work in progress

2 years ago · 356d1903eb
16 changed files with 284 additions and 1719 deletions
--- a/chrome_repackage/README.md
+++ b/chrome_repackage/README.md
@ -1,70 +0,0 @@
-# Google Chrome RPM Installation Guide
-
-This guide provides step-by-step instructions for downloading and rebuilding the Google Chrome RPM package on a RPM-based Linux distribution.
-
-## Prerequisites
-
-Before you proceed, ensure that you have the following prerequisites installed on your system:
-
- `rpmrebuild`: A tool for rebuilding RPM packages.
- `rpmbuild`: The RPM Package Manager build tool.
-
-## Installation Steps
-
-1. **Download Google RPM**
-
-    ```bash
-    # Replace <URL> with the actual download URL
-    wget <URL>/google-chrome-stable-119.0.6045.199-1.x86_64.rpm
-    ```
-
-2. **Rebuild the RPM Package**
-
-    ```bash
-    rpmrebuild -s google-chrome-stable.spec -p google-chrome-stable-119.0.6045.199-1.x86_64.rpm
-    ```
-
-3. **Extract the Contents**
-
-    ```bash
-    rpm2cpio google-chrome-stable-119.0.6045.199-1.x86_64.rpm | cpio -idmv
-    ```
-
-4. **Move Google Chrome to the Desired Location**
-
-    ```bash
-    mv opt/google usr/bin/
-    ```
-
-5. **Create Symbolic Links**
-
-    ```bash
-    cd usr/bin/
-    rm -f google-chrome-stable
-    ln -s google/chrome/google-chrome google-chrome-stable
-    ln -s google/chrome/google-chrome chrome
-    cd ../..
-    ```
-
-6. **Create RPM Build Directory**
-
-    ```bash
-    mkdir -p $HOME/rpmbuild/BUILDROOT/google-chrome-stable-119.0.6045.199-1.x86_64
-    ```
-
-7. **Copy Files to RPM Build Directory**
-
-    ```bash
-    for i in etc usr; do cp -r $i $HOME/rpmbuild/BUILDROOT/google-chrome-stable-119.0.6045.199-1.x86_64/; done
-    ```
-
-8. **Build the RPM Package**
-
-    ```bash
-    rpmbuild -bb google-chrome-stable.spec
-    ```
-
-After completing these steps, you should have successfully downloaded, rebuilt, and repackaged the Google Chrome RPM for your system. The resulting RPM package will be available in the RPM build directory (`$HOME/rpmbuild/RPMS/x86_64/`).
-
-Note: Ensure that you replace `<URL>` with the actual download URL of the Google Chrome RPM.
-
--- a/chrome_repackage/google_chrome_repackage.spec
+++ b/chrome_repackage/google_chrome_repackage.spec
--- a/documentation/INSTALL_RHEL9.md
+++ b/documentation/INSTALL_RHEL9.md
@ -59,31 +59,47 @@ sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp}
 sudo firewall-cmd --reload
 sudo mkdir -p /var/www
 sudo restorecon -Rv /var/www
-sudo sed -i.bak 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf
+sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf
 sudo systemctl restart nginx.service
 ```

-## Rebuild of Google Chrome
+## Build the RPMS
+
+Pre-requisites
+
+```sh
+sudo dnf install -y git rpm-build rpmdevtools
+rm $HOME/rpmbuild
+ln -sf "$GIT_REPO_CLONE/rpms" $HOME/rpmbuild
+```
+
+Build the Kiosk Configuration RPM
+
+```sh
+spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec
+rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec
+```
+
+Rebuild the Google Chrome RPM

 ```sh
-sudo dnf install -y git rpm-build
-sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
-sudo dnf install -y rpmrebuild
-cd "$GIT_REPO_CLONE/chrome_repackage"
-curl -s -Lo google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
-rpmrebuild -s google-chrome-stable.spec -p google-chrome-stable_current_x86_64.rpm
-rpm2cpio google-chrome-stable_current_x86_64.rpm | cpio -idmv
-mv opt/google/ usr/bin/
-cd usr/bin/
-rm -f google-chrome-stable
-ln -s google/chrome/google-chrome google-chrome-stable
-ln -s google/chrome/google-chrome chrome
-cd ../..
