_FILE"
-      ;;
-    esac
-  done
-}
-
-update_repo_file() {
-  REPO_FILE="$1"
-
-  # Don't do anything if the file isn't there, since that probably means the
-  # user disabled it.
-  if [ ! -r "$REPO_FILE" ]; then
-    return 0
-  fi
-
-  # Check if the correct repository configuration is in there.
-  REPOMATCH=$(grep "^baseurl=$REPOCONFIG/$DEFAULT_ARCH" "$REPO_FILE" \
-    2>/dev/null)
-  # If it's there, nothing to do
-  if [ "$REPOMATCH" ]; then
-    return 0
-  fi
-
-  # Check if it's there but disabled by commenting out (as opposed to using the
-  # 'enabled' setting).
-  MATCH_DISABLED=$(grep "^[[:space:]]*#.*baseurl=$REPOCONFIG/$DEFAULT_ARCH" \
-    "$REPO_FILE" 2>/dev/null)
-  if [ "$MATCH_DISABLED" ]; then
-    # It's OK for it to be disabled, as long as nothing bogus is enabled in its
-    # place.
-    ACTIVECONFIGS=$(grep "^baseurl=.*" "$REPO_FILE" 2>/dev/null)
-    if [ ! "$ACTIVECONFIGS" ]; then
-      return 0
-    fi
-  fi
-
-  # If we get here, the correct repository wasn't found, or something else is
-  # active, so fix it. This assumes there is a 'baseurl' setting, but if not,
-  # then that's just another way of disabling, so we won't try to add it.
-  sed -i -e "s,^baseurl=.*,baseurl=$REPOCONFIG/$DEFAULT_ARCH," "$REPO_FILE"
-}
-
-# We only remove the repository configuration during a purge. Since RPM has
-# no equivalent to dpkg --purge, the code below is actually never used. We
-# keep it only for reference purposes, should we ever need it.
-#
-#remove_yum() {
-#  rm -f "$YUM_REPO_FILE"
-#}
-#
-#remove_zypp() {
-#  # Ideally, we would run: zypper removerepo "google-chrome"
-#  # but that does not work when zypper is running.
-#  rm -f /etc/zypp/repos.d/google-chrome.repo
-#}
-
-DEFAULT_ARCH="x86_64"
-
-get_lib_dir() {
-  if [ "$DEFAULT_ARCH" = "i386" ] || [ "$DEFAULT_ARCH" = "armhf" ] || \
-      [ "$DEFAULT_ARCH" = "mipsel" ]; then
-    LIBDIR=lib
-  elif [ "$DEFAULT_ARCH" = "x86_64" ] || [ "$DEFAULT_ARCH" = "aarch64" ] || \
-        [ "$DEFAULT_ARCH" = "mips64el" ]; then
-    LIBDIR=lib64
-  else
-    echo Unknown CPU Architecture: "$DEFAULT_ARCH"
-    exit 1
-  fi
-}
-
-NSS_FILES="libnspr4.so.0d libplds4.so.0d libplc4.so.0d libssl3.so.1d \
-    libnss3.so.1d libsmime3.so.1d libnssutil3.so.1d"
-
-add_nss_symlinks() {
-  get_lib_dir
-  for f in $NSS_FILES
-  do
-    target=$(echo $f | sed 's/\.[01]d$//')
-    if [ -f "/$LIBDIR/$target" ]; then
-      ln -snf "/$LIBDIR/$target" "/usr/bin/google/chrome/$f"
-    elif [ -f "/usr/$LIBDIR/$target" ]; then
-      ln -snf "/usr/$LIBDIR/$target" "/usr/bin/google/chrome/$f"
-    else
-      echo $f not found in "/$LIBDIR/$target" or "/usr/$LIBDIR/$target".
-      exit 1
-    fi
-  done
-}
-
-remove_nss_symlinks() {
-  for f in $NSS_FILES
-  do
-    rm -rf "/usr/bin/google/chrome/$f"
-  done
-}
-
-remove_udev_symlinks() {
-  rm -rf "/usr/bin/google/chrome/libudev.so.0"
-}
-
-remove_nss_symlinks
-add_nss_symlinks
-
-remove_udev_symlinks
-
-if [ ! -e "$DEFAULTS_FILE" ]; then
-  echo 'repo_add_once="true"' > "$DEFAULTS_FILE"
-fi
-
-. "$DEFAULTS_FILE"
-
-if [ "$repo_add_once" = "true" ]; then
-  determine_rpm_package_manager
-
-  for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
-  do
-    case $PACKAGEMANAGER in
-    "yum")
-      install_yum
-      ;;
-    "zypp")
-      install_zypp
-      ;;
-    esac
-  done
-fi
-
-CHANNEL=stable
-case $CHANNEL in
-  stable )
-    PRIORITY=200
-    ;;
-  beta )
-    PRIORITY=150
-    ;;
-  unstable )
-    PRIORITY=120
-    ;;
-  * )
-    PRIORITY=0
-    ;;
-esac
-
-/usr/sbin/update-alternatives --install /usr/bin/google-chrome \
-  google-chrome /usr/bin/google-chrome-stable $PRIORITY
-
-exit 0
-
-
-#------------------------------------------------------------------------------
-#   Pre uninstallation script
-#------------------------------------------------------------------------------
-
-
-%preun -p /bin/sh
-
-if [ "$1" -eq "0" ]; then
-  mode="uninstall"
-elif [ "$1" -eq "1" ]; then
-  mode="upgrade"
-fi
-
-# sources.list setting for google-chrome updates.
-REPOCONFIG="https://dl.google.com/linux/chrome/rpm/stable"
-REPOCONFIGREGEX=""
-
-# Install the repository signing key (see also:
-# https://www.google.com/linuxrepositories/)
-install_rpm_key() {
-  KEY_PACKAGE="gpg-pubkey-d38b4796-570c8cd3"
-  # Check to see if all keys already exists.
-  # Make sure all the most recent signing subkeys are installed.
-  NEED_KEYS=0
-
-  SUB_KEY_LIST=(
-    # 2017 signing subkey
-    "6494C6D6997C215E"
-    # 2019 signing subkey
-    "78BD65473CB3BD13"
-    # 2021 signing subkey
-    "4EB27DB2A3B88B8B"
-    # 2023 signing subkey
-    "E88979FB9B30ACF2"
-  )
-
-  for SUB_KEY in "${SUB_KEY_LIST[@]}"; do
-    rpm -q ${KEY_PACKAGE} --qf '%%{Pubkeys:armor}\n' | \
-      gpg --with-colons - 2>/dev/null | \
-      grep -q "$SUB_KEY"
-    if [ "$?" -ne "0" ]; then
-      NEED_KEYS=1
-    fi
-  done
-
-  if [ $NEED_KEYS -ne 1 ]; then
-    return
-  fi
-
-  # Make sure no older version of the key is installed because it appears
-  # 'rpm --import' won't overwrite an existing key package.
-  rpm -q ${KEY_PACKAGE} >/dev/null 2>&1
-  if [ "$?" -eq "0" ]; then
-    # Note, if this is run during the package install, it will fail because rpm
-    # can't recursively run rpm, but it should work when run later as part of
-    # the installed cron job (and probably nothing needs the new keys before
-    # then).
-    rpm -e --allmatches ${KEY_PACKAGE} >/dev/null 2>&1 || return
-  fi
-
-  # RPM on Mandriva 2009 is dumb and does not understand "rpm --import -"
-  TMPKEY=$(mktemp /tmp/google.sig.XXXXXX)
-  if [ -n "$TMPKEY" ]; then
-    cat > "$TMPKEY" <<KEYDATA
