From 41c2a598177a1d3eeaf3970b6744b9dacbfee79d Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Wed, 3 Apr 2013 20:50:02 -0500 Subject: [PATCH 001/110] New upstream release - 2.4.0-beta4 Conflicts: cobbler.spec --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index f7c62fc..88a207c 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -8,7 +8,7 @@ Name: cobbler License: GPLv2+ AutoReq: no Version: 2.4.0 -Release: beta3%{?dist}.2 +Release: beta4%{?dist} Source0: http://shenson.fedorapeople.org/cobbler/cobbler-%{version}.tar.gz # Make httpd configuration compatible with Apache 2.2/2.4 @@ -342,6 +342,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ /var/www/cobbler_webui_content/ %changelog +* Wed Apr 03 2013 James Cammarata 2.4.0-beta4 +- 2.4.0-beta4 release + * Wed Feb 13 2013 Fedora Release Engineering - 2.4.0-beta3.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From 9ca878626b358534d1da8b142e1a8bb2d973e854 Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Mon, 22 Apr 2013 10:34:35 -0500 Subject: [PATCH 002/110] New upstream release, 2.4.0-beta5 --- cobbler.spec | 22 +++++----------------- sources | 2 +- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 88a207c..8248985 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -8,12 +8,8 @@ Name: cobbler License: GPLv2+ AutoReq: no Version: 2.4.0 -Release: beta4%{?dist} +Release: beta5%{?dist} Source0: http://shenson.fedorapeople.org/cobbler/cobbler-%{version}.tar.gz - -# Make httpd configuration compatible with Apache 2.2/2.4 -Patch0: %{name}-httpd24.patch - Group: Applications/System BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot BuildArch: noarch @@ -77,9 +73,6 @@ other applications. %prep %setup -q -%patch0 -p1 -b .httpd24 - - %build %{__python} setup.py build @@ -336,22 +329,17 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %doc AUTHORS COPYING CHANGELOG README %config(noreplace) /etc/httpd/conf.d/cobbler_web.conf %defattr(-,apache,apache,-) -%dir /usr/share/cobbler /usr/share/cobbler/web %dir %attr(700,apache,root) /var/lib/cobbler/webui_sessions /var/www/cobbler_webui_content/ %changelog +* Mon Apr 22 2013 James Cammarata 2.4.0-beta5 +- A few bugfixes and rebuilding the RPM because of a goof + (jimi@sngx.net) + * Wed Apr 03 2013 James Cammarata 2.4.0-beta4 - 2.4.0-beta4 release - -* Wed Feb 13 2013 Fedora Release Engineering - 2.4.0-beta3.2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Tue Jan 8 2013 Remi Collet 2.4.0-beta3.1 -- fix configuration for httpd 2.4, #871383 -- own /usr/share/cobbler - * Wed Dec 12 2012 James Cammarata 2.4.0-beta3 - New release 2.4.0-beta3 * Thu Oct 11 2012 James Cammarata 2.4.0-beta2 diff --git a/sources b/sources index 4183bb4..4896a9f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ec541e4c6af4603f86cde141f380f96e cobbler-2.4.0.tar.gz +ede78f714ddf22e54593512c4b25dabc cobbler-2.4.0.tar.gz From a0f637a834a2f82680bb239844c77fb75fea9fee Mon Sep 17 00:00:00 2001 From: Cole Robinson Date: Thu, 9 May 2013 20:34:23 -0400 Subject: [PATCH 003/110] python-virtinst is no more, require virt-install (bz #958489) --- cobbler.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 8248985..a091f86 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -8,7 +8,7 @@ Name: cobbler License: GPLv2+ AutoReq: no Version: 2.4.0 -Release: beta5%{?dist} +Release: beta5%{?dist}.1 Source0: http://shenson.fedorapeople.org/cobbler/cobbler-%{version}.tar.gz Group: Applications/System BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot @@ -270,7 +270,7 @@ Requires: python >= 2.0 %if 0%{?fedora} >= 11 || 0%{?rhel} >= 6 Requires: python(abi) >= %{pyver} Requires: python-simplejson -Requires: python-virtinst +Requires: virt-install %endif @@ -334,6 +334,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ /var/www/cobbler_webui_content/ %changelog +* Thu May 09 2013 Cole Robinson 2.4.0-beta5.1 +- python-virtinst is no more, require virt-install (bz 958489) + * Mon Apr 22 2013 James Cammarata 2.4.0-beta5 - A few bugfixes and rebuilding the RPM because of a goof (jimi@sngx.net) From 7150fb718ea9678464e9075c1742fc4f5558f503 Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Fri, 24 May 2013 16:11:24 -0500 Subject: [PATCH 004/110] New upstream release: 2.4.0-beta6 Conflicts: cobbler.spec --- cobbler.spec | 11 ++++++----- sources | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 8248985..7725f90 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -8,12 +8,12 @@ Name: cobbler License: GPLv2+ AutoReq: no Version: 2.4.0 -Release: beta5%{?dist} +Release: beta6%{?dist} Source0: http://shenson.fedorapeople.org/cobbler/cobbler-%{version}.tar.gz Group: Applications/System BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot BuildArch: noarch -Url: http://cobbler.github.com/ +Url: http://www.cobblerd.org/ BuildRequires: redhat-rpm-config BuildRequires: git @@ -25,13 +25,13 @@ Requires: httpd Requires: tftp-server Requires: mod_wsgi Requires: createrepo -Requires: python-augeas Requires: python-cheetah Requires: python-netaddr Requires: python-simplejson Requires: python-urlgrabber Requires: PyYAML Requires: rsync +Requires: syslinux %if 0%{?fedora} >= 11 || 0%{?rhel} >= 6 Requires: python(abi) >= %{pyver} @@ -258,8 +258,6 @@ test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT /tftpboot/images %endif -/usr/share/augeas/lenses/cobblersettings.aug - %doc AUTHORS CHANGELOG README COPYING %package -n koan @@ -334,6 +332,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ /var/www/cobbler_webui_content/ %changelog +* Fri May 24 2013 James Cammarata 2.4.0-beta6 +- New BETA release - 2.4.0 beta6 + * Mon Apr 22 2013 James Cammarata 2.4.0-beta5 - A few bugfixes and rebuilding the RPM because of a goof (jimi@sngx.net) diff --git a/sources b/sources index 4896a9f..76a9381 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ede78f714ddf22e54593512c4b25dabc cobbler-2.4.0.tar.gz +8412d444850bd84cd9123749698b403e cobbler-2.4.0.tar.gz From e8cedda572baf48784b5e32a38fb2c03e41e6481 Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Thu, 20 Jun 2013 00:48:31 -0500 Subject: [PATCH 005/110] New upstream release: 2.4.0-1 --- cobbler.spec | 5 +++-- sources | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 815b6a4..22caa51 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -8,7 +8,7 @@ Name: cobbler License: GPLv2+ AutoReq: no Version: 2.4.0 -Release: beta6%{?dist} +Release: 1%{?dist} Source0: http://shenson.fedorapeople.org/cobbler/cobbler-%{version}.tar.gz Group: Applications/System BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot @@ -332,9 +332,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ /var/www/cobbler_webui_content/ %changelog +* Thu Jun 20 2013 James Cammarata 2.4.0-1 +- Release 2.4.0-1 (jimi@sngx.net) * Fri May 24 2013 James Cammarata 2.4.0-beta6 - New BETA release - 2.4.0 beta6 - * Mon Apr 22 2013 James Cammarata 2.4.0-beta5 - A few bugfixes and rebuilding the RPM because of a goof (jimi@sngx.net) diff --git a/sources b/sources index 76a9381..4012368 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8412d444850bd84cd9123749698b403e cobbler-2.4.0.tar.gz +de66765e71d8d64d179b762fae1c9096 cobbler-2.4.0.tar.gz From 874e5f4d4f97cff4d0ee58773bfe1c80d374a9ce Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 22 Apr 2014 09:22:00 -0600 Subject: [PATCH 006/110] Update to 2.4.4 - Drop koan patch applied upstream --- .gitignore | 1 + cobbler-httpd24.patch | 45 ------------------------------------------- cobbler-koan.patch | 21 -------------------- cobbler.spec | 11 +++++------ sources | 2 +- 5 files changed, 7 insertions(+), 73 deletions(-) delete mode 100644 cobbler-httpd24.patch delete mode 100644 cobbler-koan.patch diff --git a/.gitignore b/.gitignore index dc7dd36..5309a6d 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ cobbler-2.0.5.tar.gz /cobbler-2.2.3.tar.gz /cobbler-2.4.0.tar.gz /cobbler-2.4.3.tar.gz +/cobbler-2.4.4.tar.gz diff --git a/cobbler-httpd24.patch b/cobbler-httpd24.patch deleted file mode 100644 index 7528b96..0000000 --- a/cobbler-httpd24.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -up cobbler-2.4.0/config/cobbler.conf.httpd24 cobbler-2.4.0/config/cobbler.conf ---- cobbler-2.4.0/config/cobbler.conf.httpd24 2013-01-08 10:22:56.000000000 +0100 -+++ cobbler-2.4.0/config/cobbler.conf 2013-01-08 10:25:00.000000000 +0100 -@@ -11,8 +11,6 @@ WSGIScriptAliasMatch ^/cblr/svc/([^/]*) - - - Options Indexes FollowSymLinks -- Order allow,deny -- Allow from all - - - ProxyRequests off -@@ -22,13 +20,3 @@ ProxyPassReverse /cobbler_api http://loc - - BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On - --# the webui is now part of the "cobbler-web" package --# and is visited at http://.../cobbler_web not this URL. --# this is only a pointer to the new page. -- -- -- Options Indexes FollowSymLinks -- Order allow,deny -- Allow from all -- -- -diff -up cobbler-2.4.0/config/cobbler_web.conf.httpd24 cobbler-2.4.0/config/cobbler_web.conf ---- cobbler-2.4.0/config/cobbler_web.conf.httpd24 2013-01-08 10:23:22.000000000 +0100 -+++ cobbler-2.4.0/config/cobbler_web.conf 2013-01-08 10:23:25.000000000 +0100 -@@ -8,3 +8,15 @@ RewriteCond %{REQUEST_URI} ^/cobbler_web - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} - - WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi -+ -+ -+ -+ # Apache 2.4 -+ Require all granted -+ -+ -+ Order allow,deny -+ Allow from all -+ -+ -+ diff --git a/cobbler-koan.patch b/cobbler-koan.patch deleted file mode 100644 index e8f1a26..0000000 --- a/cobbler-koan.patch +++ /dev/null @@ -1,21 +0,0 @@ -commit 4d9b1fe2b9d8442525abd9862d6ae4e57f758ace -Author: Orion Poplawski -Date: Mon Apr 21 11:37:53 2014 -0600 - - Fix koan's get_insert_script() - - See https://bugzilla.redhat.com/show_bug.cgi?id=1047350 - -diff --git a/koan/app.py b/koan/app.py -index e0a49dd..195eece 100755 ---- a/koan/app.py -+++ b/koan/app.py -@@ -1195,7 +1195,7 @@ class Koan: - find . | cpio -o -H newc | gzip -9 > ../initrd_final - echo "...done" - fi -- """ % initrd -+ """ % (initrd, initrd) - - #--------------------------------------------------- - diff --git a/cobbler.spec b/cobbler.spec index 186ffd5..41bf449 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -10,13 +10,9 @@ Summary: Boot server configurator Name: cobbler License: GPLv2+ AutoReq: no -Version: 2.4.3 +Version: 2.4.4 Release: 1%{?dist} Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -# Fix koan's get_insert_script() -# https://github.com/cobbler/cobbler/pull/866 -# https://bugzilla.redhat.com/show_bug.cgi?id=1047350 -Patch0: cobbler-koan.patch Group: Applications/System BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot BuildArch: noarch @@ -74,7 +70,6 @@ other applications. %prep %setup -q -%patch0 -p1 %build %{__python2} setup.py build @@ -302,6 +297,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %attr(-,apache,apache) /var/www/cobbler_webui_content/ %changelog +* Tue Apr 22 2014 Orion Poplawski - 2.4.4-1 +- Update to 2.4.4 +- Drop koan patch applied upstream + * Mon Apr 21 2014 Orion Poplawski - 2.4.3-1 - Update to 2.4.3 - Add patch to fix bug #1047350 diff --git a/sources b/sources index 95ce27f..299bb2b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fea66884216cb3851d138118ae0c4c62 cobbler-2.4.3.tar.gz +3fb19873d5d408341ecea489c6f8c276 cobbler-2.4.4.tar.gz From 40cda21513ea2a748f7c119b4c807ce2663ae7d7 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 22 Jun 2015 12:03:55 -0600 Subject: [PATCH 007/110] Cleanup changelog --- cobbler.spec | 6 ------ 1 file changed, 6 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 7076295..54167d9 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -287,12 +287,6 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ * Mon Jun 22 2015 Orion Poplawski - 2.6.9-1 - Update to 2.6.9 -* Wed Jun 17 2015 Fedora Release Engineering - 2.6.8-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Tue May 12 2015 Orion Poplawski - 2.6.8-2 -- Support django 1.8 in Fedora 22+ - * Fri May 8 2015 Orion Poplawski - 2.6.8-1 - Update to 2.6.8 - Backport upstream patch to fix centos version detection (bug #1201879) From a48483fe26eb05215341316c85424979b25bb961 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 21 Jul 2016 11:22:48 -0600 Subject: [PATCH 008/110] Clean changelog --- cobbler.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 651bcff..b3d6322 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -277,9 +277,6 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ * Thu Jul 21 2016 Orion Poplawski - 2.6.11-8.git5680bf8 - Fix handling unknown os variants with osinfo-query -* Tue Jul 19 2016 Fedora Release Engineering - 2.6.11-7.git95749a6 -- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - * Wed Jul 13 2016 Orion Poplawski - 2.6.11-6.git95749a6 - Fix typo in koan/app.py From 64e0c05fd4200c2b85c4d68e6be2bbf536133169 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 21 Jun 2017 11:46:25 -0600 Subject: [PATCH 009/110] Suppress logrotate output --- 1804.patch | 23 +++++++++++++++++++++++ cobbler.spec | 10 +++++++--- 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 1804.patch diff --git a/1804.patch b/1804.patch new file mode 100644 index 0000000..95fe1d2 --- /dev/null +++ b/1804.patch @@ -0,0 +1,23 @@ +From 6759cc1b1834eb6b50b6a3c583fc531d8452eaf0 Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Wed, 21 Jun 2017 11:41:45 -0600 +Subject: [PATCH] Suppress "edirecting to /bin/systemctl condrestart + cobblerd.service" messages from logrotate on systemd systems + +--- + config/cobblerd_rotate | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/config/cobblerd_rotate b/config/cobblerd_rotate +index 2224f6600..17cb10e17 100644 +--- a/config/cobblerd_rotate ++++ b/config/cobblerd_rotate +@@ -4,7 +4,7 @@ + rotate 4 + weekly + postrotate +- /sbin/service cobblerd condrestart > /dev/null ++ /sbin/service cobblerd condrestart > /dev/null 2>&1 + endscript + } + diff --git a/cobbler.spec b/cobbler.spec index 50b02b0..c8a14b3 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -11,13 +11,15 @@ Name: cobbler Version: 2.8.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz # Upstream patch to fix module loading Patch0: https://github.com/cobbler/cobbler/commit/0f5330c9cd9250450bb04b680aadc6e142fc19d1.patch +# Suppress logrotate output +Patch1: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/1804.patch BuildRequires: git BuildRequires: python2-devel @@ -101,8 +103,7 @@ of an existing system. For use with a boot-server configured with Cobbler %prep -%setup -q -%patch0 -p1 +%autosetup -p1 %build %py2_build @@ -247,6 +248,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 +- Suppress logrotate output + * Mon Jun 12 2017 Orion Poplawski - 2.8.1-2 - Fix module loading From 708c34790c770c1c33495ecc28c115258e4cc25d Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Mon, 28 May 2018 12:44:38 +0200 Subject: [PATCH 010/110] Squashed commit of the following: commit a340d23ce3ac25f678f0d7a9ee165cbc2c0bc687 Author: Orion Poplawski Date: Wed Feb 21 16:47:14 2018 -0700 Really fix django requires for Fedora 28+ commit ed3dc22bcaa45eddd569990aba7eefa1ca9300a6 Author: Nicolas Chauvet Date: Mon May 28 12:17:42 2018 +0200 Update to 2.8.3 security bugfix commit e7675c9ffa0021f358050c30cee2745b600e42f2 Author: Orion Poplawski Date: Tue Feb 20 14:32:47 2018 -0700 Fix django requires for Fedora 28+ commit 382b85b7b9321b7ad9936a9f7693b5efa76bd81d Author: Igor Gnatenko Date: Fri Feb 9 09:04:14 2018 +0100 Escape macros in %changelog Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/ Signed-off-by: Igor Gnatenko commit 7d7612ed31c66f53ddb1a0059a93c7dc45896765 Author: Fedora Release Engineering Date: Wed Feb 7 05:17:15 2018 +0000 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering commit 7c672d424e00e4a663c6e97ef19bd304b6e5b64e Author: Iryna Shcherbina Date: Tue Feb 6 22:36:11 2018 +0100 Update Python 2 dependency declarations to new packaging standards --- .gitignore | 1 + cobbler.spec | 59 ++++++++++++++++++++++++++++++++++------------------ sources | 2 +- 3 files changed, 41 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index a72cbbf..e5d9c17 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ cobbler-2.0.5.tar.gz /cobbler-2.8.0.tar.gz /cobbler-2.8.1.tar.gz /cobbler-2.8.2.tar.gz +/cobbler-2.8.3.tar.gz diff --git a/cobbler.spec b/cobbler.spec index 0d38792..f12c32a 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -10,7 +10,7 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 2.8.2 +Version: 2.8.3 Release: 1%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ @@ -19,19 +19,19 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/% BuildRequires: git BuildRequires: python2-devel -BuildRequires: PyYAML -BuildRequires: python-cheetah -BuildRequires: python-setuptools +BuildRequires: python2-pyyaml +BuildRequires: python2-cheetah +BuildRequires: python2-setuptools Requires: httpd Requires: tftp-server -Requires: mod_wsgi +Requires: python2-mod_wsgi Requires: createrepo -Requires: python-cheetah -Requires: python-netaddr -Requires: python-simplejson -Requires: python-urlgrabber -Requires: PyYAML +Requires: python2-cheetah +Requires: python2-netaddr +Requires: python2-simplejson +Requires: python2-urlgrabber +Requires: python2-pyyaml Requires: rsync # syslinux is only available on x86 %ifarch %{ix86} x86_64 @@ -71,12 +71,12 @@ Summary: Web interface for Cobbler Group: Applications/System BuildArch: noarch Requires: cobbler -%if 0%{?fedora} || 0%{?rhel} >= 7 -Requires: python-django +%if 0%{?fedora} >= 28 +Requires: python2-django1.11 %else -Requires: Django >= 1.4 +Requires: python2-django %endif -Requires: mod_wsgi +Requires: python2-mod_wsgi Requires: mod_ssl Requires(post): openssl @@ -89,7 +89,7 @@ http://server/cobbler_web to configure the install server. Summary: Helper tool that performs cobbler orders on remote machines Group: Applications/System BuildArch: noarch -Requires: python-simplejson +Requires: python2-simplejson Requires: virt-install %description -n koan @@ -244,6 +244,25 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 +- Update to 2.8.3 - security bugfix + +* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6 +- Really fix django requires for Fedora 28+ + +* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 +- Fix django requires for Fedora 28+ + +* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + * Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 - Update to 2.8.2 @@ -840,7 +859,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ by Simon Woolsgrove (jorgen.maas@gmail.com) - Fix for koan, where vmwcreate.py was not updated to accept the network type, causing failures. (jimi@sngx.net) -- Added a %post section for the cobbler-web package, which replaces the +- Added a %%post section for the cobbler-web package, which replaces the SECRET_KEY field in the Django settings.py with a random string (jimi@sngx.net) - BUGFIX: added sign_puppet_certs_automatically to settings.py. The fact that @@ -1187,7 +1206,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ (gregswift@gmail.com) - New cleanup at the top negates the need for this table entry (gregswift@gmail.com) -- Removed the body height to 99%. Was doing this for sticky footer, but +- Removed the body height to 99%%. Was doing this for sticky footer, but current path says its not needed (gregswift@gmail.com) - Added some windows and mac default fonts Made the body relative, supposed to help with the layout Set text color to slightly off black.. was told there is @@ -1598,8 +1617,8 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ - Move kickstart_done and kickstart_start out of kickgen.py and into their own snippets. This also adds support for VMware ESX triggers and magic urls by checking for the "vmware" breed and then using curl when that's all thats - available vs wget. VMware's installer makes wget available during the %pre - section but only curl is around following install at %post time. Yay! I've + available vs wget. VMware's installer makes wget available during the %%pre + section but only curl is around following install at %%post time. Yay! I've also updated the sample kickstarts to use $SNIPPET('kickstart_done') and $SNIPPET('kickstart_start') (jonathan.sabo@gmail.com) - No more getting confused between otype and obj_type (shenson@redhat.com) @@ -1712,7 +1731,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ - When adding in distros/profiles from disk don't bomb out if missing kernel or ramdisk. just don't add it. (bpeck@redhat.com) - add X log to anamon tracking as well. (bpeck@redhat.com) -- Added new remote method clear_logs. Clearing console and anamon logs in %pre +- Added new remote method clear_logs. Clearing console and anamon logs in %%pre is too late if the install never happens. (bpeck@redhat.com) - fixes /var/www/cobbler/svc/services.py to canonicalize the uri before parsing it. This fixes a regression with mod_wsgi enabled and trying to provision a diff --git a/sources b/sources index e8f67cf..24439e7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-2.8.2.tar.gz) = 44497fa47d51c5f472aac8c6e670d01c7299741e04679d6f82653febe6ef47567e646017b0e188ad0e31347ef804a8bc32704b55fdd44dfbd74e1d7d4983f01c +SHA512 (cobbler-2.8.3.tar.gz) = c83656bad9b1b1982b22cf4e370f3fbf4b90b20c932e2ef494c00acfb7365045ce756ec7857c8b707764ca70bcefa6d2c415297b640cec52e2b92ae8fd32d4ff From 741c25f506ca894569f4584de71ed979d594ea0a Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Mon, 28 May 2018 14:33:17 +0200 Subject: [PATCH 011/110] Squashed commit of the following: commit 61179e935d5ce5dc4ca3bb255370ad6be18df13c Author: Nicolas Chauvet Date: Mon May 28 14:18:15 2018 +0200 Update changelog commit 38dd02fc84f0b665866640fd802f90e88e055378 Author: Nicolas Chauvet Date: Mon May 28 14:17:16 2018 +0200 Restore mergeability with epel7 commit a340d23ce3ac25f678f0d7a9ee165cbc2c0bc687 Author: Orion Poplawski Date: Wed Feb 21 16:47:14 2018 -0700 Really fix django requires for Fedora 28+ commit ed3dc22bcaa45eddd569990aba7eefa1ca9300a6 Author: Nicolas Chauvet Date: Mon May 28 12:17:42 2018 +0200 Update to 2.8.3 security bugfix commit e7675c9ffa0021f358050c30cee2745b600e42f2 Author: Orion Poplawski Date: Tue Feb 20 14:32:47 2018 -0700 Fix django requires for Fedora 28+ commit 382b85b7b9321b7ad9936a9f7693b5efa76bd81d Author: Igor Gnatenko Date: Fri Feb 9 09:04:14 2018 +0100 Escape macros in %changelog Reference: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Y2ZUKK2B7T2IKXPMODNF6HB2O5T5TS6H/ Signed-off-by: Igor Gnatenko commit 7d7612ed31c66f53ddb1a0059a93c7dc45896765 Author: Fedora Release Engineering Date: Wed Feb 7 05:17:15 2018 +0000 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering commit 7c672d424e00e4a663c6e97ef19bd304b6e5b64e Author: Iryna Shcherbina Date: Tue Feb 6 22:36:11 2018 +0100 Update Python 2 dependency declarations to new packaging standards --- cobbler.spec | 53 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index f12c32a..c8280ce 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -11,7 +11,7 @@ Name: cobbler Version: 2.8.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ @@ -19,20 +19,35 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/% BuildRequires: git BuildRequires: python2-devel +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 BuildRequires: python2-pyyaml BuildRequires: python2-cheetah BuildRequires: python2-setuptools +%else +BuildRequires: PyYAML +BuildRequires: python-cheetah +BuildRequires: python-setuptools +%endif Requires: httpd Requires: tftp-server -Requires: python2-mod_wsgi Requires: createrepo +Requires: rsync +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +Requires: python2-mod_wsgi Requires: python2-cheetah Requires: python2-netaddr Requires: python2-simplejson Requires: python2-urlgrabber Requires: python2-pyyaml -Requires: rsync +%else +Requires: mod_wsgi +Requires: python-cheetah +Requires: python-netaddr +Requires: python-simplejson +Requires: python-urlgrabber +Requires: PyYAML +%endif # syslinux is only available on x86 %ifarch %{ix86} x86_64 Requires: syslinux @@ -71,12 +86,13 @@ Summary: Web interface for Cobbler Group: Applications/System BuildArch: noarch Requires: cobbler -%if 0%{?fedora} >= 28 +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 Requires: python2-django1.11 -%else -Requires: python2-django -%endif Requires: python2-mod_wsgi +%else +Requires: Django > 1.6 +Requires: mod_wsgi +%endif Requires: mod_ssl Requires(post): openssl @@ -89,7 +105,11 @@ http://server/cobbler_web to configure the install server. Summary: Helper tool that performs cobbler orders on remote machines Group: Applications/System BuildArch: noarch +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 Requires: python2-simplejson +%else +Requires: python-simplejson +%endif Requires: virt-install %description -n koan @@ -244,6 +264,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2 +- Restore mergeability with epel7 + * Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 - Update to 2.8.3 - security bugfix @@ -266,6 +289,22 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ * Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 - Update to 2.8.2 +* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 +- Fix django requires for Fedora 28+ + +* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 +- Update to 2.8.2 + * Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 - Suppress logrotate output From 14f10e29ceba88b8963f680359d905b31db08d6e Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Mon, 28 May 2018 14:39:37 +0200 Subject: [PATCH 012/110] Fix merge for epel7 --- cobbler.spec | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index c8280ce..b1fe96d 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -289,22 +289,6 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ * Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 - Update to 2.8.2 -* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 -- Fix django requires for Fedora 28+ - -* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 -- Update Python 2 dependency declarations to new packaging standards - (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - -* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 -- Update to 2.8.2 - * Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 - Suppress logrotate output From 4304822915c2e4dc45eac988c7e25b6b1c508f4b Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Fri, 30 Aug 2019 16:51:44 +0200 Subject: [PATCH 013/110] Update to 3.0.0 --- cobbler.spec | 163 +++++++++++++++++---------------------------------- sources | 2 +- 2 files changed, 55 insertions(+), 110 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index df1242e..6ad5995 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,62 +6,50 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 2.8.5 -Release: 0.1%{?dist} +Version: 3.0.0 +Release: 1%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: git -BuildRequires: /usr/bin/pathfix.py -BuildRequires: python2-devel -BuildRequires: python2-pyyaml -BuildRequires: python2-setuptools -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 -BuildRequires: python2-cheetah -%else -BuildRequires: python-cheetah -%endif +BuildRequires: python3-devel +BuildRequires: python3-pyyaml +BuildRequires: python3-setuptools +BuildRequires: python3-cheetah Requires: httpd Requires: tftp-server Requires: createrepo Requires: rsync -Requires: python2-simplejson -Requires: python2-pyyaml -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 -Requires: python2-mod_wsgi -Requires: python2-cheetah -Requires: python2-netaddr -Requires: python2-urlgrabber -%else -Requires: mod_wsgi -Requires: python-cheetah -Requires: python-netaddr -Requires: python-urlgrabber -%endif +Requires: python3-simplejson +Requires: python3-pyyaml +Requires: python3-mod_wsgi +Requires: python3-cheetah +Requires: python3-netaddr +Requires: python3-urlgrabber + # syslinux is only available on x86 %ifarch %{ix86} x86_64 Requires: syslinux %endif Requires: genisoimage -%if 0%{?fedora} +%if 0%{?fedora} || 0%{?rhel} >= 7 Requires: dnf-plugins-core %else Requires: yum-utils %endif -%if 0%{?fedora} || 0%{?rhel} >= 7 + BuildRequires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd -%else -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/chkconfig -Requires(preun): /sbin/service -%endif + +# koan is not yet available - to be re-introduced later ? +# https://github.com/cobbler/cobbler/issues/2087 +Obsoletes: koan < 3.0.0-1 %description Cobbler is a network install server. Cobbler supports PXE, ISO @@ -77,19 +65,9 @@ other applications. %package -n cobbler-web Summary: Web interface for Cobbler BuildArch: noarch -Requires: cobbler -%if 0%{?fedora} >= 28 -Requires: python2-django1.11 -%endif -%if 0%{?el7} -Requires: python2-django -%endif -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 -Requires: python2-mod_wsgi -%else -Requires: Django > 1.6 -Requires: mod_wsgi -%endif +Requires: cobbler = %{version}-%{release} +Requires: python3-django +Requires: python3-mod_wsgi Requires: mod_ssl Requires(post): openssl @@ -98,62 +76,50 @@ Web interface for Cobbler that allows visiting http://server/cobbler_web to configure the install server. +%if 0 %package -n koan Summary: Helper tool that performs cobbler orders on remote machines BuildArch: noarch -Requires: python2-simplejson -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 -Requires: python2-ethtool -Requires: python2-urlgrabber -%else -Requires: python-ethtool -Requires: python-urlgrabber -%endif +Requires: python3-simplejson +Requires: python3-ethtool +Requires: python3-urlgrabber Requires: virt-install %description -n koan Koan stands for kickstart-over-a-network and allows for both network installation of new virtualized guests and reinstallation of an existing system. For use with a boot-server configured with Cobbler +%endif %prep %autosetup -p1 -pathfix.py -pni "%{__python2} %{py2_shbang_opts}" . %build -%py2_build +%py3_build %install -%py2_install +# bypass install errors ( don't chown in install step) +%py3_install ||: # cobbler -rm $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobbler.conf +rm %{buildroot}%{_sysconfdir}/cobbler/cobbler.conf -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d -mv $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd_rotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/cobblerd +mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d +mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd_rotate %{buildroot}%{_sysconfdir}/logrotate.d/cobblerd # Create data directories in tftp_dir -mkdir -p $RPM_BUILD_ROOT%{tftp_dir}/{boot,etc,grub,images{,2},ppc,pxelinux.cfg,s390x} +mkdir -p %{buildroot}%{tftp_dir}/{boot,etc,grub,images{,2},ppc,pxelinux.cfg,s390x} -%if 0%{?rhel} == 6 -# sysvinit -mkdir -p %{_sysconfdir}/init.d -mv $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/cobblerd -rm $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd.service -%else # systemd -rm $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd -rm $RPM_BUILD_ROOT%{_sysconfdir}/init.d/cobblerd -mkdir -p $RPM_BUILD_ROOT%{_unitdir} -mv $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd.service $RPM_BUILD_ROOT%{_unitdir} -%endif +mkdir -p %{buildroot}%{_unitdir} +mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd.service %{buildroot}%{_unitdir} # cobbler-web -rm $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobbler_web.conf +rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf # koan -mkdir -p $RPM_BUILD_ROOT/var/spool/koan +mkdir -p %{buildroot}/var/spool/koan %pre @@ -173,30 +139,6 @@ if (( $1 >= 2 )); then fi fi - -%if 0%{?rhel} == 6 -%post -# package install -if (( $1 == 1 )); then - /sbin/chkconfig --add cobblerd > /dev/null 2>&1 - /etc/init.d/cobblerd start > /dev/null 2>&1 - /etc/init.d/httpd restart > /dev/null 2>&1 -fi -%preun -# before last package is removed -if (( $1 == 0 )); then - /sbin/chkconfig --del cobblerd > /dev/null 2>&1 - /etc/init.d/cobblerd stop > /dev/null 2>&1 -fi -%postun -# after last package is removed -if (( $1 == 0 )); then - /etc/init.d/httpd condrestart > /dev/null 2>&1 -fi -%endif - - -%if 0%{?fedora} || 0%{?rhel} >= 7 %post %systemd_post cobblerd.service @@ -205,7 +147,6 @@ fi %postun %systemd_postun_with_restart cobblerd.service -%endif %post -n cobbler-web # Change the SECRET_KEY option in the Django settings.py file @@ -216,7 +157,8 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %files %license COPYING -%doc AUTHORS README.md docs/README.openvz docs/README.mysql +%doc AUTHORS.in README.md +%doc docs/developer-guide.rst docs/quickstart-guide.rst docs/installation-guide.rst %config(noreplace) %{_sysconfdir}/cobbler %config(noreplace) %{_sysconfdir}/logrotate.d/cobblerd %config(noreplace) /etc/httpd/conf.d/cobbler.conf @@ -224,14 +166,12 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %{_bindir}/cobbler-ext-nodes %{_bindir}/cobblerd %{_sbindir}/tftpd.py +%dir %{_datadir}/cobbler +%{_datadir}/cobbler/bin %{_mandir}/man1/cobbler.1* -%{python2_sitelib}/cobbler/ -%{python2_sitelib}/cobbler*.egg-info -%if 0%{?fedora} || 0%{?rhel} >= 7 +%{python3_sitelib}/cobbler/ +%{python3_sitelib}/cobbler*.egg-info %{_unitdir}/cobblerd.service -%else -/etc/init.d/cobblerd -%endif %{tftp_dir}/* /var/www/cobbler %config(noreplace) /var/lib/cobbler @@ -240,12 +180,13 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %files -n cobbler-web %license COPYING -%doc AUTHORS README.md +%doc AUTHORS.in README.md %config(noreplace) /etc/httpd/conf.d/cobbler_web.conf %attr(-,apache,apache) /usr/share/cobbler/web %dir %attr(700,apache,root) /var/lib/cobbler/webui_sessions %attr(-,apache,apache) /var/www/cobbler_webui_content/ +%if 0 %files -n koan %license COPYING %doc AUTHORS README.md @@ -254,16 +195,20 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %{_bindir}/ovz-install %{_mandir}/man1/koan.1* %{_mandir}/man1/cobbler-register.1* -%{python2_sitelib}/koan/ -%exclude %{python2_sitelib}/koan/sub_process.py* -%exclude %{python2_sitelib}/koan/opt_parse.py* -%exclude %{python2_sitelib}/koan/text_wrap.py* +%{python3_sitelib}/koan/ +%exclude %{python3_sitelib}/koan/sub_process.py* +%exclude %{python3_sitelib}/koan/opt_parse.py* +%exclude %{python3_sitelib}/koan/text_wrap.py* /var/lib/koan /var/log/koan /var/spool/koan +%endif %changelog +* Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 +- Update to 3.0.0 + * Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 - Update to 2.8.5 - pre-release diff --git a/sources b/sources index 5301563..0d6c9a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-2.8.5.tar.gz) = 6097618b6ad394f23f496eee14a74a334162b2d420c39059bf54472a44b4a6a645faf9ee50139f7c169503d34524489282b03a2f7318ca8b276745cc518567a7 +SHA512 (cobbler-3.0.0.tar.gz) = 80d0010a02a8ca6c3ed6fc06e2b2ddf58f033c8a86ee7fd85280ace44f56239102603aad1a6968bfbd76798e23916811b44944d63eb941c88e4dd09ea5210abf From be40789b901f3b6424ce9795d7023f2373334232 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 3 Sep 2019 13:59:12 +0200 Subject: [PATCH 014/110] Add python3-tornado - rhbz#1061907 --- cobbler.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/cobbler.spec b/cobbler.spec index 6ad5995..c9ae862 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -29,6 +29,7 @@ Requires: python3-mod_wsgi Requires: python3-cheetah Requires: python3-netaddr Requires: python3-urlgrabber +Requires: python3-tornado # syslinux is only available on x86 %ifarch %{ix86} x86_64 From 8c8742f9b209a4000fb7c4b9b540e031c8fd69e9 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Mon, 9 Sep 2019 10:17:50 +0200 Subject: [PATCH 015/110] Update to 3.0.1 --- cobbler.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index c9ae862..ba16f66 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.0.0 +Version: 3.0.1 Release: 1%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ @@ -207,6 +207,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 +- Update to 3.0.1 + * Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 - Update to 3.0.0 diff --git a/sources b/sources index 0d6c9a1..89303fe 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.0.0.tar.gz) = 80d0010a02a8ca6c3ed6fc06e2b2ddf58f033c8a86ee7fd85280ace44f56239102603aad1a6968bfbd76798e23916811b44944d63eb941c88e4dd09ea5210abf +SHA512 (cobbler-3.0.1.tar.gz) = 932141615aaa9a6b2bde479c3f50bf422762010cea5572f88d78685fb5280f387437d374f48ea2a9f355f3da8d9be83eddb3b7a72c49b1800cfa04b577e81720 From 0906ca93e286be7d69a1095c7a7c33b27df61f12 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Mon, 9 Sep 2019 10:19:05 +0200 Subject: [PATCH 016/110] Remove source file --- cobblerd.service | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 cobblerd.service diff --git a/cobblerd.service b/cobblerd.service deleted file mode 100644 index 0df27d9..0000000 --- a/cobblerd.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Cobbler Helper Daemon -After=syslog.target network.target - -[Service] -Type=oneshot -ExecStart=/usr/bin/cobblerd -RemainAfterExit=yes -PrivateTmp=yes - -[Install] -WantedBy=multi-user.target - From a015a1c26e6a560af1b745553ad3c2183bbe8d39 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 10 Sep 2019 15:25:54 +0200 Subject: [PATCH 017/110] Add python3 future and re-order --- cobbler.spec | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index ba16f66..440bba6 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -15,21 +15,23 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/% BuildRequires: git BuildRequires: python3-devel +BuildRequires: python3-cheetah +BuildRequires: python3-future BuildRequires: python3-pyyaml BuildRequires: python3-setuptools -BuildRequires: python3-cheetah Requires: httpd Requires: tftp-server Requires: createrepo Requires: rsync -Requires: python3-simplejson -Requires: python3-pyyaml -Requires: python3-mod_wsgi Requires: python3-cheetah +Requires: python3-future +Requires: python3-mod_wsgi Requires: python3-netaddr -Requires: python3-urlgrabber +Requires: python3-pyyaml +Requires: python3-simplejson Requires: python3-tornado +Requires: python3-urlgrabber # syslinux is only available on x86 %ifarch %{ix86} x86_64 From 6e7187fa0a20d50511654a1bbdb72f8fd386b106 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 17 Sep 2019 13:54:30 +0200 Subject: [PATCH 018/110] Add https --- cobbler.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 440bba6..0ba8544 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -9,7 +9,7 @@ Name: cobbler Version: 3.0.1 Release: 1%{?dist} Summary: Boot server configurator -URL: http://cobbler.github.io/ +URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz From b4d4215db35f1df716acc1a718e64a7c57ed2186 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 10 Sep 2019 15:51:36 +0200 Subject: [PATCH 019/110] Add missing BR --- cobbler.spec | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cobbler.spec b/cobbler.spec index 0ba8544..cc4ceec 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -16,9 +16,14 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/% BuildRequires: git BuildRequires: python3-devel BuildRequires: python3-cheetah +BuildRequires: python3-coverage +BuildRequires: python3-distro BuildRequires: python3-future +BuildRequires: python3-netaddr BuildRequires: python3-pyyaml +BuildRequires: python3-requests BuildRequires: python3-setuptools +BuildRequires: python3-simplejson Requires: httpd Requires: tftp-server From ce3617316ff3e543e9eae7ec27ac6e6298794c47 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 10 Sep 2019 16:04:42 +0200 Subject: [PATCH 020/110] Fixup rhel7 requires --- cobbler.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index cc4ceec..6225d35 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -44,7 +44,7 @@ Requires: syslinux %endif Requires: genisoimage -%if 0%{?fedora} || 0%{?rhel} >= 7 +%if 0%{?fedora} || 0%{?rhel} > 7 Requires: dnf-plugins-core %else Requires: yum-utils From 9bdab009e7a34b32d14d86281b2387724059d7c4 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 10 Sep 2019 16:23:45 +0200 Subject: [PATCH 021/110] Avoid to obsoletes on el8 --- cobbler.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cobbler.spec b/cobbler.spec index 6225d35..4d45b92 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -57,7 +57,10 @@ Requires(postun): systemd # koan is not yet available - to be re-introduced later ? # https://github.com/cobbler/cobbler/issues/2087 +# Avoid to obsoletes koan in EL8 (from modules) +%if 0%{?fedora} Obsoletes: koan < 3.0.0-1 +%endif %description Cobbler is a network install server. Cobbler supports PXE, ISO From 0cd7658cf6cc7417a0ec63a2336b4206da31912b Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 10 Sep 2019 16:25:38 +0200 Subject: [PATCH 022/110] cobbler is truly a noarch package --- cobbler.spec | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 4d45b92..853fa28 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -1,5 +1,3 @@ -%global debug_package %{nil} - %global tftp_dir /var/lib/tftpboot/ %global commit0 f78af86a963b099d1e22586b24aedff9062da9c1 @@ -12,6 +10,7 @@ Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +BuildArch: noarch BuildRequires: git BuildRequires: python3-devel @@ -38,14 +37,11 @@ Requires: python3-simplejson Requires: python3-tornado Requires: python3-urlgrabber -# syslinux is only available on x86 -%ifarch %{ix86} x86_64 -Requires: syslinux -%endif - Requires: genisoimage %if 0%{?fedora} || 0%{?rhel} > 7 Requires: dnf-plugins-core +# syslinux is only available on x86 +Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) %else Requires: yum-utils %endif @@ -75,7 +71,6 @@ other applications. %package -n cobbler-web Summary: Web interface for Cobbler -BuildArch: noarch Requires: cobbler = %{version}-%{release} Requires: python3-django Requires: python3-mod_wsgi From b60ad4d5af64680d1a8864030487291aa61b58d7 Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 10 Sep 2019 17:22:39 +0200 Subject: [PATCH 023/110] Exclude mongodb serializer - optional alpha state plugin --- cobbler.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cobbler.spec b/cobbler.spec index 853fa28..0423e16 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -24,6 +24,8 @@ BuildRequires: python3-requests BuildRequires: python3-setuptools BuildRequires: python3-simplejson +%global __requires_exclude_from ^%{python3_sitelib}/modules/serializer_mongodb.py*$ + Requires: httpd Requires: tftp-server Requires: createrepo From 280ff18862b743c8d5100c2d1f106fcf2adf427e Mon Sep 17 00:00:00 2001 From: Nicolas Chauvet Date: Tue, 17 Sep 2019 16:37:42 +0200 Subject: [PATCH 024/110] Add patch for tftp_boot location --- Set-the-default-tftp_boot-location.patch | 42 ++++++++++++++++++++++++ cobbler.spec | 2 ++ 2 files changed, 44 insertions(+) create mode 100644 Set-the-default-tftp_boot-location.patch diff --git a/Set-the-default-tftp_boot-location.patch b/Set-the-default-tftp_boot-location.patch new file mode 100644 index 0000000..ba2e839 --- /dev/null +++ b/Set-the-default-tftp_boot-location.patch @@ -0,0 +1,42 @@ +From 311c4161a638e91138939d806c3c7989fdd16fbc Mon Sep 17 00:00:00 2001 +From: Nicolas Chauvet +Date: Tue, 17 Sep 2019 16:35:07 +0200 +Subject: [PATCH] Set the default tftp_boot location + +Signed-off-by: Nicolas Chauvet +--- + cobbler/settings.py | 2 +- + config/cobbler/settings | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/cobbler/settings.py b/cobbler/settings.py +index b97b11f1..dd14b3a7 100644 +--- a/cobbler/settings.py ++++ b/cobbler/settings.py +@@ -131,7 +131,7 @@ DEFAULTS = { + "sign_puppet_certs_automatically": [0, "bool"], + "signature_path": ["/var/lib/cobbler/distro_signatures.json", "str"], + "signature_url": ["https://cobbler.github.io/signatures/3.0.x/latest.json", "str"], +- "tftpboot_location": ["/srv/tftpboot", "str"], ++ "tftpboot_location": ["/var/lib/tftpboot", "str"], + "virt_auto_boot": [0, "bool"], + "webdir": ["/var/www/cobbler", "str"], + "webdir_whitelist": [".link_cache", "misc", "distro_mirror", "images", "links", "localmirror", "pub", "rendered", "repo_mirror", "repo_profile", "repo_system", "svc", "web", "webui"], +diff --git a/config/cobbler/settings b/config/cobbler/settings +index 169910c8..4fbd4ad1 100644 +--- a/config/cobbler/settings ++++ b/config/cobbler/settings +@@ -246,8 +246,8 @@ manage_tftpd: 1 + + # This variable contains the location of the tftpboot directory. If this directory is not present cobbler does not + # start. +-# Default: /srv/tftpboot +-tftpboot_location: "/srv/tftpboot" ++# Default: /var/lib/tftpboot ++tftpboot_location: "/var/lib/tftpboot" + + # set to 1 to enable Cobbler's RSYNC management features. + manage_rsync: 0 +-- +2.20.1 + diff --git a/cobbler.spec b/cobbler.spec index 0423e16..d8bcfaa 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -10,6 +10,8 @@ Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +# Distro specific patch - tftp default location +Patch0: Set-the-default-tftp_boot-location.patch BuildArch: noarch BuildRequires: git From 4cf006ccde69d8c96bd1dab82c2a9ddf409c69a6 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 8 Oct 2019 21:14:00 -0600 Subject: [PATCH 025/110] Fix requires (requests instead of urlgrabber) Fix BR for EL8 --- cobbler.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index d8bcfaa..376a16e 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.0.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -17,7 +17,7 @@ BuildArch: noarch BuildRequires: git BuildRequires: python3-devel BuildRequires: python3-cheetah -BuildRequires: python3-coverage +BuildRequires: %{py3_dist coverage} BuildRequires: python3-distro BuildRequires: python3-future BuildRequires: python3-netaddr @@ -37,9 +37,9 @@ Requires: python3-future Requires: python3-mod_wsgi Requires: python3-netaddr Requires: python3-pyyaml +Requires: python3-requests Requires: python3-simplejson Requires: python3-tornado -Requires: python3-urlgrabber Requires: genisoimage %if 0%{?fedora} || 0%{?rhel} > 7 @@ -216,6 +216,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 +- Fix requires (requests instead of urlgrabber) +- Fix BR for EL8 + * Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 - Update to 3.0.1 From cc56685952dd5ff8471fbd0ad98ae5c1f64d21b8 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 10 Oct 2019 18:22:53 -0600 Subject: [PATCH 026/110] Require /sbin/service --- cobbler.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index df1242e..0ed81b3 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,7 +7,7 @@ Name: cobbler Version: 2.8.5 -Release: 0.1%{?dist} +Release: 0.2%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ @@ -52,6 +52,8 @@ Requires: dnf-plugins-core %else Requires: yum-utils %endif +# https://github.com/cobbler/cobbler/issues/1685 +Requires: /sbin/service %if 0%{?fedora} || 0%{?rhel} >= 7 BuildRequires: systemd Requires(post): systemd @@ -109,6 +111,7 @@ Requires: python2-urlgrabber Requires: python-ethtool Requires: python-urlgrabber %endif +Requires: /sbin/service Requires: virt-install %description -n koan @@ -264,6 +267,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Thu Oct 10 2019 Orion Poplawski - 2.8.5-0.2 +- Require /sbin/service + * Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 - Update to 2.8.5 - pre-release From d74548059391c585dcb9245c95058b520806c2e3 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 10 Oct 2019 20:15:14 -0600 Subject: [PATCH 027/110] Require /sbin/service --- cobbler.