-RPM=$(rpm -q google-chrome-stable_current_x86_64.rpm)
+mkdir $HOME/rpmbuild/VENDOR
+curl -s -Lo $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
+rpmrebuild -s $HOME/rpmbuild/SPECS/google-chrome-stable.spec -p $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm
+RPM=$(rpm -q $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm)
 mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/
-for i in etc usr; do cp -r $i $HOME/rpmbuild/BUILDROOT/$RPM/; done
-sed -i.bak 's|/opt/google|/usr/bin/google|g' google-chrome-stable.spec
-rpmbuild -bb google-chrome-stable.spec
+rpm2cpio $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D $HOME/rpmbuild/BUILDROOT/$RPM/
+(
+  set -Eeuo pipefail
+  cd $HOME/rpmbuild/BUILDROOT/$RPM/
+  mv opt/google/ usr/bin/
+  cd usr/bin/
+  rm -f google-chrome-stable
+  ln -s google/chrome/google-chrome google-chrome-stable
+  ln -s google/chrome/google-chrome chrome
+) || echo 'Repackaging failed!'
+sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' $HOME/rpmbuild/SPECS/google-chrome-stable.spec
+rpmbuild -bb $HOME/rpmbuild/SPECS/google-chrome-stable.spec
 ls -l $HOME/rpmbuild/RPMS/x86_64/
 ```

@ -109,18 +125,25 @@ baseurl = file://$REPO_LOCATION
 enabled = 1  
 gpgcheck = 0
 EOF
-sudo dnf info google-chrome-stable
+```
+
+Verify all packages are present.
+
+```sh
+sudo dnf clean all
+sudo dnf info kiosk-config google-chrome-stable
 ```

 ## Blueprint preparation

 Customize the **kiosk** and **admin** user password if desired.
+Set the **admin** user SSH public key (if it's not you).

 ```sh
-KIOSK_PASSWORD="$(openssl rand -base64 9)"
-echo "Kiosk password is '$KIOSK_PASSWORD'"
 ADMIN_PASSWORD="$(openssl rand -base64 9)"
 echo "Admin password is '$ADMIN_PASSWORD'"
+ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)"
+echo "Admin SSH public key: $ADMIN_SSH_PUBLIC_KEY"
 ```

 Prepare the os-builder blueprint.
@ -130,13 +153,9 @@ sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms
 sudo dnf info microshift
 sudo dnf install -y mkpasswd podman
 cd "$GIT_REPO_CLONE/imagebuilder"
-KIOSK_PASSWORD_HASH="$(mkpasswd -m bcrypt "$KIOSK_PASSWORD")"
 ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")"
-sed -i.orig1 "s|__KIOSK_PASSWORD__|$KIOSK_PASSWORD_HASH|" kiosk.toml
-sed -i.orig2 "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml
-ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)"
-echo "Admin SSH public key: $ADMIN_SSH_PUBLIC_KEY"
-sed -i.orig3 "s|__ADMIN_SSH_PUBLIC_KEY__|$ADMIN_SSH_PUBLIC_KEY|" kiosk.toml
+sed -i.${EPOCHREALTIME:-bak} "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml
+sed -i.${EPOCHREALTIME:-bak} "s|__ADMIN_SSH_PUBLIC_KEY__|$ADMIN_SSH_PUBLIC_KEY|" kiosk.toml
 composer-cli sources add /dev/fd/0 <<EOF
 check_gpg = false
 check_ssl = false
@ -166,6 +185,16 @@ check_ssl = true
 system = false
 rhsm = true
 EOF
+composer-cli sources add /dev/fd/0 <<EOF
+id = "epel"
+name = "Extra Packages for Enterprise Linux"
+type = "yum-baseurl"
+url = "http://mirror.in2p3.fr/pub/epel/9/Everything/x86_64/"
+check_gpg = false
+check_ssl = false
+system = false
+rhsm = false
+EOF
 composer-cli blueprints push kiosk.toml
 ```

@ -186,6 +215,7 @@ Download the ostree server and run it.
 CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")"
 IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')"
 echo "Using image with id = $IMAGEID"
+podman rm -i minimal-microshift-server
 podman run -d --name=minimal-microshift-server -p 8085:8080 ${IMAGEID}
 ```

@ -208,31 +238,23 @@ composer-cli compose image "${BUILDID}"

 ## Prepare the Kickstart script

-Customize the **root** user password if desired.
-
-```sh
-ROOT_PASSWORD="$(openssl rand -base64 9)"
-echo "Root password is '$ROOT_PASSWORD'"
-```
-
-[Generate a registry token](https://access.redhat.com/terms-based-registry/) and set the `MICROSHIFT_PULL_SECRET` variable.
+[Generate a pull secret](https://console.redhat.com/openshift/install/pull-secret) and set the `MICROSHIFT_PULL_SECRET` variable.

 ```sh
-MICROSHIFT_PULL_SECRET="1.2.3" # Generated by https://access.redhat.com/terms-based-registry/
+MICROSHIFT_PULL_SECRET='' # Generate one on https://console.redhat.com/openshift/install/pull-secret
 ```

 Prepare the Kickstart script.

 ```sh
 cd "$GIT_REPO_CLONE/imagebuilder"
-__ROOT_PASSWORD_HASH__="$(mkpasswd -m bcrypt "$ROOT_PASSWORD")"
-sed -i.orig1 "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks
-sed -i.orig2 "s|__ROOT_PASSWORD_HASH__|$__ROOT_PASSWORD_HASH__|" kiosk.ks
+sed -i.${EPOCHREALTIME:-bak} "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks
 ```

 ## Inject the Kickstart in the ISO

 ```sh
-sudo dnf install -y lorax
-mkksiso kiosk.ks "${BUILDID}-installer.iso" kiosk.iso
+sudo dnf install -y lorax pykickstart
+ksvalidator kiosk.ks || echo "Kickstart has errors, please fix them!"
+rm -f kiosk.iso && mkksiso -r "inst.ks inst.stage2" --ks kiosk.ks "${BUILDID}-installer.iso" kiosk.iso
 ```
--- a/documentation/LOCAL_DEV.md
+++ b/documentation/LOCAL_DEV.md
@ -68,5 +68,47 @@ sudo pvcreate /dev/vdb
 sudo vgcreate data /dev/vdb
 ```

-## Create a VM to install RHEL for Edge
+## Utility script that creates a VM to install RHEL for Edge

+```sh
+#!/bin/bash
+
+set -Eeuo pipefail
+
+DOMAIN="kiosk"
+BASE_IMAGE_URL="your-user@rhel9-vm:red-hat-kiosk/imagebuilder/kiosk.iso"
+BASE_IMAGE_FILENAME="$(basename "$BASE_IMAGE_URL")"
+OS_VARIANT="rhel9.3"
+
+virsh destroy "$DOMAIN" || true
+virsh undefine "$DOMAIN" --nvram || true
+
+rm -rf "/var/lib/libvirt/images/$DOMAIN/"
+mkdir -p "/var/lib/libvirt/images/$DOMAIN"
+
+scp "$BASE_IMAGE_URL" "/var/lib/libvirt/images/$DOMAIN/install.iso"
+
+virt-install --name "$DOMAIN" --autostart --cpu host-passthrough \
+             --vcpus 2 --ram 4096 --os-variant "$OS_VARIANT" \
+             --disk "path=/var/lib/libvirt/images/$DOMAIN/os.qcow2,size=20" \
+             --disk "path=/var/lib/libvirt/images/$DOMAIN/data.qcow2,size=100" \
+             --network network=default \
+             --console pty,target.type=virtio --serial pty \
+             --cdrom "/var/lib/libvirt/images/$DOMAIN/install.iso" \