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.2.2 (GNU/Linux)
-
-mQGiBEXwb0YRBADQva2NLpYXxgjNkbuP0LnPoEXruGmvi3XMIxjEUFuGNCP4Rj/a
-kv2E5VixBP1vcQFDRJ+p1puh8NU0XERlhpyZrVMzzS/RdWdyXf7E5S8oqNXsoD1z
-fvmI+i9b2EhHAA19Kgw7ifV8vMa4tkwslEmcTiwiw8lyUl28Wh4Et8SxzwCggDcA
-feGqtn3PP5YAdD0km4S4XeMEAJjlrqPoPv2Gf//tfznY2UyS9PUqFCPLHgFLe80u
-QhI2U5jt6jUKN4fHauvR6z3seSAsh1YyzyZCKxJFEKXCCqnrFSoh4WSJsbFNc4PN
-b0V0SqiTCkWADZyLT5wll8sWuQ5ylTf3z1ENoHf+G3um3/wk/+xmEHvj9HCTBEXP
-78X0A/0Tqlhc2RBnEf+AqxWvM8sk8LzJI/XGjwBvKfXe+l3rnSR2kEAvGzj5Sg0X
-4XmfTg4Jl8BNjWyvm2Wmjfet41LPmYJKsux3g0b8yzQxeOA4pQKKAU3Z4+rgzGmf
-HdwCG5MNT2A5XxD/eDd+L4fRx0HbFkIQoAi1J3YWQSiTk15fw7RMR29vZ2xlLCBJ
-bmMuIExpbnV4IFBhY2thZ2UgU2lnbmluZyBLZXkgPGxpbnV4LXBhY2thZ2VzLWtl
-eW1hc3RlckBnb29nbGUuY29tPohjBBMRAgAjAhsDBgsJCAcDAgQVAggDBBYCAwEC
-HgECF4AFAkYVdn8CGQEACgkQoECDD3+sWZHKSgCfdq3HtNYJLv+XZleb6HN4zOcF
-AJEAniSFbuv8V5FSHxeRimHx25671az+uQINBEXwb0sQCACuA8HT2nr+FM5y/kzI
-A51ZcC46KFtIDgjQJ31Q3OrkYP8LbxOpKMRIzvOZrsjOlFmDVqitiVc7qj3lYp6U
-rgNVaFv6Qu4bo2/ctjNHDDBdv6nufmusJUWq/9TwieepM/cwnXd+HMxu1XBKRVk9
-XyAZ9SvfcW4EtxVgysI+XlptKFa5JCqFM3qJllVohMmr7lMwO8+sxTWTXqxsptJo
-pZeKz+UBEEqPyw7CUIVYGC9ENEtIMFvAvPqnhj1GS96REMpry+5s9WKuLEaclWpd
-K3krttbDlY1NaeQUCRvBYZ8iAG9YSLHUHMTuI2oea07Rh4dtIAqPwAX8xn36JAYG
-2vgLAAMFB/wKqaycjWAZwIe98Yt0qHsdkpmIbarD9fGiA6kfkK/UxjL/k7tmS4Vm
-CljrrDZkPSQ/19mpdRcGXtb0NI9+nyM5trweTvtPw+HPkDiJlTaiCcx+izg79Fj9
-KcofuNb3lPdXZb9tzf5oDnmm/B+4vkeTuEZJ//IFty8cmvCpzvY+DAz1Vo9rA+Zn
-cpWY1n6z6oSS9AsyT/IFlWWBZZ17SpMHu+h4Bxy62+AbPHKGSujEGQhWq8ZRoJAT
-G0KSObnmZ7FwFWu1e9XFoUCt0bSjiJWTIyaObMrWu/LvJ3e9I87HseSJStfw6fki
-5og9qFEkMrIrBCp3QGuQWBq/rTdMuwNFiEkEGBECAAkFAkXwb0sCGwwACgkQoECD
-D3+sWZF/WACfeNAu1/1hwZtUo1bR+MWiCjpvHtwAnA1R3IHqFLQ2X3xJ40XPuAyY
-/FJG
-=Quqp
------END PGP PUBLIC KEY BLOCK-----
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFcMjNMBEAC6Wr5QuLIFgz1V1EFPlg8ty2TsjQEl4VWftUAqWlMevJFWvYEx
-BOsOZ6kNFfBfjAxgJNWTkxZrHzDl74R7KW/nUx6X57bpFjUyRaB8F3/NpWKSeIGS
-pJT+0m2SgUNhLAn1WY/iNJGNaMl7lgUnaP+/ZsSNT9hyTBiH3Ev5VvAtMGhVI/u8
-P0EtTjXp4o2U+VqFTBGmZ6PJVhCFjZUeRByloHw8dGOshfXKgriebpioHvU8iQ2U
-GV3WNIirB2Rq1wkKxXJ/9Iw+4l5m4GmXMs7n3XaYQoBj28H86YA1cYWSm5LR5iU2
-TneI1fJ3vwF2vpSXVBUUDk67PZhg6ZwGRT7GFWskC0z8PsWd5jwK20mA8EVKq0vN
-BFmMK6i4fJU+ux17Rgvnc9tDSCzFZ1/4f43EZ41uTmmNXIDsaPCqwjvSS5ICadt2
-xeqTWDlzONUpOs5yBjF1cfJSdVxsfshvln2JXUwgIdKl4DLbZybuNFXnPffNLb2v
-PtRJHO48O2UbeXS8n27PcuMoLRd7+r7TsqG2vBH4t/cB/1vsvWMbqnQlaJ5VsjeW
-Tp8Gv9FJiKuU8PKiWsF4EGR/kAFyCB8QbJeQ6HrOT0CXLOaYHRu2TvJ4taY9doXn
-98TgU03XTLcYoSp49cdkkis4K+9hd2dUqARVCG7UVd9PY60VVCKi47BVKQARAQAB
-tFRHb29nbGUgSW5jLiAoTGludXggUGFja2FnZXMgU2lnbmluZyBBdXRob3JpdHkp
-IDxsaW51eC1wYWNrYWdlcy1rZXltYXN0ZXJAZ29vZ2xlLmNvbT6JAjgEEwECACIF
-AlcMjNMCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEHch9jvTi0eW5CAP
-/RELE/OAoA4o1cMBxJsljWgCgDig2Ge91bFCN0vExLcP0iByra7qPWJowXDJ5sCj
-UBnCkrxGo5D15U7cW5FC0+qWU73q0AuG3OjKDQ49ecdRkYHwcvwWQvT5Lz3DwOGW
-4armfEuzWXcUDeShR7AgfcTq+Pfoo3dHqdB8TmtNySu/AdJFmVH/xTiWYWrOSibh
-yLuaSW/0cTkHW0GDk06MlDkcdkTzhO5GMDO7PUxBgCysTXFR0T9TVWDo9VwvuMww
-2pE5foleA0X6PD/6GQpy3aX2xry8rhFvYplEa5zwXhqsscdKXlp1ZPZ4PMvvwe49
-5mY9n/1Rx1TmMvIcLHKP61sURMOve97Gipk/iD6oaeeT8I0khexHCQy7JMROoPMr
-z5onVOt2rAGZScIZsm5FYGSt9eDKBWI6qpJ/5QoVhkRWjOXOchZlJHo+kLdg6jq2
-vOnIlFnXo0p6Rqf/IEq5PMh70vVZpk4tNYNy4zRx03ZTA9qXRLW+ftxSQIYMY5eC
-Z31lqSH4EjqgtUG+zn2A6juKayb1nkt2O3F1wWOm6oTzNsAP5LdReJRlw151Jp4U
-4ftGtw7ygq+nvokXL7YLuu8sbFqfFXcTPrAZa5M9gnC7GCnIQyF/WvqUnrcaC1jp
-qBc+pkSJhROhN12QY8Po8AT8/UaUh/dPIiW5A4o8pOPEiEYEEBECAAYFAlcNtn8A
-CgkQoECDD3+sWZGy3wCfWTMZWsipX+yG/VB4Q1FunIfEVHYAnimEXCjZ3IVyy5F1
-yU36PihDCjWqiEYEEBECAAYFAlcNtvEACgkQMUcsOzG36APnRwCeJ/bfGf8FBa4q
-5TMw8p1GS1jWT5EAn2sc02481HHdTmZiW/CGWXmgE+OPuQINBFcMjcgBEACrL9gH
-hdr6gQX4ZMA5slp628xOrHCsdLO54WNdPRKeFHXJqSSJi3fs8FxBWI4FnejeKUGb
-F+MrOlFpKqELxaMje7bwZyap3izztZHszP3YmOoTBJvREGKdCkL82cLsChYD/Prg
-E8crvkhSnq9evcsKAnziMxg/wDCChUL3Evqo29BeoB81f+E9wkrUTMCT/kVxt3pG
-RalKX0UhrtKrpm8yRfjufJfwjkdwgvinkRGZ2GrWHj4LzMbi9/udYaJZ66Yw0hEU
-4USxUB9vNtmSFrb4EB91T2rhc68dgQ4jYBI7K4Ebb8XaWAxb+IAq31l1UkiEA32F
-4qUMoL6rChB4y6nHxOnTvs+XEb5TBwXVogjLRKTQs5U/HV9l7j+HAchk5y3im2N2
-UKmMxHqotvPZZUZPdaCRxUedQf9gR0yLZV+U9BcDuwjzL/zjrthNZYlEGJ6HZ/TL
-STp4dDH+uXuLqMVWy5iquKtnbrnNTQtv5twD+Ajpgy60YLOJ9YaiJ4GjifOpzSk8
-3e1rJ3p/pX6B5NWQinVLZJzxyeOoh3iMjdmCDSnEXLrCmYv5g6jyV/Wbd4GYFuMK
-8TT7+PQdWLcbZ/Lxc5w0s+c7+f5OfmKXO5KPHnnUsrF5DBaKRPjScpwePQitxeIg
-lUgEMDkNruBhu1PzCxd3BtXgu++K3WdoH3VcgwARAQABiQREBBgBAgAPBQJXDI3I
-AhsCBQkFo5qAAikJEHch9jvTi0eWwV0gBBkBAgAGBQJXDI3IAAoJEBOXvFNkDbVR
-QSYP/0Ewr3T7e0soTz8g4QJLLVqZDZdX8Iez04idNHuvAu0AwdZ2wl0C+tMkD7l4
-R2aI6BKe/9wPndk/NJe+ZYcD/uzyiKIJQD48PrifNnwvHu9A80rE4BppQnplENeh
-ibbWaGNJQONGFJx7QTYlFjS5LNlG1AX6mQjxvb423zOWSOmEamYXYBmYyMG6vkr/
-XTPzsldky8XFuPrJUZslL/Wlx31XQ1IrtkHHOYqWwr0hTc50/2O8H0ewl/dBZLq3
-EminZZ+tsTugof0j4SbxYhplw99nGwbN1uXy4L8/dWOUXnY5OgaTKZPF15zRMxXN
-9FeylBVYpp5kzre/rRI6mQ2lafYHdbjvd7ryHF5JvYToSDXd0mzF2nLzm6jwsO84
-7ZNd5GdTD6/vcef1IJta1nSwA/hhLtgtlz6/tNncp3lEdCjAMx29jYPDX+Lqs9JA
-xcJHufr82o6wM9TF24Q8ra8NbvB63odVidCfiHoOsIFDUrazH8XuaQzyZkI0bbzL
-mgMAvMO6u1zPfe/TK6LdJg7AeAKScOJS38D5mmwaD1bABr67ebA/X5HdaomSDKVd
-UYaewfTGBIsrWmCmKpdb+WfX4odFpNzXW/qskiBp5WSesKvN1QUkLJZDZD1kz2++
-Xul5B97s5LxLTLRwvgLoNaUFr3lnejzNLgdBpf6FnkA59syRUuIP/jiAZ2uJzXVK
-PeRJqMGL+Ue2HiVEe8ima3SQIceqW8jKS7c7Nic6dMWxgnDpk5tJmVjrgfc0a9c1
-FY4GomUBbZFj+j73+WRk3EaVKIsty+xz48+rlJjdYFVCJo0Jp67jjjXOt6EOHTni
-OA/ANtzRIzDMnWrwJZ7AxCGJ4YjLShkcRM9S30X0iuAkxNILX++SNOd8aqc2bFof
-yTCkcbk6CIc1W00vffv1QGTNjstNpVSl9+bRmlJDqJWnDGk5Nl4Ncqd8X51V0tYE
-g6WEK4OM83wx5Ew/TdTRq5jJkbCu2GYNaNNNgXW7bXSvT5VINbuP6dmbi1/8s0jK
-JQOEBI3RxxoB+01Dgx9YdNfjsCM3hvQvykaWMALeZIpzbXxV118Y9QQUIRe2L+4X
-ZACEAhWjj2K1wP7ODGTQrrM4q4sIw1l3l7yO9aXXN7likAAddT4WEpGV0CiorReO
-J1y/sKJRJSI/npN1UK7wMazZ+yzhxN0qzG8sqREKJQnNuuGQQ/qIGb/oe4dPO0Fi