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 376a16e..3951b8f 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.0.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -49,6 +49,8 @@ Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) %else Requires: yum-utils %endif +# https://github.com/cobbler/cobbler/issues/1685 +Requires: /sbin/service BuildRequires: systemd Requires(post): systemd @@ -216,6 +218,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 +- Require /sbin/service + * Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 - Fix requires (requests instead of urlgrabber) - Fix BR for EL8 From b3db39dbee5501ac3c886e46e669be180f6da381 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 14 Oct 2019 19:53:47 -0600 Subject: [PATCH 028/110] Require python2-iptables --- cobbler.spec | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 0ed81b3..a7ff0a3 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,7 +7,7 @@ Name: cobbler Version: 2.8.5 -Release: 0.2%{?dist} +Release: 0.3%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ @@ -18,7 +18,7 @@ BuildRequires: /usr/bin/pathfix.py BuildRequires: python2-devel BuildRequires: python2-pyyaml BuildRequires: python2-setuptools -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +%if 0%{?fedora} || 0%{?rhel} > 7 BuildRequires: python2-cheetah %else BuildRequires: python-cheetah @@ -30,7 +30,7 @@ Requires: createrepo Requires: rsync Requires: python2-simplejson Requires: python2-pyyaml -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +%if 0%{?fedora} || 0%{?rhel} > 7 Requires: python2-mod_wsgi Requires: python2-cheetah Requires: python2-netaddr @@ -80,13 +80,15 @@ other applications. Summary: Web interface for Cobbler BuildArch: noarch Requires: cobbler -%if 0%{?fedora} >= 28 +%if 0%{?fedora} Requires: python2-django1.11 +Requires: python2-ipaddress %endif %if 0%{?el7} Requires: python2-django +Requires: python-ipaddress %endif -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +%if 0%{?fedora} || 0%{?rhel} > 7 Requires: python2-mod_wsgi %else Requires: Django > 1.6 @@ -104,7 +106,7 @@ http://server/cobbler_web to configure the install server. Summary: Helper tool that performs cobbler orders on remote machines BuildArch: noarch Requires: python2-simplejson -%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +%if 0%{?fedora} || 0%{?rhel} > 7 Requires: python2-ethtool Requires: python2-urlgrabber %else @@ -267,6 +269,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Mon Oct 14 2019 Orion Poplawski - 2.8.5-0.3 +- Require python2-iptables + * Thu Oct 10 2019 Orion Poplawski - 2.8.5-0.2 - Require /sbin/service From 3fffbe1bfc64d6584722cfe69d6734228fd1ae29 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 14 Oct 2019 20:01:17 -0600 Subject: [PATCH 029/110] Fix changelog --- cobbler.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index a7ff0a3..17b016e 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -270,7 +270,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog * Mon Oct 14 2019 Orion Poplawski - 2.8.5-0.3 -- Require python2-iptables +- Require python2-ipaddress * Thu Oct 10 2019 Orion Poplawski - 2.8.5-0.2 - Require /sbin/service From 7a96e69917c81cb123d96258b67c8413825b4d4e Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 22 Oct 2019 21:28:55 -0600 Subject: [PATCH 030/110] Drop koan completely, including obsoletes. It is a separate package now. --- cobbler.spec | 49 ++++--------------------------------------------- 1 file changed, 4 insertions(+), 45 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 3951b8f..d678a16 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.0.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -57,13 +57,6 @@ Requires(post): systemd Requires(preun): systemd Requires(postun): systemd -# koan is not yet available - to be re-introduced later ? -# https://github.com/cobbler/cobbler/issues/2087 -# Avoid to obsoletes koan in EL8 (from modules) -%if 0%{?fedora} -Obsoletes: koan < 3.0.0-1 -%endif - %description Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. @@ -88,22 +81,6 @@ Web interface for Cobbler that allows visiting http://server/cobbler_web to configure the install server. -%if 0 -%package -n koan -Summary: Helper tool that performs cobbler orders on remote machines -BuildArch: noarch -Requires: python3-simplejson -Requires: python3-ethtool -Requires: python3-urlgrabber -Requires: virt-install - -%description -n koan -Koan stands for kickstart-over-a-network and allows for both -network installation of new virtualized guests and reinstallation -of an existing system. For use with a boot-server configured with Cobbler -%endif - - %prep %autosetup -p1 @@ -130,9 +107,6 @@ mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd.service %{buildroot}%{_unitdir} # cobbler-web rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf -# koan -mkdir -p %{buildroot}/var/spool/koan - %pre if (( $1 >= 2 )); then @@ -198,26 +172,11 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %dir %attr(700,apache,root) /var/lib/cobbler/webui_sessions %attr(-,apache,apache) /var/www/cobbler_webui_content/ -%if 0 -%files -n koan -%license COPYING -%doc AUTHORS README.md -%{_bindir}/cobbler-register -%{_bindir}/koan -%{_bindir}/ovz-install -%{_mandir}/man1/koan.1* -%{_mandir}/man1/cobbler-register.1* -%{python3_sitelib}/koan/ -%exclude %{python3_sitelib}/koan/sub_process.py* -%exclude %{python3_sitelib}/koan/opt_parse.py* -%exclude %{python3_sitelib}/koan/text_wrap.py* -/var/lib/koan -/var/log/koan -/var/spool/koan -%endif - %changelog +* Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 +- Drop koan completely, including obsoletes. It is a separate package now. + * Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 - Require /sbin/service From 26c83ee708222c651850bbb23cd0f518a8fd7572 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 29 Dec 2019 12:52:50 -0700 Subject: [PATCH 031/110] Udate to 2.8.5 final release --- cobbler.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 17b016e..ef2c04e 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,11 +7,11 @@ Name: cobbler Version: 2.8.5 -Release: 0.3%{?dist} +Release: 1%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ -Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz BuildRequires: git BuildRequires: /usr/bin/pathfix.py @@ -269,6 +269,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Sun Dec 29 2019 Orion Poplawski - 2.8.5-1 +- Udate to 2.8.5 final release + * Mon Oct 14 2019 Orion Poplawski - 2.8.5-0.3 - Require python2-ipaddress diff --git a/sources b/sources index 5301563..d7a28a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-2.8.5.tar.gz) = 6097618b6ad394f23f496eee14a74a334162b2d420c39059bf54472a44b4a6a645faf9ee50139f7c169503d34524489282b03a2f7318ca8b276745cc518567a7 +SHA512 (cobbler-2.8.5.tar.gz) = 6587308eb9eb49f7a894ddd052e1e3e226b4bcbffcf5c7e909e035b3faba1a8ae00631b96e11f0274d058b41b985b9a53776428b4587708111ef8158dec4e9d1 From 89e9d569da5c7ec41dd6e1ed85342222b20f8a22 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 11 Jan 2020 22:33:28 -0700 Subject: [PATCH 032/110] Update to 3.1.1 --- Set-the-default-tftp_boot-location.patch | 42 ------------------------ cobbler.spec | 20 +++++++---- sources | 2 +- 3 files changed, 14 insertions(+), 50 deletions(-) delete mode 100644 Set-the-default-tftp_boot-location.patch diff --git a/Set-the-default-tftp_boot-location.patch b/Set-the-default-tftp_boot-location.patch deleted file mode 100644 index ba2e839..0000000 --- a/Set-the-default-tftp_boot-location.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 311c4161a638e91138939d806c3c7989fdd16fbc Mon Sep 17 00:00:00 2001 -From: Nicolas Chauvet -Date: Tue, 17 Sep 2019 16:35:07 +0200 -Subject: [PATCH] Set the default tftp_boot location - -Signed-off-by: Nicolas Chauvet ---- - cobbler/settings.py | 2 +- - config/cobbler/settings | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/cobbler/settings.py b/cobbler/settings.py -index b97b11f1..dd14b3a7 100644 ---- a/cobbler/settings.py -+++ b/cobbler/settings.py -@@ -131,7 +131,7 @@ DEFAULTS = { - "sign_puppet_certs_automatically": [0, "bool"], - "signature_path": ["/var/lib/cobbler/distro_signatures.json", "str"], - "signature_url": ["https://cobbler.github.io/signatures/3.0.x/latest.json", "str"], -- "tftpboot_location": ["/srv/tftpboot", "str"], -+ "tftpboot_location": ["/var/lib/tftpboot", "str"], - "virt_auto_boot": [0, "bool"], - "webdir": ["/var/www/cobbler", "str"], - "webdir_whitelist": [".link_cache", "misc", "distro_mirror", "images", "links", "localmirror", "pub", "rendered", "repo_mirror", "repo_profile", "repo_system", "svc", "web", "webui"], -diff --git a/config/cobbler/settings b/config/cobbler/settings -index 169910c8..4fbd4ad1 100644 ---- a/config/cobbler/settings -+++ b/config/cobbler/settings -@@ -246,8 +246,8 @@ manage_tftpd: 1 - - # This variable contains the location of the tftpboot directory. If this directory is not present cobbler does not - # start. --# Default: /srv/tftpboot --tftpboot_location: "/srv/tftpboot" -+# Default: /var/lib/tftpboot -+tftpboot_location: "/var/lib/tftpboot" - - # set to 1 to enable Cobbler's RSYNC management features. - manage_rsync: 0 --- -2.20.1 - diff --git a/cobbler.spec b/cobbler.spec index d678a16..98e35b9 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -1,20 +1,18 @@ %global tftp_dir /var/lib/tftpboot/ -%global commit0 f78af86a963b099d1e22586b24aedff9062da9c1 +%global commit0 c46abca11dca886411fc95802a2cbaa66fdb691b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.0.1 -Release: 4%{?dist} +Version: 3.1.1 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ -Source0: https://github.com/cobbler/cobbler/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -# Distro specific patch - tftp default location -Patch0: Set-the-default-tftp_boot-location.patch +Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz +#Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz BuildArch: noarch -BuildRequires: git BuildRequires: python3-devel BuildRequires: python3-cheetah BuildRequires: %{py3_dist coverage} @@ -25,6 +23,8 @@ BuildRequires: python3-pyyaml BuildRequires: python3-requests BuildRequires: python3-setuptools BuildRequires: python3-simplejson +# For docs +BuildRequires: python3-sphinx %global __requires_exclude_from ^%{python3_sitelib}/modules/serializer_mongodb.py*$ @@ -152,9 +152,12 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %{_bindir}/cobbler-ext-nodes %{_bindir}/cobblerd %{_sbindir}/tftpd.py +%{_datadir}/bash-completion/ %dir %{_datadir}/cobbler %{_datadir}/cobbler/bin %{_mandir}/man1/cobbler.1* +%{_mandir}/man5/cobbler.conf.5* +%{_mandir}/man8/cobblerd.8* %{python3_sitelib}/cobbler/ %{python3_sitelib}/cobbler*.egg-info %{_unitdir}/cobblerd.service @@ -174,6 +177,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 +- Update to 3.1.1 + * Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 - Drop koan completely, including obsoletes. It is a separate package now. diff --git a/sources b/sources index 89303fe..08e9301 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.0.1.tar.gz) = 932141615aaa9a6b2bde479c3f50bf422762010cea5572f88d78685fb5280f387437d374f48ea2a9f355f3da8d9be83eddb3b7a72c49b1800cfa04b577e81720 +SHA512 (cobbler-3.1.1.tar.gz) = b4df95de2f57185375c00c6fbcd9d80a9b2e796477956f9b4988c63b20b369fe388372a37a33e0302d27f6a4f2fdfc086765fd8cf645d334d56e7fd7fc4c8780 From 99d963f283563d34b3f51ed63bf75df115b04540 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 14:21:32 +0000 Subject: [PATCH 033/110] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 98e35b9..bcab90e 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.1.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -177,6 +177,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 - Update to 3.1.1 From 3afa6212c0048fe5d1f1ab1a7ed7db7d4230efc9 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 20 Feb 2020 21:50:02 -0700 Subject: [PATCH 034/110] Use %{python3_pkgversion} for EL7 compatibility --- cobbler.spec | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index bcab90e..5513348 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -13,18 +13,22 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-% #Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz BuildArch: noarch -BuildRequires: python3-devel -BuildRequires: python3-cheetah +BuildRequires: python%{python3_pkgversion}-devel +BuildRequires: python%{python3_pkgversion}-cheetah +%if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: %{py3_dist coverage} -BuildRequires: python3-distro -BuildRequires: python3-future -BuildRequires: python3-netaddr -BuildRequires: python3-pyyaml -BuildRequires: python3-requests -BuildRequires: python3-setuptools -BuildRequires: python3-simplejson +%else +BuildRequires: python%{python3_pkgversion}-coverage +%endif +BuildRequires: python%{python3_pkgversion}-distro +BuildRequires: python%{python3_pkgversion}-future +BuildRequires: python%{python3_pkgversion}-netaddr +BuildRequires: python%{python3_pkgversion}-PyYAML +BuildRequires: python%{python3_pkgversion}-requests +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: python%{python3_pkgversion}-simplejson # For docs -BuildRequires: python3-sphinx +BuildRequires: python%{python3_pkgversion}-sphinx %global __requires_exclude_from ^%{python3_sitelib}/modules/serializer_mongodb.py*$ @@ -32,14 +36,14 @@ Requires: httpd Requires: tftp-server Requires: createrepo Requires: rsync -Requires: python3-cheetah -Requires: python3-future -Requires: python3-mod_wsgi -Requires: python3-netaddr -Requires: python3-pyyaml -Requires: python3-requests -Requires: python3-simplejson -Requires: python3-tornado +Requires: python%{python3_pkgversion}-cheetah +Requires: python%{python3_pkgversion}-future +Requires: python%{python3_pkgversion}-mod_wsgi +Requires: python%{python3_pkgversion}-netaddr +Requires: python%{python3_pkgversion}-PyYAML +Requires: python%{python3_pkgversion}-requests +Requires: python%{python3_pkgversion}-simplejson +Requires: python%{python3_pkgversion}-tornado Requires: genisoimage %if 0%{?fedora} || 0%{?rhel} > 7 @@ -71,8 +75,8 @@ other applications. %package -n cobbler-web Summary: Web interface for Cobbler Requires: cobbler = %{version}-%{release} -Requires: python3-django -Requires: python3-mod_wsgi +Requires: python%{python3_pkgversion}-django +Requires: python%{python3_pkgversion}-mod_wsgi Requires: mod_ssl Requires(post): openssl From 9f18f64d209d487e92dc271ec2393d58f8108fa9 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Fri, 21 Feb 2020 15:25:32 -0700 Subject: [PATCH 035/110] Add requires for python3-dns --- cobbler.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 5513348..2f6d900 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.1.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -37,6 +37,7 @@ Requires: tftp-server Requires: createrepo Requires: rsync Requires: python%{python3_pkgversion}-cheetah +Requires: python%{python3_pkgversion}-dns Requires: python%{python3_pkgversion}-future Requires: python%{python3_pkgversion}-mod_wsgi Requires: python%{python3_pkgversion}-netaddr @@ -181,6 +182,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 +- Add requires for python3-dns + * Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 868c803385380d635335ba8e7d6946ff88d62213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 4 May 2020 00:36:52 +0200 Subject: [PATCH 036/110] Escape % in date format to prevent RPM errors cobbler.spec: line 119: %S: argument expected --- cobbler.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 2f6d900..f52ddfa 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -116,7 +116,7 @@ rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf %pre if (( $1 >= 2 )); then # package upgrade: backup configuration - DATE=$(date "+%Y%m%d-%H%M%S") + DATE=$(date "+%%Y%%m%%d-%%H%%M%%S") if [[ ! -d /var/lib/cobbler/backup/upgrade-${DATE} ]]; then mkdir -p /var/lib/cobbler/backup/upgrade-${DATE} fi From a0bed46104e15567fb647a72c9815e0110f20be2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 26 May 2020 02:42:50 +0200 Subject: [PATCH 037/110] Rebuilt for Python 3.9 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index f52ddfa..e42f829 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.1.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -182,6 +182,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Tue May 26 2020 Miro Hrončok - 3.1.1-4 +- Rebuilt for Python 3.9 + * Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 - Add requires for python3-dns From 29f603a1353eab9bbb90bf723b8dca7210ed7efc Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 30 May 2020 20:13:52 -0600 Subject: [PATCH 038/110] Update to 3.1.2 --- cobbler.spec | 1562 ++------------------------------------------------ sources | 2 +- 2 files changed, 37 insertions(+), 1527 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index e42f829..537f73b 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -1,11 +1,11 @@ -%global tftp_dir /var/lib/tftpboot/ +%global tftpboot_dir %{_sharedstatedir}/tftpboot/ %global commit0 c46abca11dca886411fc95802a2cbaa66fdb691b %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.1.1 -Release: 4%{?dist} +Version: 3.1.2 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -30,12 +30,11 @@ BuildRequires: python%{python3_pkgversion}-simplejson # For docs BuildRequires: python%{python3_pkgversion}-sphinx -%global __requires_exclude_from ^%{python3_sitelib}/modules/serializer_mongodb.py*$ - Requires: httpd Requires: tftp-server -Requires: createrepo +Requires: createrepo_c Requires: rsync +Requires: xorriso Requires: python%{python3_pkgversion}-cheetah Requires: python%{python3_pkgversion}-dns Requires: python%{python3_pkgversion}-future @@ -47,10 +46,16 @@ Requires: python%{python3_pkgversion}-simplejson Requires: python%{python3_pkgversion}-tornado Requires: genisoimage -%if 0%{?fedora} || 0%{?rhel} > 7 +%if 0%{?fedora} || 0%{?rhel} >= 8 +# Not everyone wants bash-completion...? +Recommends: bash-completion Requires: dnf-plugins-core # syslinux is only available on x86 Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) +# grub2 efi stuff is only available on x86 +Recommends: grub2-efi-ia32 +Recommends: grub2-efi-x64 +Recommends: logrotate %else Requires: yum-utils %endif @@ -79,7 +84,8 @@ Requires: cobbler = %{version}-%{release} Requires: python%{python3_pkgversion}-django Requires: python%{python3_pkgversion}-mod_wsgi Requires: mod_ssl -Requires(post): openssl +Requires(post): coreutils +Requires(post): sed %description -n cobbler-web Web interface for Cobbler that allows visiting @@ -102,8 +108,8 @@ rm %{buildroot}%{_sysconfdir}/cobbler/cobbler.conf mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd_rotate %{buildroot}%{_sysconfdir}/logrotate.d/cobblerd -# Create data directories in tftp_dir -mkdir -p %{buildroot}%{tftp_dir}/{boot,etc,grub,images{,2},ppc,pxelinux.cfg,s390x} +# Create data directories in tftpboot_dir +mkdir -p %{buildroot}%{tftpboot_dir}/{boot,etc,grub/system{,_link},images{,2},ppc,pxelinux.cfg,s390x} # systemd mkdir -p %{buildroot}%{_unitdir} @@ -114,19 +120,19 @@ rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf %pre -if (( $1 >= 2 )); then +if [ $1 -ge 2 ]; then # package upgrade: backup configuration DATE=$(date "+%%Y%%m%%d-%%H%%M%%S") - if [[ ! -d /var/lib/cobbler/backup/upgrade-${DATE} ]]; then - mkdir -p /var/lib/cobbler/backup/upgrade-${DATE} + if [ ! -d "%{_sharedstatedir}/cobbler/backup/upgrade-${DATE}" ]; then + mkdir -p "%{_sharedstatedir}/cobbler/backup/upgrade-${DATE}" fi - for i in "config" "snippets" "kickstarts" "triggers" "scripts"; do - if [[ -d /var/lib/cobbler/${i} ]]; then - cp -r /var/lib/cobbler/${i} /var/lib/cobbler/backup/upgrade-${DATE} + for i in "config" "snippets" "templates" "triggers" "scripts"; do + if [ -d "%{_sharedstatedir}/cobbler/${i}" ]; then + cp -r "%{_sharedstatedir}/cobbler/${i}" "%{_sharedstatedir}/cobbler/backup/upgrade-${DATE}" fi done - if [[ -d /etc/cobbler ]]; then - cp -r /etc/cobbler /var/lib/cobbler/backup/upgrade-${DATE} + if [ -d %{_sysconfdir}/cobbler ]; then + cp -r %{_sysconfdir}/cobbler "%{_sharedstatedir}/cobbler/backup/upgrade-${DATE}" fi fi @@ -142,8 +148,9 @@ fi %post -n cobbler-web # Change the SECRET_KEY option in the Django settings.py file # required for security reasons, should be unique on all systems -RAND_SECRET=$(openssl rand -base64 40 | sed 's/\//\\\//g') -sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/web/settings.py +# Choose from letters and numbers only, so no special chars like ampersand (&). +RAND_SECRET=$(head /dev/urandom | tr -dc 'A-Za-z0-9!' | head -c 50 ; echo '') +sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler/web/settings.py %files @@ -156,6 +163,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %{_bindir}/cobbler %{_bindir}/cobbler-ext-nodes %{_bindir}/cobblerd +%{_sbindir}/fence_ipmitool %{_sbindir}/tftpd.py %{_datadir}/bash-completion/ %dir %{_datadir}/cobbler @@ -166,22 +174,25 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %{python3_sitelib}/cobbler/ %{python3_sitelib}/cobbler*.egg-info %{_unitdir}/cobblerd.service -%{tftp_dir}/* +%{tftpboot_dir}/* /var/www/cobbler -%config(noreplace) /var/lib/cobbler -%exclude /var/lib/cobbler/webui_sessions +%config(noreplace) %{_sharedstatedir}/cobbler +%exclude %{_sharedstatedir}/cobbler/webui_sessions /var/log/cobbler %files -n cobbler-web %license COPYING %doc AUTHORS.in README.md %config(noreplace) /etc/httpd/conf.d/cobbler_web.conf -%attr(-,apache,apache) /usr/share/cobbler/web -%dir %attr(700,apache,root) /var/lib/cobbler/webui_sessions +%attr(-,apache,apache) %{_datadir}/cobbler/web +%dir %attr(700,apache,root) %{_sharedstatedir}/cobbler/webui_sessions %attr(-,apache,apache) /var/www/cobbler_webui_content/ %changelog +* Fri May 29 2020 Orion Poplawski - 3.1.2-1 +- Update to 3.1.2 + * Tue May 26 2020 Miro Hrončok - 3.1.1-4 - Rebuilt for Python 3.9 @@ -389,1504 +400,3 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ * Mon Apr 21 2014 Orion Poplawski - 2.6.0-1 - Update to 2.6.0 - -* Mon Apr 21 2014 Orion Poplawski - 2.4.3-1 -- Update to 2.4.3 -- Add patch to fix bug #1047350 -- Add requires python-simplejson and virt-install for EL5 (bug #852422) -- Use updated systemd macros (bug #850061) -- Require python-ctypes on EL5 (bug #838884) - -* Sat Aug 03 2013 Fedora Release Engineering - 2.4.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Thu Jun 20 2013 James Cammarata 2.4.0-1 -- Release 2.4.0-1 (jimi@sngx.net) -* Fri May 24 2013 James Cammarata 2.4.0-beta6 -- New BETA release - 2.4.0 beta6 -* Mon Apr 22 2013 James Cammarata 2.4.0-beta5 -- A few bugfixes and rebuilding the RPM because of a goof - (jimi@sngx.net) - -* Wed Apr 03 2013 James Cammarata 2.4.0-beta4 -- 2.4.0-beta4 release -* Wed Dec 12 2012 James Cammarata 2.4.0-beta3 -- New release 2.4.0-beta3 -* Thu Oct 11 2012 James Cammarata 2.4.0-beta2 -- Modified spec version/release to be 2.4.0-beta2 (jimi@sngx.net) -- fixing up a bad commit merge (jimi@sngx.net) - -* Thu Oct 11 2012 James Cammarata 2.4.0-beta1 -- Beta Release 1 of 2.4.0 -- BUGFIX - Issue #329 - Systems no longer allow an add with an image for a - parent (jimi@sngx.net) -- BUGFIX - Issue #327 - revert 5afcff7 and fix in a more sane way - (jimi@sngx.net) -- Removed some duplicates created by reapplying a patch (jimi@sngx.net) -- BUGFIX - Issue #267 - old python-virtinst does not support --boot - (jimi@sngx.net) -- Revise install_post_puppet.py to use newer puppet syntax - (stephen@esstec.co.uk) -- Get rid of deprecated Puppet syntax so that cobbler works with Puppet 3.0 - (stephen@esstec.co.uk) -- Added ubuntu to dist check for named.conf location - (daniel.givens@rackspace.com) -- Expanded automatic determination of tftpboot path, isc dhcp and bind service - names and config files based on distro. (daniel@givenstx.com) -- Make the service name for DHCP and DNS restarts configurable for better - portable between distros. (daniel.givens@rackspace.com) -- Serial based on formatted date and revision number (alevy@mobitv.com) -- Correct undefined variable name (jbd@jbdenis.net) -- fix merge Issue #252 BUGFIX and #262 (daikame@gmail.com) -- Add check for valid driver_type before executing qemu-img (jimi@sngx.net) -- fix mistake remove import. (daikame@gmail.com) -- move exec method to utils.py, and catch unexpected exception. - (daikame@gmail.com) -- not check driver type on create method. (daikame@gmail.com) -- BUGFIX - Issue #305 - Incorrect Kickstart file when gPXE enabled - (jimi@sngx.net) -- BUGFIX - Issue #304 - Cobbler does not store values correctly for ksmeta - Objects were getting flattened improperly, so it was losing escapes/quoting - for values with spaces (jimi@sngx.net) -- add vmdk and raw file create support. (daikame@gmail.com) -- BUGFIX - Issue #267 - old python-virtinst does not support --boot - (jimi@sngx.net) -- Modified spec version/release to be 2.4.0-beta-1 (jimi@sngx.net) -- Initial commit for mysql backend support (jimi@sngx.net) -- BUGFIX - Issue #277 - move webroot to /srv/www for debian/ubuntu - (jimi@sngx.net) -- FEATURE - adding 'zonetype' variable for DNS zone rendering (jimi@sngx.net) -- BUGFIX - Issue #278 - cobbler import fails for ubuntu images due to rsync - args (jimi@sngx.net) -- BUGFIX - Issue #285 - update cobbler man page for incorrect options - (jimi@sngx.net) -- BUGFIX - Issue #241 - adding distro with blank name via XMLRPC should not - work (jimi@sngx.net) -- BUGFIX - Issue #272 - allow anamon to log entries when building systems based - on profiles (no corresponding system record) (jimi@sngx.net) -- BUGFIX - Issue #252 - fuzzy match on lvs name returns a false match - preventing LV creation (jimi@sngx.net) -- BUGFIX - Issue #287 - patch to allow templar to work without a config, which - was breaking the tftpd.py script (jimi@sngx.net) -- add qcow2 driver type (daikame@gmail.com) -- fix koan qemu-machine-type param test. (daikame@gmail.com) -- Only cosmetic cleanup - removed commands that were commented out, added - spaces for more clear code (flaks@bnl.gov) -- Modified sample.seed to make use kickstart_start and kickstart_done snippets - for debian. As a result the following cobbler features work for debian: - - prevent net boot looping - cobbler status reflects debian installations - - preseed file is downloaded a nd saved on the installed system as - /var/log/cobbler.seed Also made download_config_files_deb snippet, make use - of late_command New post_run_deb snippet allows to execute post installation - script. (flaks@bnl.gov) -- Some changes for testing (jimi@sngx.net) -- Minor fix for urlparse on older pythons (>2.5) (jimi@sngx.net) -- FEATURE - Issue #253 - Use PEERDNS=no for DHCP interfaces when name servers - are specified (jimi@sngx.net) -- install-tree for debian/ubuntu modified to take tree= from meta data. http, - ftp and nfs remote tree locations supported (flaks@bnl.gov) -- add support of custom logical volume name (daikame@gmail.com) -- Partial revert of 87acfc8b, and a minor change to bring the koan extra-args - inline with the PXE args (jimi@sngx.net) -- New default preseed, and a few minor changes to make ubuntu auto install work - better (jimi@sngx.net) -- Add support for qemu machine type to emulate (option --qemu-machine-type). - (isaoshimizu@gmail.com) -- Modern x86 kernels have 2048 char limit and this is needed to support - configurations with kickstart+NIC kernel params. Otherwise koan refuses to - accept the param list. (oliver@cpan.org) -- Allow koan's -S option to work for SuSE breed. Also remove -S for breed=None, - as I assume "Red Hat" is not a sane assumption for all Distros without a - breed. (oliver@cpan.org) -- Only add a udev net rule for an interface if the MAC is set. This fixes - behaviour whereby a dummy udev rule at eth0 forces the first NIC to get eth1 - post-install. (oliver@cpan.org) -- Make the domainname setting be the full eth0 DNS Name, minus the first dotted - part (and not the FQDN). (oliver@cpan.org) -- BUGFIX - Issue #252 - fuzzy match on lvs name returns a false match - preventing LV creation (jimi@sngx.net) -- Added back in the filesystem loader. (oliver@cpan.org) -- BUGFIX - Issue #247 - Reposync does not work from the web interface - (jimi@sngx.net) -- BUGFIX - Issue #246 - CentOS 5.x install fence_tools to /sbin/ - (jimi@sngx.net) -- Fix post_report trigger typo (jimi@sngx.net) -- Some fixes for koan running with an old virt-install (jimi@sngx.net) -- Define pxe_menu_items variable when creating PXE files for systems - (jthiltges2@unl.edu) -- Refactor PXE and GRUB menu item creation into a separate function - (jthiltges2@unl.edu) -- django 1.4 and later have deprecated the old TEMPLATE_LOADERS and replaced - them with a new app_directories.Loader (oliver@cpan.org) -- Add support for UEFI boot to the subnet, but not for defined systems yet. - (erinn.looneytriggs@gmail.com) -- Fix redhat import whitelist for Fedora 17 (jimi@sngx.net) -- Fix unittest on the case of haven't virt-install libs. (daikame@gmail.com) -- os_version for debian should be similar to ubunty for virt-install to work - changed tree in app.py so that I can use debian mirror different from cobbler - server (flaks@bnl.gov) -- fedora 17 changed the output of ifconfig command. This will make IFNAME set - in snippets again (flaks@bnl.gov) -- remove edit for now (flaks@bnl.gov) -- Fixed snippets for bonded_bridge_slave and a few other fixes for koan/web GUI - (jimi@sngx.net) -- Initial support for bonded_bridge_slave type. TODO: modifying snippets to - actually make it work... (jimi@sngx.net) -- The webui_sessions directory belongs only to cobbler-web - (chutzimir@gmail.com) -- RPM: put cobbler*.conf files only in /etc/httpd/conf.d - (cristian.ciupitu@yahoo.com) -- better fix for pull request #228 (jorgen.maas@gmail.com) -- make rpms failed because the misc/ directory containing the augeas lense - could not be found. this simple diff fixes that. (jorgen.maas@gmail.com) -- Ubuntu actually requires auto=true in kopts See - http://serverfault.com/a/144290/39018 (ekirpichov@gmail.com) -- Whitespace cleanup for the new openvz stuff (jimi@sngx.net) -- Remove dead code (useless imports) (cristian.ciupitu@yahoo.com) -- BUGFIX extra-args option problems (daikame@gmail.com) -- FIX koan virt-install tests. (daikame@gmail.com) -- added debian support to prevent net boot looping (flaks@bnl.gov) -- README.openvz: - added (nvrhood@gmail.com) -- scripts/ovz-install: - added support for "services" kickstart option - - corrected repos and installation source processing (nvrhood@gmail.com) -- cobbler.spec, setup.py: - added scripts/ovz-install (nvrhood@gmail.com) -- koan/openvzcreate.py, scripts/ovz-install: - changes in copyright notice - (nvrhood@gmail.com) -- koan/app.py: - bug in koan: size of freespace on VG expressed as float with - comma, but need fload with point (nvrhood@gmail.com) -- koan/app.py: - added type "openvz" (nvrhood@gmail.com) -- cobbler/collection.py: - openvz containers doesn't need to boot from PXE, so - we prevent PXE-menu creation for such profiles. (nvrhood@gmail.com) -- cobbler/item_profile.py, cobbler/utils.py: - added "openvz" virtualization - type (nvrhood@gmail.com) -- cobbler/item_system.py: - added openvz for virt_type (nvrhood@gmail.com) -- [BUGFIX] template errors can hit an exception path that references an - undefined variable (jimi@sngx.net) -- If the call to int() fails, inum has no value, thus the reference to inum in - the except clause causes an UnboundLocalError when it tries to reference - inum. (joshua@azariah.com) -- Add new ubuntu (alpha) version to codes.py (jorgen.maas@gmail.com) -- Not all remove current ifcfg- post_install_network_config (me@n0ts.org) -- Update systemctl script to resolve some issues (jimi@sngx.net) -- More spec fixes (jimi@sngx.net) -- Removing replicate_use_default_rsync_options setting and setting - replicate_rsync_options to existing rsync default. Issue #58 - (john@julienfamily.com) -- Commit for RFE: Expose rsync options during replication. Issue #58 - (john@julienfamily.com) -- Yet more HTML/CSS fixes, cleaning up some overly large inputs caused by other - CSS changes (jimi@sngx.net) -- More HTML/CSS improvements for new weblayout (jimi@sngx.net) -- CSS improvements for the tabbed layout (jimi@sngx.net) -- Fix for settings edit using the new tab format (jimi@sngx.net) -- Added a cancel button to replace the reset button (jimi@sngx.net) -- Fix saving of multiselect fields (jimi@sngx.net) -- Modification to generic_edit template to use tabs for categories plus some - miscellaneous cleanup (jimi@sngx.net) -- Adding an example line for redhat imports to the whitelist file - (jimi@sngx.net) -- Another minor fix for suse imports - fixing up name when using --available-as - (already done in other import modules) - allowing multiple arch imports (also - already done in other imports) (jimi@sngx.net) -- Some fixups for suse using --available-as (jimi@sngx.net) -- Fix for import when using --available-as - currently rsyncs full remote tree, - changing that to only import files in a white list - some modifications to - import modules to clean some things up and make available-as work better - - fix in utils.py for path_tail, which was not working right and appending the - full path (jimi@sngx.net) -- Run the same sed command on the default distributed config file to ensure - consistent indentation (jimi@sngx.net) -- Add setting to enable/disable dynamic settings changes Adding - cobblersettings.aug to distributed files, since we need a copy that doesn't - insert tabs Added a "cobbler check" that checks if dynamic settings is - enabled and prints a sed command to cleanup the settings file spacing/indents - (jimi@sngx.net) -- Change cli command "settings" to "setting" to match other commands (which are - not plurarlized) (jimi@sngx.net) -- Removing commented-out try/except block in config.py, didn't mean to commit - this (jimi@sngx.net) -- Fixed/improved CLI reporting for settings (jimi@sngx.net) -- Added support for validating setting type when saving Also fixed up the - augeas stuff to save lists and hashes correctly (jimi@sngx.net) -- Fix for incorrect redirect when login times out when looking at a setting - edit (jimi@sngx.net) -- Dynamic settings edit support for the web GUI (jimi@sngx.net) -- Added ability to write settings file via augeas (jimi@sngx.net) -- Initial support for modifying settings live Changed settings do not survive a - reboot and revert to what's in /etc/cobbler/settings TODO: * report --name - show a single setting * validate settings based on type (string, list, bool, - etc.) * web support for editing * persisting settings after change - (jimi@sngx.net) -- Branch for 2.4.0, updated spec and setup.py (jimi@sngx.net) - -* Sun Jun 17 2012 James Cammarata 2.2.3-2 -- [BUGFIX] re-enable writing of DHCP entries for non-pxeboot-enabled systems - unless they're static (jimi@sngx.net) -* Tue Jun 05 2012 James Cammarata 2.2.3-1 -- [BUGFIX] add dns to kernel commandline when using static interface - (frido@enu.zolder.org) -- [BUGFIX] issue #196 - repo environment variables bleed into other repos - during sync process This patch has reposync cleanup/restore any environment - variables that were changed during the process (jimi@sngx.net) -- BUGFIX quick dirty fix to work around an issue where cobbler would not log in ldap - usernames which contain uppercase characters. at line 60 instead of "if user - in data", "if user.lower() in data" is used. It would appear the parser puts - the usernames in data[] in lowercase, and the comparison fails because "user" - does hold capitalizations. (matthiasvandegaer@hotmail.com) -- [BUGFIX] simplify SELinux check reporting - * Remove calls to semanage, policy prevents apps from running that directly - (and speeds up check immensely) - * Point users at a wiki page which will contain details on ensuring cobbler - works with SELinux properly (jimi@sngx.net) -- [BUGFIX] issue #117 - incorrect permissions on files in /var/lib/cobbler - (j-nomura@ce.jp.nec.com) -- [BUGFIX] issue #183 - update objects mgmt classes field when a mgmt class is - renamed (jimi@sngx.net) -- [BUGFIX] adding some untracked directories and the new augeas lense to the - setup.py and cobbler.spec files (jimi@sngx.net) -- [FEATURE] Added ability to disable grubby --copy-default behavior for distros that may - have problems with it (jimi@sngx.net) -- [SECURITY] Major changes to power commands: - * Fence options are now based on /usr/sbin/fence_* - so basically anything the - fence agents package provides. - * Templates will now be sourced from /etc/cobbler/power/fence_.template. - These templates are optional, and are only required if you want to do extra - options for a given command. - All options for the fence agent command are sent - over STDIN. - * Support for ipmitool is gone, use fence_ipmilan instead (which uses ipmitool - under the hood anyway). This may apply to other power types if they were provided - by a fence_ command. - * Modified labels for the power options to be more descriptive. (jimi@sngx.net) -- [BUGFIX] issue #136 - don't allow invalid characters in names when copying - objects (jimi@sngx.net) -- [BUGFIX] issue #168 - change input_string_or_list to use shlex for split This - function was using a regular string split, which did not allow quoted or - escaped strings to be preserved. (jimi@sngx.net) -- [BUGFIX] Correct method to process the template file. This Fixes the previous issue - and process the template. (charlesrg@gmail.com) -- [BUGFIX] issue #170 - koan now checks length of drivers list before indexing - (daniel@defreez.com) -- [BUGFIX] Issue #153 - distro delete doesn't remove link from - /var/www/cobbler/links Link was being created incorrectly during the import - (jimi@sngx.net) -- [FEATURE] snippets: save/restore boot-device on ppc64 on fedora17 (nacc@us.ibm.com) -- [BUGFIX] Fixed typo in pre_anamon (brandor5@gmail.com) -- [BUGFIX] Added use of $http_port to server URL in pre_anamon and post_anamon - (brandor5@gmail.com) -- [BUGFIX] Fixed dnsmasq issue regarding missing dhcp-host entries (cobbler@basjes.nl) -- [BUGFIX] in buildiso for RedHat based systems. The interface->ip resolution was - broken when ksdevice=bootif (default) (jorgen.maas@gmail.com) -- [BUGFIX] rename failed for distros that did not live under ks_mirror - (jimi@sngx.net) -- [BUGFIX] Partial revert of commit 3c81dd3081 - incorrectly removed the 'extends' - template directive, breaking rendering in django (jimi@sngx.net) -- [BUGFIX] Reverting commit 1d6c53a97, which was breaking spacewalk Changed the web - interface stuff to use the existing extended_version() remote call - (jimi@sngx.net) -- [BUGFIX] Minor fix for serializer_pretty_json change, setting indent to 0 was still - causing more formatted JSON to be output (jimi@sngx.net) -- [SECURITY] Adding PrivateTmp=yes to the cobblerd.service file for systemd - (jimi@sngx.net) -- [FEATURE] add a config option to enable pretty JSON output (disabled by default) - (aronparsons@gmail.com) -- [BUGFIX] issue #107 - creating xendomains link for autoboot fails Changing an - exception to a printed warning, there's no need to completely bomb out on the - process for this (jimi@sngx.net) -- [BUGFIX] issue #28 - Cobbler drops errors on the floor during a replicate - Added additional logging to add_ functions to report an error if the add_item - call returns False (jimi@sngx.net) -- [BUGFIX] add requirement for python-simplejson to koan's package - (jimi@sngx.net) -- [BUGFIX] action_sync: fix sync_dhcp remote calls (nacc@us.ibm.com) -- [BUGFIX] Add support for KVM paravirt (justin@thespies.org) -- [BUGFIX] Makefile updates for debian/ubuntu systems (jimi@sngx.net) -- [BUGFIX] fix infinite netboot cycle with ppc64 systems (nacc@us.ibm.com) -- [BUGFIX] Don't allow Templar classes to be created without a valid config - There are a LOT of places in the templar.py code that use self.settings - without checking to make sure a valid config was passed in. This could cause - random stack dumps when templating, so it's better to force a config to be - passed in. Thankfully, there were only two pieces of code that actually did - this, one of which was the tftpd management module which was fixed elsewhere. - (jimi@sngx.net) -- [BUGFIX] instance of Templar() was being created without a config passed in - This caused a stack dump when the manage_in_tftpd module tried to access the - config settings (jimi@sngx.net) -- [BUGFIX] Fix for issue #17 - Make cobbler import be more squeaky when it doesn't - import anything (jimi@sngx.net) -- [FEATURE] autoyast_sample: save and restore boot device order (nacc@us.ibm.com) -- [BUGFIX] Fix for issue #105 - buildiso fails Added a new option for buildiso: - --mkisofs-opts, which allows specifying extra options to mkisofs TODO: add - input box to web interface for this option (jimi@sngx.net) -- [BUGFIX] incorrect lower-casing of kickstart paths - regression from issue - #43 (jimi@sngx.net) -- [FEATURE] Automatically detect and support bind chroot (orion@cora.nwra.com) -- [FEATURE] Add yumopts to kickstart repos (orion@cora.nwra.com) -- [BUGFIX] Fix issue with cobbler system reboot (nacc@us.ibm.com) -- [BUGFIX] fix stack trace in write_pxe_file if distro==None (smoser@brickies.net) -- [BUGFIX] Changed findkeys function to be consisten with keep_ssh_host_keys snippet - (flaks@bnl.gov) -- [BUGFIX] Fix for issue #15 - cobbler image command does not recognize - --image-type=memdisk (jimi@sngx.net) -- [BUGFIX] Issue #13 - reposync with --tries > 1 always repeats, even on - success The success flag was being set when the reposync ran, but didn't - break out of the retry loop - easy fix (jimi@sngx.net) -- [BUGFIX] Fix for issue #42 - kickstart not found error when path has leading - space (jimi@sngx.net) -- [BUGFIX] Fix for issue #26 - Web Interface: Profile Edit - * Added jquery UI stuff - * Added javascript to generic_edit template to make all selects in the - class "edit" resizeable - (jimi@sngx.net) -- [BUGFIX] Fix for issue #53 - cobbler system add without --profile exits 0, - but does nothing (jimi@sngx.net) -- [BUGFIX] Issue #73 - Broken symlinks on distro rename from web_gui - (jimi@sngx.net) -- regular OS version maintenance (jorgen.maas@gmail.com) -- [BUGFIX] let koan not overwrite existing initrd+kernel (ug@suse.de) -- [FEATURE] koan: - * Port imagecreate to virt-install (crobinso@redhat.com) - * Port qcreate to virt-install (crobinso@redhat.com) - * Port xen creation to virt-install (crobinso@redhat.com) -- [FEATURE] new snippet allows for certificate-based RHN registration - (jim.nachlin@gawker.com) -- [FEATURE] Have autoyast by default behave more like RHEL, regarding networking etc. - (chorn@fluxcoil.net) -- [BUGFIX] sles patches (chorn@fluxcoil.net) -- [BUGFIX] Simple fix for issue where memtest entries were not getting created after - installing memtest86+ and doing a cobbler sync (rharriso@redhat.com) -- [BUGFIX] REMOTE_ADDR was not being set in the arguments in calls to CobblerSvc - instance causing ip address not to show up in install.log. - (jweber@cofront.net) -- [BUGFIX] add missing import of shutil (aparsons@redhat.com) -- [BUGFIX] add a sample kickstart file for ESXi (aparsons@redhat.com) -- [BUGFIX] the ESXi installer allows two nameservers to be defined (aparsons@redhat.com) -- [BUGFIX] close file descriptors on backgrounded processes to avoid hanging %%pre - (aparsons@redhat.com) -- [BUGFIX] rsync copies the repositories with --delete hence deleting everyhting local - that isn't on the source server. The createrepo then creates (following the - default settings) a cache directory ... which is deleted by the next rsync - run. Putting the cache directory in the rsync exclude list avoids this - deletion and speeds up running reposync dramatically. (niels@basjes.nl) -- [BUGFIX] Properly blame SELinux for httpd_can_network_connect type errors on initial - setup. (michael.dehaan@gmail.com) -- fix install=... kernel parameter when importing a SUSE distro (ug@suse.de) -- [BUGFIX] Force Django to use the system's TIME_ZONE by default. - (jorgen.maas@gmail.com) -- [FEATURE] Separated check for permissions from file existence check. - (aaron.peschel@gmail.com) -- [BUGFIX] If the xendomain symlink already exists, a clearer error will be produced. - (aaron.peschel@gmail.com) -- [FEATURE] Adding support for ESXi5, and fixing a few minor things (like not having a - default kickstart for esxi4) Todos: * The esxi*-ks.cfg files are empty, and - need proper kickstart templates * Import bug testing and general kickstart - testing (jimi@sngx.net) -- [FEATURE] Adding basic support for gPXE (jimi@sngx.net) -- [FEATURE] Add arm as a valid architecture. (chuck.short@canonical.com) -- [SECURITY] Changes PYTHON_EGG_CACHE to a safer path owned just by the webserver. - (chuck.short@canonical.com) -- [BUGFIX] koan: do not include ks_meta args when obtaining tree When obtaining the tree - for Ubuntu machines, ensure that ks_meta args are not passed as part of the - tree if they exist. (chuck.short@canonical.com) -- [FEATURE] koan: Use grub2 for --replace-self instead of grubby The koan option - '--replace-self' uses grubby, which relies on grub1, to replace a local - installation by installing the new kernel/initrd into grub menu entries. - Ubuntu/Debian no longer uses it grub1. This patch adds the ability to use - grub2 to add the kernel/initrd downloaded to a menuentry. On reboot, it will - boot from the install kernel reinstalling the system. Fixes (LP: #766229) - (chuck.short@canonical.com) -- [BUGFIX] Fix reposync missing env variable for debmirror Fixes missing HOME env - variable for debmirror by hardcoding the environment variable to - /var/lib/cobbler (chuck.short@canonical.com) -- [BUGFIX] Fix creation of repo mirror when importing iso. Fixes the creation of a - disabled repo mirror when importing ISO's such as the mini.iso that does not - contain any mirror/packages. Additionally, really enables 'apt' as possible - repository. (chuck.short@canonical.com) -- [BUGFIX] adding default_template_type to settings.py, caused some issues with - templar when the setting was not specified in the /etc/cobbler/settings - (jimi@sngx.net) -- [BUGFIX] fix for following issue: can't save networking options of a system - in cobbler web interface. (#8) (jimi@sngx.net) -- [BUGFIX] Add a new setting to force CLI commands to use the localhost for xmlrpc - (chjohnst@gmail.com) -- [BUGFIX] Don't blow up on broken links under /var/www/cobbler/links - (jeffschroeder@computer.org) -- [SECURITY] Making https the default for the cobbler web GUI. Also modifying the cobbler- - web RPM build to require mod_ssl and mod_wsgi (missing wsgi was an oversight, - just correcting it now) (jimi@sngx.net) -- [FEATURE] Adding authn_pam. This also creates a new setting - authn_pam_service, which - allows the user to configure which PAM service they want to use for cobblerd. - The default is the 'login' service (jimi@sngx.net) -- [SECURITY] Change in cobbler.spec to modify permissions on webui sessions directory to - prevent non-privileged user acccess to the session keys (jimi@sngx.net) -- [SECURITY] Enabling CSRF protection for the web interface (jimi@sngx.net) -- [SECURITY] Convert all yaml loads to safe_loads for security/safety reasons. - https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883 (jimi@sngx.net) -- [FEATURE] Added the setting 'default_template_type' to the settings file, and created - logic to use that in Templar().render(). Also added an option to the same - function to pass the template type in as an argument. (jimi@sngx.net) -- [FEATURE] Initial commit for adding support for other template languages, namely jinja2 - in this case (jimi@sngx.net) - -* Tue Nov 15 2011 Scott Henson 2.2.2-1 -- Changelog update (shenson@redhat.com) -- Fixed indentation on closing tr tag (gregswift@gmail.com) -- Added leader column to the non-generic tables so that all tables have the - same layout. It leaves room for a checkbox and multiple selects i nthese - other tables as well. (gregswift@gmail.com) -- Added action class to the event log link to bring it inline with other table - functions (gregswift@gmail.com) -- buildiso bugfix: overriding dns nameservers via the dns kopt now works. - reported by Simon Woolsgrove (jorgen.maas@gmail.com) -- Fix for pxegen, where an image without a distro could cause a stack dump on - cobbler sync (jimi@sngx.net) -- Added initial support for specifying the on-disk format of virtual disks, - currently supported for QEMU only when using koan (jimi@sngx.net) -- Add fedora16, rawhide, opensuse 11.2, 11.3, 11.4 and 12.1 to codes.py This - should also fix ticket #611 (jorgen.maas@gmail.com) -- Use VALID_OS_VERSIONS from codes.py in the redhat importer. - (jorgen.maas@gmail.com) -- Cleanup: use utils.subprocess_call in services.py (jorgen.maas@gmail.com) -- Cleanup: use utils.subprocess_call in remote.py. (jorgen.maas@gmail.com) -- Cleanup: use utils.subprocess_call in scm_track.py. Also document that 'hg' - is a valid option in the settings file. (jorgen.maas@gmail.com) -- Dont import the sub_process module when it's not needed. - (jorgen.maas@gmail.com) -- Fixes to import_tree() to actually copy files to a safe place when - --available-as is specified. Also some cleanup to the debian/ubuntu import - module for when --available-as is specified. (jimi@sngx.net) -- Modification to import processes so that rsync:// works as a path. These - changes should also correct the incorrect linking issue where the link - created in webdir/links/ pointed at a directory in ks_mirror without the arch - specified, resulting in a broken link if --arch was specified on the command - line Also removed the .old import modules for debian/ubuntu, which were - replaced with the unified manage_import_debian_ubuntu.py (jimi@sngx.net) -- cleanup: use codes.VALID_OS_VERSIONS in the freebsd importer - (jorgen.maas@gmail.com) -- cleanup: use codes.VALID_OS_VERSIONS in the debian/ubuntu importer - (jorgen.maas@gmail.com) -- Bugfix: add the /var/www/cobbler/pub directory to setup.py. Calling buildiso - from cobbler-web now works as expected. (jorgen.maas@gmail.com) -- BUGFIX: patch koan (xencreate) to correct the same issue that was broken for - vmware regarding qemu_net_type (jimi@sngx.net) -- BUGFIX: fixed issue with saving objects in the webgui failing when it was the - first of that object type saved. (jimi@sngx.net) -- Minor fix to the remote version to use the nicer extended version available - (jimi@sngx.net) -- Fix a bug in buildiso when duplicate kopt keys are used. Reported and tested - by Simon Woolsgrove (jorgen.maas@gmail.com) -- Fix for koan, where vmwcreate.py was not updated to accept the network type, - causing failures. (jimi@sngx.net) -- Added a %%post section for the cobbler-web package, which replaces the - SECRET_KEY field in the Django settings.py with a random string - (jimi@sngx.net) -- BUGFIX: added sign_puppet_certs_automatically to settings.py. The fact that - this was missing was causing failures in the the pre/post puppet install - modules. (jimi@sngx.net) -- set the auto-boot option for a virtual machine (ug@suse.de) -- Correction for koan using the incorrect default port for connecting to - cobblerd (jimi@sngx.net) -- config/settings: add "manage_tftpd: 1" (default setting) - (cristian.ciupitu@yahoo.com) - -* Wed Oct 05 2011 Scott Henson 2.2.1-1 -- Import changes for systemd from the fedora spec file (shenson@redhat.com) - -* Wed Oct 05 2011 Scott Henson 2.2.0-1 -- Remove the version (shenson@redhat.com) -- New upstream 2.2.0 release (shenson@redhat.com) -- Add networking snippet for SuSE systems. (jorgen.maas@gmail.com) -- Add a /etc/hosts snippet for SuSE systems. (jorgen.maas@gmail.com) -- Add a proxy snippet for SuSE systems. (jorgen.maas@gmail.com) -- Buildiso: make use of the proxy field (SuSE, Debian/Ubuntu). - (jorgen.maas@gmail.com) -- Rename buildiso.header to buildiso.template for consistency. Also restore the - local LABEL in the template. (jorgen.maas@gmail.com) -- Bugfix: uppercase macaddresses used in buildiso netdevice= keyword cause the - autoyast installer to not setup the network and thus fail. - (jorgen.maas@gmail.com) -- Buildiso: minor cleanup diff. (jorgen.maas@gmail.com) -- Buildiso: behaviour changed after feedback from the community. - (jorgen.maas@gmail.com) -- Build standalone ISO from the webinterface. (jorgen.maas@gmail.com) -- Fix standalone ISO building for SuSE, Debian and Ubuntu. - (jorgen.maas@gmail.com) -- add proxy field to field_info.py (jorgen.maas@gmail.com) -- Remove FreeBSD from the unix breed as it has it's own now. Also, add freebsd7 - as it is supported until feb 2013. Minor version numbers don't make sense, - also removed. (jorgen.maas@gmail.com) -- Add a proxy field to profile and system objects. This is useful for - environments where systems are not allowed to make direct connections to the - cobbler/repo servers. (jorgen.maas@gmail.com) -- Introduce a "status" field to system objects. Useful in environments where - DTAP is required, the possible values for this field are: development, - testing, acceptance, production (jorgen.maas@gmail.com) -- Buildiso: only process profiles for selected systems. (jorgen.maas@gmail.com) -- Buildiso: add batch action to build an iso for selected profiles. - (jorgen.maas@gmail.com) -- Buildiso: use management interface feature. (jorgen.maas@gmail.com) -- Buildiso: get rid of some code duplication (ISO header). - (jorgen.maas@gmail.com) -- Buildiso: add interface to macaddr resolution. (jorgen.maas@gmail.com) -- Buildiso: add Debian and Ubuntu support. (jorgen.maas@gmail.com) -- Buildiso: select systems from the webinterface. (jorgen.maas@gmail.com) -- Fix an exception when buildiso is called from the webinterface. - (jorgen.maas@gmail.com) -- fix power_virsh template to check dom status before executing command. - (bpeck@redhat.com) -- if hostname is not resolvable do not fail and use that hostname - (msuchy@redhat.com) -- Removed action_import module and references to it in code to prevent future - confusion. (jimi@sngx.net) -- Fixing redirects after a failed token validation. You should now be - redirected back to the page you were viewing after having to log back in due - to a forced login. (jimi@sngx.net) -- Use port to access cobbler (peter.vreman@acision.com) -- Stripping "g" from vgs output case-insensitive runs faster - (mmello@redhat.com) -- Adding ability to create new sub-directories when saving snippets. Addresses - trac #634 - save new snippet fails on non existing subdir (jimi@sngx.net) -- Fix traceback when executing "cobbler system reboot" with no system name - specified Trac ticket #578 - missing check for name option with system reboot - (jimi@sngx.net) -- bind zone template writing (jcallaway@squarespace.com) -- Removing the duplicate lines from importing re module (mmello@redhat.com) -- Merge remote-tracking branch 'jimi1283/bridge-interface' (shenson@redhat.com) -- Modification to allow DEPRECATED options to be added as options to optparse - so they work as aliases (jimi@sngx.net) -- Re-adding the ability to generate a random mac from the webui. Trac #543 - (Generate random mac missing from 2.x webui) (jimi@sngx.net) -- Merge remote-tracking branch 'jsabo/fbsdreplication' (shenson@redhat.com) -- Tim Verhoeven (Tue. 08:35) (Cobbler attachment) - Subject: [PATCH] Add support to koan to select type of network device to - emulate To: cobbler development list - Date: Tue, 2 Aug 2011 14:35:21 +0200 (shenson@redhat.com) -- Hello, (shenson@redhat.com) -- scm_track: Add --all to git add options to handle deletions (tmz@pobox.com) -- Moved HEADER heredoc from action_buildiso.py to - /etc/cobbler/iso/buildiso.header (gbailey@terremark.com) -- Enable replication for FreeBSD (jsabo@verisign.com) -- Merge branch 'master' into bridge-interface (jimi@sngx.net) -- Remove json settings from local_get_cobbler_xmlrpc_url() (jsabo@verisign.com) -- 1) Moving --subnet field to --netmask 2) Created DEPRECATED_FIELDS structure - in field_info.py to deal with moves like this * also applies to the - bonding->interface_type move for bridged interface support (jimi@sngx.net) -- Merge remote-tracking branch 'jimi1283/bridge-interface' (shenson@redhat.com) -- Fixing up some serializer module stuff: * detecting module load errors when - trying to deserialize collections * added a what() function to all the - serializer modules for ID purposes * error detection for mongo stuff, - including pymongo import problems as well as connection issues - (jimi@sngx.net) -- Cleanup of bonding stuff in all files, including webui and koan. Additional - cleanup in the network config scripts, and re-added the modprobe.conf - renaming code to the post install network config. (jimi@sngx.net) -- Initial rework to allow bridge/bridge slave interfaces Added static route - configuration to pre_install_network_config Major cleanup/reworking of - post_install_network_config script (jimi@sngx.net) -- Fix for bad commit of some json settings test (jimi@sngx.net) -- Merge remote-tracking branch 'jsabo/fbsdimport' (shenson@redhat.com) -- Adding initial support for FreeBSD media importing (jsabo@verisign.com) -- Setting TIME_ZONE to None in web/settings.py causes a 500 error on a RHEL5 - system with python 2.4 and django 1.1. Commenting out the config line has the - same effect as setting it to None, and prevents the 500. (jimi@sngx.net) -- Fixes for importing RHEL6: * path_tail() was previously moved to utils, a - couple places in the import modules still used self.path_tail instead - of utils.path_tail, causing a stack dump * Fixed an issue in - utils.path_tail(), which was using self. still from when it was a member - of the import class * When mirror name was set on import and using - --available-as, it was appending a lot of junk instead of just using the - specified mirror name (jimi@sngx.net) -- Merge branch 'master' of git://git.fedorahosted.org/cobbler (jimi@sngx.net) -- Fix a quick error (shenson@redhat.com) -- Set the tftpboot dir for rhel6 hosts (jsabo@verisign.com) -- Fixed a typo (jorgen.maas@gmail.com) -- Added an extra field in the system/interface item. The field is called - "management" and should be used to identify the management interface, this - could be useful information for multihomed systems. (jorgen.maas@gmail.com) -- In the event log view the data/time field got wrapped which is very annoying. - Fast fix for now, i'm pretty sure there are better ways to do this. - (jorgen.maas@gmail.com) -- Event log soring on date reverted, let's sort on id instead. Reverse over - events in the template. Convert gmtime in the template to localtime. - (jorgen.maas@gmail.com) -- Sort the event log by date/time (jorgen.maas@gmail.com) -- Remove some unsupported OS versions from codes.py (jorgen.maas@gmail.com) -- Some changes in the generate_netboot_iso function/code: - Users had to supply - all system names on the commandline which they wanted to include in the ISO - boot menu. This patch changes that behaviour; all systems are included by - default now. You can still provide an override with the --systems parameter, - thus making this feature more consistent with what one might expect from - reading the help. - While at it I tried to make the code more readable and - removed some unneeded iterations. - Prevent some unneeded kernel/initrd - copies. - You can now override ip/netmask/gateway/dns parameters with - corresponding kernel_options. - Fixed a bug for SuSE systems where ksdevice - should be netdevice. - If no ksdevice/netdevice (or equivalent) has been - supplied via kernel_options try to guess the proper interface to use, but - don't just use one if we can't be sure about it (e.g. for multihomed - systems). (jorgen.maas@gmail.com) -- Add SLES 11 to codes.py (jorgen.maas@gmail.com) -- Add support for Fedora15 to codes.py (jorgen.maas@gmail.com) -- Django uses the timezone information from web/settings.py Changing the - hardcoded value to None forces Django to use the systems timezone instead of - this hardcoded value (jorgen.maas@gmail.com) -- Fix cobbler replication for non-RHEL hosts. The slicing used in the - link_distro function didn't work for all distros. (jsabo@verisign.com) -- Fix vmware esx importing. It was setting the links dir to the dir the iso was - mounted on import (jsabo@verisign.com) -- Merge remote-tracking branch 'jsabo/webuifun' (shenson@redhat.com) -- Fix bug with esxi replication. It wasn't rsyncing the distro over if the - parentdir already existed. (jsabo@verisign.com) -- Merge branch 'master' of git://git.fedorahosted.org/cobbler (jimi@sngx.net) -- Initial commit for mongodb backend support and adding support for settings as - json (jimi@sngx.net) -- Web UI patches from Greg Swift applied (jsabo@verisign.com) -- whitespace fix (dkilpatrick@verisign.com) -- Fix to fix to py_tftp change to sync in bootloaders - (dkilpatrick@verisign.com) -- Fixing a bug reported by Jonathan Sabo. (dkilpatrick@verisign.com) -- Merge branch 'master' of git://git.fedorahosted.org/cobbler - (dkilpatrick@verisign.com) -- Revert "Jonathan Sabo (June 09) (Cobbler)" - (shenson@redhat.com) -- Unmount and deactivate all software raid devices after searching for ssh keys - (jonathan.underwood@gmail.com) -- Merge remote-tracking branch 'ugansert/master' (shenson@redhat.com) -- Jonathan Sabo (June 09) (Cobbler) Subject: [PATCH] Fix - issue with importing distro's on new cobbler box To: cobbler development list - Date: Thu, 9 Jun 2011 16:17:20 -0400 - (shenson@redhat.com) -- missing manage_rsync option from config/settings (jsabo@criminal.org) -- Remove left-over debugging log message (dkilpatrick@verisign.com) -- SUSE requires the correct arch to find kernel+initrd on the inst-source - (ug@suse.de) -- added autoyast=... parameter to the ISO building code when breed=suse - (ug@suse.de) -- calculate meta data in the XML file without cheetah variables now - (ug@suse.de) -- render the cheetah template before passing the XML to the python XML parser - (ug@suse.de) -- made the pathes flexible to avoid problem on other distros than fedora/redhat - (ug@suse.de) -- bugfix (ug@suse.de) -- Merge patch from stable (cristian.ciupitu@yahoo.com) -- utils: initialize main_logger only when needed (cristian.ciupitu@yahoo.com) -- During refactor, failed to move templater initialization into - write_boot_files_distro. (dkilpatrick@verisign.com) -- Fixed a couple of simple typos. Made the boot_files support work (added - template support for the key, defined the img_path attribute for that - expansion) (dkilpatrick@verisign.com) -- Fixes to get to the "minimally tested" level. Fixed two syntax errors in - tftpd.py, and fixed refences to api and os.path in manage_in_tftpd.py - (dkilpatrick@verisign.com) -- Rebasing commit, continued. (kilpatds@oppositelock.org) -- Change the vmware stuff to use 'boot_files' as the space to set files that - need to be available to a tftp-booting process (dkilpatrick@verisign.com) -- Added 'boot_files' field for 'files that need to be put into tftpboot' - (dkilpatrick@verisign.com) -- Merge conflict. (kilpatds@oppositelock.org) -- Add in a default for puppet_auto_setup, thanks to Camille Meulien - for finding it. (shenson@redhat.com) -- Add a directory remap feature to fetchable_files processing. /foo/*=/bar/ - Client requests for "/foo/baz" will be turned into requests for /bar/baz. - Target paths are evaluated against the root filesystem, not tftpboot. - Template expansion is done on "bar/baz", so that would typically more - usefully be something like /boot/*=$distro_path/boot - (dkilpatrick@verisign.com) -- Removed trailing whitespace causing git warnings (dkilpatrick@verisign.com) -- Fix a bug where tftpd.py would throw if a client requested '/'. - (dkilpatrick@verisign.com) -- Allow slop in the config, not just the client. modules: don't hardcode - /tftpboot (dkilpatrick@verisign.com) -- Moved footer to actually float at the bottom of the page or visible section, - whichever is further down. Unfortunately leaves a slightly larger margin pad - on there. Will have to see if it can be made cleaner (gregswift@gmail.com) -- Removed right padding on delete checkboxes (gregswift@gmail.com) -- Adjusted all the self closing tags to end eith a " />" instead of not having - a space separating them (gregswift@gmail.com) -- Added "add" button to the filter bit (gregswift@gmail.com) -- Removed "Enabled" label on checkboxes, this can be added via css as part of - the theme if people want it using :after { content: " Enabled" } Padded the - context-tip off the checkboxes so that it lines up with most of the other - context tips instead of being burring in the middle of the form - (gregswift@gmail.com) -- Added bottom margin on text area so that it isn't as tight next to other form - fields (gregswift@gmail.com) -- Added id tags to the forms for ks templates and snippets Set some margins for - those two forms, they were a bit scrunched because they didn't have a - sectionbody fieldset and legend Removed inline formatting of input sizes on - those two pages Set the textareas in those two pages via css - (gregswift@gmail.com) -- Made the tooltips get hiddent except for on hover, with a small image - displayed in their place (gregswift@gmail.com) -- Added a top margin to the submit/reset buttons... looks cleaner having some - space. (gregswift@gmail.com) -- Changed generic edit form to the following: - Made blocks into fieldsets - again, converting the h2 to a legend. I didn't mean to change this the first - time through. - Pulled up a level, removing the wrapping div, making each - fieldset contain an order list, instead of each line being an ordered list, - which was silly of me. - Since it went up a level, un-indented all of the - internal html tags 2 spaces - changed the place holder for the network - widgets to spans so that they displayed cleanly (Don't like the spans either, - but its for the javascript) In the stylesheet just changed the - div.sectionbody to ol.sectionbody (gregswift@gmail.com) -- Fixed closing ul->div on multiselect section. Must have missed it a few - commits ago. (gregswift@gmail.com) -- IE uses input styling such as borders even on checkboxes... was not intended, - so has been cleared for checkboxes (gregswift@gmail.com) -- This is a change to the multiselect buttons view, i didn't mean to commit - the style sheet along with the spelling check fixes, but since I did might as - well do the whole thing and then erevert it later if people dislike it - (gregswift@gmail.com) -- Fixed another postition mispelling (gregswift@gmail.com) -- fixed typo postition should be position (gregswift@gmail.com) -- Returned the multiselect section to being div's, since its actually not a set - of list items, it is a single list item. Re-arranged the multiselect so that - the buttons are centered between the two sections Removed all of the line - breaks form that section Made the select box headings actually labels moved - the order of multiselect after sectionbody definition due to inheritence - (gregswift@gmail.com) -- Restored select boxes to "default" styling since they are not as cleanly css- - able Made visibly selected action from Batch Actions bold, mainly so by - default Batch Action is bold. Moved text-area and multi-select sizing into - stylesheet. re-alphabetized some of the tag styles Made the default login's - text inputs centered, since everything else on that page is - (gregswift@gmail.com) -- Added missing bracket from two commits ago in the stylesheet. - (gregswift@gmail.com) -- Re-added the tool tips for when they exist in the edit forms and set a style - on them. Removed an extraneous line break from textareas in edit form - (gregswift@gmail.com) -- Fixed javascript where I had used teh wrong quotes, thus breaking the network - interface widgets (gregswift@gmail.com) -- Added label and span to cleanup block (gregswift@gmail.com) -- Added version across all of the template loads so that the footer is - populated with it (gregswift@gmail.com) -- all css: - set overall default font size of 1em - added missing tags to the - cleanup css block - fixed button layout -- list line buttons are smaller font - to keep lines smaller -- set action input button's size - set indentation and - bolding of items in batch action - redid the list formatting -- removed zebra - stripes, they share the standard background now -- hover is now the - background color of the old darker zebra stripe -- selected lines now - background of the older light zebra stripe - added webkit border radius - (gregswift@gmail.com) -- generic_lists.tmpl - Removed force space on the checklists generic_lists.tmpl - - Added javascript to allow for selected row highlighting - (gregswift@gmail.com) -- Removed inline formatting from import.tmpl Made the context tips spans - (gregswift@gmail.com) -- Made both filter-adder elements exist in the same li element - (gregswift@gmail.com) -- Added default formatting for ordered lists Added formatting for the new - multiselect unordered list Changed old div definitions for the multiselect to - li Added label formatting for inside sectionbody to line up all the forms. - (gregswift@gmail.com) -- Adjusted multiselect section to be an unordered list instead of a div - (gregswift@gmail.com) -- Moved the close list tag inside the for loop, otherwise we generate lots of - nasty nested lists (gregswift@gmail.com) -- Changed edit templates to use ol instead of ul, because it apparently helps - out those using screen readers, and we should be making things accessible, - yes? (gregswift@gmail.com) -- Re-structured the edit templates to be unordered lists. Standardized the - tooltip/contextual data as context-tip class Redid the delete setup so that - its Delete->Really? Instead of Delete:Yes->Really? Same number of check - boxes. Setup the delete bit so that Delete and Really are labels for the - checkboxes and there isn't extraneous html input tags (gregswift@gmail.com) -- Added top margin on the filter adder (gregswift@gmail.com) -- Adjusted single action item buttons to be in the same list element, as it - makes alignment cleaner, and more sense from a grouping standpoint Set - submenubar default height to 26px Set submenubar's alignment to be as clean - as I've been able to get so far. (gregswift@gmail.com) -- Set background color back to original (gregswift@gmail.com) -- Adjusted all buttons to hover invert from blue to-blackish, the inverse of - the normal links (which go blackish to blue) but left the text color the - same. i'm not sure its as pretty, but dfinately more readable. Plus the - color change scheme is more consistant. Also made table buttons smaller than - other buttons (gregswift@gmail.com) -- Fixed width on paginate select boxes to auto, instead of over 200px - (gregswift@gmail.com) -- Removed margin around hr tag, waste of space, and looks closer to original - now (gregswift@gmail.com) -- Removed extraneous body div by putting user div inside container. - (gregswift@gmail.com) -- Adjuested style sheet to improve standardization of form fields, such as - buttons, text input widths, and fontsizes in buttons vs drop downs. - (gregswift@gmail.com) -- Some menu re-alignment on both menubar and submenubar (gregswift@gmail.com) -- Got the container and the user display into a cleaner size alignment to - display on the screen. less chance of horiz scroll (gregswift@gmail.com) -- Fix to get login form a bit better placed without duplicate work - (gregswift@gmail.com) -- pan.action not needed... .action takes care of it (gregswift@gmail.com) -- Removed padding on login screen (gregswift@gmail.com) -- Redid action and button classes to make them look like buttons.. still needs - work. Resized pointer classes to make things a bit more level on that row - (gregswift@gmail.com) -- New cleanup at the top negates the need for this table entry - (gregswift@gmail.com) -- Removed the body height to 99%%. Was doing this for sticky footer, but - current path says its not needed (gregswift@gmail.com) -- Added some windows and mac default fonts Made the body relative, supposed to - help with the layout Set text color to slightly off black.. was told there is - some odd optical reasoning behind this (gregswift@gmail.com) -- Made class settings for the table rows a touch more specific in the css - (gregswift@gmail.com) -- Added "normalization" to clean up cross browser differences at top of - style.css (gregswift@gmail.com) -- Added button class to all buttons, submit, and resets (gregswift@gmail.com) -- Fixed sectionheader to not be styled as actions... they are h2! - (gregswift@gmail.com) -- Fixed container reference from class to id (gregswift@gmail.com) -- Added missing action class on the "Create new" links in generic_list.tmpl - (gregswift@gmail.com) -- Revert part of 344969648c1ce1e753af because RHEL5's django doesn't support - that (gregswift@gmail.com) -- removed underline on remaing links (gregswift@gmail.com) -- Fixed the way the logo was placed on the page and removed the excess - background setting. (gregswift@gmail.com) -- Some cleanup to the style sheet along - removed fieldset since no more exist - (not sure about this in long run.... we'll see) - cleaned up default style - for ul cause it was causing override issues - got menubar and submenu bar - mostly settled (gregswift@gmail.com) -- Fixed submenu bar ul to be identified by id not class (gregswift@gmail.com) -- Rebuilt primary css stylesheet - not complete yet (gregswift@gmail.com) -- Removed logout from cobbler meft hand menu (gregswift@gmail.com) -- Next step in redoing layout: - added current logged in user and logout button - to a div element at top of page - fixed content div from class to id - added - footer (version entry doesn't work for some reason) - links to cobbler - website (gregswift@gmail.com) -- in generic_list.tmpl - set the edit link to class 'action' - merged the - creation of the edit action 'View kickstart' for system and profile - (gregswift@gmail.com) -- Replaced tool tip as div+em with a span classed as tooltip. tooltip class - just adds italic. (gregswift@gmail.com) -- Fixed table header alignment to left (gregswift@gmail.com) -- Take the logo out of the html, making it a css element, but retain the - location and basic feel of the placement. (gregswift@gmail.com) -- Step one of redoing the action list, pagination and filters. - split - pagination and filters to two tmpl files - pagination can be called on its - own (so it can live in top and bottom theoretically) - filter will eventually - include pagination so its on the bottom - new submenubar includes pagination - - new submenubar does age specific actiosn as links instead of drop downs - cause there is usually 1, rarely 2, never more. (gregswift@gmail.com) -- Removed pagination from left hand column (gregswift@gmail.com) -- Removed an erroneous double quote from master.tmpl (gregswift@gmail.com) -- Went a bit overboard and re-adjusted whitespace in all the templates. Trying - to do the code in deep blocks across templates can be a bit tedious and - difficult to maintain. While the output is not perfect, at least the - templates are more readable. (gregswift@gmail.com) -- Removed remaining vestige of action menu shading feature - (gregswift@gmail.com) -- Removed header shade references completely from the lists and the code from - master.tmpl (gregswift@gmail.com) -- Wrapped setting.tmpl error with the error class (gregswift@gmail.com) -- Changed h3 to h2 inside pages Made task_created's h4 into a h1 and - standarized with the other pages (gregswift@gmail.com) -- Standardized header with a hr tag before the form tags (gregswift@gmail.com) -- Added base width on the multiple select boxes, primarily for when they are - empty (gregswift@gmail.com) -- Removed fieldset wrappers and replaced legends with h1 and h2 depending on - depth (gregswift@gmail.com) -- Adjusted logic for the legent to only change one word, instead of the full - string (gregswift@gmail.com) -- Removed empty cell from table in generic_edit.tmpl (gregswift@gmail.com) -- Revert 8fed301e61f28f8eaf08e430869b5e5df6d02df0 because it was to many - different changes (gregswift@gmail.com) -- Removed empty cell from table in generic_edit.tmpl (gregswift@gmail.com) -- Moved some cobbler admin and help menus to a separate menu in the menubar - (gregswift@gmail.com) -- Added HTML5 autofocus attribute to login.tmpl. Unsupported browsers just - ignores this. (gregswift@gmail.com) -- Re-built login.tmpl: - logo isn't a link anymore back to the same page - logo - is centered with the login form - fieldset has been removed - set a css class - for the body of the login page, unused for now. And the css: - removed the - black border from css - centered the login button as well - (gregswift@gmail.com) -- Made the links and span.actions hover with the same color as used for the - section headings (gregswift@gmail.com) -- Removed as much in-HTML placed formatting as possible and implemented them in - css. The main bit remaining is the ul.li floats in paginate.tmpl - (gregswift@gmail.com) -- Cleaned up single tag closing for several of the checkboxes - (gregswift@gmail.com) -- removed a trailing forward slash that was creating an orphaned close span tag - (gregswift@gmail.com) -- Relabeled cells in thead row from td tags to th (gregswift@gmail.com) -- Added tr wrapper inside thead of tables for markup validation - (gregswift@gmail.com) -- Use :// as separator for virsh URIs (atodorov@otb.bg) -- Create more condensed s390 parm files (thardeck@suse.de) -- Add possibility to interrupt zPXE and to enter CMS (thardeck@suse.de) -- Cleanup the way that we download content - Fixes a bug where we were only - downloading grub-x86_64.efi (shenson@redhat.com) -- Port this config over as well (shenson@redhat.com) -- Only clear logs that exist. (bpeck@redhat.com) -- Pull in new configs from the obsoletes directory. (shenson@redhat.com) -- Removed extraneous close row tag from events.tmpl (gregswift@gmail.com) -- Fixed spelling of receive in enoaccess.tmpl (gregswift@gmail.com) -- Added missing close tags on a few menu unordered list items in master.tmpl - (gregswift@gmail.com) -- Added missing "for" correlation tag for labels in generic_edit.tmpl - (gregswift@gmail.com) -- Removed extraneous close divs from generic_edit.tmpl (gregswift@gmail.com) -- Removing old and unused template files (gregswift@gmail.com) -- Add support for Ubuntu distros. (andreserl@ubuntu.com) -- Koan install tree path for Ubuntu/Debian distros. (andreserl@ubuntu.com) -- Fixing hardlink bin path. (andreserl@ubuntu.com) -- Do not fail when yum python module is not present. (andreserl@ubuntu.com) -- Add Ubuntu/Debian support to koan utils for later use. (andreserl@ubuntu.com) -- typo in autoyast xml parsing (ug@suse.de) -- Minor change to validate a token before checking on a user. (jimi@sngx.net) -- get install tree from install=... parameter for SUSE (ug@suse.de) -- handle autoyast XML files (ug@suse.de) -- fixed support for SUSE in build-iso process. Fixed a typo (ug@suse.de) -- added SUSE breed to import-webui (ug@suse.de) -- Merge remote-tracking branch 'lanky/master' (shenson@redhat.com) -- Merge remote-tracking branch 'jimi1283/master' (shenson@redhat.com) -- added support for suse-distro import (ug@suse.de) -- Fix a sub_process Popen call that did not set close_fds to true. This causes - issues with sync where dhcpd keeps the XMLRPC port open and prevents cobblerd - from restarting (jimi@sngx.net) -- Cleanup of unneccsary widgets in distro/profile. These needed to be removed - as part of the multiselect change. (jimi@sngx.net) -- Yet another change to multiselect editing. Multiselects are now presented as - side-by-side add/delete boxes, where values can be moved back and forth and - only appear in one of the two boxes. (jimi@sngx.net) -- Fix for django traceback when logging into the web interface with a bad - username and/or password (jimi@sngx.net) -- Fix for snippet/kickstart editing via the web interface, where a 'tainted - file path' error was thrown (jimi@sngx.net) -- added the single missed $idata.get() item (stuart@sjsears.com) -- updated post_install_network_config to use $idata.get(key, "") instead of - $idata[key]. This stops rendering issues with the snippet when some keys are - missing (for example after an upgrade from 2.0.X to 2.1.0, where a large - number of new keys appear to have been added.) and prevents us from having to - go through all system records and add default values for them. - (stuart@sjsears.com) -- Take account of puppet_auto_setup in install_post_puppet.py - (jonathan.underwood@gmail.com) -- Take account of puppet_auto_setup in install_pre_puppet.py - (jonathan.underwood@gmail.com) -- Add puppet snippets to sample.ks (jonathan.underwood@gmail.com) -- Add puppet_auto_setup to settings file (jonathan.underwood@gmail.com) -- Add snippets/puppet_register_if_enabled (jonathan.underwood@gmail.com) -- Add snippets/puppet_install_if_enabled (jonathan.underwood@gmail.com) -- Add configuration of puppet pre/post modules to settings file - (jonathan.underwood@gmail.com) -- Add install_post_puppet.py module (jonathan.underwood@gmail.com) -- Add install_pre_puppet.py module (jonathan.underwood@gmail.com) -- Apply a fix for importing red hat distros, thanks jsabo (shenson@redhat.com) -- Changes to action/batch actions at top of generic list pages * move logic - into views, where it belongs * simplify template code * change actions/batch - actions into drop down select lists * added/modified javascript to deal with - above changes (jimi@sngx.net) -- Minor fixes to cobbler.conf, since the AliasMatch was conflicting with the - WSGI script alias (jimi@sngx.net) -- Initial commit for form-based login and authentication (jimi@sngx.net) -- Convert webui to use WSGI instead of mod_python (jimi@sngx.net) -- Save field data in the django user session so the webui doesn't save things - unnecessarily (jimi@sngx.net) -- Make use of --format in git and use the short hash. Thanks Todd Zullinger - (shenson@redhat.com) -- We need git. Thanks to Luc de Louw (shenson@redhat.com) -- Start of the change log supplied by Michael MacDonald - (shenson@redhat.com) -- Fix typo in cobbler man page entry for profile (jonathan.underwood@gmail.com) -- Fix cobbler man page entry for parent profile option - (jonathan.underwood@gmail.com) -- Set SELinux context of host ssh keys correctly after reinstallation - (jonathan.underwood@gmail.com) -- Fixing bug with img_path. It was being used prior to being set if you have - images. (jonathan.sabo@gmail.com) -- Add firstboot install trigger mode (jonathan.sabo@gmail.com) -- Fix old style shell triggers by checking for None prior to adding args to arg - list and fix indentation (jonathan.sabo@gmail.com) -- Bugfix: restore --no-fail functionality to CLI reposync - (icomfort@stanford.edu) -- Add the ability to replicate the new object types (mgmtclass,file,package). - (jonathan.sabo@gmail.com) -- Add VMware ESX and ESXi replication. (jonathan.sabo@gmail.com) -- Add batch delete option for profiles and mgmtclasses - (jonathan.sabo@gmail.com) -- Spelling fail (shenson@redhat.com) -- Remove deploy as a valid direct action (shenson@redhat.com) -- Trac Ticket #509: A fix that does not break everything else. - (https://fedorahosted.org/cobbler/ticket/509) (andrew@eiknet.com) -- Only chown the file if it does not already exist (shenson@redhat.com) -- Modification to cobbler web interface, added a drop-down select box for - management classes and some new javascript to add/remove items from the - multi-select (jimi@sngx.net) -- Check if the cachedir exists before we run find on it. (shenson@redhat.com) -- Fix trac#574 memtest (shenson@redhat.com) -- Add network config snippets for esx and esxi network configuration - $SNIPPET('network_config_esxi') renders to: (jonathan.sabo@gmail.com) -- Trac Ticket #510: Modified 'cobbler buildiso' to use - /var/cache/cobbler/buildiso by default. Added a /etc/cobbler/settings value - of 'buildisodir' to make it setable by the end user. --tempdir will still - overwrite either setting on the command line. (andrew@eiknet.com) -- Add img_path to the metadata[] so that it's rendered out in the esxi pxe - templates. Add os_version checks for esxi in kickstart_done so that it uses - wget or curl depending on what's known to be available. - (jonathan.sabo@gmail.com) -- Added --sync-all option to cobbler replicate which forces all systems, - distros, profiles, repos and images to be synced without specifying each. - (rrr67599@rtpuw027.corpnet2.com) -- Added manage_rsync option which defaults to 0. This will make cobbler not - overwrite a local rsyncd.conf unless enabled. - (rrr67599@rtpuw027.corpnet2.com) -- Added semicolon master template's placement of the arrow in the page heading - (gregswift@gmail.com) -- Quick fix from jsabo (shenson@redhat.com) -- added hover line highlighting to table displays (gregswift@gmail.com) -- Modification to generic_edit template so that the name field is not a text - box when editing. (jimi@sngx.net) -- Minor fixes for mgmt classes webui changes. - Bug when adding a new obj, - since obj is None it was causing a django stack dump - Minor tweaks to - javascript (jimi@sngx.net) -- Fixed error in which the json files for mgmtclasses was not being deleted - when a mgmtclass was removed, meaning they showed back up the next time - cobblerd was restarted (jimi@sngx.net) -- Fixed syntax error in clogger.py that was preventing cobblerd from starting - (jimi@sngx.net) -- Supports an additional initrd from kernel_options. (bpeck@redhat.com) -- Remove a bogus self (shenson@redhat.com) -- Re-enable debmirror. (chuck.short@canonical.com) -- Extending the current Wake-on-Lan support for wider distro compatibility. - Thanks to Dustin Kirkland. (chuck.short@canonical.com) -- Dont hardcode /etc/rc.d/init.d redhatism. (chuck.short@canonical.com) -- Newer (pxe|sys)linux's localboot value produces unreliable results when using - documented options, -1 seems to provide the best supported value - (chuck.short@canonical.com) -- Detect the webroot to be used based on the distro. - (chuck.short@canonical.com) -- If the logfile path doesn't exist, don't attempt to create the log file. - Mainly needed when cobbler is required to run inside the build env - (cobbler4j). Thanks to Dave Walker - (chuck.short@canonical.com) -- Implement system power status API method and CLI command (crosa@redhat.com) -- Update setup files to use proper apache configuration path - (konrad.scherer@windriver.com) -- Debian has www-data user for web server file access instead of apache. - (konrad.scherer@windriver.com) -- Update init script to work under debian. (konrad.scherer@windriver.com) -- Use lsb_release module to detect debian distributions. Debian release is - returned as a string because it could be sid which will never have a version - number. (konrad.scherer@windriver.com) -- Fix check for apache installation (konrad.scherer@windriver.com) -- Handle Cheetah version with more than 3 parts (konrad.scherer@windriver.com) -- Allow dlcontent to use proxy environment variables (shenson@redhat.com) -- Copy memtest to $bootloc/images/. Fixes BZ#663307 (shenson@redhat.com) -- Merge remote branch 'jimi1283/master' (shenson@redhat.com) -- Turn the cheetah version numbers into integers while testing them so we don't - always return true (shenson@redhat.com) -- Kill some whitespace (shenson@redhat.com) -- Fix for bug #587 - Un-escaped '$' in snippet silently fails to render - (jimi@sngx.net) -- Fix for bug #587 - Un-escaped '$' in snippet silently fails to render - (jimi@sngx.net) -- Merge branch 'master' of git://git.fedorahosted.org/cobbler (jimi@sngx.net) -- Don't use link caching in places it isn't needed (shenson@redhat.com) -- Better logging on subprocess calls (shenson@redhat.com) -- Fix for trac #541 - cobbler sync deletes /var/www/cobbler/pub (jimi@sngx.net) -- Merged work in the import-modules branch with the debian/ubuntu modules - created by Chuck Short (jimi@sngx.net) -- Merge branch 'cshort' into import-modules (jimi@sngx.net) -- Finished up debian/ubuntu support for imports Tweaked redhat/vmware import - modules logging output Added rsync function to utils to get it out of each - module - still need to fix the redhat/vmware modules to actually use this - (jimi@sngx.net) -- Initial commit for the Debian import module. * tested against Debian squeeze. - (chuck.short@canonical.com) -- Initial commit for the Ubuntu import module. * tested against Natty which - imported successfully. (chuck.short@canonical.com) -- tftp-hpa users for both Ubuntu Debian use /var/lib/tftpboot. - (chuck.short@canonical.com) -- Disable the checks that are not really valid for Ubuntu or Debian. - (chuck.short@canonical.com) -- Add myself to the authors file. (chuck.short@canonical.com) -- Updates for debian/ubuntu support in import modules (jimi@sngx.net) -- Fix a problem with cheetah >= 2.4.2 where the snippets were causing errors, - particularly on F14 due to its use of cheetah 2.4.3. (shenson@redhat.com) -- Initial commit of the Ubuntu import module (jimi@sngx.net) -- Merge remote branch 'jimi1283/import-modules' (shenson@redhat.com) -- Merge remote branch 'jimi1283/master' (shenson@redhat.com) -- Extended ESX/ESXi support * Fixed release detection for both ESX and ESXi * - Added support to kickstart_finder() so that the fetchable_files list gets - filled out when the distro is ESXi (jimi@sngx.net) -- Fixed distro_adder() in manage_import_vmware so ESXi gets imported properly - (jimi@sngx.net) -- Initial commit for the VMWare import module * tested against esx4 update 1, - which imported successfully (jimi@sngx.net) -- Minor style changes for web css * darken background slightly so the logo - doesn't look washed out * make text input boxes wider (jimi@sngx.net) -- Fix for the generic_edit function for the web page. The choices field for - management classes was not being set for distros/profiles - only systems, - causing a django stack dump (jimi@sngx.net) -- modify keep_ssh_host_keys snippet to use old keys during OS installation - (flaks@bnl.gov) -- Merge remote branch 'jimi1283/master' (shenson@redhat.com) -- Added replicate to list of DIRECT_ACTIONS, so it shows up in the --help - output (jimi@sngx.net) -- Merge branch 'master' into import-modules (jimi@sngx.net) -- Merge branch 'master' of git://git.fedorahosted.org/cobbler (jimi@sngx.net) -- Some fixes to the manage_import_redhat module * stop using mirror_name for - path stuff - using self.path instead * fixed rsync command to use self.path - too, this should really be made a global somewhere else though - (jimi@sngx.net) -- Add synopsis entries to man page to enable whatis command - (kirkland@ubuntu.com) -- Add "ubuntu" as detected distribution. (clint@ubuntu.com) -- Fix for redhat import module. Setting the kickstart file with a default - value was causing some issues later on with the kickstart_finder() function, - which assumes all new profiles don't have a kickstart file yet - (jimi@sngx.net) -- Fix for non x86 arches, bug and fix by David Robinson - (shenson@redhat.com) -- Don't die when we find deltas, just don't use them (shenson@redhat.com) -- Merge remote branch 'khightower/khightower/enhanced-configuration-management' - (shenson@redhat.com) -- By: Bill Peck exclude initrd.addrsize as well. This - affects s390 builds (shenson@redhat.com) -- Fix an issue where an item was getting handed to remove_item instead of the - name of the item. This would cause an exception further down in the stack - when .lower() was called on the object (by the call to get_item). - (shenson@redhat.com) -- Add a check to make sure system is in obj_types before removing it. Also - remove an old FIXME that this previously fixed (shenson@redhat.com) -- Fix regression in 2.0.8 that dumped into pxe cfg files (shenson@redhat.com) -- Initial commit of import module for redhat (jimi@sngx.net) -- Merge branch 'master' of git://git.fedorahosted.org/cobbler (jimi@sngx.net) -- Added new modules for copying a distros's fetchable files to the - /tftpboot/images directory - add_post_distro_tftp_copy_fetchable_files.py - copies on an add/edit - sync_post_tftp_copy_fetchable_files.py copies the - files for ALL distros on a full sync (jimi@sngx.net) -- Removed trailing '---' from each of the PXE templates for ESXi, which causes - PXE issues (jimi@sngx.net) -- Make stripping of "G" from vgs output case-insensitive - (heffer@fedoraproject.org) -- Replace rhpl with ethtool (heffer@fedoraproject.org) -- Add --force-path option to force overwrite of virt-path location - (pryor@bnl.gov) -- item_[profile|system] - update parents after editing (mlevedahl@gmail.com) -- collection.py - rename rather than delete mirror dirs (mlevedahl@gmail.com) -- Wil Cooley (shenson@redhat.com) -- Merge remote branch 'kilpatds/io' (shenson@redhat.com) -- Add additional qemu_driver_type parameter to start_install function - (Konrad.Scherer@windriver.com) -- Add valid debian names for releases (Konrad.Scherer@windriver.com) -- Add debian preseed support to koan (Konrad.Scherer@windriver.com) -- Add support for EFI grub booting. (dgoodwin@rm-rf.ca) -- Turn the 'daemonize I/O' code back on. cobbler sync seems to still work - (dkilpatrick@verisign.com) -- Fix some spacing in the init script (dkilpatrick@verisign.com) -- Added a copy-default attribute to koan, to control the params passed to - grubby (paji@redhat.com) -- Turn on the cache by default Enable a negative cache, with a shorter timeout. - Use the cache for normal lookups, not much ip-after-failed. - (dkilpatrick@verisign.com) -- no passing full error message. Der (dkilpatrick@verisign.com) -- Pull the default block size into the template, since that can need to be - changed. Make tftpd.py understand -B for compatibility. Default to a smaller - mtu, for vmware compatibility. (dkilpatrick@verisign.com) -- in.tftpd needs to be run as root. Whoops (dkilpatrick@verisign.com) -- Handle exceptions in the idle-timer handling. This could cause tftpd.py to - never exit (dkilpatrick@verisign.com) -- Do a better job of handling things when a logger doesn't exist. And don't try - and find out what the FD is for logging purposes when I know that might throw - and I won't