+             --boot uefi
+```
+
+Use it like follow :
+
+```sh
+eval $(ssh-agent)
+ssh-add
+sudo --preserve-env=SSH_AUTH_SOCK ./kiosk.sh
+```
+
+## Use Microshift
+
+```sh
+export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig
+oc get nodes
+```
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@ -67,39 +67,6 @@ ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/o
 ## Post install scripts
 ##
 %post --log=/var/log/anaconda/post-install.log --erroronfail
-# Default to graphical boot target
-systemctl set-default graphical.target
-
-# Enable autologin for the user kiosk
-sed -i '/^\[daemon\]/a AutomaticLoginEnable=True\nAutomaticLogin=kiosk\n' /etc/gdm/custom.conf
-
-# Configure user kiosk to use the kiosk session
-mkdir -p /var/lib/AccountsService/users
-cat > /var/lib/AccountsService/users/kiosk << 'EOF'
-[User]
-Session=gnome-kiosk-script
-SystemAccount=false
-EOF
-
-# Add url environment variable
-cat >> /home/kiosk/.bashrc << 'EOF'
-export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
-EOF
-
-# Configure the kiosk script to run firefox in kiosk mode and display our example URL
-mkdir -p /home/kiosk/.local/bin/
-cat > /home/kiosk/.local/bin/gnome-kiosk-script << 'EOF'
-#!/bin/sh
-. ~/.bashrc
-while true; do
-    /usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk   ${KIOSK_URL}
-done
-EOF
-
-# Ensure the files are owned by our unprivileged user and the script is executable 
-chown -R 1001:1001 /home/kiosk
-chmod 555 /home/kiosk/.local/bin/gnome-kiosk-script
-
 # Add the pull secret to CRI-O and set root user-only read/write permissions
 cat > /etc/crio/openshift-pull-secret << 'EOF'
 __MICROSHIFT_PULL_SECRET__
--- a/imagebuilder/kiosk.toml
+++ b/imagebuilder/kiosk.toml
@ -5,23 +5,7 @@ modules = []
 groups = []

 [[packages]]
-name = "gdm"
-version = "*"
-
-[[packages]]
-name = "gnome-kiosk"
-version = "*"
-
-[[packages]]
-name = "gnome-kiosk-script-session"
-version = "*"
-
-[[packages]]
-name = "firefox"
-version = "*"
-
-[[packages]]
-name = "google-chrome-stable"
+name = "kiosk-config"
 version = "*"

 [[packages]]
@ -40,7 +24,6 @@ hostname = "kiosk.local"

 [customizations.services]
 enabled = ["cockpit.socket", "sshd", "microshift"]
-#disabled = ["postfix", "telnetd"]

 [customizations.timezone]
 timezone = "Europe/Paris"
--- a/rpms/.gitignore
+++ b/rpms/.gitignore
@ -0,0 +1,4 @@
+RPMS
+SRPMS
+BUILD
+BUILDROOT
--- a/rpms/README.md
+++ b/rpms/README.md
@ -0,0 +1,42 @@
+# Kiosk Setup Configuration
+
+## Pre-requisites
+
+```sh
+sudo dnf install -y git rpm-build rpmdevtools
+cd rpms
+rm $HOME/rpmbuild && ln -sf $PWD $HOME/rpmbuild
+```
+
+## Build the kiosk-config package
+
+```sh
+spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec
+rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec
+```
+
+The resulting package is in `$HOME/rpmbuild/RPMS/x86_64`.
