diff --git a/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch b/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch new file mode 100644 index 0000000..bf55655 --- /dev/null +++ b/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch @@ -0,0 +1,25 @@ +From 782dd7a1deacfcaa4318519f1cae2c0b4748661b Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Sun, 25 Oct 2020 11:43:25 -0600 +Subject: [PATCH] Give root RW permissions to /var/lib/cobbler/web.ss + +--- + cobbler/cobblerd.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cobbler/cobblerd.py b/cobbler/cobblerd.py +index fe1cf889..34aedf97 100644 +--- a/cobbler/cobblerd.py ++++ b/cobbler/cobblerd.py +@@ -57,7 +57,7 @@ def regen_ss_file(): + data = fd.read(512) + fd.close() + +- fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o600) ++ fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o660) + os.write(fd, binascii.hexlify(data)) + os.close(fd) + +-- +2.29.0 + diff --git a/2441.patch b/2441.patch new file mode 100644 index 0000000..fb1f0f4 --- /dev/null +++ b/2441.patch @@ -0,0 +1,30 @@ +From 8c04ef7d81f33900fda1ad3c4efa710827e22064 Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Sun, 25 Oct 2020 13:49:25 -0600 +Subject: [PATCH] Do not try to access log file if we are not running as root + +--- + cobbler/clogger.py | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/cobbler/clogger.py b/cobbler/clogger.py +index 191455113..635865dc1 100644 +--- a/cobbler/clogger.py ++++ b/cobbler/clogger.py +@@ -30,14 +30,8 @@ + # Cobbler. + + # This is necessary to prevent apache to try to access the file +-LOG_FILE = "/var/log/cobbler/cobbler.log" +-try: +- if not os.path.isfile(LOG_FILE): +- open(LOG_FILE, 'a').close() +- if os.access(LOG_FILE, os.W_OK): +- logging.config.fileConfig('/etc/cobbler/logging_config.conf') +-except Exception: +- pass ++if os.geteuid() == 0: ++ logging.config.fileConfig('/etc/cobbler/logging_config.conf') + + + class Logger(object): diff --git a/2590.patch b/2590.patch new file mode 100644 index 0000000..5e7221b --- /dev/null +++ b/2590.patch @@ -0,0 +1,92 @@ +From 4b5025e9e30db30d6e264fabeb860a7758d7d7ad Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Mon, 8 Mar 2021 22:04:52 -0700 +Subject: [PATCH] autoinstall_templates are installed into + /var/lib/cobbler/templates + +--- + cobbler/actions/sync.py | 2 +- + config/cobbler/settings.yaml | 4 ++-- + docs/cobbler-conf.rst | 4 ++-- + tests/test_data/settings_old | 4 ++-- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/cobbler/actions/sync.py b/cobbler/actions/sync.py +index 2667edb56..302c81de7 100644 +--- a/cobbler/actions/sync.py ++++ b/cobbler/actions/sync.py +@@ -179,7 +179,7 @@ def clean_trees(self): + if x not in self.settings.webdir_whitelist: + # delete directories that shouldn't exist + utils.rmtree(path, logger=self.logger) +- if x in ["autoinstall_templates", "autoinstall_templates_sys", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: ++ if x in ["templates", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: + # clean out directory contents + utils.rmtree_contents(path, logger=self.logger) + # +diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml +index b2e05a7bf..ac8edccbf 100644 +--- a/config/cobbler/settings.yaml ++++ b/config/cobbler/settings.yaml +@@ -77,7 +77,7 @@ cheetah_import_whitelist: + createrepo_flags: "-c cache -s sha" + + # if no autoinstall template is specified to profile add, use this template +-default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks ++default_autoinstall: /var/lib/cobbler/templates/default.ks + + # configure all installed systems to use these nameservers by default + # unless defined differently in the profile. For DHCP configurations +@@ -92,7 +92,7 @@ default_ownership: + - "admin" + + # Cobbler has various sample automatic installation templates stored +-# in /var/lib/cobbler/autoinstall_templates/. This controls ++# in /var/lib/cobbler/templates/. This controls + # what install (root) password is set up for those + # systems that reference this variable. The factory + # default is "cobbler" and Cobbler check will warn if +diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst +index 52621e278..ef65acc0b 100644 +--- a/docs/cobbler-conf.rst ++++ b/docs/cobbler-conf.rst +@@ -257,7 +257,7 @@ default_autoinstall + + If no autoinstall template is specified to profile add, use this template. + +-default: ``/var/lib/cobbler/autoinstall_templates/default.ks`` ++default: ``/var/lib/cobbler/templates/default.ks`` + + default_name_* + ============== +@@ -284,7 +284,7 @@ default: + default_password_crypted + ======================== + +-Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/autoinstall_templates/``. This ++Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/templates/``. This + controls what install (root) password is set up for those systems that reference this variable. The factory default is + "cobbler" and Cobbler check will warn if this is not changed. The simplest way to change the password is to run + ``openssl passwd -1`` and put the output between the ``""``. +diff --git a/tests/test_data/settings_old b/tests/test_data/settings_old +index acbe8cdc9..1b531d21d 100644 +--- a/tests/test_data/settings_old ++++ b/tests/test_data/settings_old +@@ -92,7 +92,7 @@ cheetah_import_whitelist: + createrepo_flags: "-c cache -s sha" + + # if no autoinstall template is specified to profile add, use this template +-default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks ++default_autoinstall: /var/lib/cobbler/templates/default.ks + + # configure all installed systems to use these nameservers by default + # unless defined differently in the profile. For DHCP configurations +@@ -107,7 +107,7 @@ default_ownership: + - "admin" + + # cobbler has various sample automatic installation templates stored +-# in /var/lib/cobbler/autoinstall_templates/. This controls ++# in /var/lib/cobbler/templates/. This controls + # what install (root) password is set up for those + # systems that reference this variable. The factory + # default is "cobbler" and cobbler check will warn if diff --git a/2965.patch b/2965.patch new file mode 100644 index 0000000..0d328b0 --- /dev/null +++ b/2965.patch @@ -0,0 +1,1054 @@ +From b6d391c21b1c09497a70d40c7cdd02dbb51fbc3d Mon Sep 17 00:00:00 2001 +From: tpw56j +Date: Tue, 9 Nov 2021 11:39:20 +0300 +Subject: [PATCH 1/8] fix/ldap_anonymous_bind + +--- + cobbler/modules/authentication/ldap.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cobbler/modules/authentication/ldap.py b/cobbler/modules/authentication/ldap.py +index 0abbd3538..a55ac1269 100644 +--- a/cobbler/modules/authentication/ldap.py ++++ b/cobbler/modules/authentication/ldap.py +@@ -102,7 +102,7 @@ def authenticate(api_handle, username, password) -> bool: + return False + + # if we're not allowed to search anonymously, grok the search bind settings and attempt to bind +- if api_handle.settings().ldap_anonymous_bind: ++ if not api_handle.settings().ldap_anonymous_bind: + searchdn = api_handle.settings().ldap_search_bind_dn + searchpw = api_handle.settings().ldap_search_passwd + + +From 22cdc2d1475bc5df2581c713336f07efc135e104 Mon Sep 17 00:00:00 2001 +From: Xavier Bachelot +Date: Tue, 18 Jan 2022 19:04:54 +0100 +Subject: [PATCH 2/8] Sync signatures from master + +--- + config/cobbler/distro_signatures.json | 704 ++++++++++++++++++++++---- + 1 file changed, 609 insertions(+), 95 deletions(-) + +diff --git a/config/cobbler/distro_signatures.json b/config/cobbler/distro_signatures.json +index ca7943481..92fd6d758 100644 +--- a/config/cobbler/distro_signatures.json ++++ b/config/cobbler/distro_signatures.json +@@ -12,9 +12,11 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "i386", +- "x86_64", ++ "ia64", + "ppc", +- "ppc64" ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -42,9 +44,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "i386", +- "x86_64", ++ "ia64", + "ppc", +- "ppc64" ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -69,8 +72,9 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "i386", +- "x86_64", +- "ppc64" ++ "ppc64", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -94,10 +98,11 @@ + "kernel_arch": "kernel-(.*).rpm", + "kernel_arch_regex": null, + "supported_arches": [ +- "i386", +- "x86_64", ++ "aarch64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -129,11 +134,37 @@ + "kernel_arch": "kernel-(.*).rpm", + "kernel_arch_regex": null, + "supported_arches": [ +- "i386", +- "x86_64", +- "ppc", +- "ppc64", +- "ppc64le" ++ "aarch64", ++ "ppc64le", ++ "s390x", ++ "x86_64" ++ ], ++ "supported_repo_breeds": [ ++ "rsync", ++ "rhn", ++ "yum" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.img", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "rhel9": { ++ "signatures": [ ++ "BaseOS" ++ ], ++ "version_file": "(redhat|sl|slf|almalinux|centos|centos-linux|centos-stream|oraclelinux|rocky|vzlinux)-release-(?!notes)([\\w]*-)*9[\\.-]+(.*)\\.rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*).rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -208,10 +239,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "arm", ++ "armhfp", + "i386", + "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "s390", ++ "s390x" + ], + "supported_repo_breeds": [ + "rsync", +@@ -235,10 +270,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "arm", ++ "armhfp", + "i386", +- "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "x86_64", ++ "s390", ++ "s390x" + ], + "supported_repo_breeds": [ + "rsync", +@@ -262,10 +301,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "arm", + "i386", +- "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -289,10 +331,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "armhfp", + "i386", +- "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -321,11 +366,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -354,11 +402,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -387,11 +438,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -420,11 +474,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -453,11 +509,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -487,10 +545,12 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -520,10 +580,12 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -553,10 +615,12 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -586,10 +650,11 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -619,9 +684,11 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -651,9 +718,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", +- "i386", +- "x86_64", +- "ppc64le" ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -683,9 +751,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", +- "i386", +- "x86_64", +- "ppc64le" ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -715,9 +784,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", +- "i386", +- "x86_64", +- "ppc64le" ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -737,6 +807,68 @@ + ] + } + }, ++ "fedora34": { ++ "signatures": [ ++ "Packages" ++ ], ++ "version_file": "(fedora)-release-34-(.*)\\.noarch\\.rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" ++ ], ++ "supported_repo_breeds": [ ++ "rsync", ++ "rhn", ++ "yum" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.img", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.ks", ++ "kernel_options": "repo=$tree", ++ "kernel_options_post": "", ++ "boot_files": [], ++ "boot_loaders": { ++ "ppc64": [ ++ "grub" ++ ] ++ } ++ }, ++ "fedora35": { ++ "signatures": [ ++ "Packages" ++ ], ++ "version_file": "(fedora)-release-35-(.*)\\.noarch\\.rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" ++ ], ++ "supported_repo_breeds": [ ++ "rsync", ++ "rhn", ++ "yum" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.img", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.ks", ++ "kernel_options": "repo=$tree", ++ "kernel_options_post": "", ++ "boot_files": [], ++ "boot_loaders": [] ++ }, + "cloudlinux6": { + "signatures": [ + "Packages" +@@ -880,6 +1012,29 @@ + "kernel_options": "", + "kernel_options_post": "", + "boot_files": [] ++ }, ++ "bullseye": { ++ "signatures": [ ++ "dists" ++ ], ++ "version_file": "Release", ++ "version_file_regex": "Codename: bullseye", ++ "kernel_arch": "linux-headers-(.*)\\.deb", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64" ++ ], ++ "supported_repo_breeds": [ ++ "apt" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.gz", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.seed", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] + } + }, + "ubuntu": { +@@ -1394,6 +1549,32 @@ + "template_files": "", + "boot_files": [], + "boot_loaders": {} ++ }, ++ "impish": { ++ "signatures": [ ++ "dists", ++ ".disk" ++ ], ++ "version_file": "Release|info", ++ "version_file_regex": "Suite: impish|Ubuntu-Server 21\\.10", ++ "kernel_arch": "linux-headers-(.*)\\.deb", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64" ++ ], ++ "supported_repo_breeds": [ ++ "apt" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd($|.gz$|.lz$)", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "template_files": "", ++ "boot_files": [], ++ "boot_loaders": {} + } + }, + "suse": { +@@ -1613,11 +1794,107 @@ + "kernel_options_post": "", + "boot_files": [] + }, +- "opensuse15generic": { ++ "opensuse15.0": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.0-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.1": { + "signatures": [ + "" + ], +- "version_file": "openSUSE-release-15.(.*).rpm", ++ "version_file": "openSUSE-release-15.1-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.2": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.2-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.3": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.3-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.4": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.4-(.