catch it. (dkilpatrick@verisign.com) -- Scott Henson pointed out that my earlier changes stopped a sync from also - copying kernel/initrd files into the web directry. Split out the targets - from the copy, and make sure that sync still copies to webdir, and then also - fixed where I wasn't copying those files in the synclite case. - (dkilpatrick@verisign.com) -- Put back code that I removed incorrectly. (sync DHCP, DNS) - (dkilpatrick@verisign.com) -- Support installing FreeBSD without an IP address set in the host record. - (dkilpatrick@verisign.com) -- Fixed some bugs in the special-case handling code, where I was not properly - handling kernel requests, because I'd merged some code that looked alike, but - couldn't actually be merged. (dkilpatrick@verisign.com) -- fixing koan to use cobblers version of os_release which works with RHEL 6 - (jsherril@redhat.com) -- Adding preliminary support for importing ESXi for PXE booting (jimi@sngx.net) -- Fix cobbler check tftp typo. (dgoodwin@rm-rf.ca) -- buildiso now builds iso's that include the http_port setting (in - /etc/cobbler/settings) in the kickstart file url - (maarten.dirkse@filterworks.com) -- Add check detection for missing ksvalidator (dean.wilson@gmail.com) -- Use shlex.split() to properly handle a quoted install URL (e.g. url - --url="http://example.org") (jlaska@redhat.com) -- Update codes.py to accept 'fedora14' as a valid --os-version - (jlaska@redhat.com) -- No more self (shenson@redhat.com) -- Don't die if a single repo fails to sync. (shenson@redhat.com) -- Refactor: depluralize madhatter branch (kelsey.hightower@gmail.com) -- Updating setup.py and spec file. (kelsey.hightower@gmail.com) -- New unit tests: Mgmtclasses (kelsey.hightower@gmail.com) -- Updating cobbler/koan man pages with info on using the new configuration - management capabilities (kelsey.hightower@gmail.com) -- Cobbler web integration for new configuration management capabilities - (kelsey.hightower@gmail.com) -- Koan configuration management enhancements (kelsey.hightower@gmail.com) -- Cobbler configuration management enhancements (kelsey.hightower@gmail.com) -- New cobbler objects: mgmtclasses, packages, and files. - (kelsey.hightower@gmail.com) -- Merge remote branch 'jsabo/kickstart_done' (shenson@redhat.com) -- Move kickstart_done and kickstart_start out of kickgen.py and into their own - snippets. This also adds support for VMware ESX triggers and magic urls by - checking for the "vmware" breed and then using curl when that's all thats - available vs wget. VMware's installer makes wget available during the %%pre - section but only curl is around following install at %%post time. Yay! I've - also updated the sample kickstarts to use $SNIPPET('kickstart_done') and - $SNIPPET('kickstart_start') (jonathan.sabo@gmail.com) -- No more getting confused between otype and obj_type (shenson@redhat.com) -- The clean_link_cache method was calling subprocess_call without a logger - (shenson@redhat.com) -- Scott Henson pointed out that my earlier changes stopped a sync from also - copying kernel/initrd files into the web directry. Split out the targets - from the copy, and make sure that sync still copies to webdir, and then also - fixed where I wasn't copying those files in the synclite case. - (dkilpatrick@verisign.com) -- revert bad templates path (dkilpatrick@verisign.com) -- Put back code that I removed incorrectly. (sync DHCP, DNS) - (dkilpatrick@verisign.com) -- Support installing FreeBSD without an IP address set in the host record. - (dkilpatrick@verisign.com) -- Fixed some bugs in the special-case handling code, where I was not properly - handling kernel requests, because I'd merged some code that looked alike, but - couldn't actually be merged. (dkilpatrick@verisign.com) -- Two more fixes to bugs introduced by pytftpd patch set: * The generated - configs did not have initrd set propertly * Some extra debugging log lines - made it into remote.py (dkilpatrick@verisign.com) -- Fix Trac#530 by properly handling a logger being none. Additionally, make - subprocess_call and subprocess_get use common bits to reduce duplication. - (shenson@redhat.com) -- Fix a cobbler_web authentication leak issue. There are times when the token - that cobbelr_web had did not match the user logged in. This patch ensures - that the token always matches the user that is logged in. - (shenson@redhat.com) -- No more getting confused between otype and obj_type (shenson@redhat.com) -- The clean_link_cache method was calling subprocess_call without a logger - (shenson@redhat.com) -- Merge remote branch 'kilpatds/master' (shenson@redhat.com) -- Scott Henson pointed out that my earlier changes stopped a sync from also - copying kernel/initrd files into the web directry. Split out the targets - from the copy, and make sure that sync still copies to webdir, and then also - fixed where I wasn't copying those files in the synclite case. - (dkilpatrick@verisign.com) -- revert bad templates path (dkilpatrick@verisign.com) -- Put back code that I removed incorrectly. (sync DHCP, DNS) - (dkilpatrick@verisign.com) -- Support installing FreeBSD without an IP address set in the host record. - (dkilpatrick@verisign.com) -- Fixed some bugs in the special-case handling code, where I was not properly - handling kernel requests, because I'd merged some code that looked alike, but - couldn't actually be merged. (dkilpatrick@verisign.com) -- Two more fixes to bugs introduced by pytftpd patch set: * The generated - configs did not have initrd set propertly * Some extra debugging log lines - made it into remote.py (dkilpatrick@verisign.com) -- fast sync. A new way of copying files around using a link cache. It creates - a link cache per device and uses it as an intermediary so that files that are - the same are not copied multiple times. Should greatly speed up sync times. - (shenson@redhat.com) -- A few small fixes and a new feature for the Python tftp server * Support - environments where the MAC address is know, but the IP address is not - (private networks). I do this by waiting for pxelinux.0 to request a file - with the mac address added to the filename, and then look up the host by - MAC. * Fix my MAC lookup logic. I didn't know to look for the ARP type (01-, - at least for ethernet) added by pxelinux.0 * Fix up some log lines to make - more sense * Fix a bug where I didn't get handle an empty fetchable_files - properly, and didn't fall back to checking for profile matches. - (dkilpatrick@verisign.com) -- Two fixed to bad changes in my prior patch set. Sorry about that. * Bad path - in cobbler/action_sync.py. No "templates" * Bad generation of the default - boot menu. The first initrd from a profile was getting into the metadata - cache and hanging around, thus becoming the initrd for all labels. - (dkilpatrick@verisign.com) -- A smart tftp server, and a module to manage it - (dkilpatr@dkilpatr.verisign.com) -- Export the generated pxelinux.cfg file via the materialized system - information RPC method. This enables the python tftpd server below to serve - that file up without any sync being required. - (dkilpatr@dkilpatr.verisign.com) -- Move management of /tftpboot into modules. This is a setup step for a later - python tftpd server that will eliminate the need for much of this work. - (dkilpatr@dkilpatr.verisign.com) -- Fetchable Files attribute: Provides a new attribute similar in spirit to - mgmt_files, but with somewhat reversed meaning. - (dkilpatr@dkilpatr.verisign.com) -- fix log rotation to actually work (bpeck@redhat.com) -- find_kernel and find_initrd already do the right checks for file_is_remote - and return None if things are wrong. (bpeck@redhat.com) -- Trac #588 Add mercurial support for scm tracking (kelsey.hightower@gmail.com) -- Add a breed for scientific linux (shenson@redhat.com) -- "mgmt_parameters" for item_profile has the wrong default setting when - creating a sub_profile. I'm assuming that <> would be correct for a - sub_profile as well. (bpeck@redhat.com) -- The new setup.py placed webui_content in the wrong spot... - (akesling@redhat.com) -- Merge commit 'a81ca9a4c18f17f5f8d645abf03c0e525cd234e1' (jeckersb@redhat.com) -- Added back in old-style version tracking... because api.py needs it. - (akesling@redhat.com) -- Wrap the cobbler-web description (shenson@redhat.com) -- Create the tftpboot directory during install (shenson@redhat.com) -- Add in /var/lib/cobbler/loaders (shenson@redhat.com) -- Create the images directory so that selinux will be happy - (shenson@redhat.com) -- Dont install some things in the webroot and put the services script down - (shenson@redhat.com) -- Fix some issues with clean installs of cobbler post build cleanup - (shenson@redhat.com) -- rhel5 doesn't build egg-info by default. (bpeck@redhat.com) -- Some systems don't reboot properly at the end of install. s390 being one of - them. This post module will call power reboot if postreboot is in ks_meta for - that system. (bpeck@redhat.com) -- Changes to allow s390 to work. s390 has a hard limit on the number of chars - it can recieve. (bpeck@redhat.com) -- show netboot status via koan. This is really handy if you have a system which - fails to pxe boot you can create a service in rc.local which checks the - status of netboot and calls --replace-self for example. (bpeck@redhat.com) -- When adding in distros/profiles from disk don't bomb out if missing kernel or - ramdisk. just don't add it. (bpeck@redhat.com) -- add X log to anamon tracking as well. (bpeck@redhat.com) -- Added new remote method clear_logs. Clearing console and anamon logs in %%pre - is too late if the install never happens. (bpeck@redhat.com) -- fixes /var/www/cobbler/svc/services.py to canonicalize the uri before parsing - it. This fixes a regression with mod_wsgi enabled and trying to provision a - rhel3 machine. (bpeck@redhat.com) -- anaconda umounts /proc on us while were still running. Deal with it. - (bpeck@redhat.com) -- fix escape (bpeck@redhat.com) -- dont lowercase power type (bpeck@redhat.com) -- Bump to 2.1.0 (shenson@redhat.com) -- Properly detect unknown distributions (shenson@redhat.com) -- cobblerd service: Required-Start: network -> $network - (cristian.ciupitu@yahoo.com) -- cobblerd service: add Default-Stop to LSB header (cristian.ciupitu@yahoo.com) -- No more . on the end (shenson@redhat.com) -- Do not delete settings and modules.conf (shenson@redhat.com) -- Remove manpage generation from the make file (shenson@redhat.com) -- Update the author and author email (shenson@redhat.com) -- Proper ownership on some files (shenson@redhat.com) -- More rpm cleanups (shenson@redhat.com) -- Don't have the #! because rpm complains (shenson@redhat.com) -- No more selinux here, we should not be calling chcon, things will end up with - the proper context in a well configured selinux environment - (shenson@redhat.com) -- No more chowning the log file. (shenson@redhat.com) -- A new spec file to go with the new setup.py (shenson@redhat.com) -- Forgot to add aux to MANIFEST.in (akesling@redhat.com) -- Fixed naming scheme for web UI to make it more uniform, what was Puppet - Parameters is now Management Parameters. (akesling@redhat.com) -- Removed unnecessary cruft. (akesling@redhat.com) -- Reconfigured setup.py to now place config files and web ui content in the - right places. The paths are configurable like they were in the previous - setup.py, but everything is much cleaner. (akesling@redhat.com) -- Removed unnecessary templating functionality from configuration generation - (and setup.py) (akesling@redhat.com) -- Added more useful files to setup.py and MANIFEST.in as well as extra - functionality which setup.py should contain. (akesling@redhat.com) -- Massive overhaul of setup.py . Moved things around a little to clean up - building/packaging/distributing. The new setup.py is still incomplete. - (akesling@redhat.com) -- RPM specific changes to setup.cfg. (akesling@redhat.com) -- Currently working through making setup.py functional for generating rpms - dynamically. setup.py is just cobbler-web at the moment... and it appears to - work. The next things to do are test the current RPM and add in - functionality for reducing repetitive setup.py configuration lines. - (akesling@redhat.com) -- Changed list-view edit link from a javascript onclick event to an actual - link... so that you can now just open it in a new tab. (akesling@redhat.com) -- Added tip for random MAC Address functionality to System MAC Address field. - (akesling@redhat.com) -- Added "Puppet Parameters" attribute to Profile and System items. The new - input field is a textarea which takes proper a YAML formatted dictionary. - This data is used for the Puppet External Nodes api call (found in - services.py). (akesling@croissant.usersys.redhat.com) -- Resume apitesting assuming against local Cobbler server. (dgoodwin@rm-rf.ca) -- Replace rogue tab with whitespace. (dgoodwin@rm-rf.ca) -- Open all log files in append mode. Tasks should not be special. This - simplifies the handling of logging for selinux. (shenson@redhat.com) -- Add rendered dir to cobbler.spec. (dgoodwin@rm-rf.ca) -- Re-add mod_python dep only for cobbler-web. (dgoodwin@rm-rf.ca) -- initializing variable that is not always initialized but is always accessed - (jsherril@redhat.com) -- Merge remote branch 'pvreman/master' (shenson@redhat.com) -- add logging of triggers (peter.vreman@acision.com) -- add logging of triggers (peter.vreman@acision.com) -- cobbler-ext-nodes needs also to use http_port (peter.vreman@acision.com) -- Adding VMware ESX specific boot options (jonathan.sabo@gmail.com) -- Merge stable into master (shenson@redhat.com) -- Fix cobbler_web authentication in a way that doesn't break previously working - stuff (shenson@redhat.com) -- Allow qemu disk type to be specified. Contributed by Galia Lisovskaya - (shenson@redhat.com) -- Merge remote branch 'jsabo/esx' (shenson@redhat.com) -- Fix a bug where we were not looking for the syslinux provided menu.c32 before - going after the getloaders one (shenson@redhat.com) -- Fix cobbler_web authentication in a way that doesn't break previously working - stuff (shenson@redhat.com) -- More preparation for the release (shenson@redhat.com) -- Update spec file for release (shenson@redhat.com) -- Update changelog for release (shenson@redhat.com) -- Bugfix: fetch extra metadata from upstream repositories more safely - (icomfort@stanford.edu) -- Bugfix: allow the creation of subprofiles again (icomfort@stanford.edu) -- Don't warn needlessly when repo rpm_list is empty (icomfort@stanford.edu) -- Bugfix: run createrepo on partial yum mirrors (icomfort@stanford.edu) -- Change default mode for new directories from 0777 to 0755 - (icomfort@stanford.edu) -- Fix replication when prune is specified and no systems are specified. This - prevents us from killing systems on a slave that keeps its own systems. To - get the old behavior, just specify a systems list that won't match anything. - (shenson@redhat.com) -- Always authorize the CLI (shenson@redhat.com) -- Bugfix: fetch extra metadata from upstream repositories more safely - (icomfort@stanford.edu) -- Bugfix: allow the creation of subprofiles again (icomfort@stanford.edu) -- Don't warn needlessly when repo rpm_list is empty (icomfort@stanford.edu) -- Bugfix: run createrepo on partial yum mirrors (icomfort@stanford.edu) -- Change default mode for new directories from 0777 to 0755 - (icomfort@stanford.edu) -- Fix replication when prune is specified and no systems are specified. This - prevents us from killing systems on a slave that keeps its own systems. To - get the old behavior, just specify a systems list that won't match anything. - (shenson@redhat.com) -- Always authorize the CLI (shenson@redhat.com) -- Merge branch 'wsgi' (dgoodwin@rm-rf.ca) -- Adding VMware ESX 4 update 1 support (jonathan.sabo@gmail.com) -- remove references to apt support from the man page (jeckersb@redhat.com) -- wsgi: Service cleanup. (dgoodwin@rm-rf.ca) -- wsgi: Revert to old error handling. (dgoodwin@rm-rf.ca) -- wsgi: Switch Cobbler packaging/config from mod_python to mod_wsgi. (dgoodwin - @rm-rf.ca) -- wsgi: Return 404 when hitting svc URLs for missing objects. (dgoodwin@rm- - rf.ca) -- Merge branch 'master' into wsgi (dgoodwin@rm-rf.ca) -- wsgi: First cut of port to mod_wsgi. (dgoodwin@rm-rf.ca) - -* Thu Jun 17 2010 Scott Henson - 2.1.0-1 -- Bump upstream release - -* Tue Apr 27 2010 Scott Henson - 2.0.4-1 -- Bug fix release, see Changelog for details - -* Thu Apr 15 2010 Devan Goodwin 2.0.3.2-1 -- Tagging for new build tools. - -* Mon Mar 1 2010 Scott Henson - 2.0.3.1-3 -- Bump release because I forgot cobbler-web - -* Mon Mar 1 2010 Scott Henson - 2.0.3.1-2 -- Remove requires on mkinitrd as it is not used - -* Mon Feb 15 2010 Scott Henson - 2.0.3.1-1 -- Upstream Brown Paper Bag Release (see CHANGELOG) - -* Thu Feb 11 2010 Scott Henson - 2.0.3-1 -- Upstream changes (see CHANGELOG) - -* Mon Nov 23 2009 John Eckersberg - 2.0.2-1 -- Upstream changes (see CHANGELOG) - -* Tue Sep 15 2009 Michael DeHaan - 2.0.0-1 -- First release with unified spec files diff --git a/sources b/sources index 08e9301..719ad6e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.1.1.tar.gz) = b4df95de2f57185375c00c6fbcd9d80a9b2e796477956f9b4988c63b20b369fe388372a37a33e0302d27f6a4f2fdfc086765fd8cf645d334d56e7fd7fc4c8780 +SHA512 (cobbler-3.1.2.tar.gz) = 951bf4df70dfb7dda0dc8b5e305e3070e0172302dbcd2c75078a1ff0e20a8f14c6bd617379b14ce9177a5d44f3e3710c800b003744512aaec72410bbf862e721 From fe6ff07988030e772cd7d2419c623ab48023d675 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 7 Jul 2020 21:22:20 -0600 Subject: [PATCH 039/110] Fix apache configuration --- cobbler-httpd.patch | 18 ++++++++++++++++++ cobbler.spec | 8 +++++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 cobbler-httpd.patch diff --git a/cobbler-httpd.patch b/cobbler-httpd.patch new file mode 100644 index 0000000..2464a8c --- /dev/null +++ b/cobbler-httpd.patch @@ -0,0 +1,18 @@ +diff -up cobbler-3.1.2/config/apache/cobbler_web.conf.httpd cobbler-3.1.2/config/apache/cobbler_web.conf +--- cobbler-3.1.2/config/apache/cobbler_web.conf.httpd 2020-05-27 02:26:44.000000000 -0600 ++++ cobbler-3.1.2/config/apache/cobbler_web.conf 2020-07-07 21:12:53.942577055 -0600 +@@ -16,8 +16,6 @@ WSGIDaemonProcess cobbler_web display-na + WSGIProcessGroup cobbler_web + WSGIPassAuthorization On + +- +- + + + SSLRequireSSL +@@ -42,5 +40,3 @@ WSGIPassAuthorization On + AllowOverride None + Require all granted + +- +- diff --git a/cobbler.spec b/cobbler.spec index 537f73b..03b65ec 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,12 +5,15 @@ Name: cobbler Version: 3.1.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz #Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz +# Revert upstream's VirtualHost addition +# https://github.com/cobbler/cobbler/issues/2286 +Patch0: cobbler-httpd.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -190,6 +193,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 +- Fix apache configuration + * Fri May 29 2020 Orion Poplawski - 3.1.2-1 - Update to 3.1.2 From f40bf31101ea69f0d6c96eea82473ece751c7651 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 27 Jul 2020 14:13:13 +0000 Subject: [PATCH 040/110] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 03b65ec..385961a 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.1.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -193,6 +193,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 - Fix apache configuration From a25d0bee4f9253e1c35f86a6452de9d7d0d9d5b5 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 17 Sep 2020 19:45:53 -0600 Subject: [PATCH 041/110] Add requires on python-distro and file --- cobbler.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 385961a..44f7769 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.1.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -36,9 +36,11 @@ BuildRequires: python%{python3_pkgversion}-sphinx Requires: httpd Requires: tftp-server Requires: createrepo_c +Requires: file Requires: rsync Requires: xorriso Requires: python%{python3_pkgversion}-cheetah +Requires: python%{python3_pkgversion}-distro Requires: python%{python3_pkgversion}-dns Requires: python%{python3_pkgversion}-future Requires: python%{python3_pkgversion}-mod_wsgi @@ -77,7 +79,7 @@ The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in -DHCP/DNS Management. Cobbler has a XMLRPC API for integration with +DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. @@ -193,6 +195,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 +- Add requires on python-distro and file + * Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From af4d6648c7c95ec8202d204214c8bf75e42c78fd Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 11 Jul 2020 15:59:12 -0600 Subject: [PATCH 042/110] Update to 3.2.0 --- cobbler.spec | 25 +++++++++++++++++++++---- sources | 2 +- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 44f7769..2e11bfe 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -1,11 +1,11 @@ %global tftpboot_dir %{_sharedstatedir}/tftpboot/ -%global commit0 c46abca11dca886411fc95802a2cbaa66fdb691b +%global commit0 172b8a0f79d110dcac1f50acfe412e0a01ff20ab %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.1.2 -Release: 4%{?dist} +Version: 3.2.0 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -97,13 +97,23 @@ Web interface for Cobbler that allows visiting http://server/cobbler_web to configure the install server. +%package tests +Summary: Unit tests for cobbler +Requires: cobbler = %{version}-%{release} + +%description tests +Unit test files from the Cobbler project + + %prep %autosetup -p1 %build +. ./distro_build_configs.sh %py3_build %install +. ./distro_build_configs.sh # bypass install errors ( don't chown in install step) %py3_install ||: @@ -116,7 +126,7 @@ mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd_rotate %{buildroot}%{_sysconfdir} # Create data directories in tftpboot_dir mkdir -p %{buildroot}%{tftpboot_dir}/{boot,etc,grub/system{,_link},images{,2},ppc,pxelinux.cfg,s390x} -# systemd +# systemd - move to proper location mkdir -p %{buildroot}%{_unitdir} mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd.service %{buildroot}%{_unitdir} @@ -193,8 +203,15 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %dir %attr(700,apache,root) %{_sharedstatedir}/cobbler/webui_sessions %attr(-,apache,apache) /var/www/cobbler_webui_content/ +%files tests +%dir %{_datadir}/cobbler/tests +%{_datadir}/cobbler/tests/* + %changelog +* Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 +- Update to 3.2.0 + * Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 - Add requires on python-distro and file diff --git a/sources b/sources index 719ad6e..f6217d2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.1.2.tar.gz) = 951bf4df70dfb7dda0dc8b5e305e3070e0172302dbcd2c75078a1ff0e20a8f14c6bd617379b14ce9177a5d44f3e3710c800b003744512aaec72410bbf862e721 +SHA512 (cobbler-3.2.0.tar.gz) = efbd3dba2b12aae46cc624aaa22ea8214f8d71df2d591be8c9b350c960df60daf7e5ee91b1316ddbb3334072f5f59355d3c0618d9bb465a2250f3bf829d5b9eb From b4e6cfc1e8d5f46b23f73834787d69c1cad49938 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 25 Oct 2020 11:19:51 -0600 Subject: [PATCH 043/110] Add patch to support RHEL --- cobbler-rhel.patch | 13 +++++++++++++ cobbler.spec | 3 +++ 2 files changed, 16 insertions(+) create mode 100644 cobbler-rhel.patch diff --git a/cobbler-rhel.patch b/cobbler-rhel.patch new file mode 100644 index 0000000..021f46c --- /dev/null +++ b/cobbler-rhel.patch @@ -0,0 +1,13 @@ +diff --git a/distro_build_configs.sh b/distro_build_configs.sh +index bad43e3c..52eb1136 100644 +--- a/distro_build_configs.sh ++++ b/distro_build_configs.sh +@@ -24,7 +24,7 @@ if [ "$DISTRO" = "" ] && [ -r /etc/os-release ];then + sle*|*suse*) + DISTRO="SUSE" + ;; +- fedora*|centos*) ++ fedora*|centos*|rhel*) + DISTRO="FEDORA" + ;; + ubuntu*|debian*) diff --git a/cobbler.spec b/cobbler.spec index 2e11bfe..e32da88 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -14,6 +14,9 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-% # Revert upstream's VirtualHost addition # https://github.com/cobbler/cobbler/issues/2286 Patch0: cobbler-httpd.patch +# Support RHEL +# https://github.com/cobbler/cobbler/pull/2438 +Patch1: cobbler-rhel.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel From 54c6b868614067642c4b9c8ca15e5ac05572f5be Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 25 Oct 2020 14:46:31 -0600 Subject: [PATCH 044/110] Give root RW permission to /var/lib/cobbler/web.ss Fix SELinux cobbler logging issue --- ...ermissions-to-var-lib-cobbler-web.ss.patch | 25 ++++++++++++++++ 2441.patch | 30 +++++++++++++++++++ cobbler.spec | 16 +++++++++- 3 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch create mode 100644 2441.patch diff --git a/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch b/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch new file mode 100644 index 0000000..bf55655 --- /dev/null +++ b/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch @@ -0,0 +1,25 @@ +From 782dd7a1deacfcaa4318519f1cae2c0b4748661b Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Sun, 25 Oct 2020 11:43:25 -0600 +Subject: [PATCH] Give root RW permissions to /var/lib/cobbler/web.ss + +--- + cobbler/cobblerd.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cobbler/cobblerd.py b/cobbler/cobblerd.py +index fe1cf889..34aedf97 100644 +--- a/cobbler/cobblerd.py ++++ b/cobbler/cobblerd.py +@@ -57,7 +57,7 @@ def regen_ss_file(): + data = fd.read(512) + fd.close() + +- fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o600) ++ fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o660) + os.write(fd, binascii.hexlify(data)) + os.close(fd) + +-- +2.29.0 + diff --git a/2441.patch b/2441.patch new file mode 100644 index 0000000..fb1f0f4 --- /dev/null +++ b/2441.patch @@ -0,0 +1,30 @@ +From 8c04ef7d81f33900fda1ad3c4efa710827e22064 Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Sun, 25 Oct 2020 13:49:25 -0600 +Subject: [PATCH] Do not try to access log file if we are not running as root + +--- + cobbler/clogger.py | 10 ++-------- + 1 file changed, 2 insertions(+), 8 deletions(-) + +diff --git a/cobbler/clogger.py b/cobbler/clogger.py +index 191455113..635865dc1 100644 +--- a/cobbler/clogger.py ++++ b/cobbler/clogger.py +@@ -30,14 +30,8 @@ + # Cobbler. + + # This is necessary to prevent apache to try to access the file +-LOG_FILE = "/var/log/cobbler/cobbler.log" +-try: +- if not os.path.isfile(LOG_FILE): +- open(LOG_FILE, 'a').close() +- if os.access(LOG_FILE, os.W_OK): +- logging.config.fileConfig('/etc/cobbler/logging_config.conf') +-except Exception: +- pass ++if os.geteuid() == 0: ++ logging.config.fileConfig('/etc/cobbler/logging_config.conf') + + + class Logger(object): diff --git a/cobbler.spec b/cobbler.spec index e32da88..9fc8b3a 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -17,6 +17,11 @@ Patch0: cobbler-httpd.patch # Support RHEL # https://github.com/cobbler/cobbler/pull/2438 Patch1: cobbler-rhel.patch +# Give root write permissions to /var/lib/cobbler/web.ss +# https://github.com/cobbler/cobbler/pull/2439 +Patch2: 0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch +# Fix SELinux logging issue +Patch3: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/2441.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -136,6 +141,9 @@ mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd.service %{buildroot}%{_unitdir} # cobbler-web rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf +# ghosted files +touch %{buildroot}%{_sharedstatedir}/cobbler/web.ss + %pre if [ $1 -ge 2 ]; then @@ -195,6 +203,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %{tftpboot_dir}/* /var/www/cobbler %config(noreplace) %{_sharedstatedir}/cobbler +%exclude %{_sharedstatedir}/cobbler/web.ss %exclude %{_sharedstatedir}/cobbler/webui_sessions /var/log/cobbler @@ -203,6 +212,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %doc AUTHORS.in README.md %config(noreplace) /etc/httpd/conf.d/cobbler_web.conf %attr(-,apache,apache) %{_datadir}/cobbler/web +%ghost %attr(0660,apache,root) %{_sharedstatedir}/cobbler/web.ss %dir %attr(700,apache,root) %{_sharedstatedir}/cobbler/webui_sessions %attr(-,apache,apache) /var/www/cobbler_webui_content/ @@ -212,6 +222,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 +- Give root RW permission to /var/lib/cobbler/web.ss +- Fix SELinux cobbler logging issue + * Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 - Update to 3.2.0 From 300d4bdffb800fc84b1f4dfa2a9d363454ff94c2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 02:13:12 +0000 Subject: [PATCH 045/110] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 9fc8b3a..0ca5e1c 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -222,6 +222,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 - Give root RW permission to /var/lib/cobbler/web.ss - Fix SELinux cobbler logging issue From 462fed2ca9afa844f18c080c7c9e9676d2305ae6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 2 Mar 2021 16:14:04 +0100 Subject: [PATCH 046/110] Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. --- cobbler.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 0ca5e1c..6bd4e8f 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -222,6 +222,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + * Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From ed73b55b2ada63760643bbca5fc66a5d5caabfa4 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 4 Jun 2021 20:01:43 +0200 Subject: [PATCH 047/110] Rebuilt for Python 3.10 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6bd4e8f..c1f3dd8 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -222,6 +222,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Fri Jun 04 2021 Python Maint - 3.2.0-5 +- Rebuilt for Python 3.10 + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. From ec0b8b57f3a7507883b8a4495b4d10e0a155d082 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 14:44:55 +0000 Subject: [PATCH 048/110] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 709edc8c43878d66892d2a224e5319615b06ce1f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 19:42:42 +0000 Subject: [PATCH 049/110] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index c1f3dd8..dd6fc56 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.0 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -222,6 +222,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Fri Jun 04 2021 Python Maint - 3.2.0-5 - Rebuilt for Python 3.10 From 2648f0332c726c7afa69b2d0b52e88a78c570078 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 22 Sep 2021 21:52:50 -0600 Subject: [PATCH 050/110] Update to 3.2.1 --- cobbler.spec | 23 +++++++++-------------- sources | 2 +- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index dd6fc56..3a3c5cd 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,8 +4,8 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.2.0 -Release: 6%{?dist} +Version: 3.2.1 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -14,14 +14,6 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-% # Revert upstream's VirtualHost addition # https://github.com/cobbler/cobbler/issues/2286 Patch0: cobbler-httpd.patch -# Support RHEL -# https://github.com/cobbler/cobbler/pull/2438 -Patch1: cobbler-rhel.patch -# Give root write permissions to /var/lib/cobbler/web.ss -# https://github.com/cobbler/cobbler/pull/2439 -Patch2: 0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch -# Fix SELinux logging issue -Patch3: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/2441.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -32,10 +24,10 @@ BuildRequires: %{py3_dist coverage} BuildRequires: python%{python3_pkgversion}-coverage %endif BuildRequires: python%{python3_pkgversion}-distro -BuildRequires: python%{python3_pkgversion}-future BuildRequires: python%{python3_pkgversion}-netaddr BuildRequires: python%{python3_pkgversion}-PyYAML BuildRequires: python%{python3_pkgversion}-requests +BuildRequires: python%{python3_pkgversion}-schema BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-simplejson # For docs @@ -44,17 +36,17 @@ BuildRequires: python%{python3_pkgversion}-sphinx Requires: httpd Requires: tftp-server Requires: createrepo_c -Requires: file Requires: rsync Requires: xorriso Requires: python%{python3_pkgversion}-cheetah Requires: python%{python3_pkgversion}-distro Requires: python%{python3_pkgversion}-dns -Requires: python%{python3_pkgversion}-future +Requires: python%{python3_pkgversion}-file-magic Requires: python%{python3_pkgversion}-mod_wsgi Requires: python%{python3_pkgversion}-netaddr Requires: python%{python3_pkgversion}-PyYAML Requires: python%{python3_pkgversion}-requests +Requires: python%{python3_pkgversion}-schema Requires: python%{python3_pkgversion}-simplejson Requires: python%{python3_pkgversion}-tornado @@ -69,6 +61,7 @@ Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate +Recommends: python%{python3_pkgversion}-librepo %else Requires: yum-utils %endif @@ -189,7 +182,6 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %{_bindir}/cobbler %{_bindir}/cobbler-ext-nodes %{_bindir}/cobblerd -%{_sbindir}/fence_ipmitool %{_sbindir}/tftpd.py %{_datadir}/bash-completion/ %dir %{_datadir}/cobbler @@ -222,6 +214,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 +- Update to 3.2.1 + * Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild diff --git a/sources b/sources index f6217d2..754f574 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.2.0.tar.gz) = efbd3dba2b12aae46cc624aaa22ea8214f8d71df2d591be8c9b350c960df60daf7e5ee91b1316ddbb3334072f5f59355d3c0618d9bb465a2250f3bf829d5b9eb +SHA512 (cobbler-3.2.1.tar.gz) = 6ee0ad1e8c0eb20980693684db926b1d44be492099e0344bea917ca7c9233afa60a764b7aaf74b31a6d169d16e8fb0651795b584f940b75fa56ce6956df2dc8f From eaa83c65912fdb3f0ddbcf31f1c3aa51dc14e035 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 22 Sep 2021 21:59:49 -0600 Subject: [PATCH 051/110] Update to 3.2.2 bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings --- cobbler.spec | 8 +++++++- sources | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 3a3c5cd..a69e56f 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,7 +4,7 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.2.1 +Version: 3.2.2 Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ @@ -214,6 +214,12 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 +- Update to 3.2.2 +- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection +- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function +- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings + * Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 - Update to 3.2.1 diff --git a/sources b/sources index 754f574..e8eac50 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.2.1.tar.gz) = 6ee0ad1e8c0eb20980693684db926b1d44be492099e0344bea917ca7c9233afa60a764b7aaf74b31a6d169d16e8fb0651795b584f940b75fa56ce6956df2dc8f +SHA512 (cobbler-3.2.2.tar.gz) = 65f3bf3bb43d1b1a6631ab299cd5a9a807c8e20ea07a61f89edc425b4833be5f2ddf0ac473010906bbcaaa5edfad577378185290bd2db01d9d64f276c2ad6be9 From aa1eab6b0f23be3c5270719a5e6cbc69931e9c87 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 23 Sep 2021 21:59:20 -0600 Subject: [PATCH 052/110] Migrate settings to settings.yaml Migrate pre-cobbler 3 data if needed Fix autoinstall_templates -> templates --- 2590.patch | 92 +++++++++++++++++++++++++++++++++++++++++++ cobbler-scripts.patch | 12 ++++++ cobbler.spec | 29 +++++++++++++- migrate-settings.sh | 3 ++ 4 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 2590.patch create mode 100644 cobbler-scripts.patch create mode 100644 migrate-settings.sh diff --git a/2590.patch b/2590.patch new file mode 100644 index 0000000..5e7221b --- /dev/null +++ b/2590.patch @@ -0,0 +1,92 @@ +From 4b5025e9e30db30d6e264fabeb860a7758d7d7ad Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Mon, 8 Mar 2021 22:04:52 -0700 +Subject: [PATCH] autoinstall_templates are installed into + /var/lib/cobbler/templates + +--- + cobbler/actions/sync.py | 2 +- + config/cobbler/settings.yaml | 4 ++-- + docs/cobbler-conf.rst | 4 ++-- + tests/test_data/settings_old | 4 ++-- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/cobbler/actions/sync.py b/cobbler/actions/sync.py +index 2667edb56..302c81de7 100644 +--- a/cobbler/actions/sync.py ++++ b/cobbler/actions/sync.py +@@ -179,7 +179,7 @@ def clean_trees(self): + if x not in self.settings.webdir_whitelist: + # delete directories that shouldn't exist + utils.rmtree(path, logger=self.logger) +- if x in ["autoinstall_templates", "autoinstall_templates_sys", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: ++ if x in ["templates", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: + # clean out directory contents + utils.rmtree_contents(path, logger=self.logger) + # +diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml +index b2e05a7bf..ac8edccbf 100644 +--- a/config/cobbler/settings.yaml ++++ b/config/cobbler/settings.yaml +@@ -77,7 +77,7 @@ cheetah_import_whitelist: + createrepo_flags: "-c cache -s sha" + + # if no autoinstall template is specified to profile add, use this template +-default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks ++default_autoinstall: /var/lib/cobbler/templates/default.ks + + # configure all installed systems to use these nameservers by default + # unless defined differently in the profile. For DHCP configurations +@@ -92,7 +92,7 @@ default_ownership: + - "admin" + + # Cobbler has various sample automatic installation templates stored +-# in /var/lib/cobbler/autoinstall_templates/. This controls ++# in /var/lib/cobbler/templates/. This controls + # what install (root) password is set up for those + # systems that reference this variable. The factory + # default is "cobbler" and Cobbler check will warn if +diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst +index 52621e278..ef65acc0b 100644 +--- a/docs/cobbler-conf.rst ++++ b/docs/cobbler-conf.rst +@@ -257,7 +257,7 @@ default_autoinstall + + If no autoinstall template is specified to profile add, use this template. + +-default: ``/var/lib/cobbler/autoinstall_templates/default.ks`` ++default: ``/var/lib/cobbler/templates/default.ks`` + + default_name_* + ============== +@@ -284,7 +284,7 @@ default: + default_password_crypted + ======================== + +-Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/autoinstall_templates/``. This ++Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/templates/``. This + controls what install (root) password is set up for those systems that reference this variable. The factory default is + "cobbler" and Cobbler check will warn if this is not changed. The simplest way to change the password is to run + ``openssl passwd -1`` and put the output between the ``""``. +diff --git a/tests/test_data/settings_old b/tests/test_data/settings_old +index acbe8cdc9..1b531d21d 100644 +--- a/tests/test_data/settings_old ++++ b/tests/test_data/settings_old +@@ -92,7 +92,7 @@ cheetah_import_whitelist: + createrepo_flags: "-c cache -s sha" + + # if no autoinstall template is specified to profile add, use this template +-default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks ++default_autoinstall: /var/lib/cobbler/templates/default.ks + + # configure all installed systems to use these nameservers by default + # unless defined differently in the profile. For DHCP configurations +@@ -107,7 +107,7 @@ default_ownership: + - "admin" + + # cobbler has various sample automatic installation templates stored +-# in /var/lib/cobbler/autoinstall_templates/. This controls ++# in /var/lib/cobbler/templates/. This controls + # what install (root) password is set up for those + # systems that reference this variable. The factory + # default is "cobbler" and cobbler check will warn if diff --git a/cobbler-scripts.patch b/cobbler-scripts.patch new file mode 100644 index 0000000..97f3058 --- /dev/null +++ b/cobbler-scripts.patch @@ -0,0 +1,12 @@ +diff -up cobbler-3.2.1/setup.py.orig cobbler-3.2.1/setup.py +--- cobbler-3.2.1/setup.py.orig 2021-03-04 12:07:10.000000000 -0700 ++++ cobbler-3.2.1/setup.py 2021-03-08 22:25:15.239563778 -0700 +@@ -566,7 +566,7 @@ if __name__ == "__main__": + ("share/cobbler/web", glob("web/*.*")), + ("%s" % webcontent, glob("web/static/*")), + ("%s" % webimages, glob("web/static/images/*")), +- ("share/cobbler/bin", glob("scripts/*.sh")), ++ ("share/cobbler/bin", glob("scripts/*")), + ("share/cobbler/web/templates", glob("web/templates/*")), + ("%s/webui_sessions" % libpath, []), + ("%s/loaders" % libpath, []), diff --git a/cobbler.spec b/cobbler.spec index a69e56f..32f6f29 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,15 +5,20 @@ Name: cobbler Version: 3.2.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz #Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz +Source1: migrate-settings.sh # Revert upstream's VirtualHost addition # https://github.com/cobbler/cobbler/issues/2286 Patch0: cobbler-httpd.patch +# Fix autoinstall_templates -> templates +Patch1: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/2590.patch +# Install migrate-data-v2-to-v3.py - https://github.com/cobbler/cobbler/pull/2591 +Patch2: cobbler-scripts.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -137,6 +142,9 @@ rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf # ghosted files touch %{buildroot}%{_sharedstatedir}/cobbler/web.ss +# migrate-settings.sh +install -p -m0755 %SOURCE1 %{buildroot}%{_datadir}/cobbler/bin/migrate-settings.sh + %pre if [ $1 -ge 2 ]; then @@ -158,6 +166,20 @@ fi %post %systemd_post cobblerd.service +%posttrans +# Migrate pre-3.2.1 settings to settings.yaml +if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then + echo warning: migrating old settings to settings.yaml + mv %{_sysconfdir}/cobbler/settings.yaml{,.rpmnew} + mv %{_sysconfdir}/cobbler/settings.{rpmsave,yaml} + %{_datadir}/cobbler/bin/migrate-settings.sh +fi +# Migrate pre-3 configuration data if needed +if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then + echo warning: migrating pre cobbler 3 configuration data + %{_datadir}/cobbler/bin/migrate-data-v2-to-v3.py +fi + %preun %systemd_preun cobblerd.service @@ -214,6 +236,11 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 +- Migrate settings to settings.yaml +- Migrate pre-cobbler 3 data if needed +- Fix autoinstall_templates -> templates + * Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 - Update to 3.2.2 - bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection diff --git a/migrate-settings.sh b/migrate-settings.sh new file mode 100644 index 0000000..6471f30 --- /dev/null +++ b/migrate-settings.sh @@ -0,0 +1,3 @@ +#!/bin/bash +sed -i -e 's,^default_kickstart: */var/lib/cobbler/kickstarts,default_autoinstall: /var/lib/cobbler/templates,' \ + -e '/^\(consoles\|func_\|kernel_options_s390x\|power_template_dir\|pxe_template_dir\|redhat_management_type\|snippetsdir\|template_remote_kickstarts\):/s/^/# REMOVED: /' /etc/cobbler/settings.yaml From 478eae1835b3ccd2fc2541f52992a3f1997779bb Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 7 Oct 2021 22:27:46 -0600 Subject: [PATCH 053/110] Fix dependencies (bz#2010567) --- cobbler.spec | 47 ++++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 17 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 32f6f29..4dcb8b5 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -22,12 +22,21 @@ Patch2: cobbler-scripts.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel -BuildRequires: python%{python3_pkgversion}-cheetah %if 0%{?fedora} || 0%{?rhel} >= 8 +BuildRequires: %{py3_dist cheetah3} BuildRequires: %{py3_dist coverage} +BuildRequires: %{py3_dist distro} +BuildRequires: %{py3_dist netaddr} +BuildRequires: %{py3_dist pyyaml} +BuildRequires: %{py3_dist requests} +BuildRequires: %{py3_dist schema} +BuildRequires: %{py3_dist setuptools} +BuildRequires: %{py3_dist simplejson} +# For docs +BuildRequires: %{py3_dist sphinx} %else +BuildRequires: python%{python3_pkgversion}-cheetah BuildRequires: python%{python3_pkgversion}-coverage -%endif BuildRequires: python%{python3_pkgversion}-distro BuildRequires: python%{python3_pkgversion}-netaddr BuildRequires: python%{python3_pkgversion}-PyYAML @@ -37,23 +46,24 @@ BuildRequires: python%{python3_pkgversion}-setuptools BuildRequires: python%{python3_pkgversion}-simplejson # For docs BuildRequires: python%{python3_pkgversion}-sphinx +%endif Requires: httpd Requires: tftp-server Requires: createrepo_c Requires: rsync Requires: xorriso -Requires: python%{python3_pkgversion}-cheetah -Requires: python%{python3_pkgversion}-distro -Requires: python%{python3_pkgversion}-dns -Requires: python%{python3_pkgversion}-file-magic -Requires: python%{python3_pkgversion}-mod_wsgi -Requires: python%{python3_pkgversion}-netaddr -Requires: python%{python3_pkgversion}-PyYAML -Requires: python%{python3_pkgversion}-requests -Requires: python%{python3_pkgversion}-schema -Requires: python%{python3_pkgversion}-simplejson -Requires: python%{python3_pkgversion}-tornado +Requires: %{py3_dist cheetah3} +Requires: %{py3_dist distro} +Requires: %{py3_dist dnspython} +Requires: %{py3_dist file-magic} +Requires: %{py3_dist mod_wsgi} +Requires: %{py3_dist netaddr} +Requires: %{py3_dist pyyaml} +Requires: %{py3_dist requests} +Requires: %{py3_dist schema} +Requires: %{py3_dist simplejson} +Requires: %{py3_dist tornado} Requires: genisoimage %if 0%{?fedora} || 0%{?rhel} >= 8 @@ -66,7 +76,7 @@ Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate -Recommends: python%{python3_pkgversion}-librepo +Recommends: %{py3_dist librepo} %else Requires: yum-utils %endif @@ -92,8 +102,8 @@ other applications. %package -n cobbler-web Summary: Web interface for Cobbler Requires: cobbler = %{version}-%{release} -Requires: python%{python3_pkgversion}-django -Requires: python%{python3_pkgversion}-mod_wsgi +Requires: %{py3_dist django} +Requires: %{py3_dist mod_wsgi} Requires: mod_ssl Requires(post): coreutils Requires(post): sed @@ -236,6 +246,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Fri Oct 07 2021 Orion Poplawski - 3.2.2-3 +- Fix dependencies (bz#2010567) + * Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 - Migrate settings to settings.yaml - Migrate pre-cobbler 3 data if needed From 6cbc1cbb46474a5f985b8581ca2497304372514e Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 22 Nov 2021 19:50:41 -0700 Subject: [PATCH 054/110] Add new keys to settings.yaml on migration or if missing Save original settings to settings.rpmorig --- cobbler.spec | 12 ++++++++++-- migrate-settings.sh | 3 ++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 4dcb8b5..61414b1 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -181,9 +181,13 @@ fi if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then echo warning: migrating old settings to settings.yaml mv %{_sysconfdir}/cobbler/settings.yaml{,.rpmnew} + cp -a %{_sysconfdir}/cobbler/settings.{rpmsave,rpmorig} mv %{_sysconfdir}/cobbler/settings.