+
+## Rebuild the Google Chrome RPM
+
+```sh
+mkdir $HOME/rpmbuild/VENDOR
+curl -s -Lo $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
+rpmrebuild -s $HOME/rpmbuild/SPECS/google-chrome-stable.spec -p $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm
+RPM=$(rpm -q $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm)
+mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/
+rpm2cpio $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D $HOME/rpmbuild/BUILDROOT/$RPM/
+(
+  set -Eeuo pipefail
+  cd $HOME/rpmbuild/BUILDROOT/$RPM/
+  mv opt/google/ usr/bin/
+  cd usr/bin/
+  rm -f google-chrome-stable
+  ln -s google/chrome/google-chrome google-chrome-stable
+  ln -s google/chrome/google-chrome chrome
+) || echo 'Repackaging failed!'
+sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' $HOME/rpmbuild/SPECS/google-chrome-stable.spec
+rpmbuild -bb $HOME/rpmbuild/SPECS/google-chrome-stable.spec
+```
+
+The resulting package is in `$HOME/rpmbuild/RPMS/x86_64`.
--- a/rpms/SOURCES/com.redhat.Kiosk.SampleApp.desktop
+++ b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.desktop
@ -0,0 +1,5 @@
+[Desktop Entry]
+Name=Sample Application
+Type=Application
+Exec=redhat-kiosk-sampleapp
+X-GNOME-HiddenUnderSystemd=true
--- a/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
+++ b/rpms/SOURCES/com.redhat.Kiosk.SampleApp.service
@ -0,0 +1,9 @@
+[Unit]
+Description=Sample Application (Kiosk mode)
+BindsTo=gnome-session.target
+After=gnome-session.target
+
+[Service]
+ExecStart=/usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk
+Restart=always
+SendSIGHUP=true
--- a/rpms/SOURCES/kiosk-environment
+++ b/rpms/SOURCES/kiosk-environment
@ -0,0 +1 @@
+export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
--- a/rpms/SOURCES/redhat-kiosk-sampleapp.desktop
+++ b/rpms/SOURCES/redhat-kiosk-sampleapp.desktop
@ -0,0 +1,8 @@
+[Desktop Entry]
+Name=Sample Application (Kiosk mode)
+Comment=This session logs you into a kiosk session showing a Sample Application
+Exec=gnome-session --session redhat-kiosk-sampleapp
+TryExec=gnome-session
+Type=Application
+DesktopNames=GNOME-Kiosk;GNOME;
+X-GDM-SessionRegisters=true
--- a/rpms/SOURCES/redhat-kiosk-sampleapp.session
+++ b/rpms/SOURCES/redhat-kiosk-sampleapp.session
@ -0,0 +1,3 @@
+[GNOME Session]
+Name=Kiosk
+RequiredComponents=org.gnome.Kiosk;com.redhat.Kiosk.SampleApp;
--- a/rpms/SOURCES/session.conf
+++ b/rpms/SOURCES/session.conf
@ -0,0 +1,3 @@
+[Unit]
+Requires=org.gnome.Kiosk.target
+Requires=com.redhat.Kiosk.SampleApp.service
--- a/rpms/SOURCES/user-template
+++ b/rpms/SOURCES/user-template
@ -0,0 +1,13 @@
+# This file contains defaults for new users. To edit, first
+# copy it to /etc/accountsservice/user-templates and make changes
+# there
+[Template]
+EnvironmentFiles=/etc/os-release;
+
+[com.redhat.AccountsServiceUser.System]
+id='${ID}'
+version-id='${VERSION_ID}'
+
+[User]
+Session=gnome
+Icon=${HOME}/.face
--- a/rpms/SPECS/kiosk-config.spec
+++ b/rpms/SPECS/kiosk-config.spec
@ -0,0 +1,88 @@
+Name:       kiosk-config
+Version:    0.0.1
+Release:    rh1
+Summary:    Custom config to run a RHEL workstation as kiosk
+License:    BSD
+Source0:    user-template
+Source1:    kiosk-environment
+Source2:    com.redhat.Kiosk.SampleApp.desktop
+Source3:    redhat-kiosk-sampleapp.session
+Source4:    redhat-kiosk-sampleapp.desktop
+Source5:    com.redhat.Kiosk.SampleApp.service
+Source6:    session.conf
+Requires(pre): shadow-utils
+Requires: gnome-kiosk
+Requires: gdm
+Requires: google-chrome-stable
+Requires: accountsservice
+Requires(post): crudini
+Requires(preun): crudini
+BuildRequires: systemd-rpm-macros
+ExclusiveArch: x86_64
+
+%description
+Custom config to run a RHEL workstation as kiosk
+
+# Since we don't recompile from source, disable the build_id checking
+%global _missing_build_ids_terminate_build 0
+%global _build_id_links none
+%global debug_package %{nil}
+
+# We are evil, we have no changelog !
