Adds Linux functionality to the stub project

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.0.1
+current_version = 0.1.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

.github/workflows/test.yml

@@ -9,3 +9,19 @@ concurrency:
 jobs:
   test:
     uses: plus3it/actions-workflows/.github/workflows/test.yml@ddd67e99878a285f728de398c1116151c2d7791a
+
+  linux:
+    uses: plus3it/actions-workflows/.github/workflows/test-salt-linux.yml@ddd67e99878a285f728de398c1116151c2d7791a
+    strategy:
+      matrix:
+        os_version:
+          - 8
+          - 9
+        salt_state:
+          - postman-api
+        salt_pillar_root:
+          - ./tests/pillar/test-linux-main
+    with:
+      salt-os-version: ${{ matrix.os_version }}
+      salt-state: ${{ matrix.salt_state }}
+      salt-pillar-root: ${{ matrix.salt_pillar_root }}

CHANGELOG.md

@@ -4,9 +4,30 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### 0.1.0
+
+**Released**: 2026.06.02
+
+**Summary**:
+
+*   Added ("Enterprise") Linux functionality
+    *   Installs the Postman API binary (as downloaded from [vendor site](https://www.postman.com/downloads/))
+        *   Install-location defaults to `/opt/postman`
+        *   Install-location overrideable via Pillar's `install_root` parameter
+        *   For RHEL 9 (and related distros), latest installable version is 10.24.26 (override via Pillar's `download_uri` parameter)
+    *   Creates a wrapper-script at `/usr/local/bin/postman` to ensure appropriate launch-time arguments. For example:
+        *   "don't try to use GPU on X-over-SSH tunnels"
+        *   "disable sandboxing on STIGed operating systems" ( override via Pillar's `sandbox_enabled` parameter)
+        *   "require use of TLS v1.2+" ( override via Pillar's `ssl_min_version` parameter)
+    *   Sets appropriate file-modes and SELinux contexts on binaries and wrappers
+    *   Implements "cleanup" for all of the preceeding
+*   Adds pillar.example to explain parameters/inputs that may be specified via Pillar
+*   Update README with platform-notes
+
+
 ### 0.0.1
 
-**Released**: 2026.05.22
+**Released**: 2026.06.01
 
 **Summary**:
 

README.md

@@ -48,6 +48,11 @@ Executes _just_ the `config` state to uninstall the Postman API client-configura
 
 ## Compatibility Notes:
 
+### Linux
+
+1. Due to library compatibilities, the installable version of Postman on RHEL 9 (and derivatives) is constrained to < `11.x`. This formula defaults the RHEL 9 (and derivatives) installation to Postman version `10.24.26`
+1. To support hardened enterprise baselines (such as the DISA STIG or CIS profiles), this formula defaults to disabling the Chromium application sandbox (`sandbox_enabled: false`) on Red Hat family distributions. These security profiles typically disable unprivileged user namespaces (`user.max_user_namespaces = 0`), which causes Electron-based applications to crash instantly on startup. For less restrictive environments where user namespaces are permitted, the sandbox can be safely re-enabled by setting `sandbox_enabled: true` via Pillar data.
+
 
 [^1]: As of this README's writing, only Enterprise Linux and related distros (Red Hat and Oracle Enterprise, CentOS Stream, Rocky and Alma Linux). It has only been specifically tested with EL **_9_** variants.
 [^2]: As of this README's writing, this functionality has only been tested on Windows Server 2022

README_backrevs.md

@@ -0,0 +1,35 @@
+# How to Find/Install back-rev versions
+
+It is primarily expected that this formula will be used to install the "latest and greatest" version of the Postman API application from the vendor's web-site. If, however, a site requires the ability to install a specific — and almost certainly "back rev" — version of the Postman API application, it will be necessary to step through some hoops to find the desired download URL.
+
+## Identifying available point-releases
+
+To grab an exhustive list of available Postman versions, execute:
+
+```bash
+$ curl -sL "https://dl.pstmn.io/changelog?channel=stable&platform=linux" | \
+tr '"' '\n' | \
+grep -oE '^[0-9]+\.[0-9]+\.[0-9]+' | \
+sort -rV | \
+uniq
+```
+
+As mentioned in the main README file's notes for Linux, RHEL 9 distros require a Postman version less than `11.x`
+
+## Constructing the download URL
+
+To fetch an arbitrary Postman version from the Vendor's download-service, you will need to construct an appropriate URL path. The general URL path will look like:
+
+```
+    https://dl.pstmn.io/download/version/<VERSION>/<PLATFORM>'
+```
+
+* The value of `<VERSION>` is as taken from the list output from the BASH scriptlet in the preceding, "Identifying available point-releases", section.
+*   The value of `<PLATFORM>` will be either of
+    * `linux64` for Linux distributions using the x86_64 CPU-architecture
+    * `windows` for all Windows versions
+
+By way of example:
+
+* The URL `https://dl.pstmn.io/download/version/10.24.26/linux64` would be used to pull Postman `10.24.26` for Linux distros
+* The URL `https://dl.pstmn.io/download/version/12.12.5/windows` would be used to pull Postman `12.12.5` for Windows systems