{rpmsave,yaml} %{_datadir}/cobbler/bin/migrate-settings.sh fi +# Add some missing options if needed +sed -i -e '/^cache_enabled:/q' -e '$a#ADDED:' -e '$acache_enabled: true' settings.yaml +sed -i -e '/^reposync_rsync_flags:/q' -e '$a#ADDED:' -e '$areposync_rsync_flags: "-rltDv --copy-unsafe-links"' settings.yaml # Migrate pre-3 configuration data if needed if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then echo warning: migrating pre cobbler 3 configuration data @@ -246,7 +250,11 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog -* Fri Oct 07 2021 Orion Poplawski - 3.2.2-3 +* Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 +- Add new keys to settings.yaml on migration or if missing +- Save original settings to settings.rpmorig + +* Fri Oct 08 2021 Orion Poplawski - 3.2.2-3 - Fix dependencies (bz#2010567) * Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 diff --git a/migrate-settings.sh b/migrate-settings.sh index 6471f30..6ef3c1a 100644 --- a/migrate-settings.sh +++ b/migrate-settings.sh @@ -1,3 +1,4 @@ #!/bin/bash sed -i -e 's,^default_kickstart: */var/lib/cobbler/kickstarts,default_autoinstall: /var/lib/cobbler/templates,' \ - -e '/^\(consoles\|func_\|kernel_options_s390x\|power_template_dir\|pxe_template_dir\|redhat_management_type\|snippetsdir\|template_remote_kickstarts\):/s/^/# REMOVED: /' /etc/cobbler/settings.yaml + -e '/^\(consoles\|func_\|kernel_options_s390x\|power_template_dir\|pxe_template_dir\|redhat_management_type\|snippetsdir\|template_remote_kickstarts\):/s/^/# REMOVED: /' \ + -e '$a#ADDED:' -e '$acache_enabled: true' -e '$areposync_rsync_flags: "-rltDv --copy-unsafe-links"' /etc/cobbler/settings.yaml From 8e9ce1e0db7ca8bcd962adc79c2618d7b5cc42a5 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 8 Dec 2021 19:57:06 -0700 Subject: [PATCH 055/110] Remove defunct get-loaders command --- cobbler-remove-get-loaders.patch | 316 +++++++++++++++++++++++++++++++ cobbler.spec | 7 +- 2 files changed, 322 insertions(+), 1 deletion(-) create mode 100644 cobbler-remove-get-loaders.patch diff --git a/cobbler-remove-get-loaders.patch b/cobbler-remove-get-loaders.patch new file mode 100644 index 0000000..d2f1981 --- /dev/null +++ b/cobbler-remove-get-loaders.patch @@ -0,0 +1,316 @@ +commit a798eabd9b9e3e7d4cb8a828a5aa2273c69cec48 +Author: Dominik Gedon +Date: Fri Mar 5 16:25:05 2021 +0100 + + Remove get-loader code + +diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py +index e034071e..4fadab53 100644 +--- a/cobbler/actions/check.py ++++ b/cobbler/actions/check.py +@@ -386,12 +386,11 @@ class CobblerCheck: + not_found.append(loader_name) + + if len(not_found) > 0: +- status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler " +- "get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, " +- "you may ensure that you have installed a *recent* version of the syslinux package " +- "installed and can ignore this message entirely. Files in this directory, should you want " +- "to support all architectures, should include pxelinux.0, menu.c32, and yaboot. The " +- "'cobbler get-loaders' command is the easiest way to resolve these requirements.") ++ status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders. If you only want to " ++ "handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version " ++ "of the syslinux package installed and can ignore this message entirely. Files in this " ++ "directory, should you want to support all architectures, should include pxelinux.0, " ++ "menu.c32, and yaboot.") + + def check_tftpd_dir(self, status): + """ +diff --git a/cobbler/actions/dlcontent.py b/cobbler/actions/dlcontent.py +deleted file mode 100644 +index 84d73b8d..00000000 +--- a/cobbler/actions/dlcontent.py ++++ /dev/null +@@ -1,77 +0,0 @@ +-""" +-Downloads bootloader content for all arches for when the user doesn't want to supply their own. +- +-Copyright 2009, Red Hat, Inc and Others +-Michael DeHaan +- +-This program is free software; you can redistribute it and/or modify +-it under the terms of the GNU General Public License as published by +-the Free Software Foundation; either version 2 of the License, or +-(at your option) any later version. +- +-This program is distributed in the hope that it will be useful, +-but WITHOUT ANY WARRANTY; without even the implied warranty of +-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-GNU General Public License for more details. +- +-You should have received a copy of the GNU General Public License +-along with this program; if not, write to the Free Software +-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +-02110-1301 USA +-""" +- +-import os +- +-from cobbler import clogger +-from cobbler import download_manager +- +- +-class ContentDownloader: +- +- def __init__(self, collection_mgr, logger=None): +- """ +- Constructor +- +- :param collection_mgr: The main collection manager instance which is used by the current running server. +- :param logger: The logger object which logs to the desired target. +- """ +- self.collection_mgr = collection_mgr +- self.settings = collection_mgr.settings() +- if logger is None: +- logger = clogger.Logger() +- self.logger = logger +- +- def run(self, force: bool = False): +- """ +- Download bootloader content for all of the latest bootloaders, since the user has chosen to not supply their +- own. You may ask "why not get this from yum", we also want this to be able to work on Debian and further do not +- want folks to have to install a cross compiler. For those that don't like this approach they can still source +- their cross-arch bootloader content manually. +- +- :param force: If the target path should be overwritten, even if there are already files present. +- """ +- +- content_server = "https://cobbler.github.io/loaders" +- dest = "/var/lib/cobbler/loaders" +- +- files = ( +- ("%s/README" % content_server, "%s/README" % dest), +- ("%s/COPYING.yaboot" % content_server, "%s/COPYING.yaboot" % dest), +- ("%s/COPYING.syslinux" % content_server, "%s/COPYING.syslinux" % dest), +- ("%s/yaboot-1.3.17" % content_server, "%s/yaboot" % dest), +- ("%s/pxelinux.0-3.86" % content_server, "%s/pxelinux.0" % dest), +- ("%s/menu.c32-3.86" % content_server, "%s/menu.c32" % dest), +- ("%s/grub-0.97-x86.efi" % content_server, "%s/grub-x86.efi" % dest), +- ("%s/grub-0.97-x86_64.efi" % content_server, "%s/grub-x86_64.efi" % dest), +- ) +- +- dlmgr = download_manager.DownloadManager(self.collection_mgr, self.logger) +- for src, dst in files: +- if os.path.exists(dst) and not force: +- self.logger.info("path %s already exists, not overwriting existing content, use --force if you wish " +- "to update" % dst) +- continue +- self.logger.info("downloading %s to %s" % (src, dst)) +- dlmgr.download_file(src, dst) +- +-# EOF +diff --git a/cobbler/api.py b/cobbler/api.py +index bdf18391..9c52015e 100644 +--- a/cobbler/api.py ++++ b/cobbler/api.py +@@ -25,7 +25,7 @@ import random + import tempfile + from typing import Optional + +-from cobbler.actions import status, dlcontent, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync ++from cobbler.actions import status, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync + from cobbler import autoinstall_manager + from cobbler import clogger + from cobbler.cobbler_collections import manager +@@ -1276,21 +1276,6 @@ class CobblerAPI: + + # ========================================================================== + +- def dlcontent(self, force=False, logger=None): +- """ +- Downloads bootloader content that may not be avialable in packages for the given arch, ex: if installing on PPC, +- get syslinux. If installing on x86_64, get elilo, etc. +- +- :param force: Force the download, although the content may be already downloaded. +- :param logger: The logger to audit the removal with. +- """ +- # FIXME: teach code that copies it to grab from the right place +- self.log("dlcontent") +- grabber = dlcontent.ContentDownloader(self._collection_mgr, logger=logger) +- return grabber.run(force) +- +- # ========================================================================== +- + def validate_autoinstall_files(self, logger=None): + """ + Validate if any of the autoinstallation files are invalid and if yes report this. +diff --git a/cobbler/cli.py b/cobbler/cli.py +index 5441ce0a..9a6c4fff 100644 +--- a/cobbler/cli.py ++++ b/cobbler/cli.py +@@ -55,7 +55,7 @@ OBJECT_ACTIONS = [] + for actions in list(OBJECT_ACTIONS_MAP.values()): + OBJECT_ACTIONS += actions + DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validate-autoinstalls version " \ +- "signature get-loaders hardlink".split() ++ "signature hardlink".split() + + #################################################### + +@@ -687,10 +687,6 @@ class CobblerCLI: + elif action_name == "validate-autoinstalls": + (options, args) = self.parser.parse_args(self.args) + task_id = self.start_task("validate_autoinstall_files", options) +- elif action_name == "get-loaders": +- self.parser.add_option("--force", dest="force", action="store_true", help="overwrite any existing content in /var/lib/cobbler/loaders") +- (options, args) = self.parser.parse_args(self.args) +- task_id = self.start_task("dlcontent", options) + elif action_name == "import": + self.parser.add_option("--arch", dest="arch", help="OS architecture being imported") + self.parser.add_option("--breed", dest="breed", help="the breed being imported") +diff --git a/cobbler/remote.py b/cobbler/remote.py +index 759879a8..ac788752 100644 +--- a/cobbler/remote.py ++++ b/cobbler/remote.py +@@ -200,18 +200,6 @@ class CobblerXMLRPCInterface: + ) + return self.__start_task(runner, token, "aclsetup", "(CLI) ACL Configuration", options) + +- def background_dlcontent(self, options, token) -> str: +- """ +- Download bootloaders and other support files. +- +- :param options: Unknown what this parameter is doing at the moment. +- :param token: The API-token obtained via the login() method. The API-token obtained via the login() method. +- :return: The id of the task which was started. +- """ +- def runner(self): +- self.remote.api.dlcontent(self.options.get("force", False), self.logger) +- return self.__start_task(runner, token, "get_loaders", "Download Bootloader Content", options) +- + def background_sync(self, options, token) -> str: + """ + Run a full Cobbler sync in the background. +diff --git a/config/bash/completion/cobbler b/config/bash/completion/cobbler +index f2d5bd59..169dbaec 100755 +--- a/config/bash/completion/cobbler ++++ b/config/bash/completion/cobbler +@@ -9,7 +9,7 @@ _cobbler_completions() + prev="${COMP_WORDS[COMP_CWORD-1]}" + cobbler_type=${COMP_WORDS[1]} + COMPREPLY=() +- TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature get-loaders hardlink" ++ TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature hardlink" + ACTION="add edit copy list remove rename report" + opts=( + [distro]="--ctime --depth --mtime --source-repos --tree-build-time --uid --arch --autoinstall-meta --boot-files --boot-loader --breed --comment --fetchable-files --initrd --kernel --kernel-options --kernel-options-post --mgmt-classes --name --os-version --owners --redhat-management-key --template-files --in-place --help" +diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml +index 82b8c11f..b2e05a7b 100644 +--- a/config/cobbler/settings.yaml ++++ b/config/cobbler/settings.yaml +@@ -426,7 +426,7 @@ replicate_repo_rsync_options: "-avzH" + # always write DHCP entries, regardless if netboot is enabled + always_write_dhcp_entries: false + +-# External proxy - used by: "get-loaders", "reposync", "signature update" ++# External proxy - used by: reposync", "signature update" + # Eg: "http://192.168.1.1:8080" (HTTP), "https://192.168.1.1:8443" (HTTPS) + proxy_url_ext: "" + +diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst +index 673beffd..808d7738 100644 +--- a/docs/cobbler-conf.rst ++++ b/docs/cobbler-conf.rst +@@ -577,7 +577,7 @@ default: ``ipmilanplus`` + proxy_url_ext + ============= + +-External proxy which is used by the following commands: ``get-loaders``, ``reposync``, ``signature update`` ++External proxy which is used by the following commands: ``reposync``, ``signature update`` + + defaults: + +diff --git a/docs/cobbler.rst b/docs/cobbler.rst +index 1fffc41e..6332a662 100644 +--- a/docs/cobbler.rst ++++ b/docs/cobbler.rst +@@ -74,7 +74,7 @@ Long Usage: + .. code-block:: shell + + cobbler ... [add|edit|copy|get-autoinstall*|list|remove|rename|report] [options|--help] +- cobbler [options|--help] ++ cobbler [options|--help] + + Cobbler distro + ============== +@@ -1071,15 +1071,6 @@ Example: + + $ cobbler signature + +-Cobbler get-loaders +-=================== +- +-Example: +- +-.. code-block:: shell +- +- $ cobbler get-loaders +- + Cobbler hardlink + ================ + +diff --git a/docs/code-autodoc/cobbler.actions.rst b/docs/code-autodoc/cobbler.actions.rst +index 44f7e1a4..a5845996 100644 +--- a/docs/code-autodoc/cobbler.actions.rst ++++ b/docs/code-autodoc/cobbler.actions.rst +@@ -28,14 +28,6 @@ cobbler.actions.check module + :undoc-members: + :show-inheritance: + +-cobbler.actions.dlcontent module +--------------------------------- +- +-.. automodule:: cobbler.actions.dlcontent +- :members: +- :undoc-members: +- :show-inheritance: +- + cobbler.actions.hardlink module + ------------------------------- + +diff --git a/tests/cli/cobbler_cli_direct_test.py b/tests/cli/cobbler_cli_direct_test.py +index 7cd6729c..01d42d6d 100644 +--- a/tests/cli/cobbler_cli_direct_test.py ++++ b/tests/cli/cobbler_cli_direct_test.py +@@ -148,11 +148,6 @@ class TestCobblerCliTestDirect: + i = assert_report_section(lines, i, "packages") + i = assert_report_section(lines, i, "files") + +- def test_cobbler_getloaders(self, run_cmd, get_last_line): +- (outputstd, outputerr) = run_cmd(cmd=["get-loaders"]) +- lines = outputstd.split("\n") +- assert "*** TASK COMPLETE ***" == get_last_line(lines) +- + def test_cobbler_hardlink(self, run_cmd, get_last_line): + (outputstd, outputerr) = run_cmd(cmd=["hardlink"]) + lines = outputstd.split("\n") +diff --git a/tests/xmlrpcapi/background_test.py b/tests/xmlrpcapi/background_test.py +index 36c03b01..64e219ca 100644 +--- a/tests/xmlrpcapi/background_test.py ++++ b/tests/xmlrpcapi/background_test.py +@@ -25,15 +25,6 @@ class TestBackground: + # Assert + assert result + +- def test_background_dlccontent(self, remote, token): +- # Arrange +- +- # Act +- result = remote.background_dlcontent({}, token) +- +- # Assert +- assert result +- + def test_background_hardlink(self, remote, token): + # Arrange + diff --git a/cobbler.spec b/cobbler.spec index 61414b1..6b31076 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -19,6 +19,8 @@ Patch0: cobbler-httpd.patch Patch1: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/2590.patch # Install migrate-data-v2-to-v3.py - https://github.com/cobbler/cobbler/pull/2591 Patch2: cobbler-scripts.patch +# Remove get-loaders command +Patch3: cobbler-remove-get-loaders.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -250,6 +252,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 +- Remove defunct get-loaders command + * Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 - Add new keys to settings.yaml on migration or if missing - Save original settings to settings.rpmorig From 6c42a12b294bab451240cba579b2ec0a1f4fe6ce Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 8 Dec 2021 20:21:57 -0700 Subject: [PATCH 056/110] Remove defunct get-loaders command --- cobbler-remove-get-loaders.patch | 111 +++++++++++++++++++++++++++++++ cobbler.spec | 7 +- 2 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 cobbler-remove-get-loaders.patch diff --git a/cobbler-remove-get-loaders.patch b/cobbler-remove-get-loaders.patch new file mode 100644 index 0000000..a5b46bd --- /dev/null +++ b/cobbler-remove-get-loaders.patch @@ -0,0 +1,111 @@ +commit fdf493ae4095c3266997e8b9c9cbcb31767b06d6 +Author: Orion Poplawski +Date: Wed Dec 8 20:19:51 2021 -0700 + + Remove get-loaders + +diff --git a/cobbler/action_check.py b/cobbler/action_check.py +index c1980a39..825e666d 100644 +--- a/cobbler/action_check.py ++++ b/cobbler/action_check.py +@@ -335,7 +335,7 @@ class BootCheck: + not_found.append(loader_name) + + if len(not_found) > 0: +- status.append("Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.") ++ status.append("Some network boot-loaders are missing from /var/lib/cobbler/loaders. If you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely. Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.") + + def check_tftpd_bin(self,status): + """ +diff --git a/cobbler/api.py b/cobbler/api.py +index 77ffc689..30f4b878 100644 +--- a/cobbler/api.py ++++ b/cobbler/api.py +@@ -36,7 +36,6 @@ import action_report + import action_power + import action_log + import action_hardlink +-import action_dlcontent + from cexceptions import CX + import kickgen + import yumgen +@@ -723,19 +722,6 @@ class BootAPI: + + # ========================================================================== + +- def dlcontent(self,force=False,logger=None): +- """ +- Downloads bootloader content that may not be avialable in packages +- for the given arch, ex: if installing on PPC, get syslinux. If installing +- on x86_64, get elilo, etc. +- """ +- # FIXME: teach code that copies it to grab from the right place +- self.log("dlcontent") +- grabber = action_dlcontent.ContentDownloader(self._config, logger=logger) +- return grabber.run(force) +- +- # ========================================================================== +- + def validateks(self, logger=None): + """ + Use ksvalidator (from pykickstart, if available) to determine +diff --git a/cobbler/cli.py b/cobbler/cli.py +index a1aa815e..71af6853 100755 +--- a/cobbler/cli.py ++++ b/cobbler/cli.py +@@ -56,7 +56,7 @@ OBJECT_TYPES = OBJECT_ACTIONS_MAP.keys() + OBJECT_ACTIONS = [] + for actions in OBJECT_ACTIONS_MAP.values(): + OBJECT_ACTIONS += actions +-DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validateks version signature get-loaders hardlink".split() ++DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validateks version signature hardlink".split() + + #################################################### + +@@ -501,10 +501,6 @@ class BootCLI: + elif action_name == "validateks": + (options, args) = self.parser.parse_args() + task_id = self.start_task("validateks",options) +- elif action_name == "get-loaders": +- self.parser.add_option("--force", dest="force", action="store_true", help="overwrite any existing content in /var/lib/cobbler/loaders") +- (options, args) = self.parser.parse_args() +- task_id = self.start_task("dlcontent",options) + elif action_name == "import": + self.parser.add_option("--arch", dest="arch", help="OS architecture being imported") + self.parser.add_option("--breed", dest="breed", help="the breed being imported") +diff --git a/cobbler/remote.py b/cobbler/remote.py +index f7b93abc..d2b5d0b5 100644 +--- a/cobbler/remote.py ++++ b/cobbler/remote.py +@@ -168,14 +168,6 @@ class CobblerXMLRPCInterface: + ) + return self.__start_task(runner, token, "aclsetup", "(CLI) ACL Configuration", options) + +- def background_dlcontent(self, options, token): +- """ +- Download bootloaders and other support files. +- """ +- def runner(self): +- return self.remote.api.dlcontent(self.options.get("force",False), self.logger) +- return self.__start_task(runner, token, "get_loaders", "Download Bootloader Content", options) +- + def background_sync(self, options, token): + def runner(self): + return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger) +diff --git a/docs/appendix.rst b/docs/appendix.rst +index b1945c72..7dc73411 100644 +--- a/docs/appendix.rst ++++ b/docs/appendix.rst +@@ -611,12 +611,6 @@ Steps + DBAN 2.2.6 + ********** + +-Retrieve the extra loader parts that DBAN 2.2.6 needs: +- +-.. code-block:: bash +- +- cobbler get-loaders +- + Download DBAN: + + .. code-block:: bash diff --git a/cobbler.spec b/cobbler.spec index f469381..a012093 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,11 +7,13 @@ Name: cobbler Version: 2.8.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz +# Remove get-loaders +Patch0: cobbler-remove-get-loaders.patch BuildRequires: git BuildRequires: /usr/bin/pathfix.py @@ -269,6 +271,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Thu Dec 09 2021 Orion Poplawski - 2.8.5-2 +- Remove defunct get-loaders command + * Sun Dec 29 2019 Orion Poplawski - 2.8.5-1 - Udate to 2.8.5 final release From f610a3843e05e9fb45c7eb08ee09181f6d5b56c0 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 23 Dec 2021 13:17:34 -0700 Subject: [PATCH 057/110] Fix path to settings.yaml in scriptlet --- cobbler.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 6b31076..909dfeb 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -188,8 +188,8 @@ if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then %{_datadir}/cobbler/bin/migrate-settings.sh fi # Add some missing options if needed -sed -i -e '/^cache_enabled:/q' -e '$a#ADDED:' -e '$acache_enabled: true' settings.yaml -sed -i -e '/^reposync_rsync_flags:/q' -e '$a#ADDED:' -e '$areposync_rsync_flags: "-rltDv --copy-unsafe-links"' settings.yaml +sed -i -e '/^cache_enabled:/q' -e '$a#ADDED:' -e '$acache_enabled: true' %{_sysconfdir}/cobbler/settings.yaml +sed -i -e '/^reposync_rsync_flags:/q' -e '$a#ADDED:' -e '$areposync_rsync_flags: "-rltDv --copy-unsafe-links"' %{_sysconfdir}/cobbler/settings.yaml # Migrate pre-3 configuration data if needed if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then echo warning: migrating pre cobbler 3 configuration data @@ -252,6 +252,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 +- Fix path to settings.yaml in scriptlet + * Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 - Remove defunct get-loaders command From b10b6d5001b503d6af23703969c0847ba9463305 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jan 2022 23:28:52 +0000 Subject: [PATCH 058/110] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 909dfeb..a447134 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -252,6 +252,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 - Fix path to settings.yaml in scriptlet From cf0d310ec17e11e893a08731081ca3d70f9b4d43 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 23 Jan 2022 19:07:14 -0700 Subject: [PATCH 059/110] Fix posttrans script --- cobbler.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index a447134..76b0dcc 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -188,8 +188,8 @@ if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then %{_datadir}/cobbler/bin/migrate-settings.sh fi # Add some missing options if needed -sed -i -e '/^cache_enabled:/q' -e '$a#ADDED:' -e '$acache_enabled: true' %{_sysconfdir}/cobbler/settings.yaml -sed -i -e '/^reposync_rsync_flags:/q' -e '$a#ADDED:' -e '$areposync_rsync_flags: "-rltDv --copy-unsafe-links"' %{_sysconfdir}/cobbler/settings.yaml +grep -q '^cache_enabled:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\ncache_enabled: true' >> %{_sysconfdir}/cobbler/settings.yaml +grep -q '^reposync_rsync_flags:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\nreposync_rsync_flags: "-rltDv --copy-unsafe-links"' >> %{_sysconfdir}/cobbler/settings.yaml # Migrate pre-3 configuration data if needed if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then echo warning: migrating pre cobbler 3 configuration data @@ -252,6 +252,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 +- Fix posttrans script + * Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 65bb1a43d68e39c8690514a296ca67a908cde03c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 28 Feb 2022 21:03:09 -0700 Subject: [PATCH 060/110] Apply fixes for CVE-2021-45082/3 Remove BR on python3-coverage --- cobbler-CVE-2021-45082.patch | 75 ++++++++++++++++++++++++++++++++++++ cobbler-nocov.patch | 11 ++++++ cobbler.spec | 41 ++++++++++++++++++-- 3 files changed, 123 insertions(+), 4 deletions(-) create mode 100644 cobbler-CVE-2021-45082.patch create mode 100644 cobbler-nocov.patch diff --git a/cobbler-CVE-2021-45082.patch b/cobbler-CVE-2021-45082.patch new file mode 100644 index 0000000..022f15a --- /dev/null +++ b/cobbler-CVE-2021-45082.patch @@ -0,0 +1,75 @@ +diff --git a/cobbler.spec b/cobbler.spec +index bbbbae37..1f81456a 100644 +--- a/cobbler.spec ++++ b/cobbler.spec +@@ -382,6 +382,20 @@ fi + %{_datadir}/%{name}/bin/mkgrub.sh >/dev/null 2>&1 + %endif + %systemd_post cobblerd.service ++# Fixup permission for world readable settings files ++chmod 640 %{_sysconfdir}/cobbler/settings.yaml ++chmod 600 %{_sysconfdir}/cobbler/mongodb.conf ++chmod 600 %{_sysconfdir}/cobbler/modules.conf ++chmod 640 %{_sysconfdir}/cobbler/users.conf ++chmod 640 %{_sysconfdir}/cobbler/users.digest ++chmod 750 %{_sysconfdir}/cobbler/settings.d ++chmod 640 %{_sysconfdir}/cobbler/settings.d/* ++chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.yaml ++chgrp %{apache_group} %{_sysconfdir}/cobbler/users.conf ++chgrp %{apache_group} %{_sysconfdir}/cobbler/users.digest ++chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d ++chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d/* ++ + + %preun + %systemd_preun cobblerd.service +@@ -461,8 +475,8 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler + %dir %{_sysconfdir}/cobbler/iso + %config(noreplace) %{_sysconfdir}/cobbler/iso/buildiso.template + %config(noreplace) %{_sysconfdir}/cobbler/logging_config.conf +-%config(noreplace) %{_sysconfdir}/cobbler/modules.conf +-%config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf ++%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/modules.conf ++%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf + %config(noreplace) %{_sysconfdir}/cobbler/named.template + %config(noreplace) %{_sysconfdir}/cobbler/ndjbdns.template + %dir %{_sysconfdir}/cobbler/reporting +@@ -470,13 +484,13 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler + %config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude + %config(noreplace) %{_sysconfdir}/cobbler/rsync.template + %config(noreplace) %{_sysconfdir}/cobbler/secondary.template +-%config(noreplace) %{_sysconfdir}/cobbler/settings.yaml +-%dir %{_sysconfdir}/cobbler/settings.d +-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings +-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings +-%config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings +-%config(noreplace) %{_sysconfdir}/cobbler/users.conf +-%config(noreplace) %{_sysconfdir}/cobbler/users.digest ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.yaml ++%attr(750, root, %{apache_group}) %dir %{_sysconfdir}/cobbler/settings.d ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.conf ++%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.digest + %config(noreplace) %{_sysconfdir}/cobbler/version + %config(noreplace) %{_sysconfdir}/cobbler/zone.template + %dir %{_sysconfdir}/cobbler/zone_templates +diff --git a/cobbler/templar.py b/cobbler/templar.py +index 7321e2d5..58ef16de 100644 +--- a/cobbler/templar.py ++++ b/cobbler/templar.py +@@ -77,10 +77,10 @@ class Templar: + """ + lines = data.split("\n") + for line in lines: +- if line.find("#import") != -1: +- rest = line.replace("#import", "").replace(" ", "").strip() ++ if "#import" in line or "#from" in line: ++ rest = line.replace("#import", "").replace("#from", "").replace("import", ".").replace(" ", "").strip() + if self.settings and rest not in self.settings.cheetah_import_whitelist: +- raise CX("potentially insecure import in template: %s" % rest) ++ raise CX(f"Potentially insecure import in template: {rest}") + + def render(self, data_input: Union[TextIO, str], search_table: dict, out_path: Optional[str], + template_type="default") -> str: diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch new file mode 100644 index 0000000..e701455 --- /dev/null +++ b/cobbler-nocov.patch @@ -0,0 +1,11 @@ +diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py +--- cobbler-3.2.2/setup.py.nocov 2022-02-28 20:05:35.388747435 -0700 ++++ cobbler-3.2.2/setup.py 2022-02-28 20:06:31.743251279 -0700 +@@ -18,7 +18,6 @@ from setuptools import find_packages + from sphinx.setup_command import BuildDoc + + import codecs +-from coverage import Coverage + import pwd + import shutil + import subprocess diff --git a/cobbler.spec b/cobbler.spec index 76b0dcc..86073a8 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -21,12 +21,15 @@ Patch1: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pul Patch2: cobbler-scripts.patch # Remove get-loaders command Patch3: cobbler-remove-get-loaders.patch +# Upstream fix for CVE-2021-45082 +Patch4: cobbler-CVE-2021-45082.patch +# Do not run coverage tests +Patch5: cobbler-nocov.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel %if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: %{py3_dist cheetah3} -BuildRequires: %{py3_dist coverage} BuildRequires: %{py3_dist distro} BuildRequires: %{py3_dist netaddr} BuildRequires: %{py3_dist pyyaml} @@ -38,7 +41,6 @@ BuildRequires: %{py3_dist simplejson} BuildRequires: %{py3_dist sphinx} %else BuildRequires: python%{python3_pkgversion}-cheetah -BuildRequires: python%{python3_pkgversion}-coverage BuildRequires: python%{python3_pkgversion}-distro BuildRequires: python%{python3_pkgversion}-netaddr BuildRequires: python%{python3_pkgversion}-PyYAML @@ -214,7 +216,34 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %license COPYING %doc AUTHORS.in README.md %doc docs/developer-guide.rst docs/quickstart-guide.rst docs/installation-guide.rst -%config(noreplace) %{_sysconfdir}/cobbler +%dir %{_sysconfdir}/cobbler +%config(noreplace) %{_sysconfdir}/cobbler/auth.conf +%config(noreplace) %{_sysconfdir}/cobbler/boot_loader_conf/ +%config(noreplace) %{_sysconfdir}/cobbler/cheetah_macros +%config(noreplace) %{_sysconfdir}/cobbler/dhcp.template +%config(noreplace) %{_sysconfdir}/cobbler/dnsmasq.template +%config(noreplace) %{_sysconfdir}/cobbler/genders.template +%config(noreplace) %{_sysconfdir}/cobbler/import_rsync_whitelist +%config(noreplace) %{_sysconfdir}/cobbler/iso/ +%config(noreplace) %{_sysconfdir}/cobbler/logging_config.conf +%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/modules.conf +%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf +%config(noreplace) %{_sysconfdir}/cobbler/named.template +%config(noreplace) %{_sysconfdir}/cobbler/ndjbdns.template +%config(noreplace) %{_sysconfdir}/cobbler/reporting/ +%config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude +%config(noreplace) %{_sysconfdir}/cobbler/rsync.template +%config(noreplace) %{_sysconfdir}/cobbler/secondary.template +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.yaml +%attr(750, root, apache) %dir %{_sysconfdir}/cobbler/settings.d +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.conf +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.digest +%config(noreplace) %{_sysconfdir}/cobbler/version +%config(noreplace) %{_sysconfdir}/cobbler/zone.template +%config(noreplace) %{_sysconfdir}/cobbler/zone_templates/ %config(noreplace) %{_sysconfdir}/logrotate.d/cobblerd %config(noreplace) /etc/httpd/conf.d/cobbler.conf %{_bindir}/cobbler @@ -252,6 +281,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 +- Apply fixes for CVE-2021-45082/3 +- Remove BR on python3-coverage + * Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 - Fix posttrans script From c2e0a09f15768625bc2766c9d62e2822f8ee9eb7 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 28 Feb 2022 21:42:21 -0700 Subject: [PATCH 061/110] More complete coverage removal --- cobbler-nocov.patch | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index e701455..fe6aa76 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -9,3 +9,38 @@ diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py import pwd import shutil import subprocess +--- cobbler-3.2.2/setup.py.nocov 2022-02-28 21:34:34.996746220 -0700 ++++ cobbler-3.2.2/setup.py 2022-02-28 21:35:51.598440218 -0700 +@@ -373,15 +373,8 @@ + def run(self): + import pytest + +- cov = Coverage() +- cov.erase() +- cov.start() +- + result = pytest.main() + +- cov.stop() +- cov.save() +- cov.html_report(directory="covhtml") + sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) + + +@@ -505,7 +498,6 @@ + url="https://cobbler.github.io", + license="GPLv2+", + setup_requires=[ +- "coverage", + "distro", + "setuptools", + "sphinx", +@@ -528,7 +520,7 @@ + ], + extras_require={ + "lint": ["pyflakes", "pycodestyle"], +- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"] ++ "test": ["pytest", "pytest-mock"] + }, + packages=find_packages(exclude=["*tests*"]), + scripts=[ From a4bb4acfa1d3c4d9e5b27d6bef5c5ef48207bc4f Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 28 Feb 2022 22:13:35 -0700 Subject: [PATCH 062/110] Update to 3.3.1, removes web interface --- 2590.patch | 92 --------- cobbler-CVE-2021-45082.patch | 75 -------- cobbler-httpd.patch | 18 -- cobbler-nocov.patch | 16 +- cobbler-remove-get-loaders.patch | 316 ------------------------------- cobbler-scripts.patch | 12 -- cobbler.spec | 92 ++++----- sources | 2 +- 8 files changed, 41 insertions(+), 582 deletions(-) delete mode 100644 2590.patch delete mode 100644 cobbler-CVE-2021-45082.patch delete mode 100644 cobbler-httpd.patch delete mode 100644 cobbler-remove-get-loaders.patch delete mode 100644 cobbler-scripts.patch diff --git a/2590.patch b/2590.patch deleted file mode 100644 index 5e7221b..0000000 --- a/2590.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 4b5025e9e30db30d6e264fabeb860a7758d7d7ad Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Mon, 8 Mar 2021 22:04:52 -0700 -Subject: [PATCH] autoinstall_templates are installed into - /var/lib/cobbler/templates - ---- - cobbler/actions/sync.py | 2 +- - config/cobbler/settings.yaml | 4 ++-- - docs/cobbler-conf.rst | 4 ++-- - tests/test_data/settings_old | 4 ++-- - 4 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/cobbler/actions/sync.py b/cobbler/actions/sync.py -index 2667edb56..302c81de7 100644 ---- a/cobbler/actions/sync.py -+++ b/cobbler/actions/sync.py -@@ -179,7 +179,7 @@ def clean_trees(self): - if x not in self.settings.webdir_whitelist: - # delete directories that shouldn't exist - utils.rmtree(path, logger=self.logger) -- if x in ["autoinstall_templates", "autoinstall_templates_sys", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: -+ if x in ["templates", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: - # clean out directory contents - utils.rmtree_contents(path, logger=self.logger) - # -diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml -index b2e05a7bf..ac8edccbf 100644 ---- a/config/cobbler/settings.yaml -+++ b/config/cobbler/settings.yaml -@@ -77,7 +77,7 @@ cheetah_import_whitelist: - createrepo_flags: "-c cache -s sha" - - # if no autoinstall template is specified to profile add, use this template --default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks -+default_autoinstall: /var/lib/cobbler/templates/default.ks - - # configure all installed systems to use these nameservers by default - # unless defined differently in the profile. For DHCP configurations -@@ -92,7 +92,7 @@ default_ownership: - - "admin" - - # Cobbler has various sample automatic installation templates stored --# in /var/lib/cobbler/autoinstall_templates/. This controls -+# in /var/lib/cobbler/templates/. This controls - # what install (root) password is set up for those - # systems that reference this variable. The factory - # default is "cobbler" and Cobbler check will warn if -diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst -index 52621e278..ef65acc0b 100644 ---- a/docs/cobbler-conf.rst -+++ b/docs/cobbler-conf.rst -@@ -257,7 +257,7 @@ default_autoinstall - - If no autoinstall template is specified to profile add, use this template. - --default: ``/var/lib/cobbler/autoinstall_templates/default.ks`` -+default: ``/var/lib/cobbler/templates/default.ks`` - - default_name_* - ============== -@@ -284,7 +284,7 @@ default: - default_password_crypted - ======================== - --Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/autoinstall_templates/``. This -+Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/templates/``. This - controls what install (root) password is set up for those systems that reference this variable. The factory default is - "cobbler" and Cobbler check will warn if this is not changed. The simplest way to change the password is to run - ``openssl passwd -1`` and put the output between the ``""``. -diff --git a/tests/test_data/settings_old b/tests/test_data/settings_old -index acbe8cdc9..1b531d21d 100644 ---- a/tests/test_data/settings_old -+++ b/tests/test_data/settings_old -@@ -92,7 +92,7 @@ cheetah_import_whitelist: - createrepo_flags: "-c cache -s sha" - - # if no autoinstall template is specified to profile add, use this template --default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks -+default_autoinstall: /var/lib/cobbler/templates/default.ks - - # configure all installed systems to use these nameservers by default - # unless defined differently in the profile. For DHCP configurations -@@ -107,7 +107,7 @@ default_ownership: - - "admin" - - # cobbler has various sample automatic installation templates stored --# in /var/lib/cobbler/autoinstall_templates/. This controls -+# in /var/lib/cobbler/templates/. This controls - # what install (root) password is set up for those - # systems that reference this variable. The factory - # default is "cobbler" and cobbler check will warn if diff --git a/cobbler-CVE-2021-45082.patch b/cobbler-CVE-2021-45082.patch deleted file mode 100644 index 022f15a..0000000 --- a/cobbler-CVE-2021-45082.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/cobbler.spec b/cobbler.spec -index bbbbae37..1f81456a 100644 ---- a/cobbler.spec -+++ b/cobbler.spec -@@ -382,6 +382,20 @@ fi - %{_datadir}/%{name}/bin/mkgrub.sh >/dev/null 2>&1 - %endif - %systemd_post cobblerd.service -+# Fixup permission for world readable settings files -+chmod 640 %{_sysconfdir}/cobbler/settings.yaml -+chmod 600 %{_sysconfdir}/cobbler/mongodb.conf -+chmod 600 %{_sysconfdir}/cobbler/modules.conf -+chmod 640 %{_sysconfdir}/cobbler/users.conf -+chmod 640 %{_sysconfdir}/cobbler/users.digest -+chmod 750 %{_sysconfdir}/cobbler/settings.d -+chmod 640 %{_sysconfdir}/cobbler/settings.d/* -+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.yaml -+chgrp %{apache_group} %{_sysconfdir}/cobbler/users.conf -+chgrp %{apache_group} %{_sysconfdir}/cobbler/users.digest -+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d -+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d/* -+ - - %preun - %systemd_preun cobblerd.service -@@ -461,8 +475,8 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler - %dir %{_sysconfdir}/cobbler/iso - %config(noreplace) %{_sysconfdir}/cobbler/iso/buildiso.template - %config(noreplace) %{_sysconfdir}/cobbler/logging_config.conf --%config(noreplace) %{_sysconfdir}/cobbler/modules.conf --%config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf -+%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/modules.conf -+%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf - %config(noreplace) %{_sysconfdir}/cobbler/named.template - %config(noreplace) %{_sysconfdir}/cobbler/ndjbdns.template - %dir %{_sysconfdir}/cobbler/reporting -@@ -470,13 +484,13 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler - %config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude - %config(noreplace) %{_sysconfdir}/cobbler/rsync.template - %config(noreplace) %{_sysconfdir}/cobbler/secondary.template --%config(noreplace) %{_sysconfdir}/cobbler/settings.yaml --%dir %{_sysconfdir}/cobbler/settings.d --%config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings --%config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings --%config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings --%config(noreplace) %{_sysconfdir}/cobbler/users.conf --%config(noreplace) %{_sysconfdir}/cobbler/users.digest -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.yaml -+%attr(750, root, %{apache_group}) %dir %{_sysconfdir}/cobbler/settings.d -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.conf -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.digest - %config(noreplace) %{_sysconfdir}/cobbler/version - %config(noreplace) %{_sysconfdir}/cobbler/zone.template - %dir %{_sysconfdir}/cobbler/zone_templates -diff --git a/cobbler/templar.py b/cobbler/templar.py -index 7321e2d5..58ef16de 100644 ---- a/cobbler/templar.py -+++ b/cobbler/templar.py -@@ -77,10 +77,10 @@ class Templar: - """ - lines = data.split("\n") - for line in lines: -- if line.find("#import") != -1: -- rest = line.replace("#import", "").replace(" ", "").strip() -+ if "#import" in line or "#from" in line: -+ rest = line.replace("#import", "").replace("#from", "").replace("import", ".").replace(" ", "").strip() - if self.settings and rest not in self.settings.cheetah_import_whitelist: -- raise CX("potentially insecure import in template: %s" % rest) -+ raise CX(f"Potentially insecure import in template: {rest}") - - def render(self, data_input: Union[TextIO, str], search_table: dict, out_path: Optional[str], - template_type="default") -> str: diff --git a/cobbler-httpd.patch b/cobbler-httpd.patch deleted file mode 100644 index 2464a8c..0000000 --- a/cobbler-httpd.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up cobbler-3.1.2/config/apache/cobbler_web.conf.httpd cobbler-3.1.2/config/apache/cobbler_web.conf ---- cobbler-3.1.2/config/apache/cobbler_web.conf.httpd 2020-05-27 02:26:44.000000000 -0600 -+++ cobbler-3.1.2/config/apache/cobbler_web.conf 2020-07-07 21:12:53.942577055 -0600 -@@ -16,8 +16,6 @@ WSGIDaemonProcess cobbler_web display-na - WSGIProcessGroup cobbler_web - WSGIPassAuthorization On - -- -- - - - SSLRequireSSL -@@ -42,5 +40,3 @@ WSGIPassAuthorization On - AllowOverride None - Require all granted - -- -- diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index fe6aa76..5bce76e 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,6 +1,6 @@ -diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py ---- cobbler-3.2.2/setup.py.nocov 2022-02-28 20:05:35.388747435 -0700 -+++ cobbler-3.2.2/setup.py 2022-02-28 20:06:31.743251279 -0700 +diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py +--- cobbler-3.3.1/setup.py.nocov 2022-02-18 04:55:15.000000000 -0700 ++++ cobbler-3.3.1/setup.py 2022-02-28 21:51:44.969184938 -0700 @@ -18,7 +18,6 @@ from setuptools import find_packages from sphinx.setup_command import BuildDoc @@ -9,9 +9,7 @@ diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py import pwd import shutil import subprocess ---- cobbler-3.2.2/setup.py.nocov 2022-02-28 21:34:34.996746220 -0700 -+++ cobbler-3.2.2/setup.py 2022-02-28 21:35:51.598440218 -0700 -@@ -373,15 +373,8 @@ +@@ -360,15 +359,8 @@ class test_command(Command): def run(self): import pytest @@ -27,15 +25,15 @@ diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) -@@ -505,7 +498,6 @@ - url="https://cobbler.github.io", +@@ -497,7 +489,6 @@ if __name__ == "__main__": + }, license="GPLv2+", setup_requires=[ - "coverage", "distro", "setuptools", "sphinx", -@@ -528,7 +520,7 @@ +@@ -517,7 +508,7 @@ if __name__ == "__main__": ], extras_require={ "lint": ["pyflakes", "pycodestyle"], diff --git a/cobbler-remove-get-loaders.patch b/cobbler-remove-get-loaders.patch deleted file mode 100644 index d2f1981..0000000 --- a/cobbler-remove-get-loaders.patch +++ /dev/null @@ -1,316 +0,0 @@ -commit a798eabd9b9e3e7d4cb8a828a5aa2273c69cec48 -Author: Dominik Gedon -Date: Fri Mar 5 16:25:05 2021 +0100 - - Remove get-loader code - -diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py -index e034071e..4fadab53 100644 ---- a/cobbler/actions/check.py -+++ b/cobbler/actions/check.py -@@ -386,12 +386,11 @@ class CobblerCheck: - not_found.append(loader_name) - - if len(not_found) > 0: -- status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler " -- "get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, " -- "you may ensure that you have installed a *recent* version of the syslinux package " -- "installed and can ignore this message entirely. Files in this directory, should you want " -- "to support all architectures, should include pxelinux.0, menu.c32, and yaboot. The " -- "'cobbler get-loaders' command is the easiest way to resolve these requirements.") -+ status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders. If you only want to " -+ "handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version " -+ "of the syslinux package installed and can ignore this message entirely. Files in this " -+ "directory, should you want to support all architectures, should include pxelinux.0, " -+ "menu.c32, and yaboot.") - - def check_tftpd_dir(self, status): - """ -diff --git a/cobbler/actions/dlcontent.py b/cobbler/actions/dlcontent.py -deleted file mode 100644 -index 84d73b8d..00000000 ---- a/cobbler/actions/dlcontent.py -+++ /dev/null -@@ -1,77 +0,0 @@ --""" --Downloads bootloader content for all arches for when the user doesn't want to supply their own. -- --Copyright 2009, Red Hat, Inc and Others --Michael DeHaan -- --This program is free software; you can redistribute it and/or modify --it under the terms of the GNU General Public License as published by --the Free Software Foundation; either version 2 of the License, or --(at your option) any later version. -- --This program is distributed in the hope that it will be useful, --but WITHOUT ANY WARRANTY; without even the implied warranty of --MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --GNU General Public License for more details. -- --You should have received a copy of the GNU General Public License --along with this program; if not, write to the Free Software --Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA --02110-1301 USA --""" -- --import os -- --from cobbler import clogger --from cobbler import download_manager -- -- --class ContentDownloader: -- -- def __init__(self, collection_mgr, logger=None): -- """ -- Constructor -- -- :param collection_mgr: The main collection manager instance which is used by the current running server. -- :param logger: The logger object which logs to the desired target. -- """ -- self.collection_mgr = collection_mgr -- self.settings = collection_mgr.settings() -- if logger is None: -- logger = clogger.Logger() -- self.logger = logger -- -- def run(self, force: bool = False): -- """ -- Download bootloader content for all of the latest bootloaders, since the user has chosen to not supply their -- own. You may ask "why not get this from yum", we also want this to be able to work on Debian and further do not -- want folks to have to install a cross compiler. For those that don't like this approach they can still source -- their cross-arch bootloader content manually. -- -- :param force: If the target path should be overwritten, even if there are already files present. -- """ -- -- content_server = "https://cobbler.github.io/loaders" -- dest = "/var/lib/cobbler/loaders" -- -- files = ( -- ("%s/README" % content_server, "%s/README" % dest), -- ("%s/COPYING.yaboot" % content_server, "%s/COPYING.yaboot" % dest), -- ("%s/COPYING.syslinux" % content_server, "%s/COPYING.syslinux" % dest), -- ("%s/yaboot-1.3.17" % content_server, "%s/yaboot" % dest), -- ("%s/pxelinux.0-3.86" % content_server, "%s/pxelinux.0" % dest), -- ("%s/menu.c32-3.86" % content_server, "%s/menu.c32" % dest), -- ("%s/grub-0.97-x86.efi" % content_server, "%s/grub-x86.efi" % dest), -- ("%s/grub-0.97-x86_64.efi" % content_server, "%s/grub-x86_64.efi" % dest), -- ) -- -- dlmgr = download_manager.DownloadManager(self.collection_mgr, self.logger) -- for src, dst in files: -- if os.path.exists(dst) and not force: -- self.logger.info("path %s already exists, not overwriting existing content, use --force if you wish " -- "to update" % dst) -- continue -- self.logger.info("downloading %s to %s" % (src, dst)) -- dlmgr.download_file(src, dst) -- --# EOF -diff --git a/cobbler/api.py b/cobbler/api.py -index bdf18391..9c52015e 100644 ---- a/cobbler/api.py -+++ b/cobbler/api.py -@@ -25,7 +25,7 @@ import random - import tempfile - from typing import Optional - --from cobbler.actions import status, dlcontent, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync -+from cobbler.actions import status, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync - from cobbler import autoinstall_manager - from cobbler import clogger - from cobbler.cobbler_collections import manager -@@ -1276,21 +1276,6 @@ class CobblerAPI: - - # ========================================================================== - -- def dlcontent(self, force=False, logger=None): -- """ -- Downloads bootloader content that may not be avialable in packages for the given arch, ex: if installing on PPC, -- get syslinux. If installing on x86_64, get elilo, etc. -- -- :param force: Force the download, although the content may be already downloaded. -- :param logger: The logger to audit the removal with. -- """ -- # FIXME: teach code that copies it to grab from the right place -- self.log("dlcontent") -- grabber = dlcontent.ContentDownloader(self._collection_mgr, logger=logger) -- return grabber.run(force) -- -- # ========================================================================== -- - def validate_autoinstall_files(self, logger=None): - """ - Validate if any of the autoinstallation files are invalid and if yes report this. -diff --git a/cobbler/cli.py b/cobbler/cli.py -index 5441ce0a..9a6c4fff 100644 ---- a/cobbler/cli.py -+++ b/cobbler/cli.py -@@ -55,7 +55,7 @@ OBJECT_ACTIONS = [] - for actions in list(OBJECT_ACTIONS_MAP.values()): - OBJECT_ACTIONS += actions - DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validate-autoinstalls version " \ -- "signature get-loaders hardlink".split() -+ "signature hardlink".split() - - #################################################### - -@@ -687,10 +687,6 @@ class CobblerCLI: - elif action_name == "validate-autoinstalls": - (options, args) = self.parser.parse_args(self.args) - task_id = self.start_task("validate_autoinstall_files", options) -- elif action_name == "get-loaders": -- self.parser.add_option("--force", dest="force", action="store_true", help="overwrite any existing content in /var/lib/cobbler/loaders") -- (options, args) = self.parser.parse_args(self.args) -- task_id = self.start_task("dlcontent", options) - elif action_name == "import": - self.parser.add_option("--arch", dest="arch", help="OS architecture being imported") - self.parser.add_option("--breed", dest="breed", help="the breed being imported") -diff --git a/cobbler/remote.py b/cobbler/remote.py -index 759879a8..ac788752 100644 ---- a/cobbler/remote.py -+++ b/cobbler/remote.py -@@ -200,18 +200,6 @@ class CobblerXMLRPCInterface: - ) - return self.