*).rpm", + "version_file_regex": null, + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, +@@ -2613,6 +2890,81 @@ + "kernel_options": "", + "kernel_options_post": "", + "boot_files": [] ++ }, ++ "freebsd12.2": { ++ "signatures": [ ++ "boot" ++ ], ++ "version_file": "freebsd-version", ++ "version_file_regex": "USERLAND_VERSION=\"12.2-RELEASE\"", ++ "kernel_arch": "device\\.hints", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64", ++ "ppc64", ++ "ppc64le", ++ "ppc64el", ++ "aarch64" ++ ], ++ "supported_repo_breeds": [], ++ "kernel_file": "base.txz", ++ "initrd_file": "base.txz", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "freebsd12.3": { ++ "signatures": [ ++ "boot" ++ ], ++ "version_file": "freebsd-version", ++ "version_file_regex": "USERLAND_VERSION=\"12.3-RELEASE\"", ++ "kernel_arch": "device\\.hints", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64", ++ "ppc64", ++ "ppc64le", ++ "ppc64el", ++ "aarch64" ++ ], ++ "supported_repo_breeds": [], ++ "kernel_file": "base.txz", ++ "initrd_file": "base.txz", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "freebsd13.0": { ++ "signatures": [ ++ "boot" ++ ], ++ "version_file": "freebsd-version", ++ "version_file_regex": "USERLAND_VERSION=\"13.0-RELEASE\"", ++ "kernel_arch": "device\\.hints", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64", ++ "ppc64", ++ "ppc64le", ++ "ppc64el", ++ "aarch64" ++ ], ++ "supported_repo_breeds": [], ++ "kernel_file": "base.txz", ++ "initrd_file": "base.txz", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] + } + }, + "xen": { +@@ -2752,42 +3104,204 @@ + "unix": { + }, + "windows": { +- "2003": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub"]} +- }, +- "2008": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "2012": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "2016": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "2019": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "XP": { +- "supported_arches":["i386","x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub"]} +- }, +- "7": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "8": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "10": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- } ++ "2003": { ++ "signatures": [ ++ "amd64", ++ "i386", ++ "autorun.inf" ++ ], ++ "version_file": "relnotes\\.htm", ++ "version_file_regex": "^.*Microsoft Windows Server 2003.*$", ++ "kernel_arch": "(i386|amd64)", ++ "kernel_arch_regex": null, ++ "supported_arches":["i386","amd64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [ ++ "i386/*.*", ++ "amd64/*.*" ++ ] ++ }, ++ "2008": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2008.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "2012": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2012.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86_64)$", ++ "supported_arches":["x86_64"], ++ "boot_loaders":{"x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "2016": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2016.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86_64)$", ++ "supported_arches":["x86_64"], ++ "boot_loaders":{"x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "2019": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2019.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86_64)$", ++ "supported_arches":["x86_64"], ++ "boot_loaders":{"x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "XP": { ++ "signatures": [ ++ "amd64", ++ "i386", ++ "autorun.inf" ++ ], ++ "version_file": "readme\\.htm", ++ "version_file_regex": "^Version of Microsoft Windows XP.*$", ++ "kernel_arch": "(i386|amd64)", ++ "kernel_arch_regex": null, ++ "supported_arches":["i386","amd64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [ ++ "i386/*.*", ++ "amd64/*.*" ++ ] ++ }, ++ "7": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 7.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "8": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 8.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "10": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 10.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "11": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 11.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(ARM64|x86_64)$", ++ "supported_arches":["ARM64","x86_64"], ++ "boot_loaders":{"aarch64":[], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ } + }, + "powerkvm": { + "2.1": { +@@ -2815,7 +3329,7 @@ + "boot_files": [], + "boot_loaders": { + "ppc64": [ +- "pxelinux" ++ "pxe" + ] + } + } + +From e60691af699a1bb2045fedf4c74fc4deb107cd7c Mon Sep 17 00:00:00 2001 +From: Xavier Bachelot +Date: Tue, 18 Jan 2022 19:11:31 +0100 +Subject: [PATCH 3/8] Add support for older anaconda (tftpgen) + +--- + cobbler/tftpgen.py | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/cobbler/tftpgen.py b/cobbler/tftpgen.py +index 3e2da2124..d8aa91d2f 100644 +--- a/cobbler/tftpgen.py ++++ b/cobbler/tftpgen.py +@@ -730,8 +730,10 @@ def build_kernel_options(self, system, profile, distro, image, arch: str, autoin + + if distro.breed is None or distro.breed == "redhat": + +- append_line += " kssendmac" +- append_line = "%s inst.ks=%s" % (append_line, autoinstall_path) ++ if distro.os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " kssendmac ks=%s" % autoinstall_path ++ else: ++ append_line += " inst.ks.sendmac inst.ks=%s" % autoinstall_path + gpxe = blended["enable_gpxe"] + if gpxe: + append_line = append_line.replace('ksdevice=bootif', 'ksdevice=${net0/mac}') + +From 365a9d6b1c33f14a1a390a1070d5d822c9db7ce5 Mon Sep 17 00:00:00 2001 +From: Xavier Bachelot +Date: Tue, 18 Jan 2022 19:19:26 +0100 +Subject: [PATCH 4/8] Add support for older anaconda (buildiso) + +--- + cobbler/actions/buildiso.py | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/cobbler/actions/buildiso.py b/cobbler/actions/buildiso.py +index 9b204aabf..31772c067 100644 +--- a/cobbler/actions/buildiso.py ++++ b/cobbler/actions/buildiso.py +@@ -223,7 +223,10 @@ def generate_netboot_iso(self, imagesdir, isolinuxdir, profiles=None, systems=No + if dist.breed == "redhat": + if "proxy" in data and data["proxy"] != "": + append_line += " proxy=%s http_proxy=%s" % (data["proxy"], data["proxy"]) +- append_line += " inst.ks=%s" % data["autoinstall"] ++ if dist.os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " ks=%s" % self.data["autoinstall"] ++ else: ++ append_line += " inst.ks=%s" % self.data["autoinstall"] + + if dist.breed in ["ubuntu", "debian"]: + append_line += " auto-install/enable=true url=%s" % data["autoinstall"] +@@ -273,7 +276,10 @@ def generate_netboot_iso(self, imagesdir, isolinuxdir, profiles=None, systems=No + if dist.breed == "redhat": + if "proxy" in data and data["proxy"] != "": + append_line += " proxy=%s http_proxy=%s" % (data["proxy"], data["proxy"]) +- append_line += " inst.ks=%s" % data["autoinstall"] ++ if os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " ks=%s" % self.data["autoinstall"] ++ else: ++ append_line += " inst.ks=%s" % self.data["autoinstall"] + + if dist.breed in ["ubuntu", "debian"]: + append_line += " auto-install/enable=true url=%s netcfg/disable_autoconfig=true" % data["autoinstall"] +@@ -540,7 +546,10 @@ def generate_standalone_iso(self, imagesdir, isolinuxdir, distname, filesource, + + append_line = " append initrd=%s" % os.path.basename(distro.initrd) + if distro.breed == "redhat": +- append_line += " inst.ks=cdrom:/isolinux/%s.cfg" % descendant.name ++ if distro.os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " ks=cdrom:/isolinux/%s.cfg" % descendant.name ++ else: ++ append_line += " inst.ks=cdrom:/isolinux/%s.cfg" % descendant.name + if distro.breed == "suse": + append_line += " autoyast=file:///isolinux/%s.cfg install=cdrom:///" % descendant.name + if "install" in data["kernel_options"]: + diff --git a/3227.patch b/3227.patch new file mode 100644 index 0000000..f7dcee1 --- /dev/null +++ b/3227.patch @@ -0,0 +1,52 @@ +From 7d5e0bb4a206365ce2cb1de30ba0f49ad43e97d2 Mon Sep 17 00:00:00 2001 +From: Robby Callicotte +Date: Thu, 11 Aug 2022 13:46:23 -0500 +Subject: [PATCH] Added backport fix for reposync + +--- + cobbler/actions/reposync.py | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py +index 2900dfd665..651514f36a 100644 +--- a/cobbler/actions/reposync.py ++++ b/cobbler/actions/reposync.py +@@ -443,6 +443,9 @@ def rhn_sync(self, repo): + if repo.arch != "": + cmd = "%s -a %s" % (cmd, repo.arch) + ++ if repo.arch == "": ++ cmd = "%s" % (cmd) ++ + # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or + # rhn://, execute all queued commands here. Any failure at any point stops the operation. + +@@ -537,7 +540,7 @@ def yum_sync(self, repo): + # Counter-intuitive, but we want the newish kernels too + cmd = "%s -a i686" % (cmd) + else: +- cmd = "%s -a %s" % (cmd, repo.arch) ++ cmd = "%s -a %s -a noarch" % (cmd, repo.arch) + + else: + # Create the output directory if it doesn't exist +@@ -570,12 +573,16 @@ def yum_sync(self, repo): + proxy = repo.proxy + (cert, verify) = self.gen_urlgrab_ssl_opts(repo.yumopts) + +- # FIXME: These two variables were deleted +- repodata_path = "" +- repomd_path = "" ++ repodata_path = os.path.join(temp_path, "repodata") ++ repomd_path = os.path.join(repodata_path, "repomd.xml") + if os.path.exists(repodata_path) and not os.path.isfile(repomd_path): + shutil.rmtree(repodata_path, ignore_errors=False, onerror=None) + ++ repodata_path = os.path.join(temp_path, "repodata") ++ if os.path.exists(repodata_path): ++ self.logger.info("Deleted old repo metadata for %s" % repodata_path) ++ shutil.rmtree(repodata_path, ignore_errors=False, onerror=None) ++ + h = librepo.Handle() + r = librepo.Result() + h.setopt(librepo.LRO_REPOTYPE, librepo.LR_YUMREPO) diff --git a/3945.patch b/3945.patch deleted file mode 100644 index e75c349..0000000 --- a/3945.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 1d83bd29c253ba898ac35683258fec285d5a6529 Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Sat, 4 Oct 2025 19:49:26 -0600 -Subject: [PATCH] Use systemctl is-active --quiet to check status of services - (fixes #3942) - ---- - changelog.d/3942.fixed | 1 + - cobbler/actions/check.py | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - create mode 100644 changelog.d/3942.fixed - -diff --git a/changelog.d/3942.fixed b/changelog.d/3942.fixed -new file mode 100644 -index 0000000000..444bdb800a ---- /dev/null -+++ b/changelog.d/3942.fixed -@@ -0,0 +1 @@ -+check: Use systemctl is-active --quiet to check the status of services -diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py -index b79706aff1..5f6a3fa3bc 100644 ---- a/cobbler/actions/check.py -+++ b/cobbler/actions/check.py -@@ -142,7 +142,7 @@ def check_service(self, status, which, notes=""): - status.append("service %s is not running%s" % (which, notes)) - return - elif utils.is_systemd(): -- return_code = utils.subprocess_call("systemctl status %s > /dev/null 2>/dev/null" % which, -+ return_code = utils.subprocess_call("systemctl is-active --quiet %s > /dev/null 2>/dev/null" % which, - shell=True) - if return_code != 0: - status.append("service %s is not running%s" % (which, notes)) diff --git a/9044aa990a94752fa5bd5a24051adde099280bfa.patch b/9044aa990a94752fa5bd5a24051adde099280bfa.patch new file mode 100644 index 0000000..1dfa700 --- /dev/null +++ b/9044aa990a94752fa5bd5a24051adde099280bfa.patch @@ -0,0 +1,42 @@ +From aeb10a6d169da55bab0a5000dce5913e467c9344 Mon Sep 17 00:00:00 2001 +From: Enno Gotthold +Date: Thu, 10 Mar 2022 16:16:29 +0100 +Subject: [PATCH] Security: Fix CVE-2022-0860 + +If PAM is correctly configured and a user account is set to expired, +the expired user-account is still able to successfully log into +Cobbler in all places (Web UI, CLI & XMLRPC-API). + +The same applies to user accounts with passwords set to be expired. + +This patch is fixing this and checking that this behavior is now +correct via a reproducible test. +--- + cobbler/modules/authentication/pam.py | 8 ++++++++ + tests/special_cases/security_test.py | 28 +++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+) + +diff --git a/cobbler/modules/authentication/pam.py b/cobbler/modules/authentication/pam.py +index 97ecc02ab..893422c5b 100644 +--- a/cobbler/modules/authentication/pam.py ++++ b/cobbler/modules/authentication/pam.py +@@ -114,6 +114,10 @@ class PamConv(Structure): + PAM_AUTHENTICATE.restype = c_int + PAM_AUTHENTICATE.argtypes = [PamHandle, c_int] + ++PAM_ACCT_MGMT = LIBPAM.pam_acct_mgmt ++PAM_ACCT_MGMT.restype = c_int ++PAM_ACCT_MGMT.argtypes = [PamHandle, c_int] ++ + + def authenticate(api_handle, username: str, password: str) -> bool: + """ +@@ -157,4 +161,8 @@ def my_conv(n_messages, messages, p_response, app_data): + return False + + retval = PAM_AUTHENTICATE(handle, 0) ++ ++ if retval == 0: ++ retval = PAM_ACCT_MGMT(handle, 0) ++ + return retval == 0 diff --git a/changelog b/changelog deleted file mode 100644 index 291772a..0000000 --- a/changelog +++ /dev/null @@ -1,354 +0,0 @@ -* Thu Jan 16 2025 Fedora Release Engineering - 3.3.7-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 -- Backport upstream patch for Python 3.13 support (rhbz#2335620) - -* Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 -- Update to 3.3.7 (CVE-2024-47533) - -* Fri Sep 27 2024 Carl George - 3.3.6-2 -- Fix cheetah dependency rhbz#2314630 - -* Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 -- Update to 3.3.6 - -* Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 -- convert license to SPDX - -* Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 -- Update to 3.3.5 - -* Fri Jun 07 2024 Python Maint - 3.3.4-5 -- Rebuilt for Python 3.13 - -* Fri Jun 07 2024 Python Maint - 3.3.4-4 -- Rebuilt for Python 3.13 - -* Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 -- Fix service name in selinux post install script - -* Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 -- Test for existence of web.ss before chowning it (bz#2276860) - -* Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 -- Update to 3.3.4 -- Add local SELinux policy and allow cobbler to check service statuses, - run mkfs.fat, and check for reposync and yumdownloader (bz#2251220) -- Change owndership of web.ss to root (bz#2247653) - -* Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 -- Add patch to fix build with Sphinx 7 - -* Wed Jun 14 2023 Python Maint - 3.3.3-5 -- Rebuilt for Python 3.12 - -* Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Thu Jun 23 2022 Python Maint - 3.3.3-2 -- Rebuilt for Python 3.11 - -* Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 -- Update to 3.3.3 - -* Wed May 04 2022 Orion Poplawski - 3.3.2-2 -- Drop setting cache_enabled no longer present in 3.3 - -* Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 -- Update to 3.3.2 - -* Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 -- Update to 3.3.1, removes web interface - -* Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 -- Apply fixes for CVE-2021-45082/3 -- Remove BR on python3-coverage - -* Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 -- Fix posttrans script - -* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 -- Fix path to settings.yaml in scriptlet - -* Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 -- Remove defunct get-loaders command - -* Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 -- Add new keys to settings.yaml on migration or if missing -- Save original settings to settings.rpmorig - -* Fri Oct 08 2021 Orion Poplawski - 3.2.2-3 -- Fix dependencies (bz#2010567) - -* Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 -- Migrate settings to settings.yaml -- Migrate pre-cobbler 3 data if needed -- Fix autoinstall_templates -> templates - -* Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 -- Update to 3.2.2 -- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection -- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function -- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings - -* Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 -- Update to 3.2.1 - -* Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Fri Jun 04 2021 Python Maint - 3.2.0-5 -- Rebuilt for Python 3.10 - -* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 -- Rebuilt for updated systemd-rpm-macros - See https://pagure.io/fesco/issue/2583. - -* Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 -- Give root RW permission to /var/lib/cobbler/web.ss -- Fix SELinux cobbler logging issue - -* Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 -- Update to 3.2.0 - -* Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 -- Add requires on python-distro and file - -* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 -- Fix apache configuration - -* Fri May 29 2020 Orion Poplawski - 3.1.2-1 -- Update to 3.1.2 - -* Tue May 26 2020 Miro Hrončok - 3.1.1-4 -- Rebuilt for Python 3.9 - -* Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 -- Add requires for python3-dns - -* Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 -- Update to 3.1.1 - -* Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 -- Drop koan completely, including obsoletes. It is a separate package now. - -* Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 -- Require /sbin/service - -* Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 -- Fix requires (requests instead of urlgrabber) -- Fix BR for EL8 - -* Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 -- Update to 3.0.1 - -* Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 -- Update to 3.0.0 - -* Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 -- Update to 2.8.5 - pre-release - -* Wed Jul 24 2019 Fedora Release Engineering - 2.8.4-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu Jan 31 2019 Fedora Release Engineering - 2.8.4-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Nov 26 2018 Orion Poplawski - 2.8.4-5 -- Fix empty man pages (BZ 1653415) - -* Mon Nov 26 2018 Orion Poplawski - 2.8.4-4 -- Revert bind_manage_ipmi feature that is broken on 2.8 - -* Sun Nov 25 2018 Orion Poplawski - 2.8.4-3 -- Use pathfix.py to fix python shebangs - -* Sun Nov 25 2018 Orion Poplawski - 2.8.4-2 -- Make koan require python2-ethtool (BZ 1638933) - -* Sat Nov 24 2018 Orion Poplawski - 2.8.4-1 -- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931) - -* Thu Jul 12 2018 Fedora Release Engineering - 2.8.3-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Wed May 30 2018 Orion Poplawski - 2.8.3-3 -- koan requires urlgrabber - -* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2 -- Restore mergeability with epel7 - -* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 -- Update to 2.8.3 - security bugfix - -* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6 -- Really fix django requires for Fedora 28+ - -* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 -- Fix django requires for Fedora 28+ - -* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 -- Update Python 2 dependency declarations to new packaging standards - (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - -* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 -- Update to 2.8.2 - -* Wed Aug 02 2017 Fedora Release Engineering - 2.8.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 2.8.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 -- Suppress logrotate output - -* Mon Jun 12 2017 Orion Poplawski - 2.8.1-2 -- Fix module loading - -* Wed May 24 2017 Orion Poplawski - 2.8.1-1 -- Update to 2.8.1 - -* Fri Feb 17 2017 Orion Poplawski - 2.8.0-6 -- Add patch to fix handling of multiple bridge interfaces - -* Fri Feb 10 2017 Fedora Release Engineering - 2.8.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Fri Jan 27 2017 Orion Poplawski - 2.8.0-4 -- Fix named patch - -* Tue Jan 24 2017 Orion Poplawski - 2.8.0-3 -- Restart named-chroot service if used - -* Fri Jan 20 2017 Orion Poplawski - 2.8.0-2 -- Fix logrotate script for systemd (bug #1414617) - -* Thu Dec 1 2016 Orion Poplawski - 2.8.0-1 -- Update to 2.8.0 -- Restructure spec file - -* Thu Sep 1 2016 Orion Poplawski - 2.6.11-11.gitf78af86 -- Add patches to fix TEMPLATE_DIRS and use OrderedDict - -* Thu Aug 11 2016 Orion Poplawski - 2.6.11-10.gitf78af86 -- Force IPv4 connections to cobblerd from web proxy - -* Thu Jul 21 2016 Orion Poplawski - 2.6.11-9.gitf78af86 -- Suppress "virt-install --os-variant list" error messages - -* Thu Jul 21 2016 Orion Poplawski - 2.6.11-8.git5680bf8 -- Fix handling unknown os variants with osinfo-query - -* Tue Jul 19 2016 Fedora Release Engineering - 2.6.11-7.git95749a6 -- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - -* Wed Jul 13 2016 Orion Poplawski - 2.6.11-6.git95749a6 -- Fix typo in koan/app.py - -* Wed Jul 13 2016 Orion Poplawski - 2.6.11-5.git13b035f -- Update to current git snapshot (bug #1276896) - -* Wed Feb 03 2016 Fedora Release Engineering - 2.6.11-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Feb 1 2016 Orion Poplawski - 2.6.11-3 -- Require dnf-plugins-core - -* Sun Jan 24 2016 Orion Poplawski - 2.6.11-2 -- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+ - -* Sun Jan 24 2016 Orion Poplawski - 2.6.11-1 -- Update to 2.6.11 -- Make cobbler arch specific to allow for arch specific requires - -* Thu Oct 1 2015 Orion Poplawski - 2.6.10-1 -- Update to 2.6.10 - -* Mon Jun 22 2015 Orion Poplawski - 2.6.9-1 -- Update to 2.6.9 - -* Wed Jun 17 2015 Fedora Release Engineering - 2.6.8-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Tue May 12 2015 Orion Poplawski - 2.6.8-2 -- Support django 1.8 in Fedora 22+ - -* Fri May 8 2015 Orion Poplawski - 2.6.8-1 -- Update to 2.6.8 -- Backport upstream patch to fix centos version detection (bug #1201879) - -* Tue Apr 28 2015 Orion Poplawski - 2.6.7-3 -- Add patch to fix virt-install support for F21+/EL7 (bug #1188424) - -* Mon Apr 27 2015 Orion Poplawski - 2.6.7-2 -- Create and own directories in tftp_dir - -* Wed Dec 31 2014 Orion Poplawski - 2.6.7-1 -- Update to 2.6.7 - -* Sun Oct 19 2014 Orion Poplawski - 2.6.6-1 -- Update to 2.6.6 - -* Fri Aug 15 2014 Orion Poplawski - 2.6.5-1 -- Update to 2.6.5 - -* Wed Aug 13 2014 Orion Poplawski - 2.6.4-2 -- Require Django >= 1.4 - -* Mon Aug 11 2014 Orion Poplawski - 2.6.4-1 -- Update to 2.6.4 - -* Fri Jul 18 2014 Orion Poplawski - 2.6.3-1 -- Update to 2.6.3 - -* Wed Jul 16 2014 Orion Poplawski - 2.6.2-1 -- Update to 2.6.2 -- Spec cleanup - -* Sat Jun 07 2014 Fedora Release Engineering - 2.6.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Fri May 23 2014 Orion Poplawski - 2.6.1-1 -- Update to 2.6.1 -- Drop koan patch applied upstream - -* Tue Apr 22 2014 Orion Poplawski - 2.6.0-2 -- Only require syslinux on x86 - -* Mon Apr 21 2014 Orion Poplawski - 2.6.0-1 -- Update to 2.6.0 diff --git a/cobbler-CVE-2021-45082.patch b/cobbler-CVE-2021-45082.patch new file mode 100644 index 0000000..022f15a --- /dev/null +++ b/cobbler-CVE-2021-45082.patch @@ -0,0 +1,75 @@ +diff --git a/cobbler.spec b/cobbler.spec +index bbbbae37..1f81456a 100644 +--- a/cobbler.spec ++++ b/cobbler.spec +@@ -382,6 +382,20 @@ fi + %{_datadir}/%{name}/bin/mkgrub.sh >/dev/null 2>&1 + %endif + %systemd_post cobblerd.service ++# Fixup permission for world readable settings files ++chmod 640 %{_sysconfdir}/cobbler/settings.yaml ++chmod 600 %{_sysconfdir}/cobbler/mongodb.conf ++chmod 600 %{_sysconfdir}/cobbler/modules.conf ++chmod 640 %{_sysconfdir}/cobbler/users.conf ++chmod 640 %{_sysconfdir}/cobbler/users.digest ++chmod 750 %{_sysconfdir}/cobbler/settings.d ++chmod 640 %{_sysconfdir}/cobbler/settings.d/* ++chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.yaml ++chgrp %{apache_group} %{_sysconfdir}/cobbler/users.conf ++chgrp %{apache_group} %{_sysconfdir}/cobbler/users.digest ++chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d ++chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d/* ++ + + %preun + %systemd_preun cobblerd.service +@@ -461,8 +475,8 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler + %dir %{_sysconfdir}/cobbler/iso + %config(noreplace) %{_sysconfdir}/cobbler/iso/buildiso.template + %config(noreplace) %{_sysconfdir}/cobbler/logging_config.conf +-%config(noreplace) %{_sysconfdir}/cobbler/modules.conf +-%config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf ++%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/modules.conf ++%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf + %config(noreplace) %{_sysconfdir}/cobbler/named.template + %config(noreplace) %{_sysconfdir}/cobbler/ndjbdns.template + %dir %{_sysconfdir}/cobbler/reporting +@@ -470,13 +484,13 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler + %config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude + %config(noreplace) %{_sysconfdir}/cobbler/rsync.template + %config(noreplace) %{_sysconfdir}/cobbler/secondary.template +-%config(noreplace) %{_sysconfdir}/cobbler/settings.yaml +-%dir %{_sysconfdir}/cobbler/settings.d +-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings +-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings +-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings +-%config(noreplace) %{_sysconfdir}/cobbler/users.conf +-%config(noreplace) %{_sysconfdir}/cobbler/users.digest ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.yaml ++%attr(750, root, %{apache_group}) %dir %{_sysconfdir}/cobbler/settings.d ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.conf ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.digest + %config(noreplace) %{_sysconfdir}/cobbler/version + %config(noreplace) %{_sysconfdir}/cobbler/zone.template + %dir %{_sysconfdir}/cobbler/zone_templates +diff --git a/cobbler/templar.py b/cobbler/templar.py +index 7321e2d5..58ef16de 100644 +--- a/cobbler/templar.py ++++ b/cobbler/templar.py +@@ -77,10 +77,10 @@ class Templar: + """ + lines = data.split("\n") + for line in lines: +- if line.find("#import") != -1: +- rest = line.replace("#import", "").replace(" ", "").strip() ++ if "#import" in line or "#from" in line: ++ rest = line.replace("#import", "").replace("#from", "").replace("import", ".").replace(" ", "").strip() + if self.settings and rest not in self.settings.cheetah_import_whitelist: +- raise CX("potentially insecure import in template: %s" % rest) ++ raise CX(f"Potentially insecure import in template: {rest}") + + def render(self, data_input: Union[TextIO, str], search_table: dict, out_path: Optional[str], + template_type="default") -> str: diff --git a/cobbler-httpd.patch b/cobbler-httpd.patch new file mode 100644 index 0000000..2464a8c --- /dev/null +++ b/cobbler-httpd.patch @@ -0,0 +1,18 @@ +diff -up cobbler-3.1.2/config/apache/cobbler_web.conf.httpd cobbler-3.1.2/config/apache/cobbler_web.conf +--- cobbler-3.1.2/config/apache/cobbler_web.conf.httpd 2020-05-27 02:26:44.000000000 -0600 ++++ cobbler-3.1.2/config/apache/cobbler_web.conf 2020-07-07 21:12:53.942577055 -0600 +@@ -16,8 +16,6 @@ WSGIDaemonProcess cobbler_web display-na + WSGIProcessGroup cobbler_web + WSGIPassAuthorization On + +- +- + + + SSLRequireSSL +@@ -42,5 +40,3 @@ WSGIPassAuthorization On + AllowOverride None + Require all granted + +- +- diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index c50edfd..fe6aa76 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,17 +1,24 @@ -diff --git a/setup.py b/setup.py -index 59f7601..023d84b 100644 ---- a/setup.py -+++ b/setup.py -@@ -341,17 +341,9 @@ class test_command(Command): +diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py +--- cobbler-3.2.2/setup.py.nocov 2022-02-28 20:05:35.388747435 -0700 ++++ cobbler-3.2.2/setup.py 2022-02-28 20:06:31.743251279 -0700 +@@ -18,7 +18,6 @@ from setuptools import find_packages + from sphinx.setup_command import BuildDoc + import codecs +-from coverage import Coverage + import pwd + import shutil + import subprocess +--- cobbler-3.2.2/setup.py.nocov 2022-02-28 21:34:34.996746220 -0700 ++++ cobbler-3.2.2/setup.py 2022-02-28 21:35:51.598440218 -0700 +@@ -373,15 +373,8 @@ def run(self): import pytest -- from coverage import Coverage -- + - cov = Coverage() - cov.erase() - cov.start() - +- result = pytest.main() - cov.stop() @@ -20,22 +27,20 @@ index 59f7601..023d84b 100644 sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) -@@ -479,7 +471,6 @@ if __name__ == "__main__": - }, +@@ -505,7 +498,6 @@ + url="https://cobbler.github.io", license="GPLv2+", setup_requires=[ - "coverage", "distro", "setuptools", "sphinx", -@@ -501,10 +492,7 @@ if __name__ == "__main__": - "lint": ["pyflakes", "pycodestyle", "pylint", "black", "mypy"], - "test": [ - "pytest>6", -- "pytest-cov", -- "codecov", - "pytest-mock", -- "pytest-benchmark", - ], - "docs": ["sphinx", "sphinx-rtd-theme", "sphinxcontrib-apidoc"], - # We require the current version to properly detect duplicate issues +@@ -528,7 +520,7 @@ + ], + extras_require={ + "lint": ["pyflakes", "pycodestyle"], +- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"] ++ "test": ["pytest", "pytest-mock"] + }, + packages=find_packages(exclude=["*tests*"]), + scripts=[ diff --git a/cobbler-python3.13.patch b/cobbler-python3.13.patch deleted file mode 100644 index 78847a4..0000000 --- a/cobbler-python3.13.patch +++ /dev/null @@ -1,972 +0,0 @@ -diff --git a/changelog.d/3842.fixed b/changelog.d/3842.fixed -new file mode 100644 -index 00000000..6c6d6313 ---- /dev/null -+++ b/changelog.d/3842.fixed -@@ -0,0 +1 @@ -+Fix compatibility with Python 3.13 -diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py -index c0163350..ec5745fb 100644 ---- a/cobbler/actions/reposync.py -+++ b/cobbler/actions/reposync.py -@@ -23,9 +23,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - import logging - import os - import os.path --import pipes --import stat -+import shlex - import shutil -+import stat - from typing import Optional, Union - - from cobbler import utils -@@ -272,9 +272,9 @@ class RepoSync: - blended = utils.blender(self.api, False, repo) - flags = blended.get("createrepo_flags", "(ERROR: FLAGS)") - try: -- cmd = "createrepo %s %s %s" % (" ".join(mdoptions), flags, pipes.quote(dirname)) -- utils.subprocess_call(cmd) -- except: -+ cmd = ["createrepo"] + mdoptions + flags + [shlex.quote(dirname)] -+ utils.subprocess_call(cmd, shell=False) -+ except Exception: - utils.log_exc() - self.logger.error("createrepo failed.") - del fnames[:] # we're in the right place -@@ -302,8 +302,19 @@ class RepoSync: - dest_path = os.path.join(self.settings.webdir, "repo_mirror", repo.name) - - # FIXME: wrapper for subprocess that logs to logger -- cmd = ["wget", "-N", "-np", "-r", "-l", "inf", "-nd", "-P", pipes.quote(dest_path), pipes.quote(repo.mirror)] -- rc = utils.subprocess_call(cmd) -+ cmd = [ -+ "wget", -+ "-N", -+ "-np", -+ "-r", -+ "-l", -+ "inf", -+ "-nd", -+ "-P", -+ shlex.quote(dest_path), -+ shlex.quote(repo.mirror), -+ ] -+ return_value = utils.subprocess_call(cmd, shell=False) - - if rc != 0: - raise CX("cobbler reposync failed") -@@ -347,9 +358,14 @@ class RepoSync: - if flags == '': - flags = self.settings.reposync_rsync_flags - -- cmd = "rsync %s --delete-after %s --delete --exclude-from=/etc/cobbler/rsync.exclude %s %s" \ -- % (flags, spacer, pipes.quote(repo.mirror), pipes.quote(dest_path)) -- rc = utils.subprocess_call(cmd) -+ cmd = ["rsync"] + flags + ["--delete-after"] -+ cmd += spacer + [ -+ "--delete", -+ "--exclude-from=/etc/cobbler/rsync.exclude", -+ shlex.quote(repo.mirror), -+ shlex.quote(dest_path), -+ ] -+ return_code = utils.subprocess_call(cmd, shell=False) - - if rc != 0: - raise CX("cobbler reposync failed") -@@ -386,10 +402,11 @@ class RepoSync: - if not HAS_LIBREPO: - raise CX("no librepo found, please install python3-librepo") - -- if os.path.exists("/usr/bin/dnf"): -- cmd = "/usr/bin/dnf reposync" -- elif os.path.exists("/usr/bin/reposync"): -- cmd = "/usr/bin/reposync" -+ if os.path.exists("/usr/bin/reposync"): -+ cmd = ["/usr/bin/reposync"] -+ # DNF5 does not have a reposync subcommand -+ elif os.path.exists("/usr/bin/dnf"): -+ cmd = ["/usr/bin/dnf", "reposync"] - else: - # Warn about not having yum-utils. We don't want to require it in the package because Fedora 22+ has moved - # to dnf. -@@ -451,6 +468,11 @@ class RepoSync: - # Counter-intuitive, but we want the newish kernels too - arch = "i686" - -+ cmd = self.reposync_cmd() -+ cmd += self.rflags + [ -+ f"--repo={shlex.quote(rest)}", -+ f"--download-path={shlex.quote(repos_path)}", -+ ] - if arch != "none": - cmd = "%s -a %s" % (cmd, arch) - -@@ -544,9 +566,11 @@ class RepoSync: - - if not has_rpm_list: - # If we have not requested only certain RPMs, use reposync -- cmd = "%s %s --config=%s --repoid=%s -p %s" \ -- % (cmd, self.rflags, temp_file, pipes.quote(repo.name), -- pipes.quote(repos_path)) -+ cmd += self.rflags + [ -+ f"--config={temp_file}", -+ f"--repoid={shlex.quote(repo.name)}", -+ f"--download-path={shlex.quote(repos_path)}", -+ ] - if arch != "none": - cmd = "%s -a %s" % (cmd, arch) - -@@ -557,14 +581,14 @@ class RepoSync: - - use_source = "" - if arch == "src": -- use_source = "--source" -- -- # Older yumdownloader sometimes explodes on --resolvedeps if this happens to you, upgrade yum & yum-utils -- extra_flags = self.settings.yumdownloader_flags -- cmd = "/usr/bin/dnf download" -- cmd = "%s %s %s --disablerepo=* --enablerepo=%s -c %s --destdir=%s %s" \ -- % (cmd, extra_flags, use_source, pipes.quote(repo.name), temp_file, pipes.quote(dest_path), -- " ".join(repo.rpm_list)) -+ cmd.append("--source") -+ cmd += [ -+ "--disablerepo=*", -+ f"--enablerepo={shlex.quote(repo.name)}", -+ f"-c={temp_file}", -+ f"--destdir={shlex.quote(dest_path)}", -+ ] -+ cmd += repo.rpm_list - - # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or - # rhn://, execute all queued commands here. Any failure at any point stops the operation. -@@ -669,17 +693,21 @@ class RepoSync: - dists = ",".join(repo.apt_dists) - components = ",".join(repo.apt_components) - -- mirror_data = "--method=%s --host=%s --root=%s --dist=%s --section=%s" \ -- % (pipes.quote(method), pipes.quote(host), pipes.quote(mirror), pipes.quote(dists), -- pipes.quote(components)) -+ mirror_data = [ -+ f"--method={shlex.quote(method)}", -+ f"--host={shlex.quote(host)}", -+ f"--root={shlex.quote(mirror)}", -+ f"--dist={shlex.quote(dists)}", -+ f"--section={shlex.quote(components)}", -+ ] - - rflags = "--nocleanup" - for x in repo.yumopts: - if repo.yumopts[x]: - rflags += " %s=%s" % (x, repo.yumopts[x]) - else: -- rflags += " %s" % x -- cmd = "%s %s %s %s" % (mirror_program, rflags, mirror_data, pipes.quote(dest_path)) -+ rflags.append(repo_yumoption) -+ cmd = [mirror_program] + rflags + mirror_data + [shlex.quote(dest_path)] - if repo.arch == RepoArchs.SRC: - cmd = "%s --source" % cmd - else: -diff --git a/tests/actions/reposync_test.py b/tests/actions/reposync_test.py -index 0bee772c..ee8d1549 100644 ---- a/tests/actions/reposync_test.py -+++ b/tests/actions/reposync_test.py -@@ -1,251 +1,592 @@ -+""" -+Tests that validate the functionality of the module that is responsible for repository synchronization. -+""" -+ - import os --import glob -+from pathlib import Path -+from typing import TYPE_CHECKING, Any, Dict, List, Union - - import pytest - --from cobbler import enums -+from cobbler import cexceptions, enums -+from cobbler.actions import reposync - from cobbler.api import CobblerAPI --from cobbler.actions.reposync import RepoSync - from cobbler.items.repo import Repo --from cobbler import cexceptions --from tests.conftest import does_not_raise - -+from tests.conftest import does_not_raise - --@pytest.fixture(scope="class") --def api(): -- return CobblerAPI() -+if TYPE_CHECKING: -+ from pytest_mock import MockerFixture - - --@pytest.fixture(scope="class") --def reposync(api): -- test_reposync = RepoSync(api, tries=2, nofail=False) -+@pytest.fixture(name="reposync_object", scope="function") -+def fixture_reposync_object( -+ mocker: "MockerFixture", cobbler_api: CobblerAPI -+) -> reposync.RepoSync: -+ settings_mock = mocker.MagicMock() -+ settings_mock.webdir = "/srv/www/cobbler" -+ settings_mock.server = "localhost" -+ settings_mock.http_port = 80 -+ settings_mock.proxy_url_ext = "" -+ settings_mock.yumdownloader_flags = "--testflag" -+ settings_mock.reposync_rsync_flags = "--testflag" -+ settings_mock.reposync_flags = "--testflag" -+ mocker.patch.object(cobbler_api, "settings", return_value=settings_mock) -+ test_reposync = reposync.RepoSync(cobbler_api, tries=2, nofail=False) - return test_reposync - - --@pytest.fixture --def repo(api): -+@pytest.fixture(name="repo") -+def fixture_repo(cobbler_api: CobblerAPI) -> Repo: - """ - Creates a Repository "testrepo0" with a keep_updated=True and mirror_locally=True". - """ -- test_repo = Repo(api) -+ test_repo = Repo(cobbler_api) - test_repo.name = "testrepo0" - test_repo.mirror_locally = True - test_repo.keep_updated = True -- api.add_repo(test_repo) - return test_repo - - - @pytest.fixture --def remove_repo(api): -+def remove_repo(cobbler_api: CobblerAPI): - """ - Removes the Repository "testrepo0" which can be created with repo. - """ - yield -- test_repo = api.find_repo("testrepo0") -- if test_repo is not None: -- api.remove_repo(test_repo.name) -+ test_repo = cobbler_api.find_repo("testrepo0") -+ if test_repo is not None and not isinstance(test_repo, list): -+ cobbler_api.remove_repo(test_repo.name) - - --class TestRepoSync: -- @pytest.mark.usefixtures("remove_repo") -- @pytest.mark.parametrize( -- "input_mirror_type,input_mirror,expected_exception", -- [ -- ( -- enums.MirrorType.BASEURL, -- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os", -- does_not_raise() -- ), -- ( -- enums.MirrorType.MIRRORLIST, -- "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64", -- does_not_raise() -- ), -- ( -- enums.MirrorType.METALINK, -- "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64", -- does_not_raise() -- ), -- ( -- enums.MirrorType.BASEURL, -- "http://www.example.com/path/to/some/repo", -- pytest.raises(cexceptions.CX) -- ), -+@pytest.fixture(scope="function", autouse=True) -+def reset_librepo(): -+ has_librepo = reposync.HAS_LIBREPO -+ yield -+ reposync.HAS_LIBREPO = has_librepo -+ -+ -+def test_repo_walker(mocker: "MockerFixture", tmp_path: Path): -+ # Arrange -+ def test_fun(arg: Any, top: Any, names: Any): -+ pass -+ -+ subdir1 = tmp_path / "sub1" -+ subdir2 = tmp_path / "sub2" -+ subdir1.mkdir() -+ subdir2.mkdir() -+ spy = mocker.Mock(wraps=test_fun) -+ -+ # Act -+ reposync.repo_walker(tmp_path, spy, None) # type: ignore -+ -+ # Assert -+ assert spy.mock_calls == [ -+ # settings.yaml is here because of our autouse fixture that we use to restore the settings -+ mocker.call(None, tmp_path, ["settings.yaml", "sub1", "sub2"]), -+ mocker.call(None, str(subdir1), []), -+ mocker.call(None, str(subdir2), []), -+ ] -+ -+ -+@pytest.mark.parametrize( -+ "input_has_librepo,input_path_exists_side_effect,expected_exception,expected_result", -+ [ -+ (True, [False, True], does_not_raise(), ["/usr/bin/dnf", "reposync"]), -+ (True, [True, False], does_not_raise(), ["/usr/bin/reposync"]), -+ (True, [False, False], pytest.raises(cexceptions.CX), ""), -+ (False, [False, True], pytest.raises(cexceptions.CX), ""), -+ ], -+) -+def test_reposync_cmd( -+ mocker: "MockerFixture", -+ reposync_object: reposync.RepoSync, -+ input_has_librepo: bool, -+ input_path_exists_side_effect: List[bool], -+ expected_exception: Any, -+ expected_result: Union[List[str], str], -+): -+ # Arrange -+ mocker.patch("os.path.exists", side_effect=input_path_exists_side_effect) -+ reposync.HAS_LIBREPO = input_has_librepo -+ -+ # Act -+ with expected_exception: -+ result = reposync_object.reposync_cmd() -+ -+ # Assert -+ assert result == expected_result -+ -+ -+def test_run(mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo): -+ # Arrange -+ env_vars: Dict[str, Any] = {} -+ mocker.patch("os.makedirs") -+ mocker.patch("os.path.isdir", return_value=True) -+ mocker.patch( -+ "os.path.join", -+ side_effect=[ -+ "/srv/www/cobbler/repo_mirror", -+ "/srv/www/cobbler/repo_mirror/%s" % repo.name, - ], - ) -- def test_reposync_yum( -- self, -- input_mirror_type, -- input_mirror, -- expected_exception, -- api, -- repo, -- reposync -- ): -- # Arrange -- test_repo = repo -- test_repo.breed = enums.RepoBreeds.YUM -- test_repo.mirror = input_mirror -- test_repo.mirror_type = input_mirror_type -- test_repo.rpm_list = "fedora-gpg-keys" -- test_settings = api.settings() -- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) -- -- # Act & Assert -- with expected_exception: -- reposync.run(test_repo.name) -- result = os.path.exists(repo_path) -- if test_repo.rpm_list and test_repo.rpm_list != []: -- for rpm in test_repo.rpm_list: -- assert glob.glob(os.path.join(repo_path, "**", rpm) + "*.rpm", recursive=True) != [] -- assert result -- # Test that re-downloading the metadata in .origin/repodata will not result in an error -- reposync.run(test_repo.name) -- -- @pytest.mark.usefixtures("remove_repo") -- @pytest.mark.parametrize( -- "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception", -+ mocker.patch("os.environ", return_value=env_vars) -+ mocker.patch.object(reposync_object, "repos", return_value=[repo]) -+ mocker.patch.object(reposync_object, "sync") -+ mocker.patch.object(reposync_object, "update_permissions") -+ reposync_object.repos = [repo] # type: ignore -+ -+ # Act -+ reposync_object.run() -+ -+ # Assert -+ # This has to be 0 since all env vars need to be removed after reposync has run. -+ assert len(env_vars) == 0 -+ -+ -+def test_gen_urlgrab_ssl_opts(reposync_object: reposync.RepoSync): -+ # Arrange -+ input_dict: Dict[str, Any] = {} -+ -+ # Act -+ result = reposync_object.gen_urlgrab_ssl_opts(input_dict) -+ -+ # Assert -+ assert isinstance(result, tuple) -+ assert len(result) == 2 -+ # The data of the first element is kind of flexible let's skip asserting it for now -+ assert isinstance(result[1], bool) -+ -+ -+@pytest.mark.usefixtures("remove_repo") -+@pytest.mark.parametrize( -+ "input_mirror_type,input_mirror,expected_exception", -+ [ -+ ( -+ enums.MirrorType.BASEURL, -+ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os", -+ does_not_raise(), -+ ), -+ ( -+ enums.MirrorType.MIRRORLIST, -+ "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64", -+ does_not_raise(), -+ ), -+ ( -+ enums.MirrorType.METALINK, -+ "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64", -+ does_not_raise(), -+ ), -+ ], -+) -+def test_reposync_yum( -+ mocker: "MockerFixture", -+ input_mirror_type: enums.MirrorType, -+ input_mirror: str, -+ expected_exception: Any, -+ cobbler_api: CobblerAPI, -+ repo: Repo, -+ reposync_object: reposync.RepoSync, -+): -+ # Arrange -+ test_repo = repo -+ test_repo.breed = enums.RepoBreeds.YUM -+ test_repo.mirror = input_mirror -+ test_repo.mirror_type = input_mirror_type -+ test_repo.rpm_list = "fedora-gpg-keys" -+ test_settings = cobbler_api.settings() -+ repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) -+ mocked_subprocess = mocker.patch( -+ "cobbler.utils.subprocess_call", autospec=True, return_value=0 -+ ) -+ mocker.patch.object( -+ reposync_object, "create_local_file", return_value="/create/local/file" -+ ) -+ mocker.patch.object( -+ reposync_object, "reposync_cmd", return_value=["/my/fake/dnf", "reposync"] -+ ) -+ mocker.patch.object(reposync_object, "rflags", return_value="--fake-r-flakg") -+ mocker.patch.object( -+ reposync_object, -+ "gen_urlgrab_ssl_opts", -+ return_value=(("TODO", "TODO", "TODO"), False), -+ ) -+ mocker.patch("os.path.exists", return_value=True) -+ mocker.patch("shutil.rmtree") -+ mocker.patch("os.makedirs") -+ mocked_repo_walker = mocker.patch("cobbler.actions.reposync.repo_walker") -+ handle_mock = mocker.MagicMock() -+ result_mock = mocker.MagicMock() -+ mocker.patch("librepo.Handle", return_value=handle_mock) -+ mocker.patch("librepo.Result", return_value=result_mock) -+ -+ # Act & Assert -+ with expected_exception: -+ reposync_object.yum_sync(repo) -+ -+ mocked_subprocess.assert_called_with( -+ [ -+ "/usr/bin/dnf", -+ "download", -+ "--testflag", -+ "--disablerepo=*", -+ f"--enablerepo={repo.name}", -+ "-c=/create/local/file", -+ f"--destdir={repo_path}", -+ "fedora-gpg-keys", -+ ], -+ shell=False, -+ ) -+ handle_mock.perform.assert_called_with(result_mock) -+ assert mocked_repo_walker.call_count == 1 -+ -+ -+@pytest.mark.usefixtures("remove_repo") -+@pytest.mark.parametrize( -+ "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception", -+ [ -+ ( -+ enums.MirrorType.BASEURL, -+ "http://ftp.debian.org/debian", -+ enums.RepoArchs.X86_64, -+ "", -+ does_not_raise(), -+ ), -+ ( -+ enums.MirrorType.MIRRORLIST, -+ "http://ftp.debian.org/debian", -+ enums.RepoArchs.X86_64, -+ "", -+ pytest.raises(cexceptions.CX), -+ ), -+ ( -+ enums.MirrorType.METALINK, -+ "http://ftp.debian.org/debian", -+ enums.RepoArchs.X86_64, -+ "", -+ pytest.raises(cexceptions.CX), -+ ), -+ ( -+ enums.MirrorType.BASEURL, -+ "http://ftp.debian.org/debian", -+ enums.RepoArchs.NONE, -+ "", -+ pytest.raises(cexceptions.CX), -+ ), -+ ( -+ enums.MirrorType.BASEURL, -+ "http://ftp.debian.org/debian", -+ enums.RepoArchs.X86_64, -+ "dpkg", -+ pytest.raises(cexceptions.CX), -+ ), -+ ], -+) -+def test_reposync_apt( -+ mocker: "MockerFixture", -+ input_mirror_type: enums.MirrorType, -+ input_mirror: str, -+ input_arch: enums.RepoArchs, -+ input_rpm_list: str, -+ expected_exception: Any, -+ cobbler_api: CobblerAPI, -+ repo: Repo, -+ reposync_object: reposync.RepoSync, -+): -+ # Arrange -+ test_repo = repo -+ test_repo.breed = enums.RepoBreeds.APT -+ test_repo.arch = input_arch -+ test_repo.apt_components = "main" -+ test_repo.apt_dists = "stable" -+ test_repo.mirror = input_mirror -+ test_repo.mirror_type = input_mirror_type -+ test_repo.rpm_list = input_rpm_list -+ test_settings = cobbler_api.settings() -+ repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) -+ mocked_subprocess = mocker.patch( -+ "cobbler.utils.subprocess_call", autospec=True, return_value=0 -+ ) -+ mocker.patch("os.path.exists", return_value=True) -+ -+ # Act -+ with expected_exception: -+ reposync_object.apt_sync(repo) -+ -+ # Assert -+ mocked_subprocess.assert_called_with( -+ [ -+ "/usr/bin/debmirror", -+ "--nocleanup", -+ "--method=http", -+ "--host=ftp.debian.org", -+ "--root=/debian", -+ "--dist=stable", -+ "--section=main", -+ repo_path, -+ "--nosource", -+ "-a=amd64", -+ ], -+ shell=False, -+ ) -+ -+ -+@pytest.mark.usefixtures("remove_repo") -+@pytest.mark.parametrize( -+ "input_mirror_type,input_mirror,expected_exception", -+ [ -+ ( -+ enums.MirrorType.BASEURL, -+ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", -+ does_not_raise(), -+ ), -+ ( -+ enums.MirrorType.MIRRORLIST, -+ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", -+ pytest.raises(cexceptions.CX), -+ ), -+ ( -+ enums.MirrorType.METALINK, -+ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", -+ pytest.raises(cexceptions.CX), -+ ), -+ ], -+) -+def test_reposync_wget( -+ mocker: "MockerFixture", -+ input_mirror_type: enums.MirrorType, -+ input_mirror: str, -+ expected_exception: Any, -+ cobbler_api: CobblerAPI, -+ repo: Repo, -+ reposync_object: reposync.RepoSync, -+): -+ # Arrange -+ test_repo = repo -+ test_repo.breed = enums.RepoBreeds.WGET -+ test_repo.mirror = input_mirror -+ test_repo.mirror_type = input_mirror_type -+ repo_path = os.path.join( -+ reposync_object.settings.webdir, "repo_mirror", test_repo.name -+ ) -+ mocked_subprocess = mocker.patch( -+ "cobbler.utils.subprocess_call", autospec=True, return_value=0 -+ ) -+ mocker.patch("cobbler.actions.reposync.repo_walker") -+ mocker.patch.object(reposync_object, "create_local_file") -+ -+ # Act -+ with expected_exception: -+ reposync_object.wget_sync(test_repo) -+ -+ # Assert -+ mocked_subprocess.assert_called_with( -+ [ -+ "wget", -+ "-N", -+ "-np", -+ "-r", -+ "-l", -+ "inf", -+ "-nd", -+ "-P", -+ repo_path, -+ input_mirror, -+ ], -+ shell=False, -+ ) -+ -+ -+def test_reposync_rhn( -+ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo -+): -+ # Arrange -+ repo.mirror = "rhn://%s" % repo.name -+ mocked_subprocess = mocker.patch( -+ "cobbler.utils.subprocess_call", autospec=True, return_value=0 -+ ) -+ mocker.patch("os.path.isdir", return_value=True) -+ mocker.patch("os.makedirs") -+ mocker.patch("cobbler.actions.reposync.repo_walker") -+ mocker.patch.object(reposync_object, "create_local_file") -+ mocker.patch.object( -+ reposync_object, "reposync_cmd", return_value=["/my/fake/reposync"] -+ ) -+ -+ # Act -+ reposync_object.rhn_sync(repo) -+ -+ # Assert -+ # TODO: Check this more and document how its actually working -+ mocked_subprocess.assert_called_with( - [ -- ( -- enums.MirrorType.BASEURL, -- "http://ftp.debian.org/debian", -- enums.RepoArchs.X86_64, -- "", -- does_not_raise() -- ), -- ( -- enums.MirrorType.MIRRORLIST, -- "http://ftp.debian.org/debian", -- enums.RepoArchs.X86_64, -- "", -- pytest.raises(cexceptions.CX) -- ), -- ( -- enums.MirrorType.METALINK, -- "http://ftp.debian.org/debian", -- enums.RepoArchs.X86_64, -- "", -- pytest.raises(cexceptions.CX) -- ), -- ( -- enums.MirrorType.BASEURL, -- "http://www.example.com/path/to/some/repo", -- enums.RepoArchs.X86_64, -- "", -- pytest.raises(cexceptions.CX) -- ), -- ( -- enums.MirrorType.BASEURL, -- "http://ftp.debian.org/debian", -- enums.RepoArchs.NONE, -- "", -- pytest.raises(cexceptions.CX) -- ), -- ( -- enums.MirrorType.BASEURL, -- "http://ftp.debian.org/debian", -- enums.RepoArchs.X86_64, -- "dpkg", -- pytest.raises(cexceptions.CX) -- ), -+ "/my/fake/reposync", -+ "--testflag", -+ "--repo=testrepo0", -+ "--download-path=/srv/www/cobbler/repo_mirror", - ], -+ shell=False, - ) -- def test_reposync_apt( -- self, -- input_mirror_type, -- input_mirror, -- input_arch, -- input_rpm_list, -- expected_exception, -- api, -- repo, -- reposync -- ): -- # Arrange -- test_repo = repo -- test_repo.breed = enums.RepoBreeds.APT -- test_repo.arch = input_arch -- test_repo.apt_components = "main" -- test_repo.apt_dists = "stable" -- test_repo.mirror = input_mirror -- test_repo.mirror_type = input_mirror_type -- test_repo.rpm_list = input_rpm_list -- test_repo.yumopts = "--exclude=.* --include=dpkg.* --no-check-gpg --rsync-extra=none" -- test_settings = api.settings() -- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) -- -- # Act & Assert -- with expected_exception: -- reposync.run(test_repo.name) -- result = os.path.exists(repo_path) -- for rpm in ["dpkg"]: -- assert glob.glob(os.path.join(repo_path, "**", "dpkg") + "*", recursive=True) != [] -- assert result -- -- @pytest.mark.skip("To flaky and thus not reliable. Needs to be mocked to be of use.") -- @pytest.mark.usefixtures("remove_repo") -- @pytest.mark.parametrize( -- "input_mirror_type,input_mirror,expected_exception", -+ -+ -+def test_reposync_rsync( -+ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo -+): -+ # Arrange -+ mocked_subprocess = mocker.patch("cobbler.utils.subprocess_call", return_value=0) -+ mocker.patch("cobbler.actions.reposync.repo_walker") -+ mocker.patch.object(reposync_object, "create_local_file") -+ repo_path = os.path.join(reposync_object.settings.webdir, "repo_mirror", repo.name) -+ -+ # Act -+ reposync_object.rsync_sync(repo) -+ -+ # Assert -+ mocked_subprocess.assert_called_with( - [ -- ( -- enums.MirrorType.BASEURL, -- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", -- does_not_raise() -- ), -- ( -- enums.MirrorType.MIRRORLIST, -- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", -- pytest.raises(cexceptions.CX) -- ), -- ( -- enums.MirrorType.METALINK, -- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", -- pytest.raises(cexceptions.CX) -- ), -- ( -- enums.MirrorType.BASEURL, -- "http://www.example.com/path/to/some/repo", -- pytest.raises(cexceptions.CX) -- ), -+ "rsync", -+ "--testflag", -+ "--delete-after", -+ "-e ssh", -+ "--delete", -+ "--exclude-from=/etc/cobbler/rsync.exclude", -+ "/", -+ repo_path, - ], -+ shell=False, - ) -- def test_reposync_wget( -- self, -- input_mirror_type, -- input_mirror, -- expected_exception, -- api, -- repo, -- reposync -- ): -- # Arrange -- test_repo = repo -- test_repo.breed = enums.RepoBreeds.WGET -- test_repo.mirror = input_mirror -- test_repo.mirror_type = input_mirror_type -- test_settings = api.settings() -- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) -- -- # Act & Assert -- with expected_exception: -- reposync.run(test_repo.name) -- result = os.path.exists(repo_path) -- for rpm in ["rpm"]: -- assert glob.glob(os.path.join(repo_path, "**", "2") + "*", recursive=True) != [] -- assert result -- -- --@pytest.mark.skip("TODO") --def test_reposync_rhn(): -+ -+ -+def test_createrepo_walker( -+ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo -+): - # Arrange -+ input_repo = repo -+ input_repo.breed = enums.RepoBreeds.RSYNC -+ input_dirname = "" -+ input_fnames = [] -+ expected_call = ["createrepo", "--testflags", f"'{input_dirname}'"] -+ mocked_subprocess = mocker.patch( -+ "cobbler.utils.subprocess_call", autospec=True, return_value=0 -+ ) -+ mocker.patch( -+ "cobbler.utils.blender", -+ autospec=True, -+ return_value={"createrepo_flags": "--testflags"}, -+ ) -+ mocker.patch("cobbler.utils.remove_yum_olddata") -+ mocker.patch("cobbler.utils.subprocess_get", return_value="5") -+ mocker.patch("cobbler.utils.get_family", return_value="TODO") -+ mocker.patch("os.path.exists", return_value=True) -+ mocker.patch("os.path.isfile", return_value=True) -+ mocker.patch.object(reposync_object, "librepo_getinfo", return_value={}) -+ - # Act -+ reposync_object.createrepo_walker(input_repo, input_dirname, input_fnames) -+ - # Assert -- assert False -+ # TODO: Improve coverage over different cases in method -+ mocked_subprocess.assert_called_with(expected_call, shell=False) - - --@pytest.mark.skip("TODO") --def test_reposync_rsync(): -+@pytest.mark.parametrize( -+ "input_repotype,expected_exception", -+ [ -+ (enums.RepoBreeds.YUM, does_not_raise()), -+ (enums.RepoBreeds.RHN, does_not_raise()), -+ (enums.RepoBreeds.APT, does_not_raise()), -+ (enums.RepoBreeds.RSYNC, does_not_raise()), -+ (enums.RepoBreeds.WGET, does_not_raise()), -+ (enums.RepoBreeds.NONE, pytest.raises(cexceptions.CX)), -+ ], -+) -+def test_sync( -+ mocker: "MockerFixture", -+ cobbler_api: CobblerAPI, -+ reposync_object: reposync.RepoSync, -+ input_repotype: enums.RepoBreeds, -+ expected_exception: Any, -+): - # Arrange -+ test_repo = Repo(cobbler_api) -+ test_repo.breed = input_repotype -+ rhn_sync_mock = mocker.patch.object(reposync_object, "rhn_sync") -+ yum_sync_mock = mocker.patch.object(reposync_object, "yum_sync") -+ apt_sync_mock = mocker.patch.object(reposync_object, "apt_sync") -+ rsync_sync_mock = mocker.patch.object(reposync_object, "rsync_sync") -+ wget_sync_mock = mocker.patch.object(reposync_object, "wget_sync") -+ - # Act -+ with expected_exception: -+ reposync_object.sync(test_repo) -+ -+ # Assert -+ call_count = sum( -+ ( -+ rhn_sync_mock.call_count, -+ yum_sync_mock.call_count, -+ apt_sync_mock.call_count, -+ rsync_sync_mock.call_count, -+ wget_sync_mock.call_count, -+ ) -+ ) -+ assert call_count == 1 -+ -+ -+def test_librepo_getinfo( -+ mocker: "MockerFixture", reposync_object: reposync.RepoSync, tmp_path: Path -+): -+ # Arrange -+ handle_mock = mocker.MagicMock() -+ result_mock = mocker.MagicMock() -+ mocker.patch("librepo.Handle", return_value=handle_mock) -+ mocker.patch("librepo.Result", return_value=result_mock) -+ -+ # Act -+ reposync_object.librepo_getinfo(str(tmp_path)) -+ -+ # Assert -+ handle_mock.perform.assert_called_with(result_mock) -+ result_mock.getinfo.assert_called() -+ -+ -+def test_create_local_file( -+ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo -+): -+ # Arrange -+ mocker.patch("cobbler.utils.filesystem_helpers.mkdir", autospec=True) -+ mock_open = mocker.patch("builtins.open", mocker.mock_open()) -+ input_dest_path = "" -+ input_repo = repo -+ input_output = True -+ -+ # Act -+ reposync_object.create_local_file(input_dest_path, input_repo, output=input_output) -+ -+ # Assert -+ # TODO: Extend checks -+ assert mock_open.call_count == 1 -+ assert mock_open.mock_calls[0] == mocker.call("config.repo", "w", encoding="UTF-8") -+ mock_open_handle = mock_open() -+ assert mock_open_handle.write.mock_calls[0] == mocker.call("[testrepo0]\n") -+ assert mock_open_handle.write.mock_calls[1] == mocker.call("name=testrepo0\n") -+ -+ -+def test_update_permissions( -+ mocker: "MockerFixture", reposync_object: reposync.RepoSync -+): -+ # Arrange -+ mocked_subprocess = mocker.patch( -+ "cobbler.utils.subprocess_call", autospec=True, return_value=0 -+ ) -+ path_to_update = "/my/fake/path" -+ expected_calls = [ -+ mocker.call(["chown", "-R", "root:www", path_to_update], shell=False), -+ mocker.call(["chmod", "-R", "755", path_to_update], shell=False), -+ ] -+ -+ # Act -+ reposync_object.update_permissions(path_to_update) -+ - # Assert -- assert False -+ assert mocked_subprocess.mock_calls == expected_calls diff --git a/cobbler-remove-get-loaders.patch b/cobbler-remove-get-loaders.patch new file mode 100644 index 0000000..d2f1981 --- /dev/null +++ b/cobbler-remove-get-loaders.patch @@ -0,0 +1,316 @@ +commit a798eabd9b9e3e7d4cb8a828a5aa2273c69cec48 +Author: Dominik Gedon +Date: Fri Mar 5 16:25:05 2021 +0100 + + Remove get-loader code + +diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py +index e034071e..4fadab53 100644 +--- a/cobbler/actions/check.py ++++ b/cobbler/actions/check.py +@@ -386,12 +386,11 @@ class CobblerCheck: + not_found.append(loader_name) + + if len(not_found) > 0: +- status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler " +- "get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, " +- "you may ensure that you have installed a *recent* version of the syslinux package " +- "installed and can ignore this message entirely. Files in this directory, should you want " +- "to support all architectures, should include pxelinux.0, menu.c32, and yaboot. The " +- "'cobbler get-loaders' command is the easiest way to resolve these requirements.") ++ status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders. If you only want to " ++ "handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version " ++ "of the syslinux package installed and can ignore this message entirely. Files in this " ++ "directory, should you want to support all architectures, should include pxelinux.0, " ++ "menu.c32, and yaboot.") + + def check_tftpd_dir(self, status): + """ +diff --git a/cobbler/actions/dlcontent.py b/cobbler/actions/dlcontent.py +deleted file mode 100644 +index 84d73b8d..00000000 +--- a/cobbler/actions/dlcontent.py ++++ /dev/null +@@ -1,77 +0,0 @@ +-""" +-Downloads bootloader content for all arches for when the user doesn't want to supply their own. +- +-Copyright 2009, Red Hat, Inc and Others +-Michael DeHaan +- +-This program is free software; you can redistribute it and/or modify +-it under the terms of the GNU General Public License as published by +-the Free Software Foundation; either version 2 of the License, or +-(at your option) any later version. +- +-This program is distributed in the hope that it will be useful, +-but WITHOUT ANY WARRANTY; without even the implied warranty of +-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-GNU General Public License for more details. +- +-You should have received a copy of the GNU General Public License +-along with this program; if not, write to the Free Software +-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +-02110-1301 USA +-""" +- +-import os +- +-from cobbler import clogger +-from cobbler import download_manager +- +- +-class ContentDownloader: +- +- def __init__(self, collection_mgr, logger=None): +- """ +- Constructor +- +- :param collection_mgr: The main collection manager instance which is used by the current running server. +- :param logger: The logger object which logs to the desired target. +- """ +- self.collection_mgr = collection_mgr +- self.settings = collection_mgr.settings() +- if logger is None: +- logger = clogger.Logger() +- self.logger = logger +- +- def run(self, force: bool = False): +- """ +- Download bootloader content for all of the latest bootloaders, since the user has chosen to not supply their +- own. You may ask "why not get this from yum", we also want this to be able to work on Debian and further do not +- want folks to have to install a cross compiler. For those that don't like this approach they can still source +- their cross-arch bootloader content manually. +- +- :param force: If the target path should be overwritten, even if there are already files present. +- """ +- +- content_server = "https://cobbler.github.io/loaders" +- dest = "/var/lib/cobbler/loaders" +- +- files = ( +- ("%s/README" % content_server, "%s/README" % dest), +- ("%s/COPYING.yaboot" % content_server, "%s/COPYING.yaboot" % dest), +- ("%s/COPYING.syslinux" % content_server, "%s/COPYING.syslinux" % dest), +- ("%s/yaboot-1.3.17" % content_server, "%s/yaboot" % dest), +- ("%s/pxelinux.0-3.86" % content_server, "%s/pxelinux.0" % dest), +- ("%s/menu.c32-3.86" % content_server, "%s/menu.c32" % dest), +- ("%s/grub-0.97-x86.efi" % content_server, "%s/grub-x86.efi" % dest), +- ("%s/grub-0.97-x86_64.efi" % content_server, "%s/grub-x86_64.efi" % dest), +- ) +- +- dlmgr = download_manager.DownloadManager(self.collection_mgr, self.logger) +- for src, dst in files: +- if os.path.exists(dst) and not force: +- self.logger.info("path %s already exists, not overwriting existing content, use --force if you wish " +- "to update" % dst) +- continue +- self.logger.info("downloading %s to %s" % (src, dst)) +- dlmgr.download_file(src, dst) +- +-# EOF +diff --git a/cobbler/api.py b/cobbler/api.py +index bdf18391..9c52015e 100644 +--- a/cobbler/api.py ++++ b/cobbler/api.py +@@ -25,7 +25,7 @@ import random + import tempfile + from typing import Optional + +-from cobbler.actions import status, dlcontent, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync ++from cobbler.actions import status, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync + from cobbler import autoinstall_manager + from cobbler import clogger + from cobbler.cobbler_collections import manager +@@ -1276,21 +1276,6 @@ class CobblerAPI: + + # ========================================================================== + +- def dlcontent(self, force=False, logger=None): +- """ +- Downloads bootloader content that may not be avialable in packages for the given arch, ex: if installing on PPC, +- get syslinux. If installing on x86_64, get elilo, etc. +- +- :param force: Force the download, although the content may be already downloaded. +- :param logger: The logger to audit the removal with. +- """ +- # FIXME: teach code that copies it to grab from the right place +- self.log("dlcontent") +- grabber = dlcontent.ContentDownloader(self._collection_mgr, logger=logger) +- return grabber.run(force) +- +- # ========================================================================== +- + def validate_autoinstall_files(self, logger=None): + """ + Validate if any of the autoinstallation files are invalid and if yes report this. +diff --git a/cobbler/cli.py b/cobbler/cli.py +index 5441ce0a..9a6c4fff 100644 +--- a/cobbler/cli.py ++++ b/cobbler/cli.py +@@ -55,7 +55,7 @@ OBJECT_ACTIONS = [] + for actions in list(OBJECT_ACTIONS_MAP.values()): + OBJECT_ACTIONS += actions + DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validate-autoinstalls version " \ +- "signature get-loaders hardlink".split() ++ "signature hardlink".split() + + #################################################### + +@@ -687,10 +687,6 @@ class CobblerCLI: + elif action_name == "validate-autoinstalls": + (options, args) = self.parser.parse_args(self.args) + task_id = self.start_task("validate_autoinstall_files", options) +- elif action_name == "get-loaders": +- self.parser.add_option("--force", dest="force", action="store_true", help="overwrite any existing content in /var/lib/cobbler/loaders") +- (options, args) = self.parser.parse_args(self.args) +- task_id = self.start_task("dlcontent", options) + elif action_name == "import": + self.parser.add_option("--arch", dest="arch", help="OS architecture being imported") + self.parser.add_option("--breed", dest="breed", help="the breed being imported") +diff --git a/cobbler/remote.py b/cobbler/remote.py +index 759879a8..ac788752 100644 +--- a/cobbler/remote.py ++++ b/cobbler/remote.py +@@ -200,18 +200,6 @@ class CobblerXMLRPCInterface: + ) + return self.__start_task(runner, token, "aclsetup", "(CLI) ACL Configuration", options) + +- def background_dlcontent(self, options, token) -> str: +- """ +- Download bootloaders and other support files. +- +- :param options: Unknown what this parameter is doing at the moment. +- :param token: The API-token obtained via the login() method. The API-token obtained via the login() method. +- :return: The id of the task which was started. +- """ +- def runner(self): +- self.remote.api.dlcontent(self.options.get("force", False), self.logger) +- return self.__start_task(runner, token, "get_loaders", "Download Bootloader Content", options) +- + def background_sync(self, options, token) -> str: + """ + Run a full Cobbler sync in the background. +diff --git a/config/bash/completion/cobbler b/config/bash/completion/cobbler +index f2d5bd59..169dbaec 100755 +--- a/config/bash/completion/cobbler ++++ b/config/bash/completion/cobbler +@@ -9,7 +9,7 @@ _cobbler_completions() + prev="${COMP_WORDS[COMP_CWORD-1]}" + cobbler_type=${COMP_WORDS[1]} + COMPREPLY=() +- TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature get-loaders hardlink" ++ TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature hardlink" + ACTION="add edit copy list remove rename report" + opts=( + [distro]="--ctime --depth --mtime --source-repos --tree-build-time --uid --arch --autoinstall-meta --boot-files --boot-loader --breed --comment --fetchable-files --initrd --kernel --kernel-options --kernel-options-post --mgmt-classes --name --os-version --owners --redhat-management-key --template-files --in-place --help" +diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml +index 82b8c11f..b2e05a7b 100644 +--- a/config/cobbler/settings.yaml ++++ b/config/cobbler/settings.yaml +@@ -426,7 +426,7 @@ replicate_repo_rsync_options: "-avzH" + # always write DHCP entries, regardless if netboot is enabled + always_write_dhcp_entries: false + +-# External proxy - used by: "get-loaders", "reposync", "signature update" ++# External proxy - used by: reposync", "signature update" + # Eg: "http://192.168.1.1:8080" (HTTP), "https://192.168.1.1:8443" (HTTPS) + proxy_url_ext: "" + +diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst +index 673beffd..808d7738 100644 +--- a/docs/cobbler-conf.rst ++++ b/docs/cobbler-conf.rst +@@ -577,7 +577,7 @@ default: ``ipmilanplus`` + proxy_url_ext + ============= + +-External proxy which is used by the following commands: ``get-loaders``, ``reposync``, ``signature update`` ++External proxy which is used by the following commands: ``reposync``, ``signature update`` + + defaults: + +diff --git a/docs/cobbler.rst b/docs/cobbler.rst +index 1fffc41e..6332a662 100644 +--- a/docs/cobbler.rst ++++ b/docs/cobbler.rst +@@ -74,7 +74,7 @@ Long Usage: + .. code-block:: shell + + cobbler ... [add|edit|copy|get-autoinstall*|list|remove|rename|report] [options|--help] +- cobbler [options|--help] ++ cobbler [options|--help] + + Cobbler distro + ============== +@@ -1071,15 +1071,6 @@ Example: + + $ cobbler signature + +-Cobbler get-loaders +-=================== +- +-Example: +- +-.. code-block:: shell +- +- $ cobbler get-loaders +- + Cobbler hardlink + ================ + +diff --git a/docs/code-autodoc/cobbler.actions.rst b/docs/code-autodoc/cobbler.actions.rst +index 44f7e1a4..a5845996 100644 +--- a/docs/code-autodoc/cobbler.actions.rst ++++ b/docs/code-autodoc/cobbler.actions.rst +@@ -28,14 +28,6 @@ cobbler.actions.check module + :undoc-members: + :show-inheritance: + +-cobbler.actions.dlcontent module +--------------------------------- +- +-.. automodule:: cobbler.actions.dlcontent +- :members: +- :undoc-members: +- :show-inheritance: +- + cobbler.actions.hardlink module + ------------------------------- + +diff --git a/tests/cli/cobbler_cli_direct_test.py b/tests/cli/cobbler_cli_direct_test.py +index 7cd6729c..01d42d6d 100644 +--- a/tests/cli/cobbler_cli_direct_test.py ++++ b/tests/cli/cobbler_cli_direct_test.py +@@ -148,11 +148,6 @@ class TestCobblerCliTestDirect: + i = assert_report_section(lines, i, "packages") + i = assert_report_section(lines, i, "files") + +- def test_cobbler_getloaders(self, run_cmd, get_last_line): +- (outputstd, outputerr) = run_cmd(cmd=["get-loaders"]) +- lines = outputstd.split("\n") +- assert "*** TASK COMPLETE ***" == get_last_line(lines) +- + def test_cobbler_hardlink(self, run_cmd, get_last_line): + (outputstd, outputerr) = run_cmd(cmd=["hardlink"]) + lines = outputstd.split("\n") +diff --git a/tests/xmlrpcapi/background_test.py b/tests/xmlrpcapi/background_test.py +index 36c03b01..64e219ca 100644 +--- a/tests/xmlrpcapi/background_test.py ++++ b/tests/xmlrpcapi/background_test.py +@@ -25,15 +25,6 @@ class TestBackground: + # Assert + assert result + +- def test_background_dlccontent(self, remote, token): +- # Arrange +- +- # Act +- result = remote.background_dlcontent({}, token) +- +- # Assert +- assert result +- + def test_background_hardlink(self, remote, token): + # Arrange + diff --git a/cobbler-reposync.patch b/cobbler-reposync.patch deleted file mode 100644 index 4a2fff1..0000000 --- a/cobbler-reposync.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up cobbler-3.3.7/cobbler/cli.py.reposync cobbler-3.3.7/cobbler/cli.py ---- cobbler-3.3.7/cobbler/cli.py.reposync 2024-11-17 14:02:02.000000000 -0700 -+++ cobbler-3.3.7/cobbler/cli.py 2025-10-04 19:21:03.379260526 -0600 -@@ -1184,7 +1184,13 @@ class CobblerCLI: - task_id = self.start_task("import", options) - elif action_name == "reposync": - self.parser.add_option("--only", dest="only", help="update only this repository name") -- self.parser.add_option("--tries", dest="tries", help="try each repo this many times", default=1) -+ self.parser.add_option( -+ "--tries", -+ dest="tries", -+ help="try each repo this many times", -+ default=1, -+ type="int", -+ ) - self.parser.add_option("--no-fail", dest="nofail", help="don't stop reposyncing if a failure occurs", - action="store_true") - (options, args) = self.parser.parse_args(self.args) diff --git a/cobbler-rhel.patch b/cobbler-rhel.patch new file mode 100644 index 0000000..021f46c --- /dev/null +++ b/cobbler-rhel.patch @@ -0,0 +1,13 @@ +diff --git a/distro_build_configs.sh b/distro_build_configs.sh +index bad43e3c..52eb1136 100644 +--- a/distro_build_configs.sh ++++ b/distro_build_configs.sh +@@ -24,7 +24,7 @@ if [ "$DISTRO" = "" ] && [ -r /etc/os-release ];then + sle*|*suse*) + DISTRO="SUSE" + ;; +- fedora*|centos*) ++ fedora*|centos*|rhel*) + DISTRO="FEDORA" + ;; + ubuntu*|debian*) diff --git a/cobbler-scripts.patch b/cobbler-scripts.patch new file mode 100644 index 0000000..97f3058 --- /dev/null +++ b/cobbler-scripts.patch @@ -0,0 +1,12 @@ +diff -up cobbler-3.2.1/setup.py.orig cobbler-3.2.1/setup.py +--- cobbler-3.2.1/setup.py.orig 2021-03-04 12:07:10.000000000 -0700 ++++ cobbler-3.2.1/setup.py 2021-03-08 22:25:15.239563778 -0700 +@@ -566,7 +566,7 @@ if __name__ == "__main__": + ("share/cobbler/web", glob("web/*.*")), + ("%s" % webcontent, glob("web/static/*")), + ("%s" % webimages, glob("web/static/images/*")), +- ("share/cobbler/bin", glob("scripts/*.sh")), ++ ("share/cobbler/bin", glob("scripts/*")), + ("share/cobbler/web/templates", glob("web/templates/*")), + ("%s/webui_sessions" % libpath, []), + ("%s/loaders" % libpath, []), diff --git a/cobbler.fc b/cobbler.fc deleted file mode 100644 index 568bf88..0000000 --- a/cobbler.fc +++ /dev/null @@ -1,28 +0,0 @@ -/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t,s0) - -/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t,s0) - -/usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t,s0) - -/usr/lib/systemd/system/cobblerd.* -- gen_context(system_u:object_r:cobblerd_unit_file_t,s0) - -/var/cache/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) - -/var/lib/tftpboot/aarch64(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/boot(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/etc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/grub(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/images(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/images2(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/memdisk -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/menu\.c32 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/ppc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/pxelinux\.0 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/pxelinux\.cfg(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/s390x(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) -/var/lib/tftpboot/yaboot -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) - -/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t,s0) - -/var/www/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) diff --git a/cobbler.if b/cobbler.if deleted file mode 100644 index 4054eab..0000000 --- a/cobbler.if +++ /dev/null @@ -1,251 +0,0 @@ -## Cobbler installation server. - -######################################## -## -## Execute a domain transition to run cobblerd. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`cobblerd_domtrans',` - gen_require(` - type cobblerd_t, cobblerd_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, cobblerd_exec_t, cobblerd_t) -') - -######################################## -## -## Execute cobblerd server in the cobblerd domain. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`cobblerd_systemctl',` - gen_require(` - type named_unit_file_t; - type named_t; - ') - - systemd_exec_systemctl($1) - init_reload_services($1) - allow $1 named_unit_file_t:file read_file_perms; - allow $1 named_unit_file_t:service manage_service_perms; - - ps_process_pattern($1, named_t) -') - -######################################## -## -## Execute cobblerd init scripts in -## the init script domain. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`cobblerd_initrc_domtrans',` - gen_require(` - type cobblerd_initrc_exec_t; - ') - - init_labeled_script_domtrans($1, cobblerd_initrc_exec_t) -') - - - -######################################## -## -## Read cobbler configuration dirs. -## -## -## -## Domain allowed access. -## -## -# -interface(`cobbler_list_config',` - gen_require(` - type cobbler_etc_t; - ') - - list_dirs_pattern($1, cobbler_etc_t, cobbler_etc_t) - files_search_etc($1) -') - - -######################################## -## -## Read cobbler configuration files. -## -## -## -## Domain allowed access. -## -## -# -interface(`cobbler_read_config',` - gen_require(` - type cobbler_etc_t; - ') - - read_files_pattern($1, cobbler_etc_t, cobbler_etc_t) - files_search_etc($1) -') - -######################################## -## -## Do not audit attempts to read and write -## cobbler log files. -## -## -## -## Domain to not audit. -## -## -# -interface(`cobbler_dontaudit_rw_log',` - gen_require(` - type cobbler_var_log_t; - ') - - dontaudit $1 cobbler_var_log_t:file rw_file_perms; -') - -######################################## -## -## Search cobbler lib directories. -## -## -## -## Domain allowed access. -## -## -# -interface(`cobbler_search_lib',` - gen_require(` - type cobbler_var_lib_t; - ') - - files_search_var_lib($1) - search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) -') - -######################################## -## -## Read cobbler lib files. -## -## -## -## Domain allowed access. -## -## -# -interface(`cobbler_read_lib_files',` - gen_require(` - type cobbler_var_lib_t; - ') - - files_search_var_lib($1) - read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) - read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) -') - -######################################## -## -## Create, read, write, and delete -## cobbler lib files. -## -## -## -## Domain allowed access. -## -## -# -interface(`cobbler_manage_lib_files',` - gen_require(` - type cobbler_var_lib_t; - ') - - files_search_var_lib($1) - manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) - manage_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) - manage_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) -') - -######################################## -## -## All of the rules required to -## administrate an cobbler environment. -## -## -## -## Domain allowed access. -## -## -## -## -## Role allowed access. -## -## -## -# -interface(`cobblerd_admin',` - refpolicywarn(`$0($*) has been deprecated, use cobbler_admin() instead.') - cobbler_admin($1, $2) -') - -######################################## -## -## All of the rules required to -## administrate an cobbler environment. -## -## -## -## Domain allowed access. -## -## -## -## -## Role allowed access. -## -## -## -# -interface(`cobbler_admin',` - gen_require(` - type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t; - type cobbler_etc_t, cobblerd_initrc_exec_t; - type cobbler_tmp_t; - ') - - allow $1 cobblerd_t:process { ptrace signal_perms }; - ps_process_pattern($1, cobblerd_t) - - cobblerd_initrc_domtrans($1) - domain_system_change_exemption($1) - role_transition $2 cobblerd_initrc_exec_t system_r; - allow $2 system_r; - - files_search_etc($1) - admin_pattern($1, cobbler_etc_t) - - files_search_tmp($1) - admin_pattern($1, cobbler_tmp_t) - - files_search_var_lib($1) - admin_pattern($1, cobbler_var_lib_t) - - logging_search_logs($1) - admin_pattern($1, cobbler_var_log_t) -') diff --git a/cobbler.spec b/cobbler.spec index 69d7d40..eeca427 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -1,87 +1,97 @@ %global tftpboot_dir %{_sharedstatedir}/tftpboot/ -%global commit 700eb5bdfb28baba4de5e4083bec9e132a763bcb -%global shortcommit %(c=%{commit}; echo ${c:0:7}) -%global selinuxtype targeted - -# Tests require an installed system with root access -%bcond check 0 +%global commit0 172b8a0f79d110dcac1f50acfe412e0a01ff20ab +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.3.7 -Release: %autorelease +Version: 3.2.2 +Release: 13%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ -# Automatically converted from old format: GPLv2+ - review is highly recommended. -License: GPL-2.0-or-later +License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz +#Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz Source1: migrate-settings.sh -Source2: %{name}.te -Source3: %{name}.if -Source4: %{name}.fc - +# Revert upstream's VirtualHost addition +# https://github.com/cobbler/cobbler/issues/2286 +Patch0: cobbler-httpd.patch +# Fix autoinstall_templates -> templates +Patch1: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/2590.patch +# Install migrate-data-v2-to-v3.py - https://github.com/cobbler/cobbler/pull/2591 +Patch2: cobbler-scripts.patch +# Remove get-loaders command +Patch3: cobbler-remove-get-loaders.patch +# Upstream fix for CVE-2021-45082 +Patch4: cobbler-CVE-2021-45082.patch # Do not run coverage tests -Patch0: cobbler-nocov.patch -# Python 3.13 support (backport of https://github.com/cobbler/cobbler/pull/3842) -# https://bugzilla.redhat.com/show_bug.cgi?id=2335620 -Patch1: cobbler-python3.13.patch -# Upstream fix for reposync --tries -# https://bugzilla.redhat.com/show_bug.cgi?id=2401605 -# Backport of https://github.com/cobbler/cobbler/pull/3378 -Patch2: cobbler-reposync.patch -# Use systemctl is-active to prevent some SELinux denials checking service status -# https://bugzilla.redhat.com/show_bug.cgi?id=2353898 -Patch3: https://github.com/cobbler/cobbler/pull/3945.patch +Patch5: cobbler-nocov.patch +# Upstream fix for CVE-2022-0860 (expired accounts) +Patch6: https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa.patch +# Based on https://github.com/cobbler/cobbler/pull/2965 +Patch7: 2965.patch +# Upstream fix for reposync_librepo +Patch8: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/3227.patch BuildArch: noarch -BuildRequires: make BuildRequires: python%{python3_pkgversion}-devel -# Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. -# https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec -%if 0%{?fedora} >= 42 || 0%{?rhel} >= 10 -BuildRequires: %{py3_dist ct3} -%else +%if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: %{py3_dist cheetah3} -%endif BuildRequires: %{py3_dist distro} BuildRequires: %{py3_dist netaddr} BuildRequires: %{py3_dist pyyaml} BuildRequires: %{py3_dist requests} BuildRequires: %{py3_dist schema} BuildRequires: %{py3_dist setuptools} +BuildRequires: %{py3_dist simplejson} # For docs BuildRequires: %{py3_dist sphinx} -%if %{with check} -# For tests -BuildRequires: %{py3_dist crypt-r} -BuildRequires: %{py3_dist dnspython} -BuildRequires: %{py3_dist file-magic} -BuildRequires: %{py3_dist pytest-benchmark} +%else +BuildRequires: python%{python3_pkgversion}-cheetah +BuildRequires: python%{python3_pkgversion}-distro +BuildRequires: python%{python3_pkgversion}-netaddr +BuildRequires: python%{python3_pkgversion}-PyYAML +BuildRequires: python%{python3_pkgversion}-requests +BuildRequires: python%{python3_pkgversion}-schema +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-simplejson +# For docs +BuildRequires: python%{python3_pkgversion}-sphinx %endif -# This ensures that the *-selinux package and all it’s dependencies are not pulled -# into containers and other systems that do not use SELinux -Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) - Requires: httpd Requires: tftp-server -Requires: dosfstools Requires: createrepo_c Requires: rsync Requires: xorriso +Requires: %{py3_dist cheetah3} +Requires: %{py3_dist distro} +Requires: %{py3_dist dnspython} +Requires: %{py3_dist file-magic} +Requires: %{py3_dist mod_wsgi} +Requires: %{py3_dist netaddr} +Requires: %{py3_dist pyyaml} +Requires: %{py3_dist requests} +Requires: %{py3_dist schema} +Requires: %{py3_dist simplejson} +Requires: %{py3_dist tornado} Requires: genisoimage +%if 0%{?fedora} || 0%{?rhel} >= 8 # Not everyone wants bash-completion...? Recommends: bash-completion Requires: dnf-plugins-core # syslinux is only available on x86 -Requires: (syslinux if (filesystem(x86-64) or filesystem(x86-32))) +Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) # grub2 efi stuff is only available on x86 Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate Recommends: %{py3_dist librepo} -Obsoletes: cobbler-web < 3.3 +%else +Requires: yum-utils +%endif +# https://github.com/cobbler/cobbler/issues/1685 +Requires: /sbin/service BuildRequires: systemd Requires(post): systemd @@ -89,26 +99,28 @@ Requires(preun): systemd Requires(postun): systemd %description -Cobbler is a network install server. Cobbler supports PXE, ISO -virtualized installs, and re-installing existing Linux machines. The -last two modes use a helper tool, 'koan', that integrates with cobbler. -Cobbler's advanced features include importing distributions from DVDs -and rsync mirrors, kickstart templating, integrated yum mirroring, and -built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration -with other applications. +Cobbler is a network install server. Cobbler supports PXE, ISO +virtualized installs, and re-installing existing Linux machines. +The last two modes use a helper tool, 'koan', that integrates with +cobbler. There is also a web interface 'cobbler-web'. Cobbler's +advanced features include importing distributions from DVDs and rsync +mirrors, kickstart templating, integrated yum mirroring, and built-in +DHCP/DNS Management. Cobbler has a XML-RPC API for integration with +other applications. -%package selinux -Summary: SELinux policies for %{name} -Requires: selinux-policy-%{selinuxtype} -Requires(post): selinux-policy-%{selinuxtype} -BuildRequires: selinux-policy-devel -BuildArch: noarch -%{?selinux_requires} +%package -n cobbler-web +Summary: Web interface for Cobbler +Requires: cobbler = %{version}-%{release} +Requires: %{py3_dist django} +Requires: %{py3_dist mod_wsgi} +Requires: mod_ssl +Requires(post): coreutils +Requires(post): sed - -%description selinux -SELinux policies for %{name}. +%description -n cobbler-web +Web interface for Cobbler that allows visiting +http://server/cobbler_web to configure the install server. %package tests @@ -116,38 +128,15 @@ Summary: Unit tests for cobbler Requires: cobbler = %{version}-%{release} %description tests -Unit test files from the Cobbler project. - - -%package tests-containers -Summary: Dockerfiles and scripts to setup testing containers -Requires: cobbler = %{version}-%{release} - -%description tests-containers -Dockerfiles and scripts to setup testing containers. +Unit test files from the Cobbler project %prep %autosetup -p1 -mkdir -p selinux -cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux/ - -# Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. -# https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec -%if 0%{?fedora} >= 42 || 0%{?rhel} >= 10 -sed -e 's/Cheetah3/CT3/' -i setup.py -%endif - %build . ./distro_build_configs.sh %py3_build -make man - -# SELinux -make -f %{_datadir}/selinux/devel/Makefile %{name}.pp -bzip2 -9 %{name}.pp - %install . ./distro_build_configs.sh @@ -167,22 +156,15 @@ mkdir -p %{buildroot}%{tftpboot_dir}/{boot,etc,grub/system{,_link},images{,2},pp mkdir -p %{buildroot}%{_unitdir} mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd.service %{buildroot}%{_unitdir} +# cobbler-web +rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf + # ghosted files touch %{buildroot}%{_sharedstatedir}/cobbler/web.ss # migrate-settings.sh install -p -m0755 %SOURCE1 %{buildroot}%{_datadir}/cobbler/bin/migrate-settings.sh -# SELinux -install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 -install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if - - -%if %{with check} -%check -%pytest -v -%endif - %pre if [ $1 -ge 2 ]; then @@ -216,10 +198,7 @@ chgrp apache %{_sysconfdir}/cobbler/users.conf chgrp apache %{_sysconfdir}/cobbler/users.digest chgrp apache %{_sysconfdir}/cobbler/settings.d chgrp apache %{_sysconfdir}/cobbler/settings.d/* -# Change from apache -if [ -f %{_sharedstatedir}/cobbler/web.ss ]; then - chown root %{_sharedstatedir}/cobbler/web.ss -fi + %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -231,7 +210,13 @@ if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then %{_datadir}/cobbler/bin/migrate-settings.sh fi # Add some missing options if needed +grep -q '^cache_enabled:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\ncache_enabled: true' >> %{_sysconfdir}/cobbler/settings.yaml grep -q '^reposync_rsync_flags:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\nreposync_rsync_flags: "-rltDv --copy-unsafe-links"' >> %{_sysconfdir}/cobbler/settings.yaml +# Migrate pre-3 configuration data if needed +if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then + echo warning: migrating pre cobbler 3 configuration data + %{_datadir}/cobbler/bin/migrate-data-v2-to-v3.py +fi %preun %systemd_preun cobblerd.service @@ -239,24 +224,12 @@ grep -q '^reposync_rsync_flags:' %{_sysconfdir}/cobbler/settings.yaml || echo -e %postun %systemd_postun_with_restart cobblerd.service - -%pre selinux -%selinux_relabel_pre -s %{selinuxtype} - -%post selinux -%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 -%selinux_relabel_post -s %{selinuxtype} - -if [ "$1" -le "1" ]; then # First install - # the daemon needs to be restarted for the custom label to be applied - %systemd_postun_with_restart cobblerd.service -fi - -%postun selinux -if [ $1 -eq 0 ]; then - %selinux_modules_uninstall -s %{selinuxtype} %{name} - %selinux_relabel_post -s %{selinuxtype} -fi +%post -n cobbler-web +# Change the SECRET_KEY option in the Django settings.py file +# required for security reasons, should be unique on all systems +# Choose from letters and numbers only, so no special chars like ampersand (&). +RAND_SECRET=$(head /dev/urandom | tr -dc 'A-Za-z0-9!' | head -c 50 ; echo '') +sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler/web/settings.py %files @@ -268,7 +241,6 @@ fi %config(noreplace) %{_sysconfdir}/cobbler/boot_loader_conf/ %config(noreplace) %{_sysconfdir}/cobbler/cheetah_macros %config(noreplace) %{_sysconfdir}/cobbler/dhcp.template -%config(noreplace) %{_sysconfdir}/cobbler/dhcp6.template %config(noreplace) %{_sysconfdir}/cobbler/dnsmasq.template %config(noreplace) %{_sysconfdir}/cobbler/genders.template %config(noreplace) %{_sysconfdir}/cobbler/import_rsync_whitelist @@ -287,19 +259,17 @@ fi %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings -%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/windows.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.conf %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.digest %config(noreplace) %{_sysconfdir}/cobbler/version -%config(noreplace) %{_sysconfdir}/cobbler/windows/ %config(noreplace) %{_sysconfdir}/cobbler/zone.template %config(noreplace) %{_sysconfdir}/cobbler/zone_templates/ %config(noreplace) %{_sysconfdir}/logrotate.d/cobblerd %config(noreplace) /etc/httpd/conf.d/cobbler.conf %{_bindir}/cobbler -%{_bindir}/cobbler-settings %{_bindir}/cobbler-ext-nodes %{_bindir}/cobblerd +%{_sbindir}/tftpd.py %{_datadir}/bash-completion/ %dir %{_datadir}/cobbler %{_datadir}/cobbler/bin @@ -311,32 +281,314 @@ fi %{_unitdir}/cobblerd.service %{tftpboot_dir}/* /var/www/cobbler -%dir %{_sharedstatedir}/cobbler -%ghost %attr(0755,root,root) %{_sharedstatedir}/cobbler/backup/ -%config(noreplace) %{_sharedstatedir}/cobbler/collections/ -%config(noreplace) %{_sharedstatedir}/cobbler/distro_signatures.json -%config(noreplace) %{_sharedstatedir}/cobbler/grub_config/ -%config(noreplace) %{_sharedstatedir}/cobbler/loaders/ -%config(noreplace) %{_sharedstatedir}/cobbler/scripts/ -%config(noreplace) %{_sharedstatedir}/cobbler/snippets/ -%config(noreplace) %{_sharedstatedir}/cobbler/templates/ -%config(noreplace) %{_sharedstatedir}/cobbler/triggers/ -%ghost %attr(0644,root,root) %{_sharedstatedir}/cobbler/lock -# Currently used for cli auth -%ghost %attr(0644,root,root) %{_sharedstatedir}/cobbler/web.ss +%config(noreplace) %{_sharedstatedir}/cobbler +%exclude %{_sharedstatedir}/cobbler/web.ss +%exclude %{_sharedstatedir}/cobbler/webui_sessions /var/log/cobbler -%files selinux -%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.