-hAUGkWoa0bgtGVijN5fQSbMbV50kZYqaa9GnNQRnchmZb+pK2xLcK85hD1np37/A
-m5o2ggoONj3qI3JaRHsZaOs1qPQcyd46OyIFUpHJIfk4nezDCoQYd93bWUGqDwxI
-/n/CsdO0365yqDO/ADscehlVqdAupVv2uQINBFiGv8wBEACtrmK7c12DfxkPAJSD
-12VanxLLvvjYW0KEWKxN6TMRQCawLhGwFf7FLNpab829DFMhBcNVgJ8aU0YIIu9f
-HroIaGi+bkBkDkSWEhSTlYa6ISfBn6Zk9AGBWB/SIelOncuAcI/Ik6BdDzIXnDN7
-cXsMgV1ql7jIbdbsdX63wZEFwqbaiL1GWd4BUKhj0H46ZTEVBLl0MfHNlYl+X3ib
-9WpRS6iBAGOWs8Kqw5xVE7oJm9DDXXWOdPUE8/FVti+bmOz+ICwQETY9I2EmyNXy
-UG3iaKs07VAf7SPHhgyBEkMngt5ZGcH4gs1m2l/HFQ0StNFNhXuzlHvQhDzd9M1n
-qpstEe+f8AZMgyNnM+uGHJq9VVtaNnwtMDastvNkUOs+auMXbNwsl5y/O6ZPX5I5
-IvJmUhbSh0UOguGPJKUu/bl65theahz4HGBA0Q5nzgNLXVmU6aic143iixxMk+/q
-A59I6KelgWGj9QBPAHU68//J4dPFtlsRKZ7vI0vD14wnMvaJFv6tyTSgNdWsQOCW
-i+n16rGfMx1LNZTO1bO6TE6+ZLuvOchGJTYP4LbCeWLL8qDbdfz3oSKHUpyalELJ
-ljzin6r3qoA3TqvoGK5OWrFozuhWrWt3tIto53oJ34vJCsRZ0qvKDn9PQX9r3o56
-hKhn8G9z/X5tNlfrzeSYikWQcQARAQABiQREBBgBAgAPBQJYhr/MAhsCBQkFo5qA
-AikJEHch9jvTi0eWwV0gBBkBAgAGBQJYhr/MAAoJEGSUxtaZfCFeW4kP/iZq+blR
-DzgRzOw16x80vyBjfPOUKd++dSUkcr4Khi5vjBygNdVSWcKZaBKVkdBmCvf+p9bY
-wzfL+RdxvGEv8WKNTNjdaWcJ2chU2O4H5Am3QsduQ/sSf+jTzlnMe7NpfF9n3uo3
-4o+xEFOOcnyF3cHrhxWOCde9rX6kbnUQriIMXZteJY8e9Rs+Iv46DoL1eOlavAgD
-UJbIf/iLt219OdtWI7ZqopA0d+tcn7FL3fwuvyvn5WZRYHIerB4EYgBI6bCwl5JQ
-ejORlhuYx1oknyPjnzPJ9Los74chrf7OHOJ06iIQf1zlC9V/niA2xiM9NwePtTQO
-CTEJVB6IEoEtH6rozpAdriprH9fRnZkJxINNnCoYk1op9wVh3xfUHbOCvGQbB54c
-qN+amp9dEquCAe6Yt1WodTspL1zPXJ5Mv43Dud76TNEwQDywuebg4NFQnBTPXZGp
-LQYbUVhXSuMlVZXNEUx8xSz7vECm0S4x2h12RBKbK2RfI4oCq/wpD1dQRsZaKSYL
-FbZw5j2yk6nBBrtfahd7sWVX1F+YdisbTeT5iUhESAWqW9bCyCnNRFy6V34IgW9P
-e9yLu8WbVSJAFvnALxsc6hGyvs5dbXbruWKmi5mvk6tCFWdFlBVrrhx1QgqMtcS3
-jv3S7GHyCA3CS1lEgsifYkeOARAgJ1hZ5BvUurUP+wb66lIhDB0U9NuFdJUTc6nO
-/1cy3i9mGCVoqwmTcB1BJ9E1hncMUP1/MvrAgkBBrAWJiD2Xj9QV/uBozA7nLxrV
-7cf1de9OLgH4eNEfX25xj8BBPYnyVyHsyk5ZHDhjj9SaurfvlFWYi13i5ieMpyLV
-JV4+r2Wi1x1UgKVAlB78sHYnbDzSoHPLBcIxtIKp30LJ0PEkat8SG7G2wgtv1Rdh
-mcZEBV05vMnrGGO991e+pKzRNPYH8rD3VQKJlvaFwsJuBTW42gZ3KfpUNKI2ugCc
-nRNpoHFWNCrzlJ0CFI48LMlmUSs+7i/l+QGleaLKQxRTNNpAmevLrS7ga4Iq0IEq
-xey6VW6RSk/Z1Z37J8B7PISSR0rZn6TeyQgFWf/FOLw6OtwOquGmMeGSqj2Uzxyb
-ygtsvUZz0BxYymoWFd4F8sp43oL2TXU6Wp7QIpBaFgkSf/UQxfR6wcQ3ivafeS1l
-g8vUFuMfuMLto6T0JiZw8uKSuDWltSReF+FXVnhawz72BZMy8RIoshGdpWHn/YbN
-6L+JOuxZnvkMAZvSLT3c0H4XCDYtEfK2mJMqD2ynX5tGR8Fy3GAaEjhx36TvzTjC
-XRmJ+FnlSW1p77x+UjFUFcpY8skv+f0Gip30iynAb1hoAdibIDab612OWi/4vX0D
-aM6t68Uq8rsabeJYsZG4uQINBF01/K4BEACskZL08crrKfX2aD2w8OUS3jVGSW7K
-10Jr/dgl6ZB7Xx/y3c9lhBim7oRIsl6tpR/DBP50UnTIgBbvynbJ6tbWGptt64Az
-nI7el9pH0k63DOKcfqRUgJKTM4OUZSkcuqQ2qnkvn+g0oiJ3VhaVYOJdJfJF/pLj
-5Oi3UEL2afoEd048/lZEaATRvEqLj+h2pSfETEl5wCWyRnuMSu6ay9NmVzRxiJhP
-DGW2ppQTxJuaKj+6Vqw5WISu9nsRxTPE1DW8f7LYyPBwgultuSYKZoCdfoYE8ff4
-71oZIuCKcGSSBHQbR6MBTD6KJtqzBzpfJ8zZJmVO4lg0CJgp9xX2QZ8hPkpaBbnq
-2JCMS1zriCMN8iGhW6ZHYmZQJtWuubuZt51VL9QmEUUhCF1t+3ld11SaowY4NFKI
-LUdYbC2zAOQIEEJkWRIHKleuc2zYSNSoXl06oGgwCKQb5l+LlcYHx4+/F3+KzyAq
-0NqBC1rMnhbn3tcckdZyhLEpnx9/y33ypo6ZZ0s6dLGrmSpJpedEz6zr8siBa4uT
-3IvVF4xjfpzSt3cMD/Lzhbnk5onUfkmoCmQ/pkuKpMr35hHtdDxshLcLPFkTncMj
-EVAOBToHDbKDSplueyJm48ELPi9ZmuyNu7WsB8TWVEAkUShxdeHALVpY1D+MjXK+
-Z5ap6/tppj+fmwARAQABiQREBBgBCAAPBQJdNfyuAhsCBQkFo5qAAikJEHch9jvT
-i0eWwV0gBBkBCAAGBQJdNfyuAAoJEHi9ZUc8s70TzUAP/1Qq69M1CMd302TMnp1Y
-h1O06wkCPFGnMFMVwYRXH5ggoYUb3IoCOmIAHOEn6v9fho0rYImS+oRDFeE08dOx
-eI+Co0xVisVHJ1JJvdnu216BaXEsztZ0KGyUlFidXROrwndlpE3qlz4t1wh/EEaU
-H2TaQjRJ+O1mXJtF6vLB1+YvMTMz3+/3aeX/elDz9aatHSpjBVS2NzbHurb9g7mq
-D45nB80yTBsPYT7439O9m70OqsxjoDqe0bL/XlIXsM9w3ei/Us7rSfSY5zgIKf7/
-iu+aJcMAQC9Zir7XASUVsbBZywfpo2v4/ACWCHJ63lFST2Qrlf4Rjj1PhF0ifvB2
-XMR6SewNkDgVlQV+YRPO1XwTOmloFU8qepkt8nm0QM1lhdOQdKVe0QyNn6btyUCK
-I7p4pKc8/yfZm5j6EboXiGAb3XCcSFhR6pFrad12YMcKBhFYvLCaCN6g1q5sSDxv
-xqfRETvEFVwqOzlfiUH9KVY3WJcOZ3Cpbeu3QCpPkTiVZgbnR+WU9JSGQFEi7iZT
-rT8tct4hIg1Pa35B1lGZIlpYmzvdN5YoV9ohJoa1Bxj7qialTT/Su1Eb/toOOkOl
-qQ7B+1NBXzv9FmiBntC4afykHIeEIESNX9LdmvB+kQMW7d1d7Bs0aW2okPDt02vg
-wH2VEtQTtfq5B98jbwNW9mbXTvMQAKKCKl+H8T72WdueqgPKHEkXDZtJmTn6nyne
-YlETvdmHGEIb1ejxuJ5URlAYnciY+kvSQ/boKjVHNGmf6+JBexd+HqPhkeextV6J
-cnmi47HDvIU/TSynhuqZeK/3SZAV7ESqQl42q7wm7Pqw0dkv4jjFCRxDA+Qq2aH6
-szJ7DZxTRWqfR3Zbe78NyFVXKxhFQO72zHzC3pFu/Ak59hmTU23yoXVo5t+5O+Q2
-1kX2dbuLd6Px1bnT+EmyneoPP1Emea5jgsw2/ECqHnvNt6cbp+42XYldGh+PBHBm
-ucC3Mn7sALajHe5k2XkNlfbjSNlmutxQFH1qq9rh/JVyxJNHeGzV5G0timAwfdJF
-UzE1vNU5P0w4O8HrCsX5Ecfgcw2BQ9vPCE3OfG+11xp6oiNMRVsR5pTu7RiI1BQA
-yICWUW/wXuhhHkkwNTiwfciJfVA8ckOiRubik8geEH5boOxgeAaBu6yusQVHnRRy
-G4wjQ+qsWo+wDI9WMdtpNG1toJrSUL4OYa4oX3YogSv5hGrbYIaP4HwO6O2oTMnS
-0lRIGJOqbEQcmKUa/nWT/3NipTnYzyMjMlEQe89YKjd+32tjMfOSdIOvwCGaTizd
-WnKPF77qB9D0v8C/7AdHmEFqf2ZX8vK31aaY+ZpPWG5IHlf6f/buIMBalJOxIBev
-eBqxcHwQuQINBGF4DJ8BEACk2Gwau+s/pKmOTnGLMnB3ybQsiVGLRhsw2SqSTvSy
-BthAyW1UAqdRqNA8/FdMlvVuppG8+vCLXPmpP63C+9M2tyQeOR2aVQp+u1EIwN4l
-Pu4wrh6vdtgSRim8uxBdLIHG16z0xxVhE2rM/Ot/gucfkpoEw289VaR7sPmIxfVT
-m1QcqCGiFQl3rZnma6Bz8UOXJoE8wO+LK5WkcdmFz6+Z3BLSb5IL9lhsArFToNq5
-dN2SSTbCTdHRzrRuoCdefYHdxoLCM4kJfggRRgWhKoEJro+ZipESq1T5yHV/iAJy
-+3DuC8LbYLvsjt9VZYARw8xIGb90Vj3ThWuMoVr/IVmKT7foC5Whe0PTI/b2frNa
-WCxxC4cRVxMusiBX66mclQ4Mvzwj50G1WKygULYcvPQ81Tg0pvgTKqgxwL9luN9M
-iDVtkn9CZx7NFlszVr+ic7nVJjANnJebFHCEZfJbQo4uIwKfYbhopUkCa41iXpes
-bVzAKqNwePgyNTAMFyYnjAUE8FVUmx7ZJVb15iEbMs38gJKJ/Wb8wtJRflAfkhrE
-zh1M/43WUAU3RfPmXTrGeyDCYKTHiXTnj748uH6U40sB9q+qeEhZdTj0KufjgtWa
-FWsZTkVrtGOaI6xfX6py/k3hjU3es+7ddElxhPBcqNE3pkPRqb9wz+exSdM7hiUz
-NwARAQABiQREBBgBCAAPBQJheAyfAhsCBQkFo5qAAikJEHch9jvTi0eWwV0gBBkB
-CAAGBQJheAyfAAoJEE6yfbKjuIuLggkP/1INRyRToLmY1ms9DTWMQ0lwbBL8J3xu
-/neKIOKVGOdw9zcWlGugUoOthSbT8bjvuybH1Vjx4wFM+cnuMVfjD58Xu6ZpgCHN
-1wXYMuzYweBFKaMg4oSwTKuAJBJ2IhfEm/cAryVvKY2zY+uyzgizx3vAg3sjkAPD
-crSCJP2nkuHcJ3nzUbKNAjmdMsnWDrqqZVwP99nuyMk8bAtueZ0SKvIpCv2wIeYO