+%global source_date_epoch_from_changelog 0
+
+%prep
+cp %{S:0} user-template
+cp %{S:1} kiosk-environment
+cp %{S:2} com.redhat.Kiosk.SampleApp.desktop
+cp %{S:3} redhat-kiosk-sampleapp.session
+cp %{S:4} redhat-kiosk-sampleapp.desktop
+cp %{S:5} com.redhat.Kiosk.SampleApp.service
+cp %{S:6} session.conf
+
+%build
+
+%install
+install -m 0644 -D kiosk-environment %{buildroot}/etc/profile.d/kiosk.sh
+install -m 0644 -D com.redhat.Kiosk.SampleApp.desktop %{buildroot}/usr/share/applications/com.redhat.Kiosk.SampleApp.desktop
+install -m 0644 -D redhat-kiosk-sampleapp.session %{buildroot}/usr/share/gnome-session/sessions/redhat-kiosk-sampleapp.session
+install -m 0644 -D redhat-kiosk-sampleapp.desktop %{buildroot}/usr/share/wayland-sessions/redhat-kiosk-sampleapp.desktop
+install -m 0644 -D redhat-kiosk-sampleapp.desktop %{buildroot}/usr/share/xsessions/redhat-kiosk-sampleapp.desktop
+install -m 0644 -D com.redhat.Kiosk.SampleApp.service %{buildroot}%{_userunitdir}/com.redhat.Kiosk.SampleApp.service
+install -m 0755 -d %{buildroot}%{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d
+install -m 0644 -D session.conf %{buildroot}%{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf
+install -m 0755 -d %{buildroot}/etc/accountsservice/user-templates/
+install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/standard
+install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/administrator
+
+%files
+%config(noreplace) %attr(0644, root, root) /etc/profile.d/kiosk.sh
+%attr(0644, root, root) /usr/share/applications/com.redhat.Kiosk.SampleApp.desktop
+%attr(0644, root, root) /usr/share/gnome-session/sessions/redhat-kiosk-sampleapp.session
+%attr(0644, root, root) /usr/share/wayland-sessions/redhat-kiosk-sampleapp.desktop
+%attr(0644, root, root) /usr/share/xsessions/redhat-kiosk-sampleapp.desktop
+%attr(0644, root, root) %{_userunitdir}/com.redhat.Kiosk.SampleApp.service
+%attr(0644, root, root) %{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf
+%config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/standard
+%config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/administrator
+
+%pre
+getent group kiosk >/dev/null 2>&1 || groupadd kiosk
+getent passwd kiosk >/dev/null 2>&1 || useradd -N -g kiosk -d /home/kiosk -m kiosk
+
+%post
+%systemd_user_post com.redhat.Kiosk.SampleApp.service
+crudini --set /etc/gdm/custom.conf daemon AutomaticLoginEnable True
+crudini --set /etc/gdm/custom.conf daemon AutomaticLogin kiosk
+systemctl set-default graphical.target
+
+%preun
+%systemd_user_preun com.redhat.Kiosk.SampleApp.service
+if [ "$1" == "0" ]; then # Uninstall
+  crudini --set /etc/gdm/custom.conf daemon AutomaticLoginEnable False
+fi
+
+%postun
+%systemd_user_postun com.redhat.Kiosk.SampleApp.service
+
+%changelog
			`@ -0,0 +1 @@`
			export KIOSK_URL=http://`ip -br a \| grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000