__start_task(runner, token, "aclsetup", "(CLI) ACL Configuration", options) - -- def background_dlcontent(self, options, token) -> str: -- """ -- Download bootloaders and other support files. -- -- :param options: Unknown what this parameter is doing at the moment. -- :param token: The API-token obtained via the login() method. The API-token obtained via the login() method. -- :return: The id of the task which was started. -- """ -- def runner(self): -- self.remote.api.dlcontent(self.options.get("force", False), self.logger) -- return self.__start_task(runner, token, "get_loaders", "Download Bootloader Content", options) -- - def background_sync(self, options, token) -> str: - """ - Run a full Cobbler sync in the background. -diff --git a/config/bash/completion/cobbler b/config/bash/completion/cobbler -index f2d5bd59..169dbaec 100755 ---- a/config/bash/completion/cobbler -+++ b/config/bash/completion/cobbler -@@ -9,7 +9,7 @@ _cobbler_completions() - prev="${COMP_WORDS[COMP_CWORD-1]}" - cobbler_type=${COMP_WORDS[1]} - COMPREPLY=() -- TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature get-loaders hardlink" -+ TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature hardlink" - ACTION="add edit copy list remove rename report" - opts=( - [distro]="--ctime --depth --mtime --source-repos --tree-build-time --uid --arch --autoinstall-meta --boot-files --boot-loader --breed --comment --fetchable-files --initrd --kernel --kernel-options --kernel-options-post --mgmt-classes --name --os-version --owners --redhat-management-key --template-files --in-place --help" -diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml -index 82b8c11f..b2e05a7b 100644 ---- a/config/cobbler/settings.yaml -+++ b/config/cobbler/settings.yaml -@@ -426,7 +426,7 @@ replicate_repo_rsync_options: "-avzH" - # always write DHCP entries, regardless if netboot is enabled - always_write_dhcp_entries: false - --# External proxy - used by: "get-loaders", "reposync", "signature update" -+# External proxy - used by: reposync", "signature update" - # Eg: "http://192.168.1.1:8080" (HTTP), "https://192.168.1.1:8443" (HTTPS) - proxy_url_ext: "" - -diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst -index 673beffd..808d7738 100644 ---- a/docs/cobbler-conf.rst -+++ b/docs/cobbler-conf.rst -@@ -577,7 +577,7 @@ default: ``ipmilanplus`` - proxy_url_ext - ============= - --External proxy which is used by the following commands: ``get-loaders``, ``reposync``, ``signature update`` -+External proxy which is used by the following commands: ``reposync``, ``signature update`` - - defaults: - -diff --git a/docs/cobbler.rst b/docs/cobbler.rst -index 1fffc41e..6332a662 100644 ---- a/docs/cobbler.rst -+++ b/docs/cobbler.rst -@@ -74,7 +74,7 @@ Long Usage: - .. code-block:: shell - - cobbler ... [add|edit|copy|get-autoinstall*|list|remove|rename|report] [options|--help] -- cobbler [options|--help] -+ cobbler [options|--help] - - Cobbler distro - ============== -@@ -1071,15 +1071,6 @@ Example: - - $ cobbler signature - --Cobbler get-loaders --=================== -- --Example: -- --.. code-block:: shell -- -- $ cobbler get-loaders -- - Cobbler hardlink - ================ - -diff --git a/docs/code-autodoc/cobbler.actions.rst b/docs/code-autodoc/cobbler.actions.rst -index 44f7e1a4..a5845996 100644 ---- a/docs/code-autodoc/cobbler.actions.rst -+++ b/docs/code-autodoc/cobbler.actions.rst -@@ -28,14 +28,6 @@ cobbler.actions.check module - :undoc-members: - :show-inheritance: - --cobbler.actions.dlcontent module ---------------------------------- -- --.. automodule:: cobbler.actions.dlcontent -- :members: -- :undoc-members: -- :show-inheritance: -- - cobbler.actions.hardlink module - ------------------------------- - -diff --git a/tests/cli/cobbler_cli_direct_test.py b/tests/cli/cobbler_cli_direct_test.py -index 7cd6729c..01d42d6d 100644 ---- a/tests/cli/cobbler_cli_direct_test.py -+++ b/tests/cli/cobbler_cli_direct_test.py -@@ -148,11 +148,6 @@ class TestCobblerCliTestDirect: - i = assert_report_section(lines, i, "packages") - i = assert_report_section(lines, i, "files") - -- def test_cobbler_getloaders(self, run_cmd, get_last_line): -- (outputstd, outputerr) = run_cmd(cmd=["get-loaders"]) -- lines = outputstd.split("\n") -- assert "*** TASK COMPLETE ***" == get_last_line(lines) -- - def test_cobbler_hardlink(self, run_cmd, get_last_line): - (outputstd, outputerr) = run_cmd(cmd=["hardlink"]) - lines = outputstd.split("\n") -diff --git a/tests/xmlrpcapi/background_test.py b/tests/xmlrpcapi/background_test.py -index 36c03b01..64e219ca 100644 ---- a/tests/xmlrpcapi/background_test.py -+++ b/tests/xmlrpcapi/background_test.py -@@ -25,15 +25,6 @@ class TestBackground: - # Assert - assert result - -- def test_background_dlccontent(self, remote, token): -- # Arrange -- -- # Act -- result = remote.background_dlcontent({}, token) -- -- # Assert -- assert result -- - def test_background_hardlink(self, remote, token): - # Arrange - diff --git a/cobbler-scripts.patch b/cobbler-scripts.patch deleted file mode 100644 index 97f3058..0000000 --- a/cobbler-scripts.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cobbler-3.2.1/setup.py.orig cobbler-3.2.1/setup.py ---- cobbler-3.2.1/setup.py.orig 2021-03-04 12:07:10.000000000 -0700 -+++ cobbler-3.2.1/setup.py 2021-03-08 22:25:15.239563778 -0700 -@@ -566,7 +566,7 @@ if __name__ == "__main__": - ("share/cobbler/web", glob("web/*.*")), - ("%s" % webcontent, glob("web/static/*")), - ("%s" % webimages, glob("web/static/images/*")), -- ("share/cobbler/bin", glob("scripts/*.sh")), -+ ("share/cobbler/bin", glob("scripts/*")), - ("share/cobbler/web/templates", glob("web/templates/*")), - ("%s/webui_sessions" % libpath, []), - ("%s/loaders" % libpath, []), diff --git a/cobbler.spec b/cobbler.spec index 86073a8..6cebfa6 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,27 +4,16 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.2.2 -Release: 9%{?dist} +Version: 3.3.1 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz #Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz Source1: migrate-settings.sh -# Revert upstream's VirtualHost addition -# https://github.com/cobbler/cobbler/issues/2286 -Patch0: cobbler-httpd.patch -# Fix autoinstall_templates -> templates -Patch1: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/2590.patch -# Install migrate-data-v2-to-v3.py - https://github.com/cobbler/cobbler/pull/2591 -Patch2: cobbler-scripts.patch -# Remove get-loaders command -Patch3: cobbler-remove-get-loaders.patch -# Upstream fix for CVE-2021-45082 -Patch4: cobbler-CVE-2021-45082.patch # Do not run coverage tests -Patch5: cobbler-nocov.patch +Patch0: cobbler-nocov.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -67,7 +56,6 @@ Requires: %{py3_dist pyyaml} Requires: %{py3_dist requests} Requires: %{py3_dist schema} Requires: %{py3_dist simplejson} -Requires: %{py3_dist tornado} Requires: genisoimage %if 0%{?fedora} || 0%{?rhel} >= 8 @@ -80,12 +68,15 @@ Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate +Recommends: %{py3_dist ldap} Recommends: %{py3_dist librepo} %else +Requires: %{py3_dist ldap} Requires: yum-utils %endif # https://github.com/cobbler/cobbler/issues/1685 Requires: /sbin/service +Obsoletes: cobbler-web < 3.3 BuildRequires: systemd Requires(post): systemd @@ -93,28 +84,13 @@ Requires(preun): systemd Requires(postun): systemd %description -Cobbler is a network install server. Cobbler supports PXE, ISO -virtualized installs, and re-installing existing Linux machines. -The last two modes use a helper tool, 'koan', that integrates with -cobbler. There is also a web interface 'cobbler-web'. Cobbler's -advanced features include importing distributions from DVDs and rsync -mirrors, kickstart templating, integrated yum mirroring, and built-in -DHCP/DNS Management. Cobbler has a XML-RPC API for integration with -other applications. - - -%package -n cobbler-web -Summary: Web interface for Cobbler -Requires: cobbler = %{version}-%{release} -Requires: %{py3_dist django} -Requires: %{py3_dist mod_wsgi} -Requires: mod_ssl -Requires(post): coreutils -Requires(post): sed - -%description -n cobbler-web -Web interface for Cobbler that allows visiting -http://server/cobbler_web to configure the install server. +Cobbler is a network install server. Cobbler supports PXE, ISO +virtualized installs, and re-installing existing Linux machines. The +last two modes use a helper tool, 'koan', that integrates with cobbler. +Cobbler's advanced features include importing distributions from DVDs +and rsync mirrors, kickstart templating, integrated yum mirroring, and +built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration +with other applications. %package tests @@ -150,9 +126,6 @@ mkdir -p %{buildroot}%{tftpboot_dir}/{boot,etc,grub/system{,_link},images{,2},pp mkdir -p %{buildroot}%{_unitdir} mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd.service %{buildroot}%{_unitdir} -# cobbler-web -rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf - # ghosted files touch %{buildroot}%{_sharedstatedir}/cobbler/web.ss @@ -179,6 +152,19 @@ fi %post %systemd_post cobblerd.service +# Fixup permission for world readable settings files +chmod 640 %{_sysconfdir}/cobbler/settings.yaml +chmod 600 %{_sysconfdir}/cobbler/mongodb.conf +chmod 600 %{_sysconfdir}/cobbler/modules.conf +chmod 640 %{_sysconfdir}/cobbler/users.conf +chmod 640 %{_sysconfdir}/cobbler/users.digest +chmod 750 %{_sysconfdir}/cobbler/settings.d +chmod 640 %{_sysconfdir}/cobbler/settings.d/* +chgrp apache %{_sysconfdir}/cobbler/settings.yaml +chgrp apache %{_sysconfdir}/cobbler/users.conf +chgrp apache %{_sysconfdir}/cobbler/users.digest +chgrp apache %{_sysconfdir}/cobbler/settings.d +chgrp apache %{_sysconfdir}/cobbler/settings.d/* %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -204,13 +190,6 @@ fi %postun %systemd_postun_with_restart cobblerd.service -%post -n cobbler-web -# Change the SECRET_KEY option in the Django settings.py file -# required for security reasons, should be unique on all systems -# Choose from letters and numbers only, so no special chars like ampersand (&). -RAND_SECRET=$(head /dev/urandom | tr -dc 'A-Za-z0-9!' | head -c 50 ; echo '') -sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler/web/settings.py - %files %license COPYING @@ -221,6 +200,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %config(noreplace) %{_sysconfdir}/cobbler/boot_loader_conf/ %config(noreplace) %{_sysconfdir}/cobbler/cheetah_macros %config(noreplace) %{_sysconfdir}/cobbler/dhcp.template +%config(noreplace) %{_sysconfdir}/cobbler/dhcp6.template %config(noreplace) %{_sysconfdir}/cobbler/dnsmasq.template %config(noreplace) %{_sysconfdir}/cobbler/genders.template %config(noreplace) %{_sysconfdir}/cobbler/import_rsync_whitelist @@ -239,17 +219,19 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/windows.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.conf %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.digest %config(noreplace) %{_sysconfdir}/cobbler/version +%config(noreplace) %{_sysconfdir}/cobbler/windows/ %config(noreplace) %{_sysconfdir}/cobbler/zone.template %config(noreplace) %{_sysconfdir}/cobbler/zone_templates/ %config(noreplace) %{_sysconfdir}/logrotate.d/cobblerd %config(noreplace) /etc/httpd/conf.d/cobbler.conf %{_bindir}/cobbler +%{_bindir}/cobbler-settings %{_bindir}/cobbler-ext-nodes %{_bindir}/cobblerd -%{_sbindir}/tftpd.py %{_datadir}/bash-completion/ %dir %{_datadir}/cobbler %{_datadir}/cobbler/bin @@ -262,25 +244,17 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %{tftpboot_dir}/* /var/www/cobbler %config(noreplace) %{_sharedstatedir}/cobbler -%exclude %{_sharedstatedir}/cobbler/web.ss -%exclude %{_sharedstatedir}/cobbler/webui_sessions /var/log/cobbler -%files -n cobbler-web -%license COPYING -%doc AUTHORS.in README.md -%config(noreplace) /etc/httpd/conf.d/cobbler_web.conf -%attr(-,apache,apache) %{_datadir}/cobbler/web -%ghost %attr(0660,apache,root) %{_sharedstatedir}/cobbler/web.ss -%dir %attr(700,apache,root) %{_sharedstatedir}/cobbler/webui_sessions -%attr(-,apache,apache) /var/www/cobbler_webui_content/ - %files tests %dir %{_datadir}/cobbler/tests %{_datadir}/cobbler/tests/* %changelog +* Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 +- Update to 3.3.1, removes web interface + * Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 - Apply fixes for CVE-2021-45082/3 - Remove BR on python3-coverage diff --git a/sources b/sources index e8eac50..f8efb80 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.2.2.tar.gz) = 65f3bf3bb43d1b1a6631ab299cd5a9a807c8e20ea07a61f89edc425b4833be5f2ddf0ac473010906bbcaaa5edfad577378185290bd2db01d9d64f276c2ad6be9 +SHA512 (cobbler-3.3.1.tar.gz) = 0ffbb67608c01447c51076780982b16e173ec3c0a22733654ad9522a17ade1a60da095ab8e77d5ae10f9d958050d4bcda61965d3aec37bb364fd3ee6666580ea From ad73eb12ceb44defd33b2160d673d6fde10f44cd Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 2 Mar 2022 21:47:12 -0700 Subject: [PATCH 063/110] Apply fixes for CVE-2021-45082/3 Drop EL6 support --- cobbler-CVE-2021-45082.patch | 34 +++++++++++ cobbler.spec | 109 +++++++++++++++-------------------- 2 files changed, 79 insertions(+), 64 deletions(-) create mode 100644 cobbler-CVE-2021-45082.patch diff --git a/cobbler-CVE-2021-45082.patch b/cobbler-CVE-2021-45082.patch new file mode 100644 index 0000000..243117d --- /dev/null +++ b/cobbler-CVE-2021-45082.patch @@ -0,0 +1,34 @@ +commit 267184cc5c8db764847eee2d9ba0f5006879adfe +Author: Alexander Graul +Date: Wed Feb 16 09:48:40 2022 +0100 + + Security: Fix incomplete template sanitization + + This only affects Cheetah templating. + + Without this commit, it is possible to evade the + "cheetah_import_whitelist" and import arbitraty Python code. + + Example exploit: #from exploit import pwned + + CVE-ID: CVE-2021-45082 + +diff --git a/cobbler/templar.py b/cobbler/templar.py +index c425908f..b2b99cb2 100644 +--- a/cobbler/templar.py ++++ b/cobbler/templar.py +@@ -76,10 +76,10 @@ class Templar: + """ + lines = data.split("\n") + for line in lines: +- if line.find("#import") != -1: +- rest=line.replace("#import","").replace(" ","").strip() +- if self.settings and rest not in self.settings.cheetah_import_whitelist: +- raise CX("potentially insecure import in template: %s" % rest) ++ if "#import" in line or "#from" in line: ++ rest = line.replace("#import", "").replace("#from", "").replace("import", ".").replace(" ", "").strip() ++ if self.settings and rest not in self.settings.cheetah_import_whitelist: ++ raise CX("Potentially insecure import in template: %s" % rest) + + def render(self, data_input, search_table, out_path, subject=None, template_type=None): + """ diff --git a/cobbler.spec b/cobbler.spec index a012093..8e2586c 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,24 +7,22 @@ Name: cobbler Version: 2.8.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz # Remove get-loaders Patch0: cobbler-remove-get-loaders.patch +# Fix unsafe cheetah imports +Patch1: cobbler-CVE-2021-45082.patch BuildRequires: git BuildRequires: /usr/bin/pathfix.py BuildRequires: python2-devel BuildRequires: python2-pyyaml BuildRequires: python2-setuptools -%if 0%{?fedora} || 0%{?rhel} > 7 BuildRequires: python2-cheetah -%else -BuildRequires: python-cheetah -%endif Requires: httpd Requires: tftp-server @@ -32,17 +30,10 @@ Requires: createrepo Requires: rsync Requires: python2-simplejson Requires: python2-pyyaml -%if 0%{?fedora} || 0%{?rhel} > 7 Requires: python2-mod_wsgi Requires: python2-cheetah Requires: python2-netaddr Requires: python2-urlgrabber -%else -Requires: mod_wsgi -Requires: python-cheetah -Requires: python-netaddr -Requires: python-urlgrabber -%endif # syslinux is only available on x86 %ifarch %{ix86} x86_64 Requires: syslinux @@ -56,16 +47,10 @@ Requires: yum-utils %endif # https://github.com/cobbler/cobbler/issues/1685 Requires: /sbin/service -%if 0%{?fedora} || 0%{?rhel} >= 7 BuildRequires: systemd Requires(post): systemd Requires(preun): systemd Requires(postun): systemd -%else -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/chkconfig -Requires(preun): /sbin/service -%endif %description Cobbler is a network install server. Cobbler supports PXE, ISO @@ -90,12 +75,7 @@ Requires: python2-ipaddress Requires: python2-django Requires: python-ipaddress %endif -%if 0%{?fedora} || 0%{?rhel} > 7 Requires: python2-mod_wsgi -%else -Requires: Django > 1.6 -Requires: mod_wsgi -%endif Requires: mod_ssl Requires(post): openssl @@ -108,13 +88,8 @@ http://server/cobbler_web to configure the install server. Summary: Helper tool that performs cobbler orders on remote machines BuildArch: noarch Requires: python2-simplejson -%if 0%{?fedora} || 0%{?rhel} > 7 Requires: python2-ethtool Requires: python2-urlgrabber -%else -Requires: python-ethtool -Requires: python-urlgrabber -%endif Requires: /sbin/service Requires: virt-install @@ -143,18 +118,11 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd_rotate $RPM_BUILD_ROOT%{_sysco # Create data directories in tftp_dir mkdir -p $RPM_BUILD_ROOT%{tftp_dir}/{boot,etc,grub,images{,2},ppc,pxelinux.cfg,s390x} -%if 0%{?rhel} == 6 -# sysvinit -mkdir -p %{_sysconfdir}/init.d -mv $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/cobblerd -rm $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd.service -%else # systemd rm $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd rm $RPM_BUILD_ROOT%{_sysconfdir}/init.d/cobblerd mkdir -p $RPM_BUILD_ROOT%{_unitdir} mv $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobblerd.service $RPM_BUILD_ROOT%{_unitdir} -%endif # cobbler-web rm $RPM_BUILD_ROOT%{_sysconfdir}/cobbler/cobbler_web.conf @@ -181,38 +149,23 @@ if (( $1 >= 2 )); then fi -%if 0%{?rhel} == 6 -%post -# package install -if (( $1 == 1 )); then - /sbin/chkconfig --add cobblerd > /dev/null 2>&1 - /etc/init.d/cobblerd start > /dev/null 2>&1 - /etc/init.d/httpd restart > /dev/null 2>&1 -fi -%preun -# before last package is removed -if (( $1 == 0 )); then - /sbin/chkconfig --del cobblerd > /dev/null 2>&1 - /etc/init.d/cobblerd stop > /dev/null 2>&1 -fi -%postun -# after last package is removed -if (( $1 == 0 )); then - /etc/init.d/httpd condrestart > /dev/null 2>&1 -fi -%endif - - -%if 0%{?fedora} || 0%{?rhel} >= 7 %post %systemd_post cobblerd.service +# Fixup permission for world readable settings files +chmod 640 %{_sysconfdir}/cobbler/settings +chmod 600 %{_sysconfdir}/cobbler/mongodb.conf +chmod 600 %{_sysconfdir}/cobbler/modules.conf +chmod 640 %{_sysconfdir}/cobbler/users.conf +chmod 640 %{_sysconfdir}/cobbler/users.digest +chgrp %{apache_group} %{_sysconfdir}/cobbler/settings +chgrp %{apache_group} %{_sysconfdir}/cobbler/users.conf +chgrp %{apache_group} %{_sysconfdir}/cobbler/users.digest %preun %systemd_preun cobblerd.service %postun %systemd_postun_with_restart cobblerd.service -%endif %post -n cobbler-web # Change the SECRET_KEY option in the Django settings.py file @@ -224,7 +177,35 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %files %license COPYING %doc AUTHORS README.md docs/README.openvz docs/README.mysql -%config(noreplace) %{_sysconfdir}/cobbler +%dir %{_sysconfdir}/cobbler +%config(noreplace) %{_sysconfdir}/cobbler/auth.conf +%config(noreplace) %{_sysconfdir}/cobbler/cheetah_macros +%config(noreplace) %{_sysconfdir}/cobbler/cobbler_bash +%config(noreplace) %{_sysconfdir}/cobbler/completions +%config(noreplace) %{_sysconfdir}/cobbler/dhcp.template +%config(noreplace) %{_sysconfdir}/cobbler/dnsmasq.template +%config(noreplace) %{_sysconfdir}/cobbler/genders.template +%config(noreplace) %{_sysconfdir}/cobbler/import_rsync_whitelist +%dir %{_sysconfdir}/cobbler/iso +%config(noreplace) %{_sysconfdir}/cobbler/iso/buildiso.template +%config(noreplace) %{_sysconfdir}/cobbler/ldap/ +%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/modules.conf +%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf +%config(noreplace) %{_sysconfdir}/cobbler/named.template +%config(noreplace) %{_sysconfdir}/cobbler/power/ +%config(noreplace) %{_sysconfdir}/cobbler/pxe/ +%dir %{_sysconfdir}/cobbler/reporting +%config(noreplace) %{_sysconfdir}/cobbler/reporting/build_report_email.template +%config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude +%config(noreplace) %{_sysconfdir}/cobbler/rsync.template +%config(noreplace) %{_sysconfdir}/cobbler/secondary.template +%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings +%config(noreplace) %{_sysconfdir}/cobbler/tftpd.template +%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.conf +%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.digest +%config(noreplace) %{_sysconfdir}/cobbler/version +%config(noreplace) %{_sysconfdir}/cobbler/zone.template +%dir %{_sysconfdir}/cobbler/zone_templates %config(noreplace) %{_sysconfdir}/logrotate.d/cobblerd %config(noreplace) /etc/httpd/conf.d/cobbler.conf %{_bindir}/cobbler @@ -234,11 +215,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %{_mandir}/man1/cobbler.1* %{python2_sitelib}/cobbler/ %{python2_sitelib}/cobbler*.egg-info -%if 0%{?fedora} || 0%{?rhel} >= 7 %{_unitdir}/cobblerd.service -%else -/etc/init.d/cobblerd -%endif %{tftp_dir}/* /var/www/cobbler %config(noreplace) /var/lib/cobbler @@ -271,6 +248,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Thu Mar 03 2022 Orion Poplawski - 2.8.5-3 +- Apply fixes for CVE-2021-45082/3 +- Drop EL6 support + * Thu Dec 09 2021 Orion Poplawski - 2.8.5-2 - Remove defunct get-loaders command From 7ad7c967bcaf3d8c08be770e753e568d2e96715c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 3 Mar 2022 08:37:12 -0700 Subject: [PATCH 064/110] Fix apache group --- cobbler.spec | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 8e2586c..e06688d 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,7 +7,7 @@ Name: cobbler Version: 2.8.5 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ @@ -157,9 +157,9 @@ chmod 600 %{_sysconfdir}/cobbler/mongodb.conf chmod 600 %{_sysconfdir}/cobbler/modules.conf chmod 640 %{_sysconfdir}/cobbler/users.conf chmod 640 %{_sysconfdir}/cobbler/users.digest -chgrp %{apache_group} %{_sysconfdir}/cobbler/settings -chgrp %{apache_group} %{_sysconfdir}/cobbler/users.conf -chgrp %{apache_group} %{_sysconfdir}/cobbler/users.digest +chgrp apache %{_sysconfdir}/cobbler/settings +chgrp apache %{_sysconfdir}/cobbler/users.conf +chgrp apache %{_sysconfdir}/cobbler/users.digest %preun %systemd_preun cobblerd.service @@ -199,10 +199,10 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude %config(noreplace) %{_sysconfdir}/cobbler/rsync.template %config(noreplace) %{_sysconfdir}/cobbler/secondary.template -%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings %config(noreplace) %{_sysconfdir}/cobbler/tftpd.template -%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.conf -%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.digest +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.conf +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.digest %config(noreplace) %{_sysconfdir}/cobbler/version %config(noreplace) %{_sysconfdir}/cobbler/zone.template %dir %{_sysconfdir}/cobbler/zone_templates @@ -248,6 +248,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Thu Mar 03 2022 Orion Poplawski - 2.8.5-4 +- Fix apache group + * Thu Mar 03 2022 Orion Poplawski - 2.8.5-3 - Apply fixes for CVE-2021-45082/3 - Drop EL6 support From 1a1895e5f34c7051a319a1511dc93ece90ecd3e0 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 7 Mar 2022 10:29:07 -0700 Subject: [PATCH 065/110] Restore EL7 requires --- cobbler.spec | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index e06688d..ac1b8b0 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,7 +7,7 @@ Name: cobbler Version: 2.8.5 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ @@ -22,18 +22,28 @@ BuildRequires: /usr/bin/pathfix.py BuildRequires: python2-devel BuildRequires: python2-pyyaml BuildRequires: python2-setuptools +%if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: python2-cheetah +%else +BuildRequires: python-cheetah +%endif Requires: httpd Requires: tftp-server Requires: createrepo Requires: rsync +Requires: python2-cheetah Requires: python2-simplejson Requires: python2-pyyaml +%if 0%{?fedora} || 0%{?rhel} >= 8 Requires: python2-mod_wsgi -Requires: python2-cheetah Requires: python2-netaddr Requires: python2-urlgrabber +%else +Requires: mod_wsgi +Requires: python-netaddr +Requires: python-urlgrabber +%endif # syslinux is only available on x86 %ifarch %{ix86} x86_64 Requires: syslinux @@ -75,7 +85,11 @@ Requires: python2-ipaddress Requires: python2-django Requires: python-ipaddress %endif +%if 0%{?fedora} || 0%{?rhel} >= 8 Requires: python2-mod_wsgi +%else +Requires: mod_wsgi +%endif Requires: mod_ssl Requires(post): openssl @@ -88,8 +102,13 @@ http://server/cobbler_web to configure the install server. Summary: Helper tool that performs cobbler orders on remote machines BuildArch: noarch Requires: python2-simplejson +%if 0%{?fedora} || 0%{?rhel} >= 8 Requires: python2-ethtool Requires: python2-urlgrabber +%else +Requires: python-ethtool +Requires: python-urlgrabber +%endif Requires: /sbin/service Requires: virt-install @@ -248,6 +267,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Mon Mar 07 2022 Orion Poplawski - 2.8.5-5 +- Restore EL7 requires + * Thu Mar 03 2022 Orion Poplawski - 2.8.5-4 - Fix apache group From fed0a69bb7ea5d4bd4ee79463ecfdaeb62bc852f Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 12 Mar 2022 09:53:49 -0700 Subject: [PATCH 066/110] Update to 3.3.2 --- cobbler.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 6cebfa6..70f67c8 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,7 +4,7 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.3.1 +Version: 3.3.2 Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ @@ -252,6 +252,9 @@ fi %changelog +* Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 +- Update to 3.3.2 + * Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 - Update to 3.3.1, removes web interface diff --git a/sources b/sources index f8efb80..002bd94 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.1.tar.gz) = 0ffbb67608c01447c51076780982b16e173ec3c0a22733654ad9522a17ade1a60da095ab8e77d5ae10f9d958050d4bcda61965d3aec37bb364fd3ee6666580ea +SHA512 (cobbler-3.3.2.tar.gz) = 77a2d6c468366178952d68ca67dc8cbb5eb396f2a69f5b2fc1b3a1d38ac186046516d51d891c59e6605e92d31453c947de107ac859500625e029ce5d1f59db60 From aed96123ed55de0b1e3b008f1de04f73cd914f7c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 23 Mar 2022 07:07:43 -0600 Subject: [PATCH 067/110] Add upstream patch for CVE-2022-0860 (bz#2066592) --- cobbler-CVE-2022-0860.patch | 25 +++++++++++++++++++++++++ cobbler.spec | 9 +++++++-- 2 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 cobbler-CVE-2022-0860.patch diff --git a/cobbler-CVE-2022-0860.patch b/cobbler-CVE-2022-0860.patch new file mode 100644 index 0000000..ca06763 --- /dev/null +++ b/cobbler-CVE-2022-0860.patch @@ -0,0 +1,25 @@ +diff --git a/cobbler/modules/authn_pam.py b/cobbler/modules/authn_pam.py +index 80ac4e7..26981f7 100644 +--- a/cobbler/modules/authn_pam.py ++++ b/cobbler/modules/authn_pam.py +@@ -114,6 +114,10 @@ PAM_AUTHENTICATE = LIBPAM.pam_authenticate + PAM_AUTHENTICATE.restype = c_int + PAM_AUTHENTICATE.argtypes = [PamHandle, c_int] + ++PAM_ACCT_MGMT = LIBPAM.pam_acct_mgmt ++PAM_ACCT_MGMT.restype = c_int ++PAM_ACCT_MGMT.argtypes = [PamHandle, c_int] ++ + def authenticate(api_handle, username, password): + """ + Returns True if the given username and password authenticate for the +@@ -152,5 +156,9 @@ def authenticate(api_handle, username, password): + return False + + retval = PAM_AUTHENTICATE(handle, 0) ++ ++ if retval == 0: ++ retval = PAM_ACCT_MGMT(handle, 0) ++ + return retval == 0 + diff --git a/cobbler.spec b/cobbler.spec index ac1b8b0..de3752f 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -7,7 +7,7 @@ Name: cobbler Version: 2.8.5 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Boot server configurator URL: http://cobbler.github.io/ License: GPLv2+ @@ -16,6 +16,8 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-% Patch0: cobbler-remove-get-loaders.patch # Fix unsafe cheetah imports Patch1: cobbler-CVE-2021-45082.patch +# Upstream fix for CVE-2022-0860 (expired accounts) +Patch2: cobbler-CVE-2022-0860.patch BuildRequires: git BuildRequires: /usr/bin/pathfix.py @@ -153,7 +155,7 @@ mkdir -p $RPM_BUILD_ROOT/var/spool/koan %pre if (( $1 >= 2 )); then # package upgrade: backup configuration - DATE=$(date "+%Y%m%d-%H%M%S") + DATE=$(date "+%Y%m%d-%H%M%%S") if [[ ! -d /var/lib/cobbler/backup/upgrade-${DATE} ]]; then mkdir -p /var/lib/cobbler/backup/upgrade-${DATE} fi @@ -267,6 +269,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" /usr/share/cobbler/ %changelog +* Wed Mar 23 2022 Orion Poplawski - 2.8.5-6 +- Add upstream patch for CVE-2022-0860 (bz#2066592) + * Mon Mar 07 2022 Orion Poplawski - 2.8.5-5 - Restore EL7 requires From a8fe6f7f139d4acef41f510fbb3a49a42615c1d9 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 3 May 2022 19:24:48 -0600 Subject: [PATCH 068/110] Drop setting cache_enabled no longer present in 3.3 --- cobbler.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 70f67c8..fb23430 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -176,7 +176,6 @@ if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then %{_datadir}/cobbler/bin/migrate-settings.sh fi # Add some missing options if needed -grep -q '^cache_enabled:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\ncache_enabled: true' >> %{_sysconfdir}/cobbler/settings.yaml grep -q '^reposync_rsync_flags:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\nreposync_rsync_flags: "-rltDv --copy-unsafe-links"' >> %{_sysconfdir}/cobbler/settings.yaml # Migrate pre-3 configuration data if needed if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then @@ -252,6 +251,9 @@ fi %changelog +* Wed May 04 2022 Orion Poplawski - 3.3.2-2 +- Drop setting cache_enabled no longer present in 3.3 + * Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 - Update to 3.3.2 From 46bf3c8f18c14378071032591223057963d2b197 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 13 Jun 2022 19:37:43 -0600 Subject: [PATCH 069/110] Update to 3.3.3 --- cobbler.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index fb23430..6c4969a 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,8 +4,8 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.3.2 -Release: 2%{?dist} +Version: 3.3.3 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 +- Update to 3.3.3 + * Wed May 04 2022 Orion Poplawski - 3.3.2-2 - Drop setting cache_enabled no longer present in 3.3 diff --git a/sources b/sources index 002bd94..52973e0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.2.tar.gz) = 77a2d6c468366178952d68ca67dc8cbb5eb396f2a69f5b2fc1b3a1d38ac186046516d51d891c59e6605e92d31453c947de107ac859500625e029ce5d1f59db60 +SHA512 (cobbler-3.3.3.tar.gz) = 9011ae3407a3418f476f4d7b76f7b4978904a612f455e31acf44c3e9c223e4aba9bfbc17b7a12b5aedd4f380b6e8f87e0bc57dd826c945adff4fef34857c917f From 017b778961cc6d3c8e0045bdee1a2105ed1366ff Mon Sep 17 00:00:00 2001 From: Python Maint Date: Thu, 23 Jun 2022 17:45:59 +0200 Subject: [PATCH 070/110] Rebuilt for Python 3.11 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6c4969a..ec08d8c 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Thu Jun 23 2022 Python Maint - 3.3.3-2 +- Rebuilt for Python 3.11 + * Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 - Update to 3.3.3 From 5c3c68319dafcbc0602892c376bca6ce7eec8b75 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 20 Jul 2022 23:13:07 +0000 Subject: [PATCH 071/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index ec08d8c..d5dad58 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Thu Jun 23 2022 Python Maint - 3.3.3-2 - Rebuilt for Python 3.11 From c8fb82f394820f7036dc21f8faf320ffd8ca99fd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 00:08:59 +0000 Subject: [PATCH 072/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index d5dad58..066f120 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 375a43720ee461d991f0a63ffb3a020c9e656c45 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Wed, 14 Jun 2023 20:21:15 +0200 Subject: [PATCH 073/110] Rebuilt for Python 3.12 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 066f120..9fe1c64 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Wed Jun 14 2023 Python Maint - 3.3.3-5 +- Rebuilt for Python 3.12 + * Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 218561053551de5a62d6236df06110aa759343ef Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 16 Jul 2023 22:29:22 -0600 Subject: [PATCH 074/110] Add patch to fix build with Sphinx 7 --- cobbler-sphinx7.patch | 92 +++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 8 +++- 2 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 cobbler-sphinx7.patch diff --git a/cobbler-sphinx7.patch b/cobbler-sphinx7.patch new file mode 100644 index 0000000..55cc655 --- /dev/null +++ b/cobbler-sphinx7.patch @@ -0,0 +1,92 @@ +diff --git a/MANIFEST.in b/MANIFEST.in +index 7554c69..95c5b48 100644 +--- a/MANIFEST.in ++++ b/MANIFEST.in +@@ -2,6 +2,7 @@ include COPYING AUTHORS + include cobbler.spec config/service/cobblerd.service + include AUTHORS.in README.md + include distro_build_configs.sh ++include Makefile + recursive-include misc * + recursive-include bin * + recursive-include config * +diff --git a/Makefile b/Makefile +index 1c41ba4..ff9ff67 100644 +--- a/Makefile ++++ b/Makefile +@@ -55,6 +55,9 @@ doc: ## Creates the documentation with sphinx in html form. + @echo "creating: documentation" + @cd docs; make html > /dev/null 2>&1 + ++man: ## Creates documentation and man pages using Sphinx ++ @${PYTHON} -m sphinx -b man -j auto ./docs ./build/sphinx/man ++ + qa: ## If pyflakes and/or pycodestyle is found then they are run. + ifeq ($(strip $(PYFLAKES)),) + @echo "No pyflakes found" +diff --git a/cobbler.spec b/cobbler.spec +index fb17d8c..01f71e2 100644 +--- a/cobbler.spec ++++ b/cobbler.spec +@@ -304,6 +304,7 @@ sed -e "s|/var/lib/tftpboot|%{tftpboot_dir}|g" -i config/cobbler/settings.yaml + [ "${TFTPROOT}" != %{tftpboot_dir} ] && echo "ERROR: TFTPROOT: ${TFTPROOT} does not match %{tftpboot_dir}" + + %py3_build ++make man + + %install + . distro_build_configs.sh +diff --git a/setup.py b/setup.py +index 502bf2d..cb57be2 100644 +--- a/setup.py ++++ b/setup.py +@@ -14,7 +14,6 @@ from setuptools import dep_util + from distutils.command.build import build as _build + from configparser import ConfigParser + from setuptools import find_packages +-from sphinx.setup_command import BuildDoc + + import codecs + import pwd +@@ -148,16 +147,6 @@ class build(_build): + def run(self): + _build.run(self) + +-##################################################################### +-# # Build man pages using Sphinx ################################### +-##################################################################### +- +- +-class build_man(BuildDoc): +- def initialize_options(self): +- BuildDoc.initialize_options(self) +- self.builder = 'man' +- + ##################################################################### + # # Configure files ################################################## + ##################################################################### +@@ -284,15 +273,7 @@ def has_configure_files(build): + return bool(build.distribution.configure_files) + + +-def has_man_pages(build): +- """Check if the distribution has configuration files to work on.""" +- return bool(build.distribution.man_pages) +- +- +-build.sub_commands.extend(( +- ('build_man', has_man_pages), +- ('build_cfg', has_configure_files) +-)) ++_build.sub_commands.extend((("build_cfg", has_configure_files),)) + + + ##################################################################### +@@ -468,7 +449,6 @@ if __name__ == "__main__": + 'savestate': savestate, + 'restorestate': restorestate, + 'build_cfg': build_cfg, +- 'build_man': build_man + }, + name="cobbler", + version=VERSION, diff --git a/cobbler.spec b/cobbler.spec index 9fe1c64..9b39696 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -14,6 +14,9 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-% Source1: migrate-settings.sh # Do not run coverage tests Patch0: cobbler-nocov.patch +# Fix build with Sphinx 7 +# Backport of https://github.com/cobbler/cobbler/pull/3465.patch +Patch1: cobbler-sphinx7.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -251,6 +254,9 @@ fi %changelog +* Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 +- Add patch to fix build with Sphinx 7 + * Wed Jun 14 2023 Python Maint - 3.3.3-5 - Rebuilt for Python 3.12 From d54231a40ce6c4b1331603816cb64c8ad4ad23e0 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 17 Jul 2023 07:34:17 -0600 Subject: [PATCH 075/110] Manually make man pages --- cobbler.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/cobbler.spec b/cobbler.spec index 9b39696..d6988dc 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -110,6 +110,7 @@ Unit test files from the Cobbler project %build . ./distro_build_configs.sh %py3_build +make man %install . ./distro_build_configs.sh From 762bc499517deeff64aedb0189aa8ecd961287f0 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 17 Jul 2023 07:53:50 -0600 Subject: [PATCH 076/110] Add BR on make --- cobbler.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/cobbler.spec b/cobbler.spec index d6988dc..2faf7e9 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -19,6 +19,7 @@ Patch0: cobbler-nocov.patch Patch1: cobbler-sphinx7.patch BuildArch: noarch +BuildRequires: make BuildRequires: python%{python3_pkgversion}-devel %if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: %{py3_dist cheetah3} From 1e0ee4450a73ab8c49600fd9c09c733d7154b4c1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 15:59:35 +0000 Subject: [PATCH 077/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 2faf7e9..e96c710 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -256,6 +256,9 @@ fi %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 - Add patch to fix build with Sphinx 7 From 00d12f25d0c2c34e153129399a62ec044335cb2d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 15:46:52 +0000 Subject: [PATCH 078/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index e96c710..6079455 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -256,6 +256,9 @@ fi %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From 0fc9b61b9b0bdfbbb85b80b32d8d4eb395e7f99f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jan 2024 07:36:17 +0000 Subject: [PATCH 079/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6079455..51f9ce1 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -256,6 +256,9 @@ fi %changelog +* Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 40e914ee2905c602bbcbe0209386cee2dc09d766 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 26 Feb 2024 21:43:13 -0700 Subject: [PATCH 080/110] Update to 3.3.4 Add local SELinux policy and allow cobbler to check service statuses, run mkfs.fat, and check for reposync and yumdownloader (bz#225122) Change owndership of web.ss to root (bz#2247652) --- cobbler-nocov.patch | 27 ++--- cobbler-sphinx7.patch | 92 ---------------- cobbler.fc | 28 +++++ cobbler.if | 251 ++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 113 +++++++++++++++++-- cobbler.te | 243 ++++++++++++++++++++++++++++++++++++++++ sources | 2 +- 7 files changed, 638 insertions(+), 118 deletions(-) delete mode 100644 cobbler-sphinx7.patch create mode 100644 cobbler.fc create mode 100644 cobbler.if create mode 100644 cobbler.te diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index 5bce76e..40efcf5 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,15 +1,16 @@ -diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py ---- cobbler-3.3.1/setup.py.nocov 2022-02-18 04:55:15.000000000 -0700 -+++ cobbler-3.3.1/setup.py 2022-02-28 21:51:44.969184938 -0700 -@@ -18,7 +18,6 @@ from setuptools import find_packages - from sphinx.setup_command import BuildDoc +diff --git a/setup.py b/setup.py +index 4b21af3..145bdab 100644 +--- a/setup.py ++++ b/setup.py +@@ -16,7 +16,6 @@ from configparser import ConfigParser + from setuptools import find_packages import codecs -from coverage import Coverage import pwd import shutil import subprocess -@@ -360,15 +359,8 @@ class test_command(Command): +@@ -338,15 +337,8 @@ class test_command(Command): def run(self): import pytest @@ -25,7 +26,7 @@ diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) -@@ -497,7 +489,6 @@ if __name__ == "__main__": +@@ -474,7 +466,6 @@ if __name__ == "__main__": }, license="GPLv2+", setup_requires=[ @@ -33,12 +34,12 @@ diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py "distro", "setuptools", "sphinx", -@@ -517,7 +508,7 @@ if __name__ == "__main__": +@@ -494,7 +485,7 @@ if __name__ == "__main__": ], extras_require={ "lint": ["pyflakes", "pycodestyle"], -- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"] -+ "test": ["pytest", "pytest-mock"] - }, - packages=find_packages(exclude=["*tests*"]), - scripts=[ +- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"], ++ "test": ["pytest", "pytest-mock"], + # We require the current version to properly detect duplicate issues + # See: https://github.com/twisted/towncrier/releases/tag/22.8.0 + "changelog": ["towncrier>=22.8.0"], diff --git a/cobbler-sphinx7.patch b/cobbler-sphinx7.patch deleted file mode 100644 index 55cc655..0000000 --- a/cobbler-sphinx7.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff --git a/MANIFEST.in b/MANIFEST.in -index 7554c69..95c5b48 100644 ---- a/MANIFEST.in -+++ b/MANIFEST.in -@@ -2,6 +2,7 @@ include COPYING AUTHORS - include cobbler.spec config/service/cobblerd.service - include AUTHORS.in README.md - include distro_build_configs.sh -+include Makefile - recursive-include misc * - recursive-include bin * - recursive-include config * -diff --git a/Makefile b/Makefile -index 1c41ba4..ff9ff67 100644 ---- a/Makefile -+++ b/Makefile -@@ -55,6 +55,9 @@ doc: ## Creates the documentation with sphinx in html form. - @echo "creating: documentation" - @cd docs; make html > /dev/null 2>&1 - -+man: ## Creates documentation and man pages using Sphinx -+ @${PYTHON} -m sphinx -b man -j auto ./docs ./build/sphinx/man -+ - qa: ## If pyflakes and/or pycodestyle is found then they are run. - ifeq ($(strip $(PYFLAKES)),) - @echo "No pyflakes found" -diff --git a/cobbler.spec b/cobbler.spec -index fb17d8c..01f71e2 100644 ---- a/cobbler.spec -+++ b/cobbler.spec -@@ -304,6 +304,7 @@ sed -e "s|/var/lib/tftpboot|%{tftpboot_dir}|g" -i config/cobbler/settings.yaml - [ "${TFTPROOT}" != %{tftpboot_dir} ] && echo "ERROR: TFTPROOT: ${TFTPROOT} does not match %{tftpboot_dir}" - - %py3_build -+make man - - %install - . distro_build_configs.sh -diff --git a/setup.py b/setup.py -index 502bf2d..cb57be2 100644 ---- a/setup.py -+++ b/setup.py -@@ -14,7 +14,6 @@ from setuptools import dep_util - from distutils.command.build import build as _build - from configparser import ConfigParser - from setuptools import find_packages --from sphinx.setup_command import BuildDoc - - import codecs - import pwd -@@ -148,16 +147,6 @@ class build(_build): - def run(self): - _build.run(self) - --##################################################################### --# # Build man pages using Sphinx ################################### --##################################################################### -- -- --class build_man(BuildDoc): -- def initialize_options(self): -- BuildDoc.initialize_options(self) -- self.builder = 'man' -- - ##################################################################### - # # Configure files ################################################## - ##################################################################### -@@ -284,15 +273,7 @@ def has_configure_files(build): - return bool(build.distribution.configure_files) - - --def has_man_pages(build): -- """Check if the distribution has configuration files to work on.""" -- return bool(build.distribution.man_pages) -- -- --build.sub_commands.extend(( -- ('build_man', has_man_pages), -- ('build_cfg', has_configure_files) --)) -+_build.sub_commands.extend((("build_cfg", has_configure_files),)) - - - ##################################################################### -@@ -468,7 +449,6 @@ if __name__ == "__main__": - 'savestate': savestate, - 'restorestate': restorestate, - 'build_cfg': build_cfg, -- 'build_man': build_man - }, - name="cobbler", - version=VERSION, diff --git a/cobbler.fc b/cobbler.fc new file mode 100644 index 0000000..568bf88 --- /dev/null +++ b/cobbler.fc @@ -0,0 +1,28 @@ +/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t,s0) + +/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t,s0) + +/usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t,s0) + +/usr/lib/systemd/system/cobblerd.