-7zkj61vuQOFOGhl98OBui5wUhtgQw//esTWYiGNKSmD3derd2JHVA01tBmCWV4KM
-LDbg3CcMMQ1x3V1me6EG3giwBL1I9xTsBUbEa6eEN9U0zdKvoMbSogON5wCuxAzO
-/CXGMreJtBUupHEc69oTuwe426Ihi3AbRrPAg3tnGGFCt11HoQFNnRPWb3unF8Ul
-A2rSytvwFyQi3pzBYt5VsTIA7NEHGuJs+/Oor6AOInzht1cp7AfmDGfGy2N5ow+4
-GI6FPe2UqIg2+nFiGr9hRZOvXRgLQL8dlDnFChymldxm/J/UFdJGSWRldEDsPrzH
-QESKvsV9EjnJQR5p5zkQK6jx0zqSlDgiNG2GT3/CSvwIdCih6Cl9HThHtYNm3ZYN
-0bU9W2jeoLh3AINNTcrp0tAHZuQLFxukbj56O5eB+nfk67/X2iNii46ZdJQNwbT9
-YN6CstQz+Cnqg7YP/3G6Y6NHIQggXnlYIi3iwN72hEgEqz6vIRK87lBGW2r3eQ0c
-DZuE3+5Q4FYciw+B2RKeDhjdmPHypA5o+RiAyI7JOZwJalqHO3nwJG5sr0rRzcJs
-bGvpbzso2JuTyTURv4tBNq45b9y0Qdzt5PpNrPJbQADJWn+HWsbVJB5gWBTdoQYg
-pyTr84nQyscWAUFTRbmHvtjCCfLdvU8wM7ubAQ5Dwi1pABRttRAMuPA94HzaBF5y
-XkghxHpnW0IcXGiwgch9LQyaO9VSRhiPH6r5Zuk7KvGhHph7SC5JgUn9vJmmp1zc
-d0mXQ2Zh8M81J3Ri3iGPHM2CqplAxXNbIrnztbEJhN2I+77m73Z4d+K1ivg6xQht
-eSZhwhx7/Z3Tl+U2jYOEFIn/UFmV3UxRSJa/jQRcjvMKprSp4tAZ2yJI3babjRbi
-xgUEtlK105/JepxcAdw9vosxO/rR7VqCzu0copdxC0GAH8og+A9/3LPhlRGy3Qhf
-zjy9JHWHj4EIsol02BS8+dWvAoYerkve9O9+h6/B5wM/Yng9BjT+OrNvkfmqK2cs
-pBXwYedOrC4uWcUmueEVrv5P4FF36wJ+ejvPS6vdTxVTdLXjouUHwTQQZVlNjWY3
-cIyj03nZ19c+b30+2FzG/uSnb/ePWsRLY7Iyz4ygr8etweBPnEIvjwpAZxOuuQIN
-BGPs+VgBEADKbgLL+vAabKV2rGSDgY+IttTAtg9w9Uor1+Q/CIWGxi/JQy7l7XTK
-jmS0wvdwU+9f/eGsjxigbvAcSsV1szyKfVQQFT2m9KhDrBqNCAvQ5Tg6ZQdNe51o
-HwjiIQ1i7z8QoT22VucdTYqcMLAHe+g0aNqLLSSWLAiW4z+nerclinjiTRCw/aWZ
-JR1ozQd2eKwAw6rk19bHcihXo2E0K1EDmdHcNA8ytypxwWWXBftCYRWXi5J02GeZ
-azxmx/DULnFgy2J4G0ULTqGWsbf/tCt22jqgyX+vFj/sJPn+l3IJqpyNY5yBG6Gc
-ejeP9vRoQrapGqHkcx+37f2vjwmpj5548JI52KEC1yZeFwp8HjGLp+zGajpnokrK
-d4XJHniW9+bPLq7Yp7PNn65MaYvZUjv5enKd45fFK6vJ3Ys/fx6PBXKKBs9flRIg
-dXOKSvtV+bGIG0I/p/JEZ/wPxRgxHPDK5jbcI6KBVm3Uk+CHFC4IBAtzdSh6H4Zf
-w1EH3dQZMLVBB/Sj34UQhlwAOlAXtZH3vks/KpclWK8gnqz3i8HN0ezvcnQlRiRO
-8IqlN9/PmFqZeNTerklT7Tt0jXqiopLHL0FXR2LsndeORfxDE1rhVOUxloeuIsY8
-x6gO8h2bGg41YapROjYxZZEcakg9Nch4XAlxeqB4ISttfbiVxeL2DQARAQABiQRE
-BBgBCAAPBQJj7PlYAhsCBQkFo5qAAikJEHch9jvTi0eWwV0gBBkBCAAGBQJj7PlY
-AAoJEOiJefubMKzyRuUP/jzITdamLoLDxEHOra7Mt2S6peHr3XMbpWEdRlA1vzl7
-AaMYO78Pbm7YkWuEByaXM6vGCC8vhrxZq09dBo+oNlpKHjV6UzVhrQLtw1CrvE1U
-DSlw3ltD4pddky5BoDz0EKVNJchPPqPg7im+EAbzLxDYT0y/tRhqzQ6EODNUivLa
-zWjY+aXWqOVv2Ny071ytFSIXq/1G71pCSAYdi3i7I/cfMoN+g27Nf9Zfc7QWbw02
-mcmTqpmwsrCDu6RR0k4gQhsss0tT1libKzfA20Mox+bhPv1ptI3A0ifh13mFqkf0
-EC4MmeThacU5qn0BBk+AlfZZcoLYNdBl5JfVVekjeuvsVJtJ5zx3luK3DuzbRdbJ
-AHb5mh61HE2BHXTgYiH8tqO1q0soVz02c/1KaF7LyevFVkXHoe5eycY4+RuOyIVg
-yzG09Vic7vacENMM/hl6Ms5prLYq0JvykmQIfxTSC6q4MZV35LTZfH3jt6/K8eoa
-3lXTJUU8Pu4C7sDlAFhe+1y3Or3dLWNkMigw/3c57xWlStcEF+LPMdXE/pVSbEz3
-sgT6CNVGo30+4yunYP3IQFQaTjh9BbnPK66iZhpzsynHZ+daAYD8CX26Da69Ligj
-NTIsQnGlzozxFiW5pxIiMWAKKC5xGy9MHLqWhsbUUy+dDLN7r58B4ptusrzk64DU
-pbcQAJ+wzIvCe2qf5C7yveT/ohGfSL1dX9uFK0TbLqIdSaqzmx3t1+SZUjtuymg6
-4MoUgSt1N6mEfT0TSG9AMkRGcyb6uHxOVm05L/BjLDH7ZqFKHkm3d0jkvjyjNH5Y
-lsTGJerxmpOemf8RAZDwygz5LZ1L5zNfzlkv6beKD60ofBppd28ZxgjeHxbBCdfc
-gFQUK6vxZJ19ygbKJDhylNdwjXUaAaCTKnEzzDHGgtUJO22kIFEKk9/z88sowIrT
-+Te7hBKG2nVYMNBWEWb8Tqh8b1NIYgpwmawcdBjuu6QSnqVIi+YvRmMHJFqHicrn
-OhzaPz2w2nK56ZnCv1f5X0s6MXu9BM7/zLdwEE0K3RHmWvF4G9HN7XmTQPNKG4fI
-+GDY8Gp885LtGdSIXYV4j7NDvEWcuqgPpyQjvpFEB/vDSyqe8yUNGmNVT5wPK6lH
-k10Hv2g9cmkeW0qDiRpDg7nHoFcdUSkAyElzxs++Z8CJMVpzl/TJyJt/ZHm02XNs
-owP8HFWvNcyCGwnk9aYCJRuo+/UgjmQvDnVvoHO+XwrMkjSH7JKJQZvzrJ5x8cZs
-XvM9FyHYq3n7u3R+ASMBVwxF9yAex9CfwRg/3OhzOnkbDsu9HwEEOrV2xMQQQ9MO
-t74fIbGkM3hzws0asNoIV1ec52U1X/NP1W8GT9GRX5OX8uTi
-=RQb5
------END PGP PUBLIC KEY BLOCK-----
-KEYDATA
-    rpm --import "$TMPKEY"
-    rc=$?
-    rm -f "$TMPKEY"
-    if [ "$rc" -eq "0" ]; then
-      return 0
-    fi
-  fi
-  return 1
-}
-
-determine_rpm_package_manager() {
-  local RELEASE
-
-  # Modern method using os-release(5)
-  if [ -f "/etc/os-release" ]; then
-    RELEASE=$(. "/etc/os-release"; echo "$ID")
-    case $RELEASE in
-    "fedora"|"rhel"|"centos"|"amzn"|"mageia"|"openmandriva")
-      PACKAGEMANAGERS=(yum)
-      ;;
-    "suse"|"sles"|"sled"|"opensuse"|"opensuse-leap"|"opensuse-tumbleweed")
-      PACKAGEMANAGERS=(zypp)
-      ;;
-    esac
-  fi
-
-  if [ "$PACKAGEMANAGERS" ]; then
-    return
-  fi
-
-  # Fallback method using lsb_release(1)
-  LSB_RELEASE="$(command -v lsb_release 2> /dev/null)"
-  if [ -x "$LSB_RELEASE" ]; then
-    RELEASE=$(lsb_release -i 2> /dev/null | sed 's/:\t/:/' | cut -d ':' -f 2-)
-    case $RELEASE in
-    "Fedora"|"Amazon"|"Mageia"|"OpenMandrivaLinux")
-      PACKAGEMANAGERS=(yum)
-      ;;
-    "SUSE LINUX"|"openSUSE")
-      PACKAGEMANAGERS=(zypp)
-      ;;
-    esac
-  fi
-
-  if [ "$PACKAGEMANAGERS" ]; then
-    return
-  fi
-
-  # Fallback methods that are probably unnecessary on modern systems.
-  if [ -f "/etc/fedora-release" ] || [ -f "/etc/redhat-release" ]; then
-    PACKAGEMANAGERS=(yum)
-  elif [ -f "/etc/system-release" ] && grep -Fq "Amazon Linux" "/etc/system-release"; then
-    PACKAGEMANAGERS=(yum)
-  elif [ -f "/etc/SuSE-release" ]; then
-    PACKAGEMANAGERS=(zypp)
-  fi
-}
-
-DEFAULT_ARCH="x86_64"
-YUM_REPO_FILE="/etc/yum.repos.d/google-chrome.repo"
-ZYPPER_REPO_FILE="/etc/zypp/repos.d/google-chrome.repo"
-
-install_yum() {
-  install_rpm_key
-
-  if [ ! "$REPOCONFIG" ]; then
-    return 0
-  fi
-
-  if [ -d "/etc/yum.repos.d" ]; then
-cat > "$YUM_REPO_FILE" << REPOCONTENT
-[google-chrome]
-name=google-chrome
-baseurl=$REPOCONFIG/$DEFAULT_ARCH
-enabled=1
-gpgcheck=1
-gpgkey=https://dl.google.com/linux/linux_signing_key.pub
-REPOCONTENT
-  fi
-}
-
-install_zypp() {
-  if [ ! "$REPOCONFIG" ]; then
-    return 0
-  fi
-
-  # Ideally, we would run: zypper addrepo -t YUM -f \
-  # "$REPOCONFIG/$DEFAULT_ARCH" "google-chrome"
-  # but that does not work when zypper is running.
