cloud image import fedora GPG key for RPMs, as the livecd does

(cherry picked from commit c6f36e4c10)

fedora-cloud-base.ks

@@ -19,14 +19,12 @@ auth --useshadow --enablemd5
 selinux --enforcing
 rootpw --lock --iscrypted locked
 
-# this is actually not used, but a static firewall
-# matching these rules is generated below.
-firewall --service=ssh
+firewall --disabled
 
 bootloader --timeout=1 --append="console=ttyS0,115200n8 console=tty0" extlinux
 
 network --bootproto=dhcp --device=eth0 --onboot=on
-services --enabled=network,sshd,rsyslog,iptables,cloud-init,cloud-init-local,cloud-config,cloud-final
+services --enabled=network,sshd,rsyslog,cloud-init,cloud-init-local,cloud-config,cloud-final
 
 
 zerombr
@@ -63,10 +61,6 @@ syslinux-extlinux
 # Needed initially, but removed below.
 firewalld
 
-# Basic firewall. If you're going to rely on your cloud service's
-# security groups you can remove this.
-iptables-services
-
 # cherry-pick a few things from @standard
 tar
 rsync
@@ -135,28 +129,6 @@ yum -C -y remove linux-firmware
 echo "Removing firewalld."
 yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
 
-# Non-firewalld-firewall
-echo -n "Writing static firewall"
-cat <<EOF > /etc/sysconfig/iptables
-# Simple static firewall loaded by iptables.service. Replace
-# this with your own custom rules, run lokkit, or switch to 
-# shorewall or firewalld as your needs dictate.
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 80 -j ACCEPT
-#-A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 443 -j ACCEPT
--A INPUT -j REJECT --reject-with icmp-host-prohibited
--A FORWARD -j REJECT --reject-with icmp-host-prohibited
-COMMIT
-EOF
-echo .
-
 # Another one needed at install time but not after that, and it pulls
 # in some unneeded deps (like, newt and slang)
 echo "Removing authconfig."
@@ -223,8 +195,26 @@ yum history new
 yum clean all
 truncate -c -s 0 /var/log/yum.log
 
+echo "Import RPM GPG key"
+releasever=$(rpm -q --qf '%{version}\n' fedora-release)
+basearch=$(uname -m)
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
+
+echo "Packages within this cloud image:"
+echo "-----------------------------------------------------------------------"
+rpm -qa
+echo "-----------------------------------------------------------------------"
+# Note that running rpm recreates the rpm db files which aren't needed/wanted
+rm -f /var/lib/rpm/__db*
+
+
 echo "Fixing SELinux contexts."
+touch /var/log/cron
+touch /var/log/boot.log
+mkdir -p /var/cache/yum
+chattr -i /boot/extlinux/ldlinux.sys
 /usr/sbin/fixfiles -R -a restore
+chattr +i /boot/extlinux/ldlinux.sys
 
 echo "Zeroing out empty space."
 # This forces the filesystem to reclaim space from deleted files

fedora-lxde-packages.ks

@@ -12,7 +12,9 @@
 @lxde-apps
 @lxde-media
 @lxde-office
-@firefox
+
+# FIXME: can be omitted once comps is updated
+midori
 
 # pam-fprint causes a segfault in LXDM when enabled
 -fprintd-pam
@@ -35,9 +37,6 @@ metacity
 #-man-pages-*
 #-words
 
-# use ssmtp
-ssmtp
-
 # save some space
 -autofs
 -acpid
@@ -50,10 +49,7 @@ ssmtp
 -stix-fonts
 -ibus-typing-booster
 -xscreensaver-extras
--wqy-zenhei-fonts           # FIXME: Workaround to save space, do this in comps
-
-# FIXME: can be removed once mtpaint is gone from lxde-apps in comps
--mtpaint
+#-wqy-zenhei-fonts           # FIXME: Workaround to save space, do this in comps
 
 # drop some system-config things
 -system-config-boot