pillar.example

@@ -0,0 +1,51 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+postman-api:
+  config:
+    # Path where the system desktop entry file will be generated.
+    desktop_entry: '/usr/share/applications/postman.desktop'
+
+    # Relative path to the application icon inside the installation directory.
+    icon_source: '/app/resources/app/assets/icon.png'
+
+    # The root directory tree where the application archive is extracted.
+    # Natively supports paths containing spaces (e.g., '/opt/Desktop Apps/Postman').
+    install_root: '/opt/Postman'
+
+    # Controls Chromium's internal application isolation sandbox layer.
+    # Set to false to support profiles that disable unprivileged namespaces
+    # (such as DISA STIG or CIS benchmarks), allowing safe startup.
+    sandbox_enabled: false
+
+    # The SELinux context type applied to the application root directory.
+    # Automatically triggers fcontext and restorecon operations if the
+    # kernel security subsystem is running in Enforcing or Permissive mode.
+    selinux_fcontext: 'usr_t'
+
+    # Mandates the minimum TLS protocol allowed for transit connections.
+    # Ensures compliance with FIPS validation rules by preventing downgrades.
+    ssl_min_version: 'tls1.2'
+
+    # Path to the system binary utility that updates the desktop MIME cache.
+    update_mime_database: '/usr/bin/update-desktop-database'
+
+    # Controls registration of trusted application paths with fapolicyd.
+    # Set to true to inject execution rules when whitelisting is enabled.
+    whitelist_enabled: true
+
+    # The system path for the generated wrapper execution bash script.
+    wrapper_bin: '/usr/local/bin/postman'
+
+  pkg:
+    # Optional cryptographic hash string (e.g., sha256) to verify the source.
+    # Leave empty to skip verification when pulling dynamic latest payloads.
+    download_sig: ''
+
+    # The fully qualified URI source pointing to the target install archive.
+    # Can point to the public CDN or an internally hosted mirror repository.
+    download_uri: 'https://dl.pstmn.io/download/version/10.24.26/linux64'
+
+    # The internal name designation used for formula mapping identification.
+    name: 'postman-api'
+...

postman-api/clean.sls

@@ -2,7 +2,5 @@
 # vim: ft=sls
 
 include:
-  - .subcomponent.clean
-  - .service.clean
   - .config.clean
   - .package.clean

postman-api/config/lin_clean.sls

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import mapdata as postman_api with context %}
+
+{#- Dynamically check if the host has the SELinux kernel subsystem live #}
+{%- set selinux_live = salt['grains.get']('selinux:enabled', False) %}
+
+Refresh Whitelist Daemon Database:
+  cmd.run:
+    - name: 'fapolicyd-cli --update'
+    - onchanges:
+      - file: 'Remove Whitelist Daemon Policy'
+    - onlyif: 'command -v fapolicyd-cli'
+
+Remove Postman Desktop Shortcut:
+  file.absent:
+    - name: '{{ postman_api.config.desktop_entry }}'
+
+{%- if postman_api.config.get('selinux_fcontext', False) and selinux_live %}
+Remove Postman SELinux File Contexts:
+  selinux.fcontext_policy_absent:
+    - name: '{{ postman_api.config.install_root | replace(" ", "\s") }}(/.*)?'
+{%- endif %}
+
+Remove Protocol Deep Linking Registration:
+  cmd.run:
+    - name: '{{ postman_api.config.update_mime_database }} /usr/share/applications'
+    - onchanges:
+      - file: 'Remove Postman Desktop Shortcut'
+
+Remove Whitelist Daemon Policy:
+  file.absent:
+    - name: '/etc/fapolicyd/rules.d/95-postman.rules'
+    - onlyif: 'command -v fapolicyd-cli'
+
+Suppress Automatic Updates Globally:
+  host.absent:
+    - ip: '127.0.0.1'
+    - name: 'dl.pstmn.io'