-  if [ -d "/etc/zypp/repos.d" ]; then
-cat > "$ZYPPER_REPO_FILE" << REPOCONTENT
-[google-chrome]
-name=google-chrome
-enabled=1
-autorefresh=1
-baseurl=$REPOCONFIG/$DEFAULT_ARCH
-gpgcheck=1
-gpgkey=https://dl.google.com/linux/linux_signing_key.pub
-type=rpm-md
-keeppackages=0
-REPOCONTENT
-  fi
-}
-
-# Check if the automatic repository configuration is done, so we know when to
-# stop trying.
-verify_install() {
-  # It's probably enough to see that the repo configs have been created. If they
-  # aren't configured properly, update_bad_repo should catch that when it's run.
-  case $1 in
-  "yum")
-    [ -f "$YUM_REPO_FILE" ]
-    ;;
-  "zypp")
-    [ -f "$ZYPPER_REPO_FILE" ]
-    ;;
-  esac
-}
-
-# Update the Google repository if it's not set correctly.
-update_bad_repo() {
-  if [ ! "$REPOCONFIG" ]; then
-    return 0
-  fi
-
-  determine_rpm_package_manager
-
-  for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
-  do
-    case $PACKAGEMANAGER in
-    "yum")
-      update_repo_file "$YUM_REPO_FILE"
-      ;;
-    "zypp")
-      update_repo_file "$ZYPPER_REPO_FILE"
-      ;;
-    esac
-  done
-}
-
-update_repo_file() {
-  REPO_FILE="$1"
-
-  # Don't do anything if the file isn't there, since that probably means the
-  # user disabled it.
-  if [ ! -r "$REPO_FILE" ]; then
-    return 0
-  fi
-
-  # Check if the correct repository configuration is in there.
-  REPOMATCH=$(grep "^baseurl=$REPOCONFIG/$DEFAULT_ARCH" "$REPO_FILE" \
-    2>/dev/null)
-  # If it's there, nothing to do
-  if [ "$REPOMATCH" ]; then
-    return 0
-  fi
-
-  # Check if it's there but disabled by commenting out (as opposed to using the
-  # 'enabled' setting).
-  MATCH_DISABLED=$(grep "^[[:space:]]*#.*baseurl=$REPOCONFIG/$DEFAULT_ARCH" \
-    "$REPO_FILE" 2>/dev/null)
-  if [ "$MATCH_DISABLED" ]; then
-    # It's OK for it to be disabled, as long as nothing bogus is enabled in its
-    # place.
-    ACTIVECONFIGS=$(grep "^baseurl=.*" "$REPO_FILE" 2>/dev/null)
-    if [ ! "$ACTIVECONFIGS" ]; then
-      return 0
-    fi
-  fi
-
-  # If we get here, the correct repository wasn't found, or something else is
-  # active, so fix it. This assumes there is a 'baseurl' setting, but if not,
-  # then that's just another way of disabling, so we won't try to add it.
-  sed -i -e "s,^baseurl=.*,baseurl=$REPOCONFIG/$DEFAULT_ARCH," "$REPO_FILE"
-}
-
-# We only remove the repository configuration during a purge. Since RPM has
-# no equivalent to dpkg --purge, the code below is actually never used. We
-# keep it only for reference purposes, should we ever need it.
-#
-#remove_yum() {
-#  rm -f "$YUM_REPO_FILE"
-#}
-#
-#remove_zypp() {
-#  # Ideally, we would run: zypper removerepo "google-chrome"
-#  # but that does not work when zypper is running.
-#  rm -f /etc/zypp/repos.d/google-chrome.repo
-#}
-
-DEFAULT_ARCH="x86_64"
-
-get_lib_dir() {
-  if [ "$DEFAULT_ARCH" = "i386" ] || [ "$DEFAULT_ARCH" = "armhf" ] || \
-      [ "$DEFAULT_ARCH" = "mipsel" ]; then
-    LIBDIR=lib
-  elif [ "$DEFAULT_ARCH" = "x86_64" ] || [ "$DEFAULT_ARCH" = "aarch64" ] || \
-        [ "$DEFAULT_ARCH" = "mips64el" ]; then
-    LIBDIR=lib64
-  else
-    echo Unknown CPU Architecture: "$DEFAULT_ARCH"
-    exit 1
-  fi
-}
-
-NSS_FILES="libnspr4.so.0d libplds4.so.0d libplc4.so.0d libssl3.so.1d \
-    libnss3.so.1d libsmime3.so.1d libnssutil3.so.1d"
-
-add_nss_symlinks() {
-  get_lib_dir
-  for f in $NSS_FILES
-  do
-    target=$(echo $f | sed 's/\.[01]d$//')
-    if [ -f "/$LIBDIR/$target" ]; then
-      ln -snf "/$LIBDIR/$target" "/usr/bin/google/chrome/$f"
-    elif [ -f "/usr/$LIBDIR/$target" ]; then
-      ln -snf "/usr/$LIBDIR/$target" "/usr/bin/google/chrome/$f"
-    else
-      echo $f not found in "/$LIBDIR/$target" or "/usr/$LIBDIR/$target".
-      exit 1
-    fi
-  done
-}
-
-remove_nss_symlinks() {
-  for f in $NSS_FILES
-  do
-    rm -rf "/usr/bin/google/chrome/$f"
-  done
-}
-
-remove_udev_symlinks() {
-  rm -rf "/usr/bin/google/chrome/libudev.so.0"
-}
-
-# Only remove menu items and symlinks on uninstall. When upgrading,
-# old_pkg's %%preun runs after new_pkg's %%post.
-if [ "$mode" = "uninstall" ]; then
-# Remove icons from the system icons
-XDG_ICON_RESOURCE="`command -v xdg-icon-resource 2> /dev/null || true`"
-if [ ! -x "$XDG_ICON_RESOURCE" ]; then
-  echo "Error: Could not find xdg-icon-resource" >&2
-  exit 1
-fi
-for icon in product_logo_32.png product_logo_48.png product_logo_256.png product_logo_128.png product_logo_16.png product_logo_64.png product_logo_24.png ; do
-  size="$(echo ${icon} | sed 's/[^0-9]//g')"
-  "$XDG_ICON_RESOURCE" uninstall --size "${size}" "google-chrome"
-done
-
-UPDATE_MENUS="`command -v update-menus 2> /dev/null || true`"
-if [ -x "$UPDATE_MENUS" ]; then
-  update-menus
-fi
-
-# Update cache of .desktop file MIME types. Non-fatal since it's just a cache.
-update-desktop-database > /dev/null 2>&1 || true
-  remove_nss_symlinks
-  remove_udev_symlinks
-
-  /usr/sbin/update-alternatives --remove google-chrome \
-    /usr/bin/google-chrome-stable
-fi
-
-# On Debian we only remove when we purge. However, RPM has no equivalent to
-# dpkg --purge, so this is all disabled.
-#
-#determine_rpm_package_manager
-#
-#for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
-#do
-#  case $PACKAGEMANAGER in
-#  "yum")
-#    remove_yum
-#    ;;
-#  "zypp")
-#    remove_zypp
-#    ;;
-#  esac
-#done
-
-exit 0
-
-#------------------------------------------------------------------------------
-#   Post uninstallation script
-#------------------------------------------------------------------------------
-
-%postun -p /bin/sh
-
-exit 0
-
-%changelog
-
diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md
index b83eaee..b503115 100644
--- a/documentation/INSTALL_RHEL9.md
+++ b/documentation/INSTALL_RHEL9.md
@@ -59,31 +59,47 @@ sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp}
 sudo firewall-cmd --reload
 sudo mkdir -p /var/www
 sudo restorecon -Rv /var/www
-sudo sed -i.bak 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf
+sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf
 sudo systemctl restart nginx.service
 ```
 
-## Rebuild of Google Chrome
+## Build the RPMS
+
+Pre-requisites
+
+```sh
+sudo dnf install -y git rpm-build rpmdevtools
+rm $HOME/rpmbuild
+ln -sf "$GIT_REPO_CLONE/rpms" $HOME/rpmbuild
+```
+
+Build the Kiosk Configuration RPM
+
+```sh
+spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec
+rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec
+```
+
+Rebuild the Google Chrome RPM
 
 ```sh
-sudo dnf install -y git rpm-build
-sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
-sudo dnf install -y rpmrebuild
-cd "$GIT_REPO_CLONE/chrome_repackage"
-curl -s -Lo google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
-rpmrebuild -s google-chrome-stable.spec -p google-chrome-stable_current_x86_64.rpm
-rpm2cpio google-chrome-stable_current_x86_64.rpm | cpio -idmv
-mv opt/google/ usr/bin/
-cd usr/bin/
-rm -f google-chrome-stable
-ln -s google/chrome/google-chrome google-chrome-stable
-ln -s google/chrome/google-chrome chrome
-cd ../..
-RPM=$(rpm -q google-chrome-stable_current_x86_64.rpm)
+mkdir $HOME/rpmbuild/VENDOR
+curl -s -Lo $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
+rpmrebuild -s $HOME/rpmbuild/SPECS/google-chrome-stable.spec -p $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm
+RPM=$(rpm -q $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm)
 mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/
-for i in etc usr; do cp -r $i $HOME/rpmbuild/BUILDROOT/$RPM/; done
-sed -i.bak 's|/opt/google|/usr/bin/google|g' google-chrome-stable.spec
-rpmbuild -bb google-chrome-stable.spec
+rpm2cpio $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D $HOME/rpmbuild/BUILDROOT/$RPM/
+(
+  set -Eeuo pipefail
+  cd $HOME/rpmbuild/BUILDROOT/$RPM/
+  mv opt/google/ usr/bin/
+  cd usr/bin/
+  rm -f google-chrome-stable
+  ln -s google/chrome/google-chrome google-chrome-stable
+  ln -s google/chrome/google-chrome chrome
+) || echo 'Repackaging failed!'
+sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' $HOME/rpmbuild/SPECS/google-chrome-stable.spec
+rpmbuild -bb $HOME/rpmbuild/SPECS/google-chrome-stable.spec
 ls -l $HOME/rpmbuild/RPMS/x86_64/
 ```
 
@@ -109,18 +125,25 @@ baseurl = file://$REPO_LOCATION
 enabled = 1  
 gpgcheck = 0
 EOF
-sudo dnf info google-chrome-stable
+```
+
+Verify all packages are present.
+
+```sh
+sudo dnf clean all
+sudo dnf info kiosk-config google-chrome-stable
 ```
 
 ## Blueprint preparation
 
 Customize the **kiosk** and **admin** user password if desired.
+Set the **admin** user SSH public key (if it's not you).
 
 ```sh
-KIOSK_PASSWORD="$(openssl rand -base64 9)"
-echo "Kiosk password is '$KIOSK_PASSWORD'"
 ADMIN_PASSWORD="$(openssl rand -base64 9)"
 echo "Admin password is '$ADMIN_PASSWORD'"
+ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)"
+echo "Admin SSH public key: $ADMIN_SSH_PUBLIC_KEY"
 ```
 
 Prepare the os-builder blueprint.