* -%{_datadir}/selinux/devel/include/distributed/%{name}.if -%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} +%files -n cobbler-web +%license COPYING +%doc AUTHORS.in README.md +%config(noreplace) /etc/httpd/conf.d/cobbler_web.conf +%attr(-,apache,apache) %{_datadir}/cobbler/web +%ghost %attr(0660,apache,root) %{_sharedstatedir}/cobbler/web.ss +%dir %attr(700,apache,root) %{_sharedstatedir}/cobbler/webui_sessions +%attr(-,apache,apache) /var/www/cobbler_webui_content/ %files tests -%{_datadir}/cobbler/tests/ - -%files tests-containers -%{_datadir}/cobbler/docker/ +%dir %{_datadir}/cobbler/tests +%{_datadir}/cobbler/tests/* %changelog -%autochangelog +* Wed Aug 10 2022 Robby Callicotte - 3.2.2-13 +- Add upstream patch for reposync errors (bz#2117750) + +* Fri Apr 22 2022 Xavier Bachelot - 3.2.2-12 +- Add patch7: + - fix ldap anonymous bind + - sync distro signatures + - support older anaconda boot line options + +* Wed Mar 23 2022 Orion Poplawski - 3.2.2-11 +- Add upstream patch for CVE-2022-0860 (bz#2066592) + +* Wed Mar 02 2022 Orion Poplawski - 3.2.2-10 +- More complete fix for CVE-2021-45083 - enforce permissions in %%post + +* Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 +- Apply fixes for CVE-2021-45082/3 +- Remove BR on python3-coverage + +* Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 +- Fix posttrans script + +* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 +- Fix path to settings.yaml in scriptlet + +* Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 +- Remove defunct get-loaders command + +* Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 +- Add new keys to settings.yaml on migration or if missing +- Save original settings to settings.rpmorig + +* Fri Oct 08 2021 Orion Poplawski - 3.2.2-3 +- Fix dependencies (bz#2010567) + +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 +- Migrate settings to settings.yaml +- Migrate pre-cobbler 3 data if needed +- Fix autoinstall_templates -> templates + +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 +- Update to 3.2.2 +- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection +- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function +- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings + +* Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 +- Update to 3.2.1 + +* Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 3.2.0-5 +- Rebuilt for Python 3.10 + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 +- Give root RW permission to /var/lib/cobbler/web.ss +- Fix SELinux cobbler logging issue + +* Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 +- Update to 3.2.0 + +* Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 +- Add requires on python-distro and file + +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 +- Fix apache configuration + +* Fri May 29 2020 Orion Poplawski - 3.1.2-1 +- Update to 3.1.2 + +* Tue May 26 2020 Miro Hrončok - 3.1.1-4 +- Rebuilt for Python 3.9 + +* Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 +- Add requires for python3-dns + +* Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 +- Update to 3.1.1 + +* Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 +- Drop koan completely, including obsoletes. It is a separate package now. + +* Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 +- Require /sbin/service + +* Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 +- Fix requires (requests instead of urlgrabber) +- Fix BR for EL8 + +* Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 +- Update to 3.0.1 + +* Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 +- Update to 3.0.0 + +* Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 +- Update to 2.8.5 - pre-release + +* Wed Jul 24 2019 Fedora Release Engineering - 2.8.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 2.8.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Nov 26 2018 Orion Poplawski - 2.8.4-5 +- Fix empty man pages (BZ 1653415) + +* Mon Nov 26 2018 Orion Poplawski - 2.8.4-4 +- Revert bind_manage_ipmi feature that is broken on 2.8 + +* Sun Nov 25 2018 Orion Poplawski - 2.8.4-3 +- Use pathfix.py to fix python shebangs + +* Sun Nov 25 2018 Orion Poplawski - 2.8.4-2 +- Make koan require python2-ethtool (BZ 1638933) + +* Sat Nov 24 2018 Orion Poplawski - 2.8.4-1 +- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931) + +* Thu Jul 12 2018 Fedora Release Engineering - 2.8.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed May 30 2018 Orion Poplawski - 2.8.3-3 +- koan requires urlgrabber + +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2 +- Restore mergeability with epel7 + +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 +- Update to 2.8.3 - security bugfix + +* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6 +- Really fix django requires for Fedora 28+ + +* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 +- Fix django requires for Fedora 28+ + +* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 +- Update to 2.8.2 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.8.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.8.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 +- Suppress logrotate output + +* Mon Jun 12 2017 Orion Poplawski - 2.8.1-2 +- Fix module loading + +* Wed May 24 2017 Orion Poplawski - 2.8.1-1 +- Update to 2.8.1 + +* Fri Feb 17 2017 Orion Poplawski - 2.8.0-6 +- Add patch to fix handling of multiple bridge interfaces + +* Fri Feb 10 2017 Fedora Release Engineering - 2.8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 27 2017 Orion Poplawski - 2.8.0-4 +- Fix named patch + +* Tue Jan 24 2017 Orion Poplawski - 2.8.0-3 +- Restart named-chroot service if used + +* Fri Jan 20 2017 Orion Poplawski - 2.8.0-2 +- Fix logrotate script for systemd (bug #1414617) + +* Thu Dec 1 2016 Orion Poplawski - 2.8.0-1 +- Update to 2.8.0 +- Restructure spec file + +* Thu Sep 1 2016 Orion Poplawski - 2.6.11-11.gitf78af86 +- Add patches to fix TEMPLATE_DIRS and use OrderedDict + +* Thu Aug 11 2016 Orion Poplawski - 2.6.11-10.gitf78af86 +- Force IPv4 connections to cobblerd from web proxy + +* Thu Jul 21 2016 Orion Poplawski - 2.6.11-9.gitf78af86 +- Suppress "virt-install --os-variant list" error messages + +* Thu Jul 21 2016 Orion Poplawski - 2.6.11-8.git5680bf8 +- Fix handling unknown os variants with osinfo-query + +* Tue Jul 19 2016 Fedora Release Engineering - 2.6.11-7.git95749a6 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Wed Jul 13 2016 Orion Poplawski - 2.6.11-6.git95749a6 +- Fix typo in koan/app.py + +* Wed Jul 13 2016 Orion Poplawski - 2.6.11-5.git13b035f +- Update to current git snapshot (bug #1276896) + +* Wed Feb 03 2016 Fedora Release Engineering - 2.6.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Feb 1 2016 Orion Poplawski - 2.6.11-3 +- Require dnf-plugins-core + +* Sun Jan 24 2016 Orion Poplawski - 2.6.11-2 +- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+ + +* Sun Jan 24 2016 Orion Poplawski - 2.6.11-1 +- Update to 2.6.11 +- Make cobbler arch specific to allow for arch specific requires + +* Thu Oct 1 2015 Orion Poplawski - 2.6.10-1 +- Update to 2.6.10 + +* Mon Jun 22 2015 Orion Poplawski - 2.6.9-1 +- Update to 2.6.9 + +* Wed Jun 17 2015 Fedora Release Engineering - 2.6.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 12 2015 Orion Poplawski - 2.6.8-2 +- Support django 1.8 in Fedora 22+ + +* Fri May 8 2015 Orion Poplawski - 2.6.8-1 +- Update to 2.6.8 +- Backport upstream patch to fix centos version detection (bug #1201879) + +* Tue Apr 28 2015 Orion Poplawski - 2.6.7-3 +- Add patch to fix virt-install support for F21+/EL7 (bug #1188424) + +* Mon Apr 27 2015 Orion Poplawski - 2.6.7-2 +- Create and own directories in tftp_dir + +* Wed Dec 31 2014 Orion Poplawski - 2.6.7-1 +- Update to 2.6.7 + +* Sun Oct 19 2014 Orion Poplawski - 2.6.6-1 +- Update to 2.6.6 + +* Fri Aug 15 2014 Orion Poplawski - 2.6.5-1 +- Update to 2.6.5 + +* Wed Aug 13 2014 Orion Poplawski - 2.6.4-2 +- Require Django >= 1.4 + +* Mon Aug 11 2014 Orion Poplawski - 2.6.4-1 +- Update to 2.6.4 + +* Fri Jul 18 2014 Orion Poplawski - 2.6.3-1 +- Update to 2.6.3 + +* Wed Jul 16 2014 Orion Poplawski - 2.6.2-1 +- Update to 2.6.2 +- Spec cleanup + +* Sat Jun 07 2014 Fedora Release Engineering - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri May 23 2014 Orion Poplawski - 2.6.1-1 +- Update to 2.6.1 +- Drop koan patch applied upstream + +* Tue Apr 22 2014 Orion Poplawski - 2.6.0-2 +- Only require syslinux on x86 + +* Mon Apr 21 2014 Orion Poplawski - 2.6.0-1 +- Update to 2.6.0 diff --git a/cobbler.te b/cobbler.te deleted file mode 100644 index d233f01..0000000 --- a/cobbler.te +++ /dev/null @@ -1,249 +0,0 @@ -policy_module(cobbler, 1.3.0) - -######################################## -# -# Declarations -# - -## -##

-## Determine whether Cobbler can modify -## public files used for public file -## transfer services. -##

-## -gen_tunable(cobbler_anon_write, false) - -## -##

-## Determine whether Cobbler can connect -## to the network using TCP. -##

-## -gen_tunable(cobbler_can_network_connect, false) - -## -##

-## Determine whether Cobbler can access -## cifs file systems. -##

-## -gen_tunable(cobbler_use_cifs, false) - -## -##

-## Determine whether Cobbler can access -## nfs file systems. -##

-## -gen_tunable(cobbler_use_nfs, false) - -gen_require(` - type debuginfo_exec_t; - type init_exec_t; - class file getattr; -') - -type cobblerd_t; -type cobblerd_exec_t; -init_daemon_domain(cobblerd_t, cobblerd_exec_t) - -type cobblerd_initrc_exec_t; -init_script_file(cobblerd_initrc_exec_t) - -type cobbler_etc_t; -files_config_file(cobbler_etc_t) - -type cobbler_var_log_t; -logging_log_file(cobbler_var_log_t) - -type cobbler_var_lib_t alias cobbler_content_t; -files_type(cobbler_var_lib_t) - -type cobbler_tmp_t; -files_tmp_file(cobbler_tmp_t) - -type cobblerd_unit_file_t; -systemd_unit_file(cobblerd_unit_file_t) - -######################################## -# -# Local policy -# - -allow cobblerd_t self:capability { chown dac_read_search fowner fsetid sys_nice }; -dontaudit cobblerd_t self:capability sys_tty_config; -allow cobblerd_t self:process { getsched setsched signal }; -allow cobblerd_t self:fifo_file rw_fifo_file_perms; -allow cobblerd_t self:tcp_socket { accept listen }; -allow cobblerd_t self:netlink_audit_socket create_socket_perms; - -allow cobblerd_t cobbler_etc_t:dir list_dir_perms; -allow cobblerd_t cobbler_etc_t:file read_file_perms; -allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms; - -allow cobblerd_t cobbler_tmp_t:file mmap_file_perms; -# Allow cobbler to stat /usr/libexec/dnf-utils (aka reposync/yumdownloader) -allow cobblerd_t debuginfo_exec_t:file getattr; -# Allow cobbler to stat /usr/lib/systemd/systemd -allow cobblerd_t init_exec_t:file getattr; -# Allow cobbler to check status of itself -allow cobblerd_t cobblerd_unit_file_t:service status; - -manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) -manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) -files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file }) - -manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) -manage_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) -manage_lnk_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) -files_var_lib_filetrans(cobblerd_t, cobbler_var_lib_t, dir) -files_var_filetrans(cobblerd_t, cobbler_var_lib_t, dir, "cobbler") - -append_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) -create_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) -read_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) -setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) -logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file) - -kernel_read_system_state(cobblerd_t) -kernel_read_network_state(cobblerd_t) - -corecmd_exec_bin(cobblerd_t) -corecmd_exec_shell(cobblerd_t) - -corenet_all_recvfrom_netlabel(cobblerd_t) -corenet_all_recvfrom_unlabeled(cobblerd_t) -corenet_tcp_sendrecv_generic_if(cobblerd_t) -corenet_tcp_sendrecv_generic_node(cobblerd_t) -corenet_tcp_bind_generic_node(cobblerd_t) - -corenet_sendrecv_cobbler_server_packets(cobblerd_t) -corenet_tcp_bind_cobbler_port(cobblerd_t) -corenet_tcp_sendrecv_cobbler_port(cobblerd_t) - -corenet_sendrecv_ftp_client_packets(cobblerd_t) -corenet_tcp_connect_ftp_port(cobblerd_t) -corenet_tcp_sendrecv_ftp_port(cobblerd_t) - -corenet_tcp_sendrecv_http_port(cobblerd_t) -corenet_tcp_connect_http_port(cobblerd_t) -corenet_sendrecv_http_client_packets(cobblerd_t) - -dev_read_sysfs(cobblerd_t) -dev_read_urand(cobblerd_t) - -files_list_boot(cobblerd_t) -files_list_tmp(cobblerd_t) -files_read_boot_files(cobblerd_t) -files_read_etc_runtime_files(cobblerd_t) - -fs_getattr_all_fs(cobblerd_t) -fs_read_iso9660_files(cobblerd_t) - -selinux_get_enforce_mode(cobblerd_t) - -term_use_console(cobblerd_t) - -auth_use_nsswitch(cobblerd_t) - -logging_send_syslog_msg(cobblerd_t) - -miscfiles_read_localization(cobblerd_t) -miscfiles_read_public_files(cobblerd_t) - -sysnet_dns_name_resolve(cobblerd_t) -sysnet_rw_dhcp_config(cobblerd_t) -sysnet_write_config(cobblerd_t) - -tunable_policy(`cobbler_anon_write',` - miscfiles_manage_public_files(cobblerd_t) -') - -tunable_policy(`cobbler_can_network_connect',` - corenet_sendrecv_all_client_packets(cobblerd_t) - corenet_tcp_connect_all_ports(cobblerd_t) - corenet_tcp_sendrecv_all_ports(cobblerd_t) -') - -tunable_policy(`cobbler_use_cifs',` - fs_manage_cifs_dirs(cobblerd_t) - fs_manage_cifs_files(cobblerd_t) - fs_manage_cifs_symlinks(cobblerd_t) -') - -tunable_policy(`cobbler_use_nfs',` - fs_manage_nfs_dirs(cobblerd_t) - fs_manage_nfs_files(cobblerd_t) - fs_manage_nfs_symlinks(cobblerd_t) -') - -optional_policy(` - apache_search_config(cobblerd_t) - apache_domtrans(cobblerd_t) - apache_search_sys_content(cobblerd_t) -') - -optional_policy(` - bind_read_config(cobblerd_t) - bind_write_config(cobblerd_t) - bind_domtrans_ndc(cobblerd_t) - bind_domtrans(cobblerd_t) - bind_initrc_domtrans(cobblerd_t) - bind_manage_zone(cobblerd_t) - bind_systemctl(cobblerd_t) -') - -optional_policy(` - certmaster_exec(cobblerd_t) -') - -optional_policy(` - dhcpd_domtrans(cobblerd_t) - dhcpd_initrc_domtrans(cobblerd_t) - dhcpd_systemctl(cobblerd_t) -') - -optional_policy(` - dnsmasq_domtrans(cobblerd_t) - dnsmasq_initrc_domtrans(cobblerd_t) - dnsmasq_write_config(cobblerd_t) - dnsmasq_systemctl(cobblerd_t) -') - -# To read /boot/efi -optional_policy(` - fs_list_dos(cobblerd_t) - fs_read_dos_files(cobblerd_t) -') - -# To run mkfs.fat when generating ISO -optional_policy(` - fstools_exec(cobblerd_t) -') - -optional_policy(` - libs_exec_ldconfig(cobblerd_t) -') - -optional_policy(` - mysql_stream_connect(cobblerd_t) -') - -optional_policy(` - rpm_exec(cobblerd_t) -') - -optional_policy(` - rsync_exec(cobblerd_t) - rsync_read_config(cobblerd_t) - rsync_manage_config(cobblerd_t) - rsync_etc_filetrans_config(cobblerd_t, file, "rsync.conf") -') - -optional_policy(` - tftp_manage_config(cobblerd_t) - tftp_manage_rw_content(cobblerd_t) - tftp_delete_content_dirs(cobblerd_t) - tftp_filetrans_tftpdir(cobblerd_t, cobbler_var_lib_t, { dir file }) -') diff --git a/sources b/sources index ba2585a..e8eac50 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.7.tar.gz) = df6570dd7c6cbe50464624267df1bbecbb29e60513bba312a6c726502d4670670f3113f24b6b7e465d0b3353c0721e6fe3725dbc4569b4f624ec2b4a29682d1a +SHA512 (cobbler-3.2.2.tar.gz) = 65f3bf3bb43d1b1a6631ab299cd5a9a807c8e20ea07a61f89edc425b4833be5f2ddf0ac473010906bbcaaa5edfad577378185290bd2db01d9d64f276c2ad6be9