postman-api/config/lin_file.sls

@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import mapdata as postman_api with context %}
+{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
+
+{#- Dynamically check if the host has the SELinux kernel subsystem live #}
+{%- set selinux_live = salt['grains.get']('selinux:enabled', False) %}
+
+Configure Postman Desktop Shortcut:
+  file.managed:
+    - context:
+        postman_api: {{ postman_api | json }}
+    - group: 'root'
+    - makedirs: True
+    - mode: '0644'
+    - name: '{{ postman_api.config.desktop_entry }}'
+    - source:
+{{ files_switch(['postman.desktop', 'postman.desktop.jinja'],
+                lookup='desktop_shortcut') }}
+    - template: 'jinja'
+    - user: 'root'
+
+{%- if postman_api.config.get('selinux_fcontext', False) and selinux_live %}
+Configure Postman SELinux File Contexts:
+  selinux.fcontext_policy_present:
+    - filetype: 'a'
+    - name: '{{ postman_api.config.install_root | replace(" ", "\s") }}(/.*)?'
+    - sel_type: {{ postman_api.config.selinux_fcontext }}
+{%- endif %}
+
+{%- if postman_api.config.get('whitelist_enabled', False) %}
+{#- Escape whitespaces specifically to satisfy strict fapolicyd syntax rules -#}
+{%- set fapolicyd_root = postman_api.config.install_root | replace(' ', '\ ') %}
+{%- set fapolicyd_wrap = postman_api.config.wrapper_bin | replace(' ', '\ ') %}
+Configure Whitelist Daemon Policy:
+  file.managed:
+    - contents: |
+        # Allow execution of system-wide Postman binaries and libraries
+        allow perm=any uid=all : dir={{ fapolicyd_root }}/
+        allow perm=any uid=all : path={{ fapolicyd_wrap }}
+    - group: 'root'
+    - makedirs: True
+    - mode: '0644'
+    - name: '/etc/fapolicyd/rules.d/95-postman.rules'
+    - onlyif: 'command -v fapolicyd-cli'
+    - user: 'root'
+{%- endif %}
+
+Refresh Whitelist Daemon Database:
+  cmd.run:
+    - name: 'fapolicyd-cli --update'
+    - onchanges:
+      - file: 'Configure Whitelist Daemon Policy'
+    - onlyif: 'command -v fapolicyd-cli'
+
+Register Protocol Deep Linking:
+  cmd.run:
+    - name: '{{ postman_api.config.update_mime_database }} /usr/share/applications'
+    - onchanges:
+      - file: 'Configure Postman Desktop Shortcut'
+
+{%- if selinux_live %}
+{%- set root_path = postman_api.config.install_root %}
+{%- set wrap_path = postman_api.config.wrapper_bin %}
+Restore SELinux Security Contexts:
+  cmd.run:
+    - name: 'restorecon -R "{{ root_path }}" "{{ wrap_path }}"'
+    - onchanges:
+      - file: 'Configure Postman Desktop Shortcut'
+      {%- if postman_api.config.get('selinux_fcontext', False) %}
+      - selinux: 'Configure Postman SELinux File Contexts'
+      {%- endif %}
+    - onlyif: 'test -d "{{ root_path }}" && test -e "{{ wrap_path }}"'
+{%- endif %}
+
+Suppress Automatic Updates Globally:
+  host.present:
+    - ip: '127.0.0.1'
+    - name: 'dl.pstmn.io'

postman-api/files/default/postman.desktop.jinja

@@ -0,0 +1,9 @@
+[Desktop Entry]
+Categories=Development;
+Comment=Postman API Platform
+Exec={{ postman_api.config.wrapper_bin }} %u
+Icon="{{ postman_api.config.install_root }}{{ postman_api.config.icon_source }}"
+MimeType=x-scheme-handler/postman;
+Name=Postman
+Terminal=false
+Type=Application

postman-api/init.sls

@@ -4,5 +4,3 @@
 include:
   - .package
   - .config
-  - .service
-  - .subcomponent

postman-api/package/lin_clean.sls

@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# vim: ft=sls
+
+{#- Get the `tplroot` from `tpldir` #}
+{%- set tplroot = tpldir.split('/')[0] %}
+{%- from tplroot ~ "/map.jinja" import mapdata as postman_api with context %}
+
+Remove Postman Application Directory:
+  file.absent:
+    - name: '{{ postman_api.config.install_root }}'
+
+Remove Postman Wrapper Script:
+  file.absent:
+    - name: '{{ postman_api.config.wrapper_bin }}'