* -- gen_context(system_u:object_r:cobblerd_unit_file_t,s0) + +/var/cache/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) + +/var/lib/tftpboot/aarch64(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/boot(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/etc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/grub(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/images(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/images2(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/memdisk -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/menu\.c32 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/ppc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/pxelinux\.0 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/pxelinux\.cfg(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/s390x(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/yaboot -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) + +/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t,s0) + +/var/www/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) diff --git a/cobbler.if b/cobbler.if new file mode 100644 index 0000000..4054eab --- /dev/null +++ b/cobbler.if @@ -0,0 +1,251 @@ +## Cobbler installation server. + +######################################## +## +## Execute a domain transition to run cobblerd. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`cobblerd_domtrans',` + gen_require(` + type cobblerd_t, cobblerd_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, cobblerd_exec_t, cobblerd_t) +') + +######################################## +## +## Execute cobblerd server in the cobblerd domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`cobblerd_systemctl',` + gen_require(` + type named_unit_file_t; + type named_t; + ') + + systemd_exec_systemctl($1) + init_reload_services($1) + allow $1 named_unit_file_t:file read_file_perms; + allow $1 named_unit_file_t:service manage_service_perms; + + ps_process_pattern($1, named_t) +') + +######################################## +## +## Execute cobblerd init scripts in +## the init script domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`cobblerd_initrc_domtrans',` + gen_require(` + type cobblerd_initrc_exec_t; + ') + + init_labeled_script_domtrans($1, cobblerd_initrc_exec_t) +') + + + +######################################## +## +## Read cobbler configuration dirs. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_list_config',` + gen_require(` + type cobbler_etc_t; + ') + + list_dirs_pattern($1, cobbler_etc_t, cobbler_etc_t) + files_search_etc($1) +') + + +######################################## +## +## Read cobbler configuration files. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_read_config',` + gen_require(` + type cobbler_etc_t; + ') + + read_files_pattern($1, cobbler_etc_t, cobbler_etc_t) + files_search_etc($1) +') + +######################################## +## +## Do not audit attempts to read and write +## cobbler log files. +## +## +## +## Domain to not audit. +## +## +# +interface(`cobbler_dontaudit_rw_log',` + gen_require(` + type cobbler_var_log_t; + ') + + dontaudit $1 cobbler_var_log_t:file rw_file_perms; +') + +######################################## +## +## Search cobbler lib directories. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_search_lib',` + gen_require(` + type cobbler_var_lib_t; + ') + + files_search_var_lib($1) + search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) +') + +######################################## +## +## Read cobbler lib files. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_read_lib_files',` + gen_require(` + type cobbler_var_lib_t; + ') + + files_search_var_lib($1) + read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) + read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) +') + +######################################## +## +## Create, read, write, and delete +## cobbler lib files. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_manage_lib_files',` + gen_require(` + type cobbler_var_lib_t; + ') + + files_search_var_lib($1) + manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) + manage_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) + manage_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) +') + +######################################## +## +## All of the rules required to +## administrate an cobbler environment. +## +## +## +## Domain allowed access. +## +## +## +## +## Role allowed access. +## +## +## +# +interface(`cobblerd_admin',` + refpolicywarn(`$0($*) has been deprecated, use cobbler_admin() instead.') + cobbler_admin($1, $2) +') + +######################################## +## +## All of the rules required to +## administrate an cobbler environment. +## +## +## +## Domain allowed access. +## +## +## +## +## Role allowed access. +## +## +## +# +interface(`cobbler_admin',` + gen_require(` + type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t; + type cobbler_etc_t, cobblerd_initrc_exec_t; + type cobbler_tmp_t; + ') + + allow $1 cobblerd_t:process { ptrace signal_perms }; + ps_process_pattern($1, cobblerd_t) + + cobblerd_initrc_domtrans($1) + domain_system_change_exemption($1) + role_transition $2 cobblerd_initrc_exec_t system_r; + allow $2 system_r; + + files_search_etc($1) + admin_pattern($1, cobbler_etc_t) + + files_search_tmp($1) + admin_pattern($1, cobbler_tmp_t) + + files_search_var_lib($1) + admin_pattern($1, cobbler_var_lib_t) + + logging_search_logs($1) + admin_pattern($1, cobbler_var_log_t) +') diff --git a/cobbler.spec b/cobbler.spec index 51f9ce1..a0ee626 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -1,22 +1,23 @@ %global tftpboot_dir %{_sharedstatedir}/tftpboot/ -%global commit0 172b8a0f79d110dcac1f50acfe412e0a01ff20ab -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) +%global commit 700eb5bdfb28baba4de5e4083bec9e132a763bcb +%global shortcommit %(c=%{commit}; echo ${c:0:7}) +%global selinuxtype targeted Name: cobbler -Version: 3.3.3 -Release: 9%{?dist} +Version: 3.3.4 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz -#Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz Source1: migrate-settings.sh +Source2: %{name}.te +Source3: %{name}.if +Source4: %{name}.fc + # Do not run coverage tests Patch0: cobbler-nocov.patch -# Fix build with Sphinx 7 -# Backport of https://github.com/cobbler/cobbler/pull/3465.patch -Patch1: cobbler-sphinx7.patch BuildArch: noarch BuildRequires: make @@ -45,6 +46,10 @@ BuildRequires: python%{python3_pkgversion}-simplejson BuildRequires: python%{python3_pkgversion}-sphinx %endif +# This ensures that the *-selinux package and all it’s dependencies are not pulled +# into containers and other systems that do not use SELinux +Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) + Requires: httpd Requires: tftp-server Requires: createrepo_c @@ -97,22 +102,51 @@ built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. +%package selinux +Summary: SELinux policies for %{name} +Requires: selinux-policy-%{selinuxtype} +Requires(post): selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +BuildArch: noarch +%{?selinux_requires} + + +%description selinux +SELinux policies for %{name}. + + %package tests Summary: Unit tests for cobbler Requires: cobbler = %{version}-%{release} %description tests -Unit test files from the Cobbler project +Unit test files from the Cobbler project. + + +%package tests-containers +Summary: Dockerfiles and scripts to setup testing containers +Requires: cobbler = %{version}-%{release} + +%description tests-containers +Dockerfiles and scripts to setup testing containers. %prep %autosetup -p1 +mkdir -p selinux +cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux/ + %build . ./distro_build_configs.sh %py3_build make man +# SELinux +make -f %{_datadir}/selinux/devel/Makefile %{name}.pp +bzip2 -9 %{name}.pp + + %install . ./distro_build_configs.sh # bypass install errors ( don't chown in install step) @@ -137,6 +171,15 @@ touch %{buildroot}%{_sharedstatedir}/cobbler/web.ss # migrate-settings.sh install -p -m0755 %SOURCE1 %{buildroot}%{_datadir}/cobbler/bin/migrate-settings.sh +# SELinux +install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if + + +%check +# These require an installed system with root access +#pytest -v + %pre if [ $1 -ge 2 ]; then @@ -170,6 +213,8 @@ chgrp apache %{_sysconfdir}/cobbler/users.conf chgrp apache %{_sysconfdir}/cobbler/users.digest chgrp apache %{_sysconfdir}/cobbler/settings.d chgrp apache %{_sysconfdir}/cobbler/settings.d/* +# Change from apache +chown root %{_sharedstatedir}/cobbler/web.ss %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -195,6 +240,25 @@ fi %systemd_postun_with_restart cobblerd.service +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%selinux_relabel_post -s %{selinuxtype} + +if [ "$1" -le "1" ]; then # First install + # the daemon needs to be restarted for the custom label to be applied + %systemd_postun_with_restart %{name}.service +fi + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} + %selinux_relabel_post -s %{selinuxtype} +fi + + %files %license COPYING %doc AUTHORS.in README.md @@ -247,15 +311,40 @@ fi %{_unitdir}/cobblerd.service %{tftpboot_dir}/* /var/www/cobbler -%config(noreplace) %{_sharedstatedir}/cobbler +%dir %{_sharedstatedir}/cobbler +%ghost %attr(0755,root,root) %{_sharedstatedir}/cobbler/backup/ +%config(noreplace) %{_sharedstatedir}/cobbler/collections/ +%config(noreplace) %{_sharedstatedir}/cobbler/distro_signatures.json +%config(noreplace) %{_sharedstatedir}/cobbler/grub_config/ +%config(noreplace) %{_sharedstatedir}/cobbler/loaders/ +%config(noreplace) %{_sharedstatedir}/cobbler/scripts/ +%config(noreplace) %{_sharedstatedir}/cobbler/snippets/ +%config(noreplace) %{_sharedstatedir}/cobbler/templates/ +%config(noreplace) %{_sharedstatedir}/cobbler/triggers/ +%ghost %attr(0644,root,root) %{_sharedstatedir}/cobbler/lock +# Currently used for cli auth +%ghost %attr(0644,root,root) %{_sharedstatedir}/cobbler/web.ss /var/log/cobbler +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.* +%{_datadir}/selinux/devel/include/distributed/%{name}.if +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} + %files tests -%dir %{_datadir}/cobbler/tests -%{_datadir}/cobbler/tests/* +%{_datadir}/cobbler/tests/ + +%files tests-containers +%{_datadir}/cobbler/docker/ %changelog +* Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 +- Update to 3.3.4 +- Add local SELinux policy and allow cobbler to check service statuses, + run mkfs.fat, and check for reposync and yumdownloader (bz#225122) +- Change owndership of web.ss to root (bz#2247652) + * Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/cobbler.te b/cobbler.te new file mode 100644 index 0000000..96bdec4 --- /dev/null +++ b/cobbler.te @@ -0,0 +1,243 @@ +policy_module(cobbler, 1.3.0) + +######################################## +# +# Declarations +# + +## +##

+## Determine whether Cobbler can modify +## public files used for public file +## transfer services. +##

+## +gen_tunable(cobbler_anon_write, false) + +## +##

+## Determine whether Cobbler can connect +## to the network using TCP. +##

+## +gen_tunable(cobbler_can_network_connect, false) + +## +##

+## Determine whether Cobbler can access +## cifs file systems. +##

+## +gen_tunable(cobbler_use_cifs, false) + +## +##

+## Determine whether Cobbler can access +## nfs file systems. +##

+## +gen_tunable(cobbler_use_nfs, false) + +gen_require(` + type debuginfo_exec_t; + type init_exec_t; + class file getattr; +') + +type cobblerd_t; +type cobblerd_exec_t; +init_daemon_domain(cobblerd_t, cobblerd_exec_t) + +type cobblerd_initrc_exec_t; +init_script_file(cobblerd_initrc_exec_t) + +type cobbler_etc_t; +files_config_file(cobbler_etc_t) + +type cobbler_var_log_t; +logging_log_file(cobbler_var_log_t) + +type cobbler_var_lib_t alias cobbler_content_t; +files_type(cobbler_var_lib_t) + +type cobbler_tmp_t; +files_tmp_file(cobbler_tmp_t) + +type cobblerd_unit_file_t; +systemd_unit_file(cobblerd_unit_file_t) + +######################################## +# +# Local policy +# + +allow cobblerd_t self:capability { chown dac_read_search fowner fsetid sys_nice }; +dontaudit cobblerd_t self:capability sys_tty_config; +allow cobblerd_t self:process { getsched setsched signal }; +allow cobblerd_t self:fifo_file rw_fifo_file_perms; +allow cobblerd_t self:tcp_socket { accept listen }; +allow cobblerd_t self:netlink_audit_socket create_socket_perms; + +allow cobblerd_t cobbler_etc_t:dir list_dir_perms; +allow cobblerd_t cobbler_etc_t:file read_file_perms; +allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms; + +allow cobblerd_t cobbler_tmp_t:file mmap_file_perms; +# Allow cobbler to stat /usr/libexec/dnf-utils (aka reposync/yumdownloader) +allow cobblerd_t debuginfo_exec_t:file getattr; +# Allow cobbler to stat /usr/lib/systemd/systemd +allow cobblerd_t init_exec_t:file getattr; +# Allow cobbler to check status of itself +allow cobblerd_t cobblerd_unit_file_t:service status; + +manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) +manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) +files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file }) + +manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) +manage_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) +manage_lnk_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) +files_var_lib_filetrans(cobblerd_t, cobbler_var_lib_t, dir) +files_var_filetrans(cobblerd_t, cobbler_var_lib_t, dir, "cobbler") + +append_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +create_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +read_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file) + +kernel_read_system_state(cobblerd_t) +kernel_read_network_state(cobblerd_t) + +corecmd_exec_bin(cobblerd_t) +corecmd_exec_shell(cobblerd_t) + +corenet_all_recvfrom_netlabel(cobblerd_t) +corenet_all_recvfrom_unlabeled(cobblerd_t) +corenet_tcp_sendrecv_generic_if(cobblerd_t) +corenet_tcp_sendrecv_generic_node(cobblerd_t) +corenet_tcp_bind_generic_node(cobblerd_t) + +corenet_sendrecv_cobbler_server_packets(cobblerd_t) +corenet_tcp_bind_cobbler_port(cobblerd_t) +corenet_tcp_sendrecv_cobbler_port(cobblerd_t) + +corenet_sendrecv_ftp_client_packets(cobblerd_t) +corenet_tcp_connect_ftp_port(cobblerd_t) +corenet_tcp_sendrecv_ftp_port(cobblerd_t) + +corenet_tcp_sendrecv_http_port(cobblerd_t) +corenet_tcp_connect_http_port(cobblerd_t) +corenet_sendrecv_http_client_packets(cobblerd_t) + +dev_read_sysfs(cobblerd_t) +dev_read_urand(cobblerd_t) + +files_list_boot(cobblerd_t) +files_list_tmp(cobblerd_t) +files_read_boot_files(cobblerd_t) +files_read_etc_runtime_files(cobblerd_t) + +fs_getattr_all_fs(cobblerd_t) +fs_read_iso9660_files(cobblerd_t) + +selinux_get_enforce_mode(cobblerd_t) + +term_use_console(cobblerd_t) + +auth_use_nsswitch(cobblerd_t) + +logging_send_syslog_msg(cobblerd_t) + +miscfiles_read_localization(cobblerd_t) +miscfiles_read_public_files(cobblerd_t) + +sysnet_dns_name_resolve(cobblerd_t) +sysnet_rw_dhcp_config(cobblerd_t) +sysnet_write_config(cobblerd_t) + +tunable_policy(`cobbler_anon_write',` + miscfiles_manage_public_files(cobblerd_t) +') + +tunable_policy(`cobbler_can_network_connect',` + corenet_sendrecv_all_client_packets(cobblerd_t) + corenet_tcp_connect_all_ports(cobblerd_t) + corenet_tcp_sendrecv_all_ports(cobblerd_t) +') + +tunable_policy(`cobbler_use_cifs',` + fs_manage_cifs_dirs(cobblerd_t) + fs_manage_cifs_files(cobblerd_t) + fs_manage_cifs_symlinks(cobblerd_t) +') + +tunable_policy(`cobbler_use_nfs',` + fs_manage_nfs_dirs(cobblerd_t) + fs_manage_nfs_files(cobblerd_t) + fs_manage_nfs_symlinks(cobblerd_t) +') + +optional_policy(` + apache_search_config(cobblerd_t) + apache_domtrans(cobblerd_t) + apache_search_sys_content(cobblerd_t) +') + +optional_policy(` + bind_read_config(cobblerd_t) + bind_write_config(cobblerd_t) + bind_domtrans_ndc(cobblerd_t) + bind_domtrans(cobblerd_t) + bind_initrc_domtrans(cobblerd_t) + bind_manage_zone(cobblerd_t) + bind_systemctl(cobblerd_t) +') + +optional_policy(` + certmaster_exec(cobblerd_t) +') + +optional_policy(` + dhcpd_domtrans(cobblerd_t) + dhcpd_initrc_domtrans(cobblerd_t) + dhcpd_systemctl(cobblerd_t) +') + +optional_policy(` + dnsmasq_domtrans(cobblerd_t) + dnsmasq_initrc_domtrans(cobblerd_t) + dnsmasq_write_config(cobblerd_t) + dnsmasq_systemctl(cobblerd_t) +') + +# To run mkfs.fat when generating ISO +optional_policy(` + fstools_exec(cobblerd_t) +') + +optional_policy(` + libs_exec_ldconfig(cobblerd_t) +') + +optional_policy(` + mysql_stream_connect(cobblerd_t) +') + +optional_policy(` + rpm_exec(cobblerd_t) +') + +optional_policy(` + rsync_exec(cobblerd_t) + rsync_read_config(cobblerd_t) + rsync_manage_config(cobblerd_t) + rsync_etc_filetrans_config(cobblerd_t, file, "rsync.conf") +') + +optional_policy(` + tftp_manage_config(cobblerd_t) + tftp_manage_rw_content(cobblerd_t) + tftp_delete_content_dirs(cobblerd_t) + tftp_filetrans_tftpdir(cobblerd_t, cobbler_var_lib_t, { dir file }) +') diff --git a/sources b/sources index 52973e0..36c8a40 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.3.tar.gz) = 9011ae3407a3418f476f4d7b76f7b4978904a612f455e31acf44c3e9c223e4aba9bfbc17b7a12b5aedd4f380b6e8f87e0bc57dd826c945adff4fef34857c917f +SHA512 (cobbler-3.3.4.tar.gz) = 931dc6e2927d3177a7aa6e83cc15defc77aa624059284e44fb941ff3fa7b78e1d5729af7b819faa3573558e1b5ee8e068378559b67069c7f02ea5c0ed947ab9e From 4411debad78426562945b9400aaa2b3d8209206c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 26 Feb 2024 21:54:57 -0700 Subject: [PATCH 081/110] Fix BZ#s --- cobbler.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index a0ee626..31d6752 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -342,8 +342,8 @@ fi * Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 - Update to 3.3.4 - Add local SELinux policy and allow cobbler to check service statuses, - run mkfs.fat, and check for reposync and yumdownloader (bz#225122) -- Change owndership of web.ss to root (bz#2247652) + run mkfs.fat, and check for reposync and yumdownloader (bz#2251220) +- Change owndership of web.ss to root (bz#2247653) * Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 6428fa3761bb6f014eee44415a90f19fdf0c929e Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 25 Apr 2024 19:30:42 -0600 Subject: [PATCH 082/110] Test for existence of web.ss before chowning it (bz#2276860) --- cobbler.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 31d6752..fed4e21 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -214,7 +214,9 @@ chgrp apache %{_sysconfdir}/cobbler/users.digest chgrp apache %{_sysconfdir}/cobbler/settings.d chgrp apache %{_sysconfdir}/cobbler/settings.d/* # Change from apache -chown root %{_sharedstatedir}/cobbler/web.ss +if [ -f %{_sharedstatedir}/cobbler/web.ss ]; then + chown root %{_sharedstatedir}/cobbler/web.ss +fi %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -339,6 +341,9 @@ fi %changelog +* Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 +- Test for existence of web.ss before chowning it (bz#2276860) + * Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 - Update to 3.3.4 - Add local SELinux policy and allow cobbler to check service statuses, From 65c2b1ba5d2a2cb9326634b2b53ede9b4bace15d Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 27 Apr 2024 10:49:25 -0600 Subject: [PATCH 083/110] Fix service name in selinux post install script --- cobbler.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index fed4e21..514a585 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,7 +251,7 @@ fi if [ "$1" -le "1" ]; then # First install # the daemon needs to be restarted for the custom label to be applied - %systemd_postun_with_restart %{name}.service + %systemd_postun_with_restart cobblerd.service fi %postun selinux @@ -341,6 +341,9 @@ fi %changelog +* Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 +- Fix service name in selinux post install script + * Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 - Test for existence of web.ss before chowning it (bz#2276860) From ca7ccfbefd0df627e3c4e8139faf2ca01ab1d8e0 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 7 Jun 2024 18:57:18 +0200 Subject: [PATCH 084/110] Rebuilt for Python 3.13 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 514a585..6c122a3 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Fri Jun 07 2024 Python Maint - 3.3.4-4 +- Rebuilt for Python 3.13 + * Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 - Fix service name in selinux post install script From ba39bd45a2da975236348a41671fc6e3155ae10d Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 7 Jun 2024 23:19:34 +0200 Subject: [PATCH 085/110] Rebuilt for Python 3.13 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6c122a3..3a50858 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Fri Jun 07 2024 Python Maint - 3.3.4-5 +- Rebuilt for Python 3.13 + * Fri Jun 07 2024 Python Maint - 3.3.4-4 - Rebuilt for Python 3.13 From 0bca026fd8182ab9578945aa1a00463574b43176 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 11 Jul 2024 21:38:48 -0600 Subject: [PATCH 086/110] Update to 3.3.5 Update to 3.3.5 Update to 3.3.5 Update to 3.3.5 --- cobbler-nocov.patch | 26 ++++++++++++++------------ cobbler.spec | 7 +++++-- sources | 2 +- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index 40efcf5..0f36417 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,8 +1,8 @@ diff --git a/setup.py b/setup.py -index 4b21af3..145bdab 100644 +index 587a50a..8eff4a3 100644 --- a/setup.py +++ b/setup.py -@@ -16,7 +16,6 @@ from configparser import ConfigParser +@@ -15,7 +15,6 @@ from configparser import ConfigParser from setuptools import find_packages import codecs @@ -10,7 +10,7 @@ index 4b21af3..145bdab 100644 import pwd import shutil import subprocess -@@ -338,15 +337,8 @@ class test_command(Command): +@@ -343,15 +342,8 @@ class test_command(Command): def run(self): import pytest @@ -26,7 +26,7 @@ index 4b21af3..145bdab 100644 sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) -@@ -474,7 +466,6 @@ if __name__ == "__main__": +@@ -479,7 +471,6 @@ if __name__ == "__main__": }, license="GPLv2+", setup_requires=[ @@ -34,12 +34,14 @@ index 4b21af3..145bdab 100644 "distro", "setuptools", "sphinx", -@@ -494,7 +485,7 @@ if __name__ == "__main__": - ], - extras_require={ - "lint": ["pyflakes", "pycodestyle"], -- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"], -+ "test": ["pytest", "pytest-mock"], +@@ -501,10 +492,7 @@ if __name__ == "__main__": + "lint": ["pyflakes", "pycodestyle", "pylint", "black", "mypy"], + "test": [ + "pytest>6", +- "pytest-cov", +- "codecov", + "pytest-mock", +- "pytest-benchmark", + ], + "docs": ["sphinx", "sphinx-rtd-theme", "sphinxcontrib-apidoc"], # We require the current version to properly detect duplicate issues - # See: https://github.com/twisted/towncrier/releases/tag/22.8.0 - "changelog": ["towncrier>=22.8.0"], diff --git a/cobbler.spec b/cobbler.spec index 3a50858..a7fb66f 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,8 +5,8 @@ %global selinuxtype targeted Name: cobbler -Version: 3.3.4 -Release: 5%{?dist} +Version: 3.3.5 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 +- Update to 3.3.5 + * Fri Jun 07 2024 Python Maint - 3.3.4-5 - Rebuilt for Python 3.13 diff --git a/sources b/sources index 36c8a40..1177e27 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.4.tar.gz) = 931dc6e2927d3177a7aa6e83cc15defc77aa624059284e44fb941ff3fa7b78e1d5729af7b819faa3573558e1b5ee8e068378559b67069c7f02ea5c0ed947ab9e +SHA512 (cobbler-3.3.5.tar.gz) = 4290e92fc4fdd85a53086c287b83f70e1077a7b76d4b25efcbadb1de6f22b1f5d8f7625243abf79d3832e98678d0290d9413e528ab0d05aacde7bc0c8f9a8d14 From da3242e6879d52bd9f794e78b2710f41c691819c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 17 Jul 2024 19:36:15 +0000 Subject: [PATCH 087/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index a7fb66f..26561a0 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 - Update to 3.3.5 From 4f2da8b22a11f8e54a1150a9eb8cffab87c460f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Thu, 25 Jul 2024 23:19:59 +0200 Subject: [PATCH 088/110] convert GPLv2+ license to SPDX This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 --- cobbler.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 26561a0..24d6846 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,10 +6,11 @@ Name: cobbler Version: 3.3.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ -License: GPLv2+ +# Automatically converted from old format: GPLv2+ - review is highly recommended. +License: GPL-2.0-or-later Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz Source1: migrate-settings.sh Source2: %{name}.te @@ -341,6 +342,9 @@ fi %changelog +* Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 +- convert license to SPDX + * Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From e4ad2811c560a929f27b3e764a58ea85c2d9b6ce Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 30 Jul 2024 19:58:58 -0600 Subject: [PATCH 089/110] Update to 3.3.6 Update to 3.3.6 Update to 3.3.6 Update to 3.3.6 --- cobbler.spec | 8 ++++++-- sources | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 24d6846..f53ac71 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,8 +5,8 @@ %global selinuxtype targeted Name: cobbler -Version: 3.3.5 -Release: 3%{?dist} +Version: 3.3.6 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -53,6 +53,7 @@ Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) Requires: httpd Requires: tftp-server +Requires: dosfstools Requires: createrepo_c Requires: rsync Requires: xorriso @@ -342,6 +343,9 @@ fi %changelog +* Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 +- Update to 3.3.6 + * Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 - convert license to SPDX diff --git a/sources b/sources index 1177e27..518b62e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.5.tar.gz) = 4290e92fc4fdd85a53086c287b83f70e1077a7b76d4b25efcbadb1de6f22b1f5d8f7625243abf79d3832e98678d0290d9413e528ab0d05aacde7bc0c8f9a8d14 +SHA512 (cobbler-3.3.6.tar.gz) = 0cb19f7479845861b9d08f491eb735acdce02d9a0eea38439e8abd2678fd2c5ff895766df148a0d7bee8c88b5f6c05a24168529f5a1e3993d137b525d31f1ba7 From a8bdaff8349854324a8f30d23ff84efaa8cf85d7 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 30 Jul 2024 19:59:46 -0600 Subject: [PATCH 090/110] Drop old conditionals --- cobbler.spec | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index f53ac71..bd3658a 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -23,7 +23,6 @@ BuildArch: noarch BuildRequires: make BuildRequires: python%{python3_pkgversion}-devel -%if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: %{py3_dist cheetah3} BuildRequires: %{py3_dist distro} BuildRequires: %{py3_dist netaddr} @@ -34,18 +33,6 @@ BuildRequires: %{py3_dist setuptools} BuildRequires: %{py3_dist simplejson} # For docs BuildRequires: %{py3_dist sphinx} -%else -BuildRequires: python%{python3_pkgversion}-cheetah -BuildRequires: python%{python3_pkgversion}-distro -BuildRequires: python%{python3_pkgversion}-netaddr -BuildRequires: python%{python3_pkgversion}-PyYAML -BuildRequires: python%{python3_pkgversion}-requests -BuildRequires: python%{python3_pkgversion}-schema -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-simplejson -# For docs -BuildRequires: python%{python3_pkgversion}-sphinx -%endif # This ensures that the *-selinux package and all it’s dependencies are not pulled # into containers and other systems that do not use SELinux @@ -69,7 +56,6 @@ Requires: %{py3_dist schema} Requires: %{py3_dist simplejson} Requires: genisoimage -%if 0%{?fedora} || 0%{?rhel} >= 8 # Not everyone wants bash-completion...? Recommends: bash-completion Requires: dnf-plugins-core @@ -81,10 +67,6 @@ Recommends: grub2-efi-x64 Recommends: logrotate Recommends: %{py3_dist ldap} Recommends: %{py3_dist librepo} -%else -Requires: %{py3_dist ldap} -Requires: yum-utils -%endif # https://github.com/cobbler/cobbler/issues/1685 Requires: /sbin/service Obsoletes: cobbler-web < 3.3 From 0db922ecdf16ab558c554d4e13685f3f907c4a07 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:13:58 -0500 Subject: [PATCH 091/110] Remove simplejson dependency This was removed upstream in version 3.3.0. https://github.com/cobbler/cobbler/commit/ba64e5ef76c37601c99e55179fc990e13f02a21e --- cobbler.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index bd3658a..8c27c2e 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -30,7 +30,6 @@ BuildRequires: %{py3_dist pyyaml} BuildRequires: %{py3_dist requests} BuildRequires: %{py3_dist schema} BuildRequires: %{py3_dist setuptools} -BuildRequires: %{py3_dist simplejson} # For docs BuildRequires: %{py3_dist sphinx} @@ -53,7 +52,6 @@ Requires: %{py3_dist netaddr} Requires: %{py3_dist pyyaml} Requires: %{py3_dist requests} Requires: %{py3_dist schema} -Requires: %{py3_dist simplejson} Requires: genisoimage # Not everyone wants bash-completion...? From 38e625d09c8a0ede8242f1ffa11c4b8b4b877d05 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:18:42 -0500 Subject: [PATCH 092/110] Remove duplicate run-time dependencies The automatic run-time dependency generator already covers all of these. https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#Automatically-generated-dependencies --- cobbler.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 8c27c2e..6907e56 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -43,15 +43,6 @@ Requires: dosfstools Requires: createrepo_c Requires: rsync Requires: xorriso -Requires: %{py3_dist cheetah3} -Requires: %{py3_dist distro} -Requires: %{py3_dist dnspython} -Requires: %{py3_dist file-magic} -Requires: %{py3_dist mod_wsgi} -Requires: %{py3_dist netaddr} -Requires: %{py3_dist pyyaml} -Requires: %{py3_dist requests} -Requires: %{py3_dist schema} Requires: genisoimage # Not everyone wants bash-completion...? From a67153671d690419105d6ff88e72bfb7f4755364 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:22:24 -0500 Subject: [PATCH 093/110] Remove python3dist(ldap) weak dependency Nothing in Fedora provides python3dist(ldap), so this recommends has no effect. On PyPI ldap is an uninstallable dummy project with a description that directs people to python-ldap. Cobbler already has a run-time dependency on python-ldap from the automatic generator. --- cobbler.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6907e56..f9e41eb 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -54,7 +54,6 @@ Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate -Recommends: %{py3_dist ldap} Recommends: %{py3_dist librepo} # https://github.com/cobbler/cobbler/issues/1685 Requires: /sbin/service From 47027a0994e98fb7da00b135b93bc438d4991fe6 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:30:16 -0500 Subject: [PATCH 094/110] Fix cheetah dependency Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. The Fedora package name is the same, but since we're using %py3_dist to specify the build-time dependency we must use the new metadata name. We also must adjust cobbler's metadata to specify the correct metadata name as a run-time dependency, because that is what the automatic Python run-time dependency generator uses. https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec Resolves: rhbz#2314630 --- cobbler.spec | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index f9e41eb..f4ebdfa 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.6 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -23,7 +23,13 @@ BuildArch: noarch BuildRequires: make BuildRequires: python%{python3_pkgversion}-devel +# Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. +# https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec +%if 0%{?fedora} >= 42 || 0%{?rhel} >= 10 +BuildRequires: %{py3_dist ct3} +%else BuildRequires: %{py3_dist cheetah3} +%endif BuildRequires: %{py3_dist distro} BuildRequires: %{py3_dist netaddr} BuildRequires: %{py3_dist pyyaml} @@ -108,6 +114,12 @@ Dockerfiles and scripts to setup testing containers. mkdir -p selinux cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux/ +# Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. +# https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec +%if 0%{?fedora} >= 42 || 0%{?rhel} >= 10 +sed -e 's/Cheetah3/CT3/' -i setup.py +%endif + %build . ./distro_build_configs.sh @@ -313,6 +325,9 @@ fi %changelog +* Fri Sep 27 2024 Carl George - 3.3.6-2 +- Fix cheetah dependency rhbz#2314630 + * Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 - Update to 3.3.6 From 694275065e02a2275589f89f0cbd0c0ae479c500 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 17 Nov 2024 16:24:53 -0700 Subject: [PATCH 095/110] Update to 3.3.7 (CVE-2024-47533) --- cobbler-nocov.patch | 16 +++++----------- cobbler.spec | 7 +++++-- sources | 2 +- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index 0f36417..c50edfd 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,23 +1,17 @@ diff --git a/setup.py b/setup.py -index 587a50a..8eff4a3 100644 +index 59f7601..023d84b 100644 --- a/setup.py +++ b/setup.py -@@ -15,7 +15,6 @@ from configparser import ConfigParser - from setuptools import find_packages +@@ -341,17 +341,9 @@ class test_command(Command): - import codecs --from coverage import Coverage - import pwd - import shutil - import subprocess -@@ -343,15 +342,8 @@ class test_command(Command): def run(self): import pytest - +- from coverage import Coverage +- - cov = Coverage() - cov.erase() - cov.start() -- + result = pytest.main() - cov.stop() diff --git a/cobbler.spec b/cobbler.spec index f4ebdfa..764ad3b 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,8 +5,8 @@ %global selinuxtype targeted Name: cobbler -Version: 3.3.6 -Release: 2%{?dist} +Version: 3.3.7 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -325,6 +325,9 @@ fi %changelog +* Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 +- Update to 3.3.7 (CVE-2024-47533) + * Fri Sep 27 2024 Carl George - 3.3.6-2 - Fix cheetah dependency rhbz#2314630 diff --git a/sources b/sources index 518b62e..ba2585a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.6.tar.gz) = 0cb19f7479845861b9d08f491eb735acdce02d9a0eea38439e8abd2678fd2c5ff895766df148a0d7bee8c88b5f6c05a24168529f5a1e3993d137b525d31f1ba7 +SHA512 (cobbler-3.3.7.tar.gz) = df6570dd7c6cbe50464624267df1bbecbb29e60513bba312a6c726502d4670670f3113f24b6b7e465d0b3353c0721e6fe3725dbc4569b4f624ec2b4a29682d1a From fbd4957ccbbd51db9a69b13de06bbf569bcd9fea Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 17 Nov 2024 16:56:21 -0700 Subject: [PATCH 096/110] Drop unused patches --- ...ermissions-to-var-lib-cobbler-web.ss.patch | 25 ---------------- 2441.patch | 30 ------------------- cobbler-rhel.patch | 13 -------- 3 files changed, 68 deletions(-) delete mode 100644 0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch delete mode 100644 2441.patch delete mode 100644 cobbler-rhel.patch diff --git a/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch b/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch deleted file mode 100644 index bf55655..0000000 --- a/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 782dd7a1deacfcaa4318519f1cae2c0b4748661b Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Sun, 25 Oct 2020 11:43:25 -0600 -Subject: [PATCH] Give root RW permissions to /var/lib/cobbler/web.ss - ---- - cobbler/cobblerd.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cobbler/cobblerd.py b/cobbler/cobblerd.py -index fe1cf889..34aedf97 100644 ---- a/cobbler/cobblerd.py -+++ b/cobbler/cobblerd.py -@@ -57,7 +57,7 @@ def regen_ss_file(): - data = fd.read(512) - fd.close() - -- fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o600) -+ fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o660) - os.write(fd, binascii.hexlify(data)) - os.close(fd) - --- -2.29.0 - diff --git a/2441.patch b/2441.patch deleted file mode 100644 index fb1f0f4..0000000 --- a/2441.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 8c04ef7d81f33900fda1ad3c4efa710827e22064 Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Sun, 25 Oct 2020 13:49:25 -0600 -Subject: [PATCH] Do not try to access log file if we are not running as root - ---- - cobbler/clogger.py | 10 ++-------- - 1 file changed, 2 insertions(+), 8 deletions(-) - -diff --git a/cobbler/clogger.py b/cobbler/clogger.py -index 191455113..635865dc1 100644 ---- a/cobbler/clogger.py -+++ b/cobbler/clogger.py -@@ -30,14 +30,8 @@ - # Cobbler. - - # This is necessary to prevent apache to try to access the file --LOG_FILE = "/var/log/cobbler/cobbler.log" --try: -- if not os.path.isfile(LOG_FILE): -- open(LOG_FILE, 'a').close() -- if os.access(LOG_FILE, os.W_OK): -- logging.config.fileConfig('/etc/cobbler/logging_config.conf') --except Exception: -- pass -+if os.geteuid() == 0: -+ logging.config.fileConfig('/etc/cobbler/logging_config.conf') - - - class Logger(object): diff --git a/cobbler-rhel.patch b/cobbler-rhel.patch deleted file mode 100644 index 021f46c..0000000 --- a/cobbler-rhel.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/distro_build_configs.sh b/distro_build_configs.sh -index bad43e3c..52eb1136 100644 ---- a/distro_build_configs.sh -+++ b/distro_build_configs.sh -@@ -24,7 +24,7 @@ if [ "$DISTRO" = "" ] && [ -r /etc/os-release ];then - sle*|*suse*) - DISTRO="SUSE" - ;; -- fedora*|centos*) -+ fedora*|centos*|rhel*) - DISTRO="FEDORA" - ;; - ubuntu*|debian*) From 11a217ef3c1ba065599aca1bfface305e593fc9c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 5 Jan 2025 11:02:23 -0700 Subject: [PATCH 097/110] Backport upstream patch for Python 3.13 support (rhbz#2335620) --- cobbler-python3.13.patch | 972 +++++++++++++++++++++++++++++++++++++++ cobbler.spec | 23 +- 2 files changed, 992 insertions(+), 3 deletions(-) create mode 100644 cobbler-python3.13.patch diff --git a/cobbler-python3.13.patch b/cobbler-python3.13.patch new file mode 100644 index 0000000..78847a4 --- /dev/null +++ b/cobbler-python3.13.patch @@ -0,0 +1,972 @@ +diff --git a/changelog.d/3842.fixed b/changelog.d/3842.fixed +new file mode 100644 +index 00000000..6c6d6313 +--- /dev/null ++++ b/changelog.d/3842.fixed +@@ -0,0 +1 @@ ++Fix compatibility with Python 3.13 +diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py +index c0163350..ec5745fb 100644 +--- a/cobbler/actions/reposync.py ++++ b/cobbler/actions/reposync.py +@@ -23,9 +23,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + import logging + import os + import os.path +-import pipes +-import stat ++import shlex + import shutil ++import stat + from typing import Optional, Union + + from cobbler import utils +@@ -272,9 +272,9 @@ class RepoSync: + blended = utils.blender(self.api, False, repo) + flags = blended.get("createrepo_flags", "(ERROR: FLAGS)") + try: +- cmd = "createrepo %s %s %s" % (" ".join(mdoptions), flags, pipes.quote(dirname)) +- utils.subprocess_call(cmd) +- except: ++ cmd = ["createrepo"] + mdoptions + flags + [shlex.quote(dirname)] ++ utils.subprocess_call(cmd, shell=False) ++ except Exception: + utils.log_exc() + self.logger.error("createrepo failed.") + del fnames[:] # we're in the right place +@@ -302,8 +302,19 @@ class RepoSync: + dest_path = os.path.join(self.settings.webdir, "repo_mirror", repo.name) + + # FIXME: wrapper for subprocess that logs to logger +- cmd = ["wget", "-N", "-np", "-r", "-l", "inf", "-nd", "-P", pipes.quote(dest_path), pipes.quote(repo.mirror)] +- rc = utils.subprocess_call(cmd) ++ cmd = [ ++ "wget", ++ "-N", ++ "-np", ++ "-r", ++ "-l", ++ "inf", ++ "-nd", ++ "-P", ++ shlex.quote(dest_path), ++ shlex.quote(repo.mirror), ++ ] ++ return_value = utils.subprocess_call(cmd, shell=False) + + if rc != 0: + raise CX("cobbler reposync failed") +@@ -347,9 +358,14 @@ class RepoSync: + if flags == '': + flags = self.settings.reposync_rsync_flags + +- cmd = "rsync %s --delete-after %s --delete --exclude-from=/etc/cobbler/rsync.exclude %s %s" \ +- % (flags, spacer, pipes.quote(repo.mirror), pipes.quote(dest_path)) +- rc = utils.subprocess_call(cmd) ++ cmd = ["rsync"] + flags + ["--delete-after"] ++ cmd += spacer + [ ++ "--delete", ++ "--exclude-from=/etc/cobbler/rsync.exclude", ++ shlex.quote(repo.mirror), ++ shlex.quote(dest_path), ++ ] ++ return_code = utils.subprocess_call(cmd, shell=False) + + if rc != 0: + raise CX("cobbler reposync failed") +@@ -386,10 +402,11 @@ class RepoSync: + if not HAS_LIBREPO: + raise CX("no librepo found, please install python3-librepo") + +- if os.path.exists("/usr/bin/dnf"): +- cmd = "/usr/bin/dnf reposync" +- elif os.path.exists("/usr/bin/reposync"): +- cmd = "/usr/bin/reposync" ++ if os.path.exists("/usr/bin/reposync"): ++ cmd = ["/usr/bin/reposync"] ++ # DNF5 does not have a reposync subcommand ++ elif os.path.exists("/usr/bin/dnf"): ++ cmd = ["/usr/bin/dnf", "reposync"] + else: + # Warn about not having yum-utils. We don't want to require it in the package because Fedora 22+ has moved + # to dnf. +@@ -451,6 +468,11 @@ class RepoSync: + # Counter-intuitive, but we want the newish kernels too + arch = "i686" + ++ cmd = self.reposync_cmd() ++ cmd += self.rflags + [ ++ f"--repo={shlex.quote(rest)}", ++ f"--download-path={shlex.quote(repos_path)}", ++ ] + if arch != "none": + cmd = "%s -a %s" % (cmd, arch) + +@@ -544,9 +566,11 @@ class RepoSync: + + if not has_rpm_list: + # If we have not requested only certain RPMs, use reposync +- cmd = "%s %s --config=%s --repoid=%s -p %s" \ +- % (cmd, self.rflags, temp_file, pipes.quote(repo.name), +- pipes.quote(repos_path)) ++ cmd += self.rflags + [ ++ f"--config={temp_file}", ++ f"--repoid={shlex.quote(repo.name)}", ++ f"--download-path={shlex.quote(repos_path)}", ++ ] + if arch != "none": + cmd = "%s -a %s" % (cmd, arch) + +@@ -557,14 +581,14 @@ class RepoSync: + + use_source = "" + if arch == "src": +- use_source = "--source" +- +- # Older yumdownloader sometimes explodes on --resolvedeps if this happens to you, upgrade yum & yum-utils +- extra_flags = self.settings.yumdownloader_flags +- cmd = "/usr/bin/dnf download" +- cmd = "%s %s %s --disablerepo=* --enablerepo=%s -c %s --destdir=%s %s" \ +- % (cmd, extra_flags, use_source, pipes.quote(repo.name), temp_file, pipes.quote(dest_path), +- " ".join(repo.rpm_list)) ++ cmd.append("--source") ++ cmd += [ ++ "--disablerepo=*", ++ f"--enablerepo={shlex.quote(repo.name)}", ++ f"-c={temp_file}", ++ f"--destdir={shlex.quote(dest_path)}", ++ ] ++ cmd += repo.rpm_list + + # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or + # rhn://, execute all queued commands here. Any failure at any point stops the operation. +@@ -669,17 +693,21 @@ class RepoSync: + dists = ",".join(repo.apt_dists) + components = ",".join(repo.apt_components) + +- mirror_data = "--method=%s --host=%s --root=%s --dist=%s --section=%s" \ +- % (pipes.quote(method), pipes.quote(host), pipes.quote(mirror), pipes.quote(dists), +- pipes.quote(components)) ++ mirror_data = [ ++ f"--method={shlex.quote(method)}", ++ f"--host={shlex.quote(host)}", ++ f"--root={shlex.quote(mirror)}", ++ f"--dist={shlex.quote(dists)}", ++ f"--section={shlex.quote(components)}", ++ ] + + rflags = "--nocleanup" + for x in repo.yumopts: + if repo.yumopts[x]: + rflags += " %s=%s" % (x, repo.yumopts[x]) + else: +- rflags += " %s" % x +- cmd = "%s %s %s %s" % (mirror_program, rflags, mirror_data, pipes.quote(dest_path)) ++ rflags.append(repo_yumoption) ++ cmd = [mirror_program] + rflags + mirror_data + [shlex.quote(dest_path)] + if repo.arch == RepoArchs.SRC: + cmd = "%s --source" % cmd + else: +diff --git a/tests/actions/reposync_test.py b/tests/actions/reposync_test.py +index 0bee772c..ee8d1549 100644 +--- a/tests/actions/reposync_test.py ++++ b/tests/actions/reposync_test.py +@@ -1,251 +1,592 @@ ++""" ++Tests that validate the functionality of the module that is responsible for repository synchronization. ++""" ++ + import os +-import glob ++from pathlib import Path ++from typing import TYPE_CHECKING, Any, Dict, List, Union + + import pytest + +-from cobbler import enums ++from cobbler import cexceptions, enums ++from cobbler.actions import reposync + from cobbler.api import CobblerAPI +-from cobbler.actions.reposync import RepoSync + from cobbler.items.repo import Repo +-from cobbler import cexceptions +-from tests.conftest import does_not_raise + ++from tests.conftest import does_not_raise + +-@pytest.fixture(scope="class") +-def api(): +- return CobblerAPI() ++if TYPE_CHECKING: ++ from pytest_mock import MockerFixture + + +-@pytest.fixture(scope="class") +-def reposync(api): +- test_reposync = RepoSync(api, tries=2, nofail=False) ++@pytest.fixture(name="reposync_object", scope="function") ++def fixture_reposync_object( ++ mocker: "MockerFixture", cobbler_api: CobblerAPI ++) -> reposync.RepoSync: ++ settings_mock = mocker.MagicMock() ++ settings_mock.webdir = "/srv/www/cobbler" ++ settings_mock.server = "localhost" ++ settings_mock.http_port = 80 ++ settings_mock.proxy_url_ext = "" ++ settings_mock.yumdownloader_flags = "--testflag" ++ settings_mock.reposync_rsync_flags = "--testflag" ++ settings_mock.reposync_flags = "--testflag" ++ mocker.patch.object(cobbler_api, "settings", return_value=settings_mock) ++ test_reposync = reposync.RepoSync(cobbler_api, tries=2, nofail=False) + return test_reposync + + +-@pytest.fixture +-def repo(api): ++@pytest.fixture(name="repo") ++def fixture_repo(cobbler_api: CobblerAPI) -> Repo: + """ + Creates a Repository "testrepo0" with a keep_updated=True and mirror_locally=True". + """ +- test_repo = Repo(api) ++ test_repo = Repo(cobbler_api) + test_repo.name = "testrepo0" + test_repo.mirror_locally = True + test_repo.keep_updated = True +- api.add_repo(test_repo) + return test_repo + + + @pytest.fixture +-def remove_repo(api): ++def remove_repo(cobbler_api: CobblerAPI): + """ + Removes the Repository "testrepo0" which can be created with repo. + """ + yield +- test_repo = api.find_repo("testrepo0") +- if test_repo is not None: +- api.remove_repo(test_repo.name) ++ test_repo = cobbler_api.find_repo("testrepo0") ++ if test_repo is not None and not isinstance(test_repo, list): ++ cobbler_api.remove_repo(test_repo.name) + + +-class TestRepoSync: +- @pytest.mark.usefixtures("remove_repo") +- @pytest.mark.parametrize( +- "input_mirror_type,input_mirror,expected_exception", +- [ +- ( +- enums.MirrorType.BASEURL, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os", +- does_not_raise() +- ), +- ( +- enums.MirrorType.MIRRORLIST, +- "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64", +- does_not_raise() +- ), +- ( +- enums.MirrorType.METALINK, +- "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64", +- does_not_raise() +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://www.example.com/path/to/some/repo", +- pytest.raises(cexceptions.CX) +- ), ++@pytest.fixture(scope="function", autouse=True) ++def