@@ -130,13 +153,9 @@ sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms
 sudo dnf info microshift
 sudo dnf install -y mkpasswd podman
 cd "$GIT_REPO_CLONE/imagebuilder"
-KIOSK_PASSWORD_HASH="$(mkpasswd -m bcrypt "$KIOSK_PASSWORD")"
 ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")"
-sed -i.orig1 "s|__KIOSK_PASSWORD__|$KIOSK_PASSWORD_HASH|" kiosk.toml
-sed -i.orig2 "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml
-ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)"
-echo "Admin SSH public key: $ADMIN_SSH_PUBLIC_KEY"
-sed -i.orig3 "s|__ADMIN_SSH_PUBLIC_KEY__|$ADMIN_SSH_PUBLIC_KEY|" kiosk.toml
+sed -i.${EPOCHREALTIME:-bak} "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml
+sed -i.${EPOCHREALTIME:-bak} "s|__ADMIN_SSH_PUBLIC_KEY__|$ADMIN_SSH_PUBLIC_KEY|" kiosk.toml
 composer-cli sources add /dev/fd/0 <<EOF
 check_gpg = false
 check_ssl = false
@@ -166,6 +185,16 @@ check_ssl = true
 system = false
 rhsm = true
 EOF
+composer-cli sources add /dev/fd/0 <<EOF
+id = "epel"
+name = "Extra Packages for Enterprise Linux"
+type = "yum-baseurl"
+url = "http://mirror.in2p3.fr/pub/epel/9/Everything/x86_64/"
+check_gpg = false
+check_ssl = false
+system = false
+rhsm = false
+EOF
 composer-cli blueprints push kiosk.toml
 ```
 
@@ -186,6 +215,7 @@ Download the ostree server and run it.
 CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")"
 IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')"
 echo "Using image with id = $IMAGEID"
+podman rm -i minimal-microshift-server
 podman run -d --name=minimal-microshift-server -p 8085:8080 ${IMAGEID}
 ```
 
@@ -208,31 +238,23 @@ composer-cli compose image "${BUILDID}"
 
 ## Prepare the Kickstart script
 
-Customize the **root** user password if desired.
-
-```sh
-ROOT_PASSWORD="$(openssl rand -base64 9)"
-echo "Root password is '$ROOT_PASSWORD'"
-```
-
-[Generate a registry token](https://access.redhat.com/terms-based-registry/) and set the `MICROSHIFT_PULL_SECRET` variable.
+[Generate a pull secret](https://console.redhat.com/openshift/install/pull-secret) and set the `MICROSHIFT_PULL_SECRET` variable.
 
 ```sh
-MICROSHIFT_PULL_SECRET="1.2.3" # Generated by https://access.redhat.com/terms-based-registry/
+MICROSHIFT_PULL_SECRET='' # Generate one on https://console.redhat.com/openshift/install/pull-secret
 ```
 
 Prepare the Kickstart script.
 
 ```sh
 cd "$GIT_REPO_CLONE/imagebuilder"
-__ROOT_PASSWORD_HASH__="$(mkpasswd -m bcrypt "$ROOT_PASSWORD")"
-sed -i.orig1 "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks
-sed -i.orig2 "s|__ROOT_PASSWORD_HASH__|$__ROOT_PASSWORD_HASH__|" kiosk.ks
+sed -i.${EPOCHREALTIME:-bak} "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks
 ```
 
 ## Inject the Kickstart in the ISO
 
 ```sh
-sudo dnf install -y lorax
-mkksiso kiosk.ks "${BUILDID}-installer.iso" kiosk.iso
+sudo dnf install -y lorax pykickstart
+ksvalidator kiosk.ks || echo "Kickstart has errors, please fix them!"
+rm -f kiosk.iso && mkksiso -r "inst.ks inst.stage2" --ks kiosk.ks "${BUILDID}-installer.iso" kiosk.iso
 ```
diff --git a/documentation/LOCAL_DEV.md b/documentation/LOCAL_DEV.md
index 855e68c..9079dab 100644
--- a/documentation/LOCAL_DEV.md
+++ b/documentation/LOCAL_DEV.md
@@ -68,5 +68,47 @@ sudo pvcreate /dev/vdb
 sudo vgcreate data /dev/vdb
 ```
 
-## Create a VM to install RHEL for Edge
+## Utility script that creates a VM to install RHEL for Edge
 
+```sh
+#!/bin/bash
+
+set -Eeuo pipefail
+
+DOMAIN="kiosk"
+BASE_IMAGE_URL="your-user@rhel9-vm:red-hat-kiosk/imagebuilder/kiosk.iso"
+BASE_IMAGE_FILENAME="$(basename "$BASE_IMAGE_URL")"
+OS_VARIANT="rhel9.3"
+
+virsh destroy "$DOMAIN" || true
+virsh undefine "$DOMAIN" --nvram || true
+
+rm -rf "/var/lib/libvirt/images/$DOMAIN/"
+mkdir -p "/var/lib/libvirt/images/$DOMAIN"
+
+scp "$BASE_IMAGE_URL" "/var/lib/libvirt/images/$DOMAIN/install.iso"
+
+virt-install --name "$DOMAIN" --autostart --cpu host-passthrough \
+             --vcpus 2 --ram 4096 --os-variant "$OS_VARIANT" \
+             --disk "path=/var/lib/libvirt/images/$DOMAIN/os.qcow2,size=20" \
+             --disk "path=/var/lib/libvirt/images/$DOMAIN/data.qcow2,size=100" \
+             --network network=default \
+             --console pty,target.type=virtio --serial pty \
+             --cdrom "/var/lib/libvirt/images/$DOMAIN/install.iso" \
+             --boot uefi
+```
+
+Use it like follow :
+
+```sh
+eval $(ssh-agent)
+ssh-add
+sudo --preserve-env=SSH_AUTH_SOCK ./kiosk.sh
+```
+
+## Use Microshift
+
+```sh
+export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig
+oc get nodes
+```
\ No newline at end of file
diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks
index eef95bb..764e68e 100644
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@@ -67,39 +67,6 @@ ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/o
 ## Post install scripts
 ##
 %post --log=/var/log/anaconda/post-install.log --erroronfail
-# Default to graphical boot target
-systemctl set-default graphical.target
-
-# Enable autologin for the user kiosk
-sed -i '/^\[daemon\]/a AutomaticLoginEnable=True\nAutomaticLogin=kiosk\n' /etc/gdm/custom.conf
-
-# Configure user kiosk to use the kiosk session
-mkdir -p /var/lib/AccountsService/users
-cat > /var/lib/AccountsService/users/kiosk << 'EOF'
-[User]
-Session=gnome-kiosk-script
-SystemAccount=false
-EOF
-
-# Add url environment variable
-cat >> /home/kiosk/.bashrc << 'EOF'
-export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
-EOF
-
-# Configure the kiosk script to run firefox in kiosk mode and display our example URL
-mkdir -p /home/kiosk/.local/bin/
-cat > /home/kiosk/.local/bin/gnome-kiosk-script << 'EOF'
-#!/bin/sh
-. ~/.bashrc
-while true; do
-    /usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk   ${KIOSK_URL}
-done
-EOF
-
-# Ensure the files are owned by our unprivileged user and the script is executable 
-chown -R 1001:1001 /home/kiosk
-chmod 555 /home/kiosk/.local/bin/gnome-kiosk-script
-
 # Add the pull secret to CRI-O and set root user-only read/write permissions
 cat > /etc/crio/openshift-pull-secret << 'EOF'
 __MICROSHIFT_PULL_SECRET__
diff --git a/imagebuilder/kiosk.toml b/imagebuilder/kiosk.toml
index 290de74..675f2b2 100644
--- a/imagebuilder/kiosk.toml
+++ b/imagebuilder/kiosk.toml
@@ -5,23 +5,7 @@ modules = []
 groups = []
 
 [[packages]]
-name = "gdm"
-version = "*"
-
-[[packages]]
-name = "gnome-kiosk"
-version = "*"
-
-[[packages]]
-name = "gnome-kiosk-script-session"
-version = "*"
-
-[[packages]]
-name = "firefox"
-version = "*"
-
-[[packages]]
-name = "google-chrome-stable"
+name = "kiosk-config"
 version = "*"
 
 [[packages]]
@@ -40,7 +24,6 @@ hostname = "kiosk.local"
 
 [customizations.services]
 enabled = ["cockpit.socket", "sshd", "microshift"]
-#disabled = ["postfix", "telnetd"]
 
 [customizations.timezone]
 timezone = "Europe/Paris"
diff --git a/rpms/.gitignore b/rpms/.gitignore
new file mode 100644
index 0000000..e3e448e
--- /dev/null
+++ b/rpms/.gitignore
@@ -0,0 +1,4 @@
+RPMS
+SRPMS
+BUILD
+BUILDROOT
diff --git a/rpms/README.md b/rpms/README.md
new file mode 100644
index 0000000..26e54ef
--- /dev/null
+++ b/rpms/README.md
@@ -0,0 +1,42 @@
+# Kiosk Setup Configuration
+
+## Pre-requisites
+
+```sh
+sudo dnf install -y git rpm-build rpmdevtools
+cd rpms
+rm $HOME/rpmbuild && ln -sf $PWD $HOME/rpmbuild
+```
+
+## Build the kiosk-config package
+
+```sh
+spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec
+rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec
+```
+
+The resulting package is in `$HOME/rpmbuild/RPMS/x86_64`.
+
+## Rebuild the Google Chrome RPM
+
+```sh
+mkdir $HOME/rpmbuild/VENDOR
+curl -s -Lo $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
+rpmrebuild -s $HOME/rpmbuild/SPECS/google-chrome-stable.spec -p $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm
+RPM=$(rpm -q $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm)
+mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/
+rpm2cpio $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D $HOME/rpmbuild/BUILDROOT/$RPM/
+(
+  set -Eeuo pipefail
+  cd $HOME/rpmbuild/BUILDROOT/$RPM/
+  mv opt/google/ usr/bin/
+  cd usr/bin/
+  rm -f google-chrome-stable
+  ln -s google/chrome/google-chrome google-chrome-stable
+  ln -s google/chrome/google-chrome chrome
+) || echo 'Repackaging failed!'
+sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' $HOME/rpmbuild/SPECS/google-chrome-stable.spec
+rpmbuild -bb $HOME/rpmbuild/SPECS/google-chrome-stable.spec
+```
+
+The resulting package is in `$HOME/rpmbuild/RPMS/x86_64`.
diff --git a/rpms/SOURCES/com.redhat.Kiosk.SampleApp.desktop b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.desktop
new file mode 100644
index 0000000..0633e0f
--- /dev/null
+++ b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.desktop
@@ -0,0 +1,5 @@
+[Desktop Entry]
+Name=Sample Application
+Type=Application
+Exec=redhat-kiosk-sampleapp
+X-GNOME-HiddenUnderSystemd=true
\ No newline at end of file
diff --git a/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
new file mode 100644
index 0000000..7094c8b
--- /dev/null
+++ b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Sample Application (Kiosk mode)
+BindsTo=gnome-session.target
+After=gnome-session.target
+
+[Service]
+ExecStart=/usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk
+Restart=always
+SendSIGHUP=true
\ No newline at end of file
diff --git a/rpms/SOURCES/kiosk-environment b/rpms/SOURCES/kiosk-environment
new file mode 100644
index 0000000..8e65e8b
--- /dev/null
+++ b/rpms/SOURCES/kiosk-environment
@@ -0,0 +1 @@
+export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
diff --git a/rpms/SOURCES/redhat-kiosk-sampleapp.desktop b/rpms/SOURCES/redhat-kiosk-sampleapp.desktop
new file mode 100644
index 0000000..32dfb93
--- /dev/null
+++ b/rpms/SOURCES/redhat-kiosk-sampleapp.desktop
@@ -0,0 +1,8 @@
+[Desktop Entry]
+Name=Sample Application (Kiosk mode)
+Comment=This session logs you into a kiosk session showing a Sample Application
+Exec=gnome-session --session redhat-kiosk-sampleapp
+TryExec=gnome-session
+Type=Application
+DesktopNames=GNOME-Kiosk;GNOME;
+X-GDM-SessionRegisters=true
diff --git a/rpms/SOURCES/redhat-kiosk-sampleapp.session b/rpms/SOURCES/redhat-kiosk-sampleapp.session
new file mode 100644
index 0000000..cc7ef99
--- /dev/null
+++ b/rpms/SOURCES/redhat-kiosk-sampleapp.session
@@ -0,0 +1,3 @@
+[GNOME Session]
+Name=Kiosk
+RequiredComponents=org.gnome.Kiosk;com.redhat.Kiosk.SampleApp;
\ No newline at end of file
diff --git a/rpms/SOURCES/session.conf b/rpms/SOURCES/session.conf
new file mode 100644
index 0000000..4749d5a
--- /dev/null
+++ b/rpms/SOURCES/session.conf
@@ -0,0 +1,3 @@
+[Unit]
+Requires=org.gnome.Kiosk.target
+Requires=com.redhat.Kiosk.SampleApp.service
diff --git a/rpms/SOURCES/user-template b/rpms/SOURCES/user-template
new file mode 100644
index 0000000..d36c8e9
--- /dev/null
+++ b/rpms/SOURCES/user-template
@@ -0,0 +1,13 @@
+# This file contains defaults for new users. To edit, first
+# copy it to /etc/accountsservice/user-templates and make changes
+# there
+[Template]
+EnvironmentFiles=/etc/os-release;
+
+[com.redhat.AccountsServiceUser.System]
+id='${ID}'
+version-id='${VERSION_ID}'
+
+[User]
+Session=gnome
+Icon=${HOME}/.face
diff --git a/rpms/SPECS/kiosk-config.spec b/rpms/SPECS/kiosk-config.spec
new file mode 100644
index 0000000..6c14ed9
--- /dev/null
+++ b/rpms/SPECS/kiosk-config.spec
@@ -0,0 +1,88 @@
+Name:       kiosk-config
+Version:    0.0.1
+Release:    rh1
+Summary:    Custom config to run a RHEL workstation as kiosk
+License:    BSD
+Source0:    user-template
+Source1:    kiosk-environment
+Source2:    com.redhat.Kiosk.SampleApp.desktop
+Source3:    redhat-kiosk-sampleapp.session
+Source4:    redhat-kiosk-sampleapp.desktop
+Source5:    com.redhat.Kiosk.SampleApp.service
+Source6:    session.conf
+Requires(pre): shadow-utils
+Requires: gnome-kiosk
+Requires: gdm
+Requires: google-chrome-stable
+Requires: accountsservice
+Requires(post): crudini
+Requires(preun): crudini
+BuildRequires: systemd-rpm-macros
+ExclusiveArch: x86_64
+
+%description
+Custom config to run a RHEL workstation as kiosk
+
+# Since we don't recompile from source, disable the build_id checking
+%global _missing_build_ids_terminate_build 0
+%global _build_id_links none
+%global debug_package %{nil}
+
+# We are evil, we have no changelog !
+%global source_date_epoch_from_changelog 0
+
+%prep
+cp %{S:0} user-template
+cp %{S:1} kiosk-environment
+cp %{S:2} com.redhat.Kiosk.SampleApp.desktop
+cp %{S:3} redhat-kiosk-sampleapp.session
+cp %{S:4} redhat-kiosk-sampleapp.desktop
+cp %{S:5} com.redhat.Kiosk.SampleApp.service
+cp %{S:6} session.conf
+
+%build
+
+%install
+install -m 0644 -D kiosk-environment %{buildroot}/etc/profile.d/kiosk.sh
+install -m 0644 -D com.redhat.Kiosk.SampleApp.desktop %{buildroot}/usr/share/applications/com.redhat.Kiosk.SampleApp.desktop
+install -m 0644 -D redhat-kiosk-sampleapp.session %{buildroot}/usr/share/gnome-session/sessions/redhat-kiosk-sampleapp.session
+install -m 0644 -D redhat-kiosk-sampleapp.desktop %{buildroot}/usr/share/wayland-sessions/redhat-kiosk-sampleapp.desktop
+install -m 0644 -D redhat-kiosk-sampleapp.desktop %{buildroot}/usr/share/xsessions/redhat-kiosk-sampleapp.desktop
+install -m 0644 -D com.redhat.Kiosk.SampleApp.service %{buildroot}%{_userunitdir}/com.redhat.Kiosk.SampleApp.service
+install -m 0755 -d %{buildroot}%{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d
+install -m 0644 -D session.conf %{buildroot}%{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf
+install -m 0755 -d %{buildroot}/etc/accountsservice/user-templates/
+install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/standard
+install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/administrator
+
+%files
+%config(noreplace) %attr(0644, root, root) /etc/profile.d/kiosk.sh
+%attr(0644, root, root) /usr/share/applications/com.redhat.Kiosk.SampleApp.desktop
+%attr(0644, root, root) /usr/share/gnome-session/sessions/redhat-kiosk-sampleapp.session
+%attr(0644, root, root) /usr/share/wayland-sessions/redhat-kiosk-sampleapp.desktop
+%attr(0644, root, root) /usr/share/xsessions/redhat-kiosk-sampleapp.desktop
+%attr(0644, root, root) %{_userunitdir}/com.redhat.Kiosk.SampleApp.service
+%attr(0644, root, root) %{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf
+%config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/standard
+%config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/administrator
+
+%pre
+getent group kiosk >/dev/null 2>&1 || groupadd kiosk
+getent passwd kiosk >/dev/null 2>&1 || useradd -N -g kiosk -d /home/kiosk -m kiosk
+
+%post
+%systemd_user_post com.redhat.Kiosk.SampleApp.service
+crudini --set /etc/gdm/custom.conf daemon AutomaticLoginEnable True
+crudini --set /etc/gdm/custom.conf daemon AutomaticLogin kiosk
+systemctl set-default graphical.target
+
+%preun
+%systemd_user_preun com.redhat.Kiosk.SampleApp.service
+if [ "$1" == "0" ]; then # Uninstall
+  crudini --set /etc/gdm/custom.conf daemon AutomaticLoginEnable False
+fi
+
+%postun
+%systemd_user_postun com.redhat.Kiosk.SampleApp.service
+
+%changelog

From 8c23c638e4b86e3b3ce3e47fdf298b6a1497d2f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Tue, 27 Feb 2024 16:21:40 +0100
Subject: [PATCH 8/9] work in progress

---
 documentation/INSTALL_RHEL9.md |  5 ++++-
 imagebuilder/kiosk.ks          | 12 ++++++++++++
 rpms/SOURCES/user-template     |  2 +-
 rpms/SPECS/kiosk-config.spec   |  2 +-
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md
index b503115..26d70ce 100644
--- a/documentation/INSTALL_RHEL9.md
+++ b/documentation/INSTALL_RHEL9.md
@@ -215,8 +215,9 @@ Download the ostree server and run it.
 CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")"
 IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')"
 echo "Using image with id = $IMAGEID"
+podman stop -i minimal-microshift-server
 podman rm -i minimal-microshift-server
-podman run -d --name=minimal-microshift-server -p 8085:8080 ${IMAGEID}
+podman run -d --rm --name=minimal-microshift-server -p 8085:8080 ${IMAGEID}
 ```
 
 ## Build the ISO
@@ -257,4 +258,6 @@ sed -i.${EPOCHREALTIME:-bak} "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECR
 sudo dnf install -y lorax pykickstart
 ksvalidator kiosk.ks || echo "Kickstart has errors, please fix them!"
 rm -f kiosk.iso && mkksiso -r "inst.ks inst.stage2" --ks kiosk.ks "${BUILDID}-installer.iso" kiosk.iso
+ls -lh kiosk.iso
+file kiosk.iso
 ```
diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks
index 764e68e..cf58e1e 100644
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@@ -43,6 +43,18 @@ logvol /  --fstype="xfs" --size=1 --grow --name=root --vgname=system
 part pv.02 --size=1 --grow --ondisk=vdb
 volgroup data pv.02
 
+##
+## Alternative partitioning on only one disk
+##
+#zerombr
+#clearpart --all --initlabel
+#reqpart --add-boot
+#part pv.01 --size=10G --ondisk=sda
+#volgroup system pv.01
+#logvol /  --fstype="xfs" --size=1 --grow --name=root --vgname=system
+#part pv.02 --size=1 --grow --ondisk=sda
+#volgroup data pv.02
+
 ##
 ## Network configuration
 ##
diff --git a/rpms/SOURCES/user-template b/rpms/SOURCES/user-template
index d36c8e9..58b128a 100644
--- a/rpms/SOURCES/user-template
+++ b/rpms/SOURCES/user-template
@@ -9,5 +9,5 @@ id='${ID}'
 version-id='${VERSION_ID}'
 
 [User]
-Session=gnome
+Session=redhat-kiosk-sampleapp
 Icon=${HOME}/.face
diff --git a/rpms/SPECS/kiosk-config.spec b/rpms/SPECS/kiosk-config.spec
index 6c14ed9..b1cd5ab 100644
--- a/rpms/SPECS/kiosk-config.spec
+++ b/rpms/SPECS/kiosk-config.spec
@@ -68,7 +68,7 @@ install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates
 
 %pre
 getent group kiosk >/dev/null 2>&1 || groupadd kiosk
-getent passwd kiosk >/dev/null 2>&1 || useradd -N -g kiosk -d /home/kiosk -m kiosk
+getent passwd kiosk >/dev/null 2>&1 || useradd -r -N -g kiosk -d /home/kiosk -m kiosk
 
 %post
 %systemd_user_post com.redhat.Kiosk.SampleApp.service

From 1c03c46eaba1d15efa1745f9068016d5d5324c58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Tue, 27 Feb 2024 20:35:25 +0100
Subject: [PATCH 9/9] wip

---
 application/Dockerfile                        |   3 +-
 application/README.md                         |  32 +++++
 documentation/INSTALL_RHEL9.md                |  37 ++++-
 imagebuilder/kiosk.toml                       |   2 +-
 .../com.redhat.Kiosk.SampleApp.service        |   2 +-
 rpms/SOURCES/kiosk-app                        |  10 ++
 rpms/SOURCES/kiosk-environment                |   2 +-
 rpms/SOURCES/microshift-kustomization.yaml    |   4 +
 rpms/SOURCES/microshift-main-manifest.yaml    | 133 ++++++++++++++++++
 rpms/SPECS/kiosk-config.spec                  |   4 +
 rpms/SPECS/microshift-manifests.spec          |  36 +++++
 11 files changed, 259 insertions(+), 6 deletions(-)
 create mode 100644 application/README.md
 create mode 100644 rpms/SOURCES/kiosk-app
 create mode 100644 rpms/SOURCES/microshift-kustomization.yaml
 create mode 100644 rpms/SOURCES/microshift-main-manifest.yaml
 create mode 100644 rpms/SPECS/microshift-manifests.spec

diff --git a/application/Dockerfile b/application/Dockerfile
index c75656c..3c35911 100644
--- a/application/Dockerfile
+++ b/application/Dockerfile
@@ -5,7 +5,7 @@ FROM python:3.8-slim
 WORKDIR /app
 
 # Copy the current directory contents into the container at /app
-COPY . /app
+COPY src /app
 
 # Install any needed packages specified in requirements.txt
 RUN pip install --trusted-host pypi.python.org Flask
@@ -18,3 +18,4 @@ ENV NAME World
 
 # Run app.py when the container launches
 CMD ["python", "app.py"]
+    
\ No newline at end of file
diff --git a/application/README.md b/application/README.md
new file mode 100644
index 0000000..9f46e7a
--- /dev/null
+++ b/application/README.md
@@ -0,0 +1,32 @@
+# Sample kiosk application
+
+Build the container image.
+
+```sh
+podman build -t localhost/kiosk-app:latest .
+```
+
+Run the container image.
+
+```sh
+podman run -it --rm --name kiosk-app -p 5000:5000 localhost/kiosk-app:latest
+```
+
+Test it.
+
+```sh
+curl -I http://localhost:5000/
+```
+
+Login to the registry.
+
+```sh
+podman login quay.io
+```
+
+Publish it to the registry.
+
+```sh
+podman tag localhost/kiosk-app:latest quay.io/nmasse_itix/kiosk-app:latest
+podman push quay.io/nmasse_itix/kiosk-app:latest
+```
diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md
index 26d70ce..13020a4 100644
--- a/documentation/INSTALL_RHEL9.md
+++ b/documentation/INSTALL_RHEL9.md
@@ -50,6 +50,32 @@ cd red-hat-kiosk
 export GIT_REPO_CLONE="$PWD"
 ```
 
+## Create the container image
+
+Install podman and buildah.
+
+```sh
+sudo dnf install -y podman buildah
+```
+
+Define the target image properties.
+
+```sh
+REGISTRY="quay.io"
+IMAGE_NAME="nmasse_itix/kiosk-app"
+IMAGE_TAG="latest"
+```
+
+Build and push the image to the registry.
+
+```sh
+cd "$GIT_REPO_CLONE/application"
+podman build -t localhost/kiosk-app:latest .
+podman login "$REGISTRY"
+podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
+podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
+```
+
 ## Nginx configuration
 
 ```sh
@@ -73,13 +99,20 @@ rm $HOME/rpmbuild
 ln -sf "$GIT_REPO_CLONE/rpms" $HOME/rpmbuild
 ```
 
-Build the Kiosk Configuration RPM
+Build the `kiosk-config` RPM
 
 ```sh
 spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec
 rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec
 ```
 
+Build the `microshift-manifests` RPM
+
+```sh
+spectool -g -R $HOME/rpmbuild/SPECS/microshift-manifests.spec
+rpmbuild -ba $HOME/rpmbuild/SPECS/microshift-manifests.spec
+```
+
 Rebuild the Google Chrome RPM
 
 ```sh
@@ -131,7 +164,7 @@ Verify all packages are present.
 
 ```sh
 sudo dnf clean all
-sudo dnf info kiosk-config google-chrome-stable
+sudo dnf info kiosk-config google-chrome-stable microshift-manifests
 ```
 
 ## Blueprint preparation
diff --git a/imagebuilder/kiosk.toml b/imagebuilder/kiosk.toml
index 675f2b2..63833af 100644
--- a/imagebuilder/kiosk.toml
+++ b/imagebuilder/kiosk.toml
@@ -12,7 +12,7 @@ version = "*"
 name = "cockpit"
 
 [[packages]]
-name = "microshift"
+name = "microshift-manifests"
 version = "*"
 
 [[packages]]
diff --git a/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
index 7094c8b..dd337af 100644
--- a/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
+++ b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
@@ -4,6 +4,6 @@ BindsTo=gnome-session.target
 After=gnome-session.target
 
 [Service]
-ExecStart=/usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk
+ExecStart=/usr/bin/kiosk-app
 Restart=always
 SendSIGHUP=true
\ No newline at end of file
diff --git a/rpms/SOURCES/kiosk-app b/rpms/SOURCES/kiosk-app
new file mode 100644
index 0000000..bf9b394
--- /dev/null
+++ b/rpms/SOURCES/kiosk-app
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -Eeuo pipefail
+
+while ! curl -sf --connect-timeout 5 --expect100-timeout 5 "$KIOSK_URL"; do
+    echo "Waiting for the Kiosk APP to become available..."
+    sleep 10
+done
+
+exec /usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk "$KIOSK_URL"
diff --git a/rpms/SOURCES/kiosk-environment b/rpms/SOURCES/kiosk-environment
index 8e65e8b..47ec70f 100644
--- a/rpms/SOURCES/kiosk-environment
+++ b/rpms/SOURCES/kiosk-environment
@@ -1 +1 @@
-export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
+export KIOSK_URL=http://10.43.191.230/
diff --git a/rpms/SOURCES/microshift-kustomization.yaml b/rpms/SOURCES/microshift-kustomization.yaml
new file mode 100644
index 0000000..85755b4
--- /dev/null
+++ b/rpms/SOURCES/microshift-kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- main-manifest.yaml
diff --git a/rpms/SOURCES/microshift-main-manifest.yaml b/rpms/SOURCES/microshift-main-manifest.yaml
new file mode 100644
index 0000000..31998f3
--- /dev/null
+++ b/rpms/SOURCES/microshift-main-manifest.yaml
@@ -0,0 +1,133 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    kubernetes.io/metadata.name: kiosk-app
+  name: kiosk-app
+spec:
+  finalizers:
+  - kubernetes
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: haproxy
+  namespace: kiosk-app
+data:
+  haproxy.cfg: |
+    global
+      log stdout format raw local0
+      maxconn     4000
+
+    defaults
+        mode                    http
+        log                     global
+        option                  dontlognull
+        option                  redispatch
+        retries                 3
+        timeout http-request    10s
+        timeout queue           1m
+        timeout connect         10s
+        timeout client          1m
+        timeout server          1m
+        timeout http-keep-alive 10s
+        timeout check           10s
+        maxconn                 3000
+
+    frontend webserver
+      bind 0.0.0.0:8080
+      acl main_service_failed nbsrv(appserver_main) le 0
+      use_backend appserver_backup if main_service_failed
+      default_backend appserver_main
+
+    backend appserver_main
+      http-request set-header Host ipinfo.io
+      balance roundrobin
+      # 34.117.186.192 is one of the IP Addresses serving the website "ipinfo.io"
+      server svc-main1 34.117.186.192:80 check
+
+    backend appserver_backup 
+      http-request set-header Host kiosk-app.kiosk-app.svc.cluster.local
+      balance roundrobin
+      server svc-backup1 kiosk-app:5000 check
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: haproxy
+  namespace: kiosk-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: haproxy
+  template:
+    metadata:
+      labels:
+        app: haproxy
+    spec:
+      containers:
+      - name: haproxy
+        image: haproxy:latest
+        volumeMounts:
+        - name: config-volume
+          mountPath: /usr/local/etc/haproxy/haproxy.cfg
+          subPath: haproxy.cfg
+        ports:
+        - containerPort: 8080
+      volumes:
+      - name: config-volume
+        configMap:
+          name: haproxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: haproxy
+  namespace: kiosk-app
+spec:
+  type: ClusterIP
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  clusterIP: 10.43.191.230
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: haproxy
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kiosk-app
+  namespace: kiosk-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kiosk-app
+  template:
+    metadata:
+      labels:
+        app: kiosk-app
+    spec:
+      containers:
+      - name: kiosk-app
+        image: quay.io/nmasse_itix/kiosk-app:latest
+        ports:
+        - containerPort: 5000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kiosk-app
+  namespace: kiosk-app
+spec:
+  type: ClusterIP
+  ports:
+  - port: 5000
+    targetPort: 5000
+  selector:
+    app: kiosk-app
diff --git a/rpms/SPECS/kiosk-config.spec b/rpms/SPECS/kiosk-config.spec
index b1cd5ab..1e1ba10 100644
--- a/rpms/SPECS/kiosk-config.spec
+++ b/rpms/SPECS/kiosk-config.spec
@@ -10,6 +10,7 @@ Source3:    redhat-kiosk-sampleapp.session
 Source4:    redhat-kiosk-sampleapp.desktop
 Source5:    com.redhat.Kiosk.SampleApp.service
 Source6:    session.conf
+Source7:    kiosk-app
 Requires(pre): shadow-utils
 Requires: gnome-kiosk
 Requires: gdm
@@ -39,6 +40,7 @@ cp %{S:3} redhat-kiosk-sampleapp.session
 cp %{S:4} redhat-kiosk-sampleapp.desktop
 cp %{S:5} com.redhat.Kiosk.SampleApp.service
 cp %{S:6} session.conf
+cp %{S:7} kiosk-app
 
 %build
 
@@ -54,6 +56,7 @@ install -m 0644 -D session.conf %{buildroot}%{_userunitdir}/gnome-session@redhat
 install -m 0755 -d %{buildroot}/etc/accountsservice/user-templates/
 install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/standard
 install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/administrator
+install -m 0755 -D kiosk-app %{buildroot}/usr/bin/kiosk-app
 
 %files
 %config(noreplace) %attr(0644, root, root) /etc/profile.d/kiosk.sh
@@ -65,6 +68,7 @@ install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates
 %attr(0644, root, root) %{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf
 %config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/standard
 %config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/administrator
+%attr(0755, root, root) /usr/bin/kiosk-app
 
 %pre
 getent group kiosk >/dev/null 2>&1 || groupadd kiosk
diff --git a/rpms/SPECS/microshift-manifests.spec b/rpms/SPECS/microshift-manifests.spec
new file mode 100644
index 0000000..8cd34d5
--- /dev/null
+++ b/rpms/SPECS/microshift-manifests.spec
@@ -0,0 +1,36 @@
+Name:       microshift-manifests
+Version:    0.0.1
+Release:    rh1
+Summary:    Custom manifests for Microshift
+License:    BSD
+Source0:    microshift-kustomization.yaml
+Source1:    microshift-main-manifest.yaml
+Requires:   microshift
+
+%description
+Custom manifests for Microshift
+
+# Since we don't recompile from source, disable the build_id checking
+%global _missing_build_ids_terminate_build 0
+%global _build_id_links none
+%global debug_package %{nil}
+
+# We are evil, we have no changelog !
+%global source_date_epoch_from_changelog 0
+
+%prep
+cp %{S:0} kustomization.yaml
+cp %{S:1} main-manifest.yaml
+
+%build
+
+%install
+install -m 0755 -d %{buildroot}/usr/lib/microshift/manifests.d/custom/
+install -m 0644 -D kustomization.yaml %{buildroot}/usr/lib/microshift/manifests.d/custom/kustomization.yaml
+install -m 0644 -D main-manifest.yaml %{buildroot}/usr/lib/microshift/manifests.d/custom/main-manifest.yaml
+
+%files
+%attr(0644, root, root) /usr/lib/microshift/manifests.d/custom/kustomization.yaml
+%attr(0644, root, root) /usr/lib/microshift/manifests.d/custom/main-manifest.yaml
+
+%changelog