reset_librepo(): ++ has_librepo = reposync.HAS_LIBREPO ++ yield ++ reposync.HAS_LIBREPO = has_librepo ++ ++ ++def test_repo_walker(mocker: "MockerFixture", tmp_path: Path): ++ # Arrange ++ def test_fun(arg: Any, top: Any, names: Any): ++ pass ++ ++ subdir1 = tmp_path / "sub1" ++ subdir2 = tmp_path / "sub2" ++ subdir1.mkdir() ++ subdir2.mkdir() ++ spy = mocker.Mock(wraps=test_fun) ++ ++ # Act ++ reposync.repo_walker(tmp_path, spy, None) # type: ignore ++ ++ # Assert ++ assert spy.mock_calls == [ ++ # settings.yaml is here because of our autouse fixture that we use to restore the settings ++ mocker.call(None, tmp_path, ["settings.yaml", "sub1", "sub2"]), ++ mocker.call(None, str(subdir1), []), ++ mocker.call(None, str(subdir2), []), ++ ] ++ ++ ++@pytest.mark.parametrize( ++ "input_has_librepo,input_path_exists_side_effect,expected_exception,expected_result", ++ [ ++ (True, [False, True], does_not_raise(), ["/usr/bin/dnf", "reposync"]), ++ (True, [True, False], does_not_raise(), ["/usr/bin/reposync"]), ++ (True, [False, False], pytest.raises(cexceptions.CX), ""), ++ (False, [False, True], pytest.raises(cexceptions.CX), ""), ++ ], ++) ++def test_reposync_cmd( ++ mocker: "MockerFixture", ++ reposync_object: reposync.RepoSync, ++ input_has_librepo: bool, ++ input_path_exists_side_effect: List[bool], ++ expected_exception: Any, ++ expected_result: Union[List[str], str], ++): ++ # Arrange ++ mocker.patch("os.path.exists", side_effect=input_path_exists_side_effect) ++ reposync.HAS_LIBREPO = input_has_librepo ++ ++ # Act ++ with expected_exception: ++ result = reposync_object.reposync_cmd() ++ ++ # Assert ++ assert result == expected_result ++ ++ ++def test_run(mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo): ++ # Arrange ++ env_vars: Dict[str, Any] = {} ++ mocker.patch("os.makedirs") ++ mocker.patch("os.path.isdir", return_value=True) ++ mocker.patch( ++ "os.path.join", ++ side_effect=[ ++ "/srv/www/cobbler/repo_mirror", ++ "/srv/www/cobbler/repo_mirror/%s" % repo.name, + ], + ) +- def test_reposync_yum( +- self, +- input_mirror_type, +- input_mirror, +- expected_exception, +- api, +- repo, +- reposync +- ): +- # Arrange +- test_repo = repo +- test_repo.breed = enums.RepoBreeds.YUM +- test_repo.mirror = input_mirror +- test_repo.mirror_type = input_mirror_type +- test_repo.rpm_list = "fedora-gpg-keys" +- test_settings = api.settings() +- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) +- +- # Act & Assert +- with expected_exception: +- reposync.run(test_repo.name) +- result = os.path.exists(repo_path) +- if test_repo.rpm_list and test_repo.rpm_list != []: +- for rpm in test_repo.rpm_list: +- assert glob.glob(os.path.join(repo_path, "**", rpm) + "*.rpm", recursive=True) != [] +- assert result +- # Test that re-downloading the metadata in .origin/repodata will not result in an error +- reposync.run(test_repo.name) +- +- @pytest.mark.usefixtures("remove_repo") +- @pytest.mark.parametrize( +- "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception", ++ mocker.patch("os.environ", return_value=env_vars) ++ mocker.patch.object(reposync_object, "repos", return_value=[repo]) ++ mocker.patch.object(reposync_object, "sync") ++ mocker.patch.object(reposync_object, "update_permissions") ++ reposync_object.repos = [repo] # type: ignore ++ ++ # Act ++ reposync_object.run() ++ ++ # Assert ++ # This has to be 0 since all env vars need to be removed after reposync has run. ++ assert len(env_vars) == 0 ++ ++ ++def test_gen_urlgrab_ssl_opts(reposync_object: reposync.RepoSync): ++ # Arrange ++ input_dict: Dict[str, Any] = {} ++ ++ # Act ++ result = reposync_object.gen_urlgrab_ssl_opts(input_dict) ++ ++ # Assert ++ assert isinstance(result, tuple) ++ assert len(result) == 2 ++ # The data of the first element is kind of flexible let's skip asserting it for now ++ assert isinstance(result[1], bool) ++ ++ ++@pytest.mark.usefixtures("remove_repo") ++@pytest.mark.parametrize( ++ "input_mirror_type,input_mirror,expected_exception", ++ [ ++ ( ++ enums.MirrorType.BASEURL, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.MIRRORLIST, ++ "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.METALINK, ++ "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64", ++ does_not_raise(), ++ ), ++ ], ++) ++def test_reposync_yum( ++ mocker: "MockerFixture", ++ input_mirror_type: enums.MirrorType, ++ input_mirror: str, ++ expected_exception: Any, ++ cobbler_api: CobblerAPI, ++ repo: Repo, ++ reposync_object: reposync.RepoSync, ++): ++ # Arrange ++ test_repo = repo ++ test_repo.breed = enums.RepoBreeds.YUM ++ test_repo.mirror = input_mirror ++ test_repo.mirror_type = input_mirror_type ++ test_repo.rpm_list = "fedora-gpg-keys" ++ test_settings = cobbler_api.settings() ++ repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch.object( ++ reposync_object, "create_local_file", return_value="/create/local/file" ++ ) ++ mocker.patch.object( ++ reposync_object, "reposync_cmd", return_value=["/my/fake/dnf", "reposync"] ++ ) ++ mocker.patch.object(reposync_object, "rflags", return_value="--fake-r-flakg") ++ mocker.patch.object( ++ reposync_object, ++ "gen_urlgrab_ssl_opts", ++ return_value=(("TODO", "TODO", "TODO"), False), ++ ) ++ mocker.patch("os.path.exists", return_value=True) ++ mocker.patch("shutil.rmtree") ++ mocker.patch("os.makedirs") ++ mocked_repo_walker = mocker.patch("cobbler.actions.reposync.repo_walker") ++ handle_mock = mocker.MagicMock() ++ result_mock = mocker.MagicMock() ++ mocker.patch("librepo.Handle", return_value=handle_mock) ++ mocker.patch("librepo.Result", return_value=result_mock) ++ ++ # Act & Assert ++ with expected_exception: ++ reposync_object.yum_sync(repo) ++ ++ mocked_subprocess.assert_called_with( ++ [ ++ "/usr/bin/dnf", ++ "download", ++ "--testflag", ++ "--disablerepo=*", ++ f"--enablerepo={repo.name}", ++ "-c=/create/local/file", ++ f"--destdir={repo_path}", ++ "fedora-gpg-keys", ++ ], ++ shell=False, ++ ) ++ handle_mock.perform.assert_called_with(result_mock) ++ assert mocked_repo_walker.call_count == 1 ++ ++ ++@pytest.mark.usefixtures("remove_repo") ++@pytest.mark.parametrize( ++ "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception", ++ [ ++ ( ++ enums.MirrorType.BASEURL, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.MIRRORLIST, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.METALINK, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.BASEURL, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.NONE, ++ "", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.BASEURL, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "dpkg", ++ pytest.raises(cexceptions.CX), ++ ), ++ ], ++) ++def test_reposync_apt( ++ mocker: "MockerFixture", ++ input_mirror_type: enums.MirrorType, ++ input_mirror: str, ++ input_arch: enums.RepoArchs, ++ input_rpm_list: str, ++ expected_exception: Any, ++ cobbler_api: CobblerAPI, ++ repo: Repo, ++ reposync_object: reposync.RepoSync, ++): ++ # Arrange ++ test_repo = repo ++ test_repo.breed = enums.RepoBreeds.APT ++ test_repo.arch = input_arch ++ test_repo.apt_components = "main" ++ test_repo.apt_dists = "stable" ++ test_repo.mirror = input_mirror ++ test_repo.mirror_type = input_mirror_type ++ test_repo.rpm_list = input_rpm_list ++ test_settings = cobbler_api.settings() ++ repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch("os.path.exists", return_value=True) ++ ++ # Act ++ with expected_exception: ++ reposync_object.apt_sync(repo) ++ ++ # Assert ++ mocked_subprocess.assert_called_with( ++ [ ++ "/usr/bin/debmirror", ++ "--nocleanup", ++ "--method=http", ++ "--host=ftp.debian.org", ++ "--root=/debian", ++ "--dist=stable", ++ "--section=main", ++ repo_path, ++ "--nosource", ++ "-a=amd64", ++ ], ++ shell=False, ++ ) ++ ++ ++@pytest.mark.usefixtures("remove_repo") ++@pytest.mark.parametrize( ++ "input_mirror_type,input_mirror,expected_exception", ++ [ ++ ( ++ enums.MirrorType.BASEURL, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.MIRRORLIST, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.METALINK, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", ++ pytest.raises(cexceptions.CX), ++ ), ++ ], ++) ++def test_reposync_wget( ++ mocker: "MockerFixture", ++ input_mirror_type: enums.MirrorType, ++ input_mirror: str, ++ expected_exception: Any, ++ cobbler_api: CobblerAPI, ++ repo: Repo, ++ reposync_object: reposync.RepoSync, ++): ++ # Arrange ++ test_repo = repo ++ test_repo.breed = enums.RepoBreeds.WGET ++ test_repo.mirror = input_mirror ++ test_repo.mirror_type = input_mirror_type ++ repo_path = os.path.join( ++ reposync_object.settings.webdir, "repo_mirror", test_repo.name ++ ) ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch("cobbler.actions.reposync.repo_walker") ++ mocker.patch.object(reposync_object, "create_local_file") ++ ++ # Act ++ with expected_exception: ++ reposync_object.wget_sync(test_repo) ++ ++ # Assert ++ mocked_subprocess.assert_called_with( ++ [ ++ "wget", ++ "-N", ++ "-np", ++ "-r", ++ "-l", ++ "inf", ++ "-nd", ++ "-P", ++ repo_path, ++ input_mirror, ++ ], ++ shell=False, ++ ) ++ ++ ++def test_reposync_rhn( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): ++ # Arrange ++ repo.mirror = "rhn://%s" % repo.name ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch("os.path.isdir", return_value=True) ++ mocker.patch("os.makedirs") ++ mocker.patch("cobbler.actions.reposync.repo_walker") ++ mocker.patch.object(reposync_object, "create_local_file") ++ mocker.patch.object( ++ reposync_object, "reposync_cmd", return_value=["/my/fake/reposync"] ++ ) ++ ++ # Act ++ reposync_object.rhn_sync(repo) ++ ++ # Assert ++ # TODO: Check this more and document how its actually working ++ mocked_subprocess.assert_called_with( + [ +- ( +- enums.MirrorType.BASEURL, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "", +- does_not_raise() +- ), +- ( +- enums.MirrorType.MIRRORLIST, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.METALINK, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://www.example.com/path/to/some/repo", +- enums.RepoArchs.X86_64, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.NONE, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "dpkg", +- pytest.raises(cexceptions.CX) +- ), ++ "/my/fake/reposync", ++ "--testflag", ++ "--repo=testrepo0", ++ "--download-path=/srv/www/cobbler/repo_mirror", + ], ++ shell=False, + ) +- def test_reposync_apt( +- self, +- input_mirror_type, +- input_mirror, +- input_arch, +- input_rpm_list, +- expected_exception, +- api, +- repo, +- reposync +- ): +- # Arrange +- test_repo = repo +- test_repo.breed = enums.RepoBreeds.APT +- test_repo.arch = input_arch +- test_repo.apt_components = "main" +- test_repo.apt_dists = "stable" +- test_repo.mirror = input_mirror +- test_repo.mirror_type = input_mirror_type +- test_repo.rpm_list = input_rpm_list +- test_repo.yumopts = "--exclude=.* --include=dpkg.* --no-check-gpg --rsync-extra=none" +- test_settings = api.settings() +- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) +- +- # Act & Assert +- with expected_exception: +- reposync.run(test_repo.name) +- result = os.path.exists(repo_path) +- for rpm in ["dpkg"]: +- assert glob.glob(os.path.join(repo_path, "**", "dpkg") + "*", recursive=True) != [] +- assert result +- +- @pytest.mark.skip("To flaky and thus not reliable. Needs to be mocked to be of use.") +- @pytest.mark.usefixtures("remove_repo") +- @pytest.mark.parametrize( +- "input_mirror_type,input_mirror,expected_exception", ++ ++ ++def test_reposync_rsync( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): ++ # Arrange ++ mocked_subprocess = mocker.patch("cobbler.utils.subprocess_call", return_value=0) ++ mocker.patch("cobbler.actions.reposync.repo_walker") ++ mocker.patch.object(reposync_object, "create_local_file") ++ repo_path = os.path.join(reposync_object.settings.webdir, "repo_mirror", repo.name) ++ ++ # Act ++ reposync_object.rsync_sync(repo) ++ ++ # Assert ++ mocked_subprocess.assert_called_with( + [ +- ( +- enums.MirrorType.BASEURL, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", +- does_not_raise() +- ), +- ( +- enums.MirrorType.MIRRORLIST, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.METALINK, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://www.example.com/path/to/some/repo", +- pytest.raises(cexceptions.CX) +- ), ++ "rsync", ++ "--testflag", ++ "--delete-after", ++ "-e ssh", ++ "--delete", ++ "--exclude-from=/etc/cobbler/rsync.exclude", ++ "/", ++ repo_path, + ], ++ shell=False, + ) +- def test_reposync_wget( +- self, +- input_mirror_type, +- input_mirror, +- expected_exception, +- api, +- repo, +- reposync +- ): +- # Arrange +- test_repo = repo +- test_repo.breed = enums.RepoBreeds.WGET +- test_repo.mirror = input_mirror +- test_repo.mirror_type = input_mirror_type +- test_settings = api.settings() +- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) +- +- # Act & Assert +- with expected_exception: +- reposync.run(test_repo.name) +- result = os.path.exists(repo_path) +- for rpm in ["rpm"]: +- assert glob.glob(os.path.join(repo_path, "**", "2") + "*", recursive=True) != [] +- assert result +- +- +-@pytest.mark.skip("TODO") +-def test_reposync_rhn(): ++ ++ ++def test_createrepo_walker( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): + # Arrange ++ input_repo = repo ++ input_repo.breed = enums.RepoBreeds.RSYNC ++ input_dirname = "" ++ input_fnames = [] ++ expected_call = ["createrepo", "--testflags", f"'{input_dirname}'"] ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch( ++ "cobbler.utils.blender", ++ autospec=True, ++ return_value={"createrepo_flags": "--testflags"}, ++ ) ++ mocker.patch("cobbler.utils.remove_yum_olddata") ++ mocker.patch("cobbler.utils.subprocess_get", return_value="5") ++ mocker.patch("cobbler.utils.get_family", return_value="TODO") ++ mocker.patch("os.path.exists", return_value=True) ++ mocker.patch("os.path.isfile", return_value=True) ++ mocker.patch.object(reposync_object, "librepo_getinfo", return_value={}) ++ + # Act ++ reposync_object.createrepo_walker(input_repo, input_dirname, input_fnames) ++ + # Assert +- assert False ++ # TODO: Improve coverage over different cases in method ++ mocked_subprocess.assert_called_with(expected_call, shell=False) + + +-@pytest.mark.skip("TODO") +-def test_reposync_rsync(): ++@pytest.mark.parametrize( ++ "input_repotype,expected_exception", ++ [ ++ (enums.RepoBreeds.YUM, does_not_raise()), ++ (enums.RepoBreeds.RHN, does_not_raise()), ++ (enums.RepoBreeds.APT, does_not_raise()), ++ (enums.RepoBreeds.RSYNC, does_not_raise()), ++ (enums.RepoBreeds.WGET, does_not_raise()), ++ (enums.RepoBreeds.NONE, pytest.raises(cexceptions.CX)), ++ ], ++) ++def test_sync( ++ mocker: "MockerFixture", ++ cobbler_api: CobblerAPI, ++ reposync_object: reposync.RepoSync, ++ input_repotype: enums.RepoBreeds, ++ expected_exception: Any, ++): + # Arrange ++ test_repo = Repo(cobbler_api) ++ test_repo.breed = input_repotype ++ rhn_sync_mock = mocker.patch.object(reposync_object, "rhn_sync") ++ yum_sync_mock = mocker.patch.object(reposync_object, "yum_sync") ++ apt_sync_mock = mocker.patch.object(reposync_object, "apt_sync") ++ rsync_sync_mock = mocker.patch.object(reposync_object, "rsync_sync") ++ wget_sync_mock = mocker.patch.object(reposync_object, "wget_sync") ++ + # Act ++ with expected_exception: ++ reposync_object.sync(test_repo) ++ ++ # Assert ++ call_count = sum( ++ ( ++ rhn_sync_mock.call_count, ++ yum_sync_mock.call_count, ++ apt_sync_mock.call_count, ++ rsync_sync_mock.call_count, ++ wget_sync_mock.call_count, ++ ) ++ ) ++ assert call_count == 1 ++ ++ ++def test_librepo_getinfo( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, tmp_path: Path ++): ++ # Arrange ++ handle_mock = mocker.MagicMock() ++ result_mock = mocker.MagicMock() ++ mocker.patch("librepo.Handle", return_value=handle_mock) ++ mocker.patch("librepo.Result", return_value=result_mock) ++ ++ # Act ++ reposync_object.librepo_getinfo(str(tmp_path)) ++ ++ # Assert ++ handle_mock.perform.assert_called_with(result_mock) ++ result_mock.getinfo.assert_called() ++ ++ ++def test_create_local_file( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): ++ # Arrange ++ mocker.patch("cobbler.utils.filesystem_helpers.mkdir", autospec=True) ++ mock_open = mocker.patch("builtins.open", mocker.mock_open()) ++ input_dest_path = "" ++ input_repo = repo ++ input_output = True ++ ++ # Act ++ reposync_object.create_local_file(input_dest_path, input_repo, output=input_output) ++ ++ # Assert ++ # TODO: Extend checks ++ assert mock_open.call_count == 1 ++ assert mock_open.mock_calls[0] == mocker.call("config.repo", "w", encoding="UTF-8") ++ mock_open_handle = mock_open() ++ assert mock_open_handle.write.mock_calls[0] == mocker.call("[testrepo0]\n") ++ assert mock_open_handle.write.mock_calls[1] == mocker.call("name=testrepo0\n") ++ ++ ++def test_update_permissions( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync ++): ++ # Arrange ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ path_to_update = "/my/fake/path" ++ expected_calls = [ ++ mocker.call(["chown", "-R", "root:www", path_to_update], shell=False), ++ mocker.call(["chmod", "-R", "755", path_to_update], shell=False), ++ ] ++ ++ # Act ++ reposync_object.update_permissions(path_to_update) ++ + # Assert +- assert False ++ assert mocked_subprocess.mock_calls == expected_calls diff --git a/cobbler.spec b/cobbler.spec index 764ad3b..97485eb 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,9 +4,12 @@ %global shortcommit %(c=%{commit}; echo ${c:0:7}) %global selinuxtype targeted +# Tests require an installed system with root access +%bcond check 0 + Name: cobbler Version: 3.3.7 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -19,6 +22,9 @@ Source4: %{name}.fc # Do not run coverage tests Patch0: cobbler-nocov.patch +# Python 3.13 support (backport of https://github.com/cobbler/cobbler/pull/3842) +# https://bugzilla.redhat.com/show_bug.cgi?id=2335620 +Patch1: cobbler-python3.13.patch BuildArch: noarch BuildRequires: make @@ -38,6 +44,13 @@ BuildRequires: %{py3_dist schema} BuildRequires: %{py3_dist setuptools} # For docs BuildRequires: %{py3_dist sphinx} +%if %{with check} +# For tests +BuildRequires: %{py3_dist crypt-r} +BuildRequires: %{py3_dist dnspython} +BuildRequires: %{py3_dist file-magic} +BuildRequires: %{py3_dist pytest-benchmark} +%endif # This ensures that the *-selinux package and all it’s dependencies are not pulled # into containers and other systems that do not use SELinux @@ -160,9 +173,10 @@ install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{sel install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if +%if %{with check} %check -# These require an installed system with root access -#pytest -v +%pytest -v +%endif %pre @@ -325,6 +339,9 @@ fi %changelog +* Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 +- Backport upstream patch for Python 3.13 support (rhbz#2335620) + * Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 - Update to 3.3.7 (CVE-2024-47533) From 2c824d747ac993db801cbc0dd19c3f0813ac45f8 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 14:04:56 +0000 Subject: [PATCH 098/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 97485eb..71c0bd8 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -9,7 +9,7 @@ Name: cobbler Version: 3.3.7 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -339,6 +339,9 @@ fi %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 3.3.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 - Backport upstream patch for Python 3.13 support (rhbz#2335620) From 0788c790c2a47ab9bae746d4a504d59d82ab3547 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 11 May 2025 14:57:39 -0600 Subject: [PATCH 099/110] Convert to %autorelease and %autochangelog [skip changelog] --- changelog | 354 ++++++++++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 357 +-------------------------------------------------- 2 files changed, 356 insertions(+), 355 deletions(-) create mode 100644 changelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..291772a --- /dev/null +++ b/changelog @@ -0,0 +1,354 @@ +* Thu Jan 16 2025 Fedora Release Engineering - 3.3.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 +- Backport upstream patch for Python 3.13 support (rhbz#2335620) + +* Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 +- Update to 3.3.7 (CVE-2024-47533) + +* Fri Sep 27 2024 Carl George - 3.3.6-2 +- Fix cheetah dependency rhbz#2314630 + +* Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 +- Update to 3.3.6 + +* Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 +- convert license to SPDX + +* Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 +- Update to 3.3.5 + +* Fri Jun 07 2024 Python Maint - 3.3.4-5 +- Rebuilt for Python 3.13 + +* Fri Jun 07 2024 Python Maint - 3.3.4-4 +- Rebuilt for Python 3.13 + +* Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 +- Fix service name in selinux post install script + +* Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 +- Test for existence of web.ss before chowning it (bz#2276860) + +* Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 +- Update to 3.3.4 +- Add local SELinux policy and allow cobbler to check service statuses, + run mkfs.fat, and check for reposync and yumdownloader (bz#2251220) +- Change owndership of web.ss to root (bz#2247653) + +* Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 +- Add patch to fix build with Sphinx 7 + +* Wed Jun 14 2023 Python Maint - 3.3.3-5 +- Rebuilt for Python 3.12 + +* Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jun 23 2022 Python Maint - 3.3.3-2 +- Rebuilt for Python 3.11 + +* Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 +- Update to 3.3.3 + +* Wed May 04 2022 Orion Poplawski - 3.3.2-2 +- Drop setting cache_enabled no longer present in 3.3 + +* Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 +- Update to 3.3.2 + +* Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 +- Update to 3.3.1, removes web interface + +* Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 +- Apply fixes for CVE-2021-45082/3 +- Remove BR on python3-coverage + +* Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 +- Fix posttrans script + +* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 +- Fix path to settings.yaml in scriptlet + +* Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 +- Remove defunct get-loaders command + +* Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 +- Add new keys to settings.yaml on migration or if missing +- Save original settings to settings.rpmorig + +* Fri Oct 08 2021 Orion Poplawski - 3.2.2-3 +- Fix dependencies (bz#2010567) + +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 +- Migrate settings to settings.yaml +- Migrate pre-cobbler 3 data if needed +- Fix autoinstall_templates -> templates + +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 +- Update to 3.2.2 +- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection +- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function +- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings + +* Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 +- Update to 3.2.1 + +* Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 3.2.0-5 +- Rebuilt for Python 3.10 + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 +- Give root RW permission to /var/lib/cobbler/web.ss +- Fix SELinux cobbler logging issue + +* Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 +- Update to 3.2.0 + +* Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 +- Add requires on python-distro and file + +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 +- Fix apache configuration + +* Fri May 29 2020 Orion Poplawski - 3.1.2-1 +- Update to 3.1.2 + +* Tue May 26 2020 Miro Hrončok - 3.1.1-4 +- Rebuilt for Python 3.9 + +* Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 +- Add requires for python3-dns + +* Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 +- Update to 3.1.1 + +* Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 +- Drop koan completely, including obsoletes. It is a separate package now. + +* Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 +- Require /sbin/service + +* Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 +- Fix requires (requests instead of urlgrabber) +- Fix BR for EL8 + +* Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 +- Update to 3.0.1 + +* Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 +- Update to 3.0.0 + +* Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 +- Update to 2.8.5 - pre-release + +* Wed Jul 24 2019 Fedora Release Engineering - 2.8.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 2.8.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Nov 26 2018 Orion Poplawski - 2.8.4-5 +- Fix empty man pages (BZ 1653415) + +* Mon Nov 26 2018 Orion Poplawski - 2.8.4-4 +- Revert bind_manage_ipmi feature that is broken on 2.8 + +* Sun Nov 25 2018 Orion Poplawski - 2.8.4-3 +- Use pathfix.py to fix python shebangs + +* Sun Nov 25 2018 Orion Poplawski - 2.8.4-2 +- Make koan require python2-ethtool (BZ 1638933) + +* Sat Nov 24 2018 Orion Poplawski - 2.8.4-1 +- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931) + +* Thu Jul 12 2018 Fedora Release Engineering - 2.8.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed May 30 2018 Orion Poplawski - 2.8.3-3 +- koan requires urlgrabber + +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2 +- Restore mergeability with epel7 + +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 +- Update to 2.8.3 - security bugfix + +* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6 +- Really fix django requires for Fedora 28+ + +* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 +- Fix django requires for Fedora 28+ + +* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 +- Update to 2.8.2 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.8.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.8.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 +- Suppress logrotate output + +* Mon Jun 12 2017 Orion Poplawski - 2.8.1-2 +- Fix module loading + +* Wed May 24 2017 Orion Poplawski - 2.8.1-1 +- Update to 2.8.1 + +* Fri Feb 17 2017 Orion Poplawski - 2.8.0-6 +- Add patch to fix handling of multiple bridge interfaces + +* Fri Feb 10 2017 Fedora Release Engineering - 2.8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 27 2017 Orion Poplawski - 2.8.0-4 +- Fix named patch + +* Tue Jan 24 2017 Orion Poplawski - 2.8.0-3 +- Restart named-chroot service if used + +* Fri Jan 20 2017 Orion Poplawski - 2.8.0-2 +- Fix logrotate script for systemd (bug #1414617) + +* Thu Dec 1 2016 Orion Poplawski - 2.8.0-1 +- Update to 2.8.0 +- Restructure spec file + +* Thu Sep 1 2016 Orion Poplawski - 2.6.11-11.gitf78af86 +- Add patches to fix TEMPLATE_DIRS and use OrderedDict + +* Thu Aug 11 2016 Orion Poplawski - 2.6.11-10.gitf78af86 +- Force IPv4 connections to cobblerd from web proxy + +* Thu Jul 21 2016 Orion Poplawski - 2.6.11-9.gitf78af86 +- Suppress "virt-install --os-variant list" error messages + +* Thu Jul 21 2016 Orion Poplawski - 2.6.11-8.git5680bf8 +- Fix handling unknown os variants with osinfo-query + +* Tue Jul 19 2016 Fedora Release Engineering - 2.6.11-7.git95749a6 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Wed Jul 13 2016 Orion Poplawski - 2.6.11-6.git95749a6 +- Fix typo in koan/app.py + +* Wed Jul 13 2016 Orion Poplawski - 2.6.11-5.git13b035f +- Update to current git snapshot (bug #1276896) + +* Wed Feb 03 2016 Fedora Release Engineering - 2.6.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Feb 1 2016 Orion Poplawski - 2.6.11-3 +- Require dnf-plugins-core + +* Sun Jan 24 2016 Orion Poplawski - 2.6.11-2 +- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+ + +* Sun Jan 24 2016 Orion Poplawski - 2.6.11-1 +- Update to 2.6.11 +- Make cobbler arch specific to allow for arch specific requires + +* Thu Oct 1 2015 Orion Poplawski - 2.6.10-1 +- Update to 2.6.10 + +* Mon Jun 22 2015 Orion Poplawski - 2.6.9-1 +- Update to 2.6.9 + +* Wed Jun 17 2015 Fedora Release Engineering - 2.6.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 12 2015 Orion Poplawski - 2.6.8-2 +- Support django 1.8 in Fedora 22+ + +* Fri May 8 2015 Orion Poplawski - 2.6.8-1 +- Update to 2.6.8 +- Backport upstream patch to fix centos version detection (bug #1201879) + +* Tue Apr 28 2015 Orion Poplawski - 2.6.7-3 +- Add patch to fix virt-install support for F21+/EL7 (bug #1188424) + +* Mon Apr 27 2015 Orion Poplawski - 2.6.7-2 +- Create and own directories in tftp_dir + +* Wed Dec 31 2014 Orion Poplawski - 2.6.7-1 +- Update to 2.6.7 + +* Sun Oct 19 2014 Orion Poplawski - 2.6.6-1 +- Update to 2.6.6 + +* Fri Aug 15 2014 Orion Poplawski - 2.6.5-1 +- Update to 2.6.5 + +* Wed Aug 13 2014 Orion Poplawski - 2.6.4-2 +- Require Django >= 1.4 + +* Mon Aug 11 2014 Orion Poplawski - 2.6.4-1 +- Update to 2.6.4 + +* Fri Jul 18 2014 Orion Poplawski - 2.6.3-1 +- Update to 2.6.3 + +* Wed Jul 16 2014 Orion Poplawski - 2.6.2-1 +- Update to 2.6.2 +- Spec cleanup + +* Sat Jun 07 2014 Fedora Release Engineering - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri May 23 2014 Orion Poplawski - 2.6.1-1 +- Update to 2.6.1 +- Drop koan patch applied upstream + +* Tue Apr 22 2014 Orion Poplawski - 2.6.0-2 +- Only require syslinux on x86 + +* Mon Apr 21 2014 Orion Poplawski - 2.6.0-1 +- Update to 2.6.0 diff --git a/cobbler.spec b/cobbler.spec index 71c0bd8..5eafc81 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -9,7 +9,7 @@ Name: cobbler Version: 3.3.7 -Release: 3%{?dist} +Release: %autorelease Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -339,357 +339,4 @@ fi %changelog -* Thu Jan 16 2025 Fedora Release Engineering - 3.3.7-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 -- Backport upstream patch for Python 3.13 support (rhbz#2335620) - -* Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 -- Update to 3.3.7 (CVE-2024-47533) - -* Fri Sep 27 2024 Carl George - 3.3.6-2 -- Fix cheetah dependency rhbz#2314630 - -* Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 -- Update to 3.3.6 - -* Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 -- convert license to SPDX - -* Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 -- Update to 3.3.5 - -* Fri Jun 07 2024 Python Maint - 3.3.4-5 -- Rebuilt for Python 3.13 - -* Fri Jun 07 2024 Python Maint - 3.3.4-4 -- Rebuilt for Python 3.13 - -* Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 -- Fix service name in selinux post install script - -* Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 -- Test for existence of web.ss before chowning it (bz#2276860) - -* Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 -- Update to 3.3.4 -- Add local SELinux policy and allow cobbler to check service statuses, - run mkfs.fat, and check for reposync and yumdownloader (bz#2251220) -- Change owndership of web.ss to root (bz#2247653) - -* Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 -- Add patch to fix build with Sphinx 7 - -* Wed Jun 14 2023 Python Maint - 3.3.3-5 -- Rebuilt for Python 3.12 - -* Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Thu Jun 23 2022 Python Maint - 3.3.3-2 -- Rebuilt for Python 3.11 - -* Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 -- Update to 3.3.3 - -* Wed May 04 2022 Orion Poplawski - 3.3.2-2 -- Drop setting cache_enabled no longer present in 3.3 - -* Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 -- Update to 3.3.2 - -* Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 -- Update to 3.3.1, removes web interface - -* Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 -- Apply fixes for CVE-2021-45082/3 -- Remove BR on python3-coverage - -* Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 -- Fix posttrans script - -* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 -- Fix path to settings.yaml in scriptlet - -* Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 -- Remove defunct get-loaders command - -* Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 -- Add new keys to settings.yaml on migration or if missing -- Save original settings to settings.rpmorig - -* Fri Oct 08 2021 Orion Poplawski - 3.2.2-3 -- Fix dependencies (bz#2010567) - -* Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 -- Migrate settings to settings.yaml -- Migrate pre-cobbler 3 data if needed -- Fix autoinstall_templates -> templates - -* Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 -- Update to 3.2.2 -- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection -- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function -- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings - -* Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 -- Update to 3.2.1 - -* Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Fri Jun 04 2021 Python Maint - 3.2.0-5 -- Rebuilt for Python 3.10 - -* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 -- Rebuilt for updated systemd-rpm-macros - See https://pagure.io/fesco/issue/2583. - -* Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 -- Give root RW permission to /var/lib/cobbler/web.ss -- Fix SELinux cobbler logging issue - -* Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 -- Update to 3.2.0 - -* Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 -- Add requires on python-distro and file - -* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 -- Fix apache configuration - -* Fri May 29 2020 Orion Poplawski - 3.1.2-1 -- Update to 3.1.2 - -* Tue May 26 2020 Miro Hrončok - 3.1.1-4 -- Rebuilt for Python 3.9 - -* Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 -- Add requires for python3-dns - -* Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 -- Update to 3.1.1 - -* Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 -- Drop koan completely, including obsoletes. It is a separate package now. - -* Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 -- Require /sbin/service - -* Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 -- Fix requires (requests instead of urlgrabber) -- Fix BR for EL8 - -* Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 -- Update to 3.0.1 - -* Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 -- Update to 3.0.0 - -* Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 -- Update to 2.8.5 - pre-release - -* Wed Jul 24 2019 Fedora Release Engineering - 2.8.4-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu Jan 31 2019 Fedora Release Engineering - 2.8.4-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Nov 26 2018 Orion Poplawski - 2.8.4-5 -- Fix empty man pages (BZ 1653415) - -* Mon Nov 26 2018 Orion Poplawski - 2.8.4-4 -- Revert bind_manage_ipmi feature that is broken on 2.8 - -* Sun Nov 25 2018 Orion Poplawski - 2.8.4-3 -- Use pathfix.py to fix python shebangs - -* Sun Nov 25 2018 Orion Poplawski - 2.8.4-2 -- Make koan require python2-ethtool (BZ 1638933) - -* Sat Nov 24 2018 Orion Poplawski - 2.8.4-1 -- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931) - -* Thu Jul 12 2018 Fedora Release Engineering - 2.8.3-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Wed May 30 2018 Orion Poplawski - 2.8.3-3 -- koan requires urlgrabber - -* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2 -- Restore mergeability with epel7 - -* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 -- Update to 2.8.3 - security bugfix - -* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6 -- Really fix django requires for Fedora 28+ - -* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 -- Fix django requires for Fedora 28+ - -* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 -- Update Python 2 dependency declarations to new packaging standards - (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - -* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 -- Update to 2.8.2 - -* Wed Aug 02 2017 Fedora Release Engineering - 2.8.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 2.8.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 -- Suppress logrotate output - -* Mon Jun 12 2017 Orion Poplawski - 2.8.1-2 -- Fix module loading - -* Wed May 24 2017 Orion Poplawski - 2.8.1-1 -- Update to 2.8.1 - -* Fri Feb 17 2017 Orion Poplawski - 2.8.0-6 -- Add patch to fix handling of multiple bridge interfaces - -* Fri Feb 10 2017 Fedora Release Engineering - 2.8.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Fri Jan 27 2017 Orion Poplawski - 2.8.0-4 -- Fix named patch - -* Tue Jan 24 2017 Orion Poplawski - 2.8.0-3 -- Restart named-chroot service if used - -* Fri Jan 20 2017 Orion Poplawski - 2.8.0-2 -- Fix logrotate script for systemd (bug #1414617) - -* Thu Dec 1 2016 Orion Poplawski - 2.8.0-1 -- Update to 2.8.0 -- Restructure spec file - -* Thu Sep 1 2016 Orion Poplawski - 2.6.11-11.gitf78af86 -- Add patches to fix TEMPLATE_DIRS and use OrderedDict - -* Thu Aug 11 2016 Orion Poplawski - 2.6.11-10.gitf78af86 -- Force IPv4 connections to cobblerd from web proxy - -* Thu Jul 21 2016 Orion Poplawski - 2.6.11-9.gitf78af86 -- Suppress "virt-install --os-variant list" error messages - -* Thu Jul 21 2016 Orion Poplawski - 2.6.11-8.git5680bf8 -- Fix handling unknown os variants with osinfo-query - -* Tue Jul 19 2016 Fedora Release Engineering - 2.6.11-7.git95749a6 -- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - -* Wed Jul 13 2016 Orion Poplawski - 2.6.11-6.git95749a6 -- Fix typo in koan/app.py - -* Wed Jul 13 2016 Orion Poplawski - 2.6.11-5.git13b035f -- Update to current git snapshot (bug #1276896) - -* Wed Feb 03 2016 Fedora Release Engineering - 2.6.11-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Feb 1 2016 Orion Poplawski - 2.6.11-3 -- Require dnf-plugins-core - -* Sun Jan 24 2016 Orion Poplawski - 2.6.11-2 -- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+ - -* Sun Jan 24 2016 Orion Poplawski - 2.6.11-1 -- Update to 2.6.11 -- Make cobbler arch specific to allow for arch specific requires - -* Thu Oct 1 2015 Orion Poplawski - 2.6.10-1 -- Update to 2.6.10 - -* Mon Jun 22 2015 Orion Poplawski - 2.6.9-1 -- Update to 2.6.9 - -* Wed Jun 17 2015 Fedora Release Engineering - 2.6.8-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Tue May 12 2015 Orion Poplawski - 2.6.8-2 -- Support django 1.8 in Fedora 22+ - -* Fri May 8 2015 Orion Poplawski - 2.6.8-1 -- Update to 2.6.8 -- Backport upstream patch to fix centos version detection (bug #1201879) - -* Tue Apr 28 2015 Orion Poplawski - 2.6.7-3 -- Add patch to fix virt-install support for F21+/EL7 (bug #1188424) - -* Mon Apr 27 2015 Orion Poplawski - 2.6.7-2 -- Create and own directories in tftp_dir - -* Wed Dec 31 2014 Orion Poplawski - 2.6.7-1 -- Update to 2.6.7 - -* Sun Oct 19 2014 Orion Poplawski - 2.6.6-1 -- Update to 2.6.6 - -* Fri Aug 15 2014 Orion Poplawski - 2.6.5-1 -- Update to 2.6.5 - -* Wed Aug 13 2014 Orion Poplawski - 2.6.4-2 -- Require Django >= 1.4 - -* Mon Aug 11 2014 Orion Poplawski - 2.6.4-1 -- Update to 2.6.4 - -* Fri Jul 18 2014 Orion Poplawski - 2.6.3-1 -- Update to 2.6.3 - -* Wed Jul 16 2014 Orion Poplawski - 2.6.2-1 -- Update to 2.6.2 -- Spec cleanup - -* Sat Jun 07 2014 Fedora Release Engineering - 2.6.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Fri May 23 2014 Orion Poplawski - 2.6.1-1 -- Update to 2.6.1 -- Drop koan patch applied upstream - -* Tue Apr 22 2014 Orion Poplawski - 2.6.0-2 -- Only require syslinux on x86 - -* Mon Apr 21 2014 Orion Poplawski - 2.6.0-1 -- Update to 2.6.0 +%autochangelog From eb1d04f77eafa6829cc98bbd6cce36626c98da0b Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 11 May 2025 14:58:50 -0600 Subject: [PATCH 100/110] Drop Requires: /sbin/service, no longer needed (rhbz#2365434) --- cobbler.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 5eafc81..b843a24 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -74,8 +74,6 @@ Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate Recommends: %{py3_dist librepo} -# https://github.com/cobbler/cobbler/issues/1685 -Requires: /sbin/service Obsoletes: cobbler-web < 3.3 BuildRequires: systemd From 70baef33491cb585556de1acdc53f81990ea9bba Mon Sep 17 00:00:00 2001 From: Python Maint Date: Tue, 3 Jun 2025 12:20:23 +0200 Subject: [PATCH 101/110] Rebuilt for Python 3.14 From cd2b41fa6aa379ce271e4eefd272645c9614abde Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 18:28:15 +0000 Subject: [PATCH 102/110] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 4195c16d1e9a022ab451b0073450f0e2770c93c5 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 15 Aug 2025 12:42:08 +0200 Subject: [PATCH 103/110] Rebuilt for Python 3.14.0rc2 bytecode From 5cc13feffb4bdbfdb816e439a17ff5e16a6ccd4b Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 19 Sep 2025 12:11:21 +0200 Subject: [PATCH 104/110] Rebuilt for Python 3.14.0rc3 bytecode From 58e09a595a2a7e220451daefc719e13af144d6ce Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 19:24:45 -0600 Subject: [PATCH 105/110] Add upstream patch to fix reposync (rhbz#2401605) --- cobbler-reposync.patch | 18 ++++++++++++++++++ cobbler.spec | 4 ++++ 2 files changed, 22 insertions(+) create mode 100644 cobbler-reposync.patch diff --git a/cobbler-reposync.patch b/cobbler-reposync.patch new file mode 100644 index 0000000..4a2fff1 --- /dev/null +++ b/cobbler-reposync.patch @@ -0,0 +1,18 @@ +diff -up cobbler-3.3.7/cobbler/cli.py.reposync cobbler-3.3.7/cobbler/cli.py +--- cobbler-3.3.7/cobbler/cli.py.reposync 2024-11-17 14:02:02.000000000 -0700 ++++ cobbler-3.3.7/cobbler/cli.py 2025-10-04 19:21:03.379260526 -0600 +@@ -1184,7 +1184,13 @@ class CobblerCLI: + task_id = self.start_task("import", options) + elif action_name == "reposync": + self.parser.add_option("--only", dest="only", help="update only this repository name") +- self.parser.add_option("--tries", dest="tries", help="try each repo this many times", default=1) ++ self.parser.add_option( ++ "--tries", ++ dest="tries", ++ help="try each repo this many times", ++ default=1, ++ type="int", ++ ) + self.parser.add_option("--no-fail", dest="nofail", help="don't stop reposyncing if a failure occurs", + action="store_true") + (options, args) = self.parser.parse_args(self.args) diff --git a/cobbler.spec b/cobbler.spec index b843a24..485867d 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -25,6 +25,10 @@ Patch0: cobbler-nocov.patch # Python 3.13 support (backport of https://github.com/cobbler/cobbler/pull/3842) # https://bugzilla.redhat.com/show_bug.cgi?id=2335620 Patch1: cobbler-python3.13.patch +# Upstream fix for reposync --tries +# https://bugzilla.redhat.com/show_bug.cgi?id=2401605 +# Backport of https://github.com/cobbler/cobbler/pull/3378 +Patch2: cobbler-reposync.patch BuildArch: noarch BuildRequires: make From 87a66c903a04567784243f2d5d2ebb8691951a39 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 20:08:27 -0600 Subject: [PATCH 106/110] Add patch to use systemctl is-active to check status, avoids SELinux AVCs (rhbz#2353898) --- cobbler.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cobbler.spec b/cobbler.spec index 485867d..20a7539 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -29,6 +29,9 @@ Patch1: cobbler-python3.13.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2401605 # Backport of https://github.com/cobbler/cobbler/pull/3378 Patch2: cobbler-reposync.patch +# Use systemctl is-active to prevent some SELinux denials checking service status +# https://bugzilla.redhat.com/show_bug.cgi?id=2353898 +Patch3: https://github.com/cobbler/cobbler/pull/3945.patch BuildArch: noarch BuildRequires: make From 05d3a3d92b5314ce66313269396379cc4fab43cc Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 21:04:17 -0600 Subject: [PATCH 107/110] Allow cobblerd access to /boot/efi (rhbz#2353901) --- cobbler.te | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cobbler.te b/cobbler.te index 96bdec4..d233f01 100644 --- a/cobbler.te +++ b/cobbler.te @@ -211,6 +211,12 @@ optional_policy(` dnsmasq_systemctl(cobblerd_t) ') +# To read /boot/efi +optional_policy(` + fs_list_dos(cobblerd_t) + fs_read_dos_files(cobblerd_t) +') + # To run mkfs.fat when generating ISO optional_policy(` fstools_exec(cobblerd_t) From dd50735347618e139352f24a399e463502a3bed2 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 21:20:47 -0600 Subject: [PATCH 108/110] Drop running migrate-data-v2-to-v3.py (rhbz#2349260) --- cobbler.spec | 5 ----- 1 file changed, 5 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 20a7539..a93a1f6 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -232,11 +232,6 @@ if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then fi # Add some missing options if needed grep -q '^reposync_rsync_flags:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\nreposync_rsync_flags: "-rltDv --copy-unsafe-links"' >> %{_sysconfdir}/cobbler/settings.yaml -# Migrate pre-3 configuration data if needed -if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then - echo warning: migrating pre cobbler 3 configuration data - %{_datadir}/cobbler/bin/migrate-data-v2-to-v3.py -fi %preun %systemd_preun cobblerd.service From 20b9555db9c838e2ddc2b5893ce60c5467f569ba Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 21:36:03 -0600 Subject: [PATCH 109/110] Add patch [skip changelog] --- 3945.patch | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 3945.patch diff --git a/3945.patch b/3945.patch new file mode 100644 index 0000000..e75c349 --- /dev/null +++ b/3945.patch @@ -0,0 +1,32 @@ +From 1d83bd29c253ba898ac35683258fec285d5a6529 Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Sat, 4 Oct 2025 19:49:26 -0600 +Subject: [PATCH] Use systemctl is-active --quiet to check status of services + (fixes #3942) + +--- + changelog.d/3942.fixed | 1 + + cobbler/actions/check.py | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + create mode 100644 changelog.d/3942.fixed + +diff --git a/changelog.d/3942.fixed b/changelog.d/3942.fixed +new file mode 100644 +index 0000000000..444bdb800a +--- /dev/null ++++ b/changelog.d/3942.fixed +@@ -0,0 +1 @@ ++check: Use systemctl is-active --quiet to check the status of services +diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py +index b79706aff1..5f6a3fa3bc 100644 +--- a/cobbler/actions/check.py ++++ b/cobbler/actions/check.py +@@ -142,7 +142,7 @@ def check_service(self, status, which, notes=""): + status.append("service %s is not running%s" % (which, notes)) + return + elif utils.is_systemd(): +- return_code = utils.subprocess_call("systemctl status %s > /dev/null 2>/dev/null" % which, ++ return_code = utils.subprocess_call("systemctl is-active --quiet %s > /dev/null 2>/dev/null" % which, + shell=True) + if return_code != 0: + status.append("service %s is not running%s" % (which, notes)) From 9be7a60c6c727160854cc8dd5a250f10672b8223 Mon Sep 17 00:00:00 2001 From: Cristian Le Date: Tue, 23 Dec 2025 16:48:31 +0700 Subject: [PATCH 110/110] Fix the dependency on syslinux Signed-off-by: Cristian Le --- cobbler.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index a93a1f6..69d7d40 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -75,7 +75,7 @@ Requires: genisoimage Recommends: bash-completion Requires: dnf-plugins-core # syslinux is only available on x86 -Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) +Requires: (syslinux if (filesystem(x86-64) or filesystem(x86-32))) # grub2 efi stuff is only available on x86 Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64