From c930a1ecda0f9106f60410ed5ef0bcd0e80721f2 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 1 Mar 2022 17:23:35 -0700 Subject: [PATCH 1/5] More complete fix for CVE-2021-45083 - enforce permissions in %post --- cobbler.spec | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 86073a8..1cac030 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -179,6 +179,20 @@ fi %post %systemd_post cobblerd.service +# Fixup permission for world readable settings files +chmod 640 %{_sysconfdir}/cobbler/settings.yaml +chmod 600 %{_sysconfdir}/cobbler/mongodb.conf +chmod 600 %{_sysconfdir}/cobbler/modules.conf +chmod 640 %{_sysconfdir}/cobbler/users.conf +chmod 640 %{_sysconfdir}/cobbler/users.digest +chmod 750 %{_sysconfdir}/cobbler/settings.d +chmod 640 %{_sysconfdir}/cobbler/settings.d/* +chgrp apache %{_sysconfdir}/cobbler/settings.yaml +chgrp apache %{_sysconfdir}/cobbler/users.conf +chgrp apache %{_sysconfdir}/cobbler/users.digest +chgrp apache %{_sysconfdir}/cobbler/settings.d +chgrp apache %{_sysconfdir}/cobbler/settings.d/* + %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -281,6 +295,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Wed Mar 02 2022 Orion Poplawski - 3.2.2-10 +- More complete fix for CVE-2021-45083 - enforce permissions in %%post + * Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 - Apply fixes for CVE-2021-45082/3 - Remove BR on python3-coverage From 5ddaaca42c7d9116d2e2806f25e2d27c995d0d84 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Wed, 23 Mar 2022 07:07:43 -0600 Subject: [PATCH 2/5] Add upstream patch for CVE-2022-0860 (bz#2066592) --- ...aa990a94752fa5bd5a24051adde099280bfa.patch | 42 +++++++++++++++++++ cobbler.spec | 7 +++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 9044aa990a94752fa5bd5a24051adde099280bfa.patch diff --git a/9044aa990a94752fa5bd5a24051adde099280bfa.patch b/9044aa990a94752fa5bd5a24051adde099280bfa.patch new file mode 100644 index 0000000..1dfa700 --- /dev/null +++ b/9044aa990a94752fa5bd5a24051adde099280bfa.patch @@ -0,0 +1,42 @@ +From aeb10a6d169da55bab0a5000dce5913e467c9344 Mon Sep 17 00:00:00 2001 +From: Enno Gotthold +Date: Thu, 10 Mar 2022 16:16:29 +0100 +Subject: [PATCH] Security: Fix CVE-2022-0860 + +If PAM is correctly configured and a user account is set to expired, +the expired user-account is still able to successfully log into +Cobbler in all places (Web UI, CLI & XMLRPC-API). + +The same applies to user accounts with passwords set to be expired. + +This patch is fixing this and checking that this behavior is now +correct via a reproducible test. +--- + cobbler/modules/authentication/pam.py | 8 ++++++++ + tests/special_cases/security_test.py | 28 +++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+) + +diff --git a/cobbler/modules/authentication/pam.py b/cobbler/modules/authentication/pam.py +index 97ecc02ab..893422c5b 100644 +--- a/cobbler/modules/authentication/pam.py ++++ b/cobbler/modules/authentication/pam.py +@@ -114,6 +114,10 @@ class PamConv(Structure): + PAM_AUTHENTICATE.restype = c_int + PAM_AUTHENTICATE.argtypes = [PamHandle, c_int] + ++PAM_ACCT_MGMT = LIBPAM.pam_acct_mgmt ++PAM_ACCT_MGMT.restype = c_int ++PAM_ACCT_MGMT.argtypes = [PamHandle, c_int] ++ + + def authenticate(api_handle, username: str, password: str) -> bool: + """ +@@ -157,4 +161,8 @@ def my_conv(n_messages, messages, p_response, app_data): + return False + + retval = PAM_AUTHENTICATE(handle, 0) ++ ++ if retval == 0: ++ retval = PAM_ACCT_MGMT(handle, 0) ++ + return retval == 0 diff --git a/cobbler.spec b/cobbler.spec index 1cac030..f5ca371 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 10%{?dist} +Release: 11%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -25,6 +25,8 @@ Patch3: cobbler-remove-get-loaders.patch Patch4: cobbler-CVE-2021-45082.patch # Do not run coverage tests Patch5: cobbler-nocov.patch +# Upstream fix for CVE-2022-0860 (expired accounts) +Patch6: https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -295,6 +297,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Wed Mar 23 2022 Orion Poplawski - 3.2.2-11 +- Add upstream patch for CVE-2022-0860 (bz#2066592) + * Wed Mar 02 2022 Orion Poplawski - 3.2.2-10 - More complete fix for CVE-2021-45083 - enforce permissions in %%post From 0ff1d9cb4348fab88b56f5d985aa80e5c25ea78f Mon Sep 17 00:00:00 2001 From: Xavier Bachelot Date: Fri, 22 Apr 2022 17:25:10 +0200 Subject: [PATCH 3/5] Fix anonbind/Sync distro sigs/Support old anaconda --- 2965.patch | 1054 ++++++++++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 10 +- 2 files changed, 1063 insertions(+), 1 deletion(-) create mode 100644 2965.patch diff --git a/2965.patch b/2965.patch new file mode 100644 index 0000000..0d328b0 --- /dev/null +++ b/2965.patch @@ -0,0 +1,1054 @@ +From b6d391c21b1c09497a70d40c7cdd02dbb51fbc3d Mon Sep 17 00:00:00 2001 +From: tpw56j +Date: Tue, 9 Nov 2021 11:39:20 +0300 +Subject: [PATCH 1/8] fix/ldap_anonymous_bind + +--- + cobbler/modules/authentication/ldap.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cobbler/modules/authentication/ldap.py b/cobbler/modules/authentication/ldap.py +index 0abbd3538..a55ac1269 100644 +--- a/cobbler/modules/authentication/ldap.py ++++ b/cobbler/modules/authentication/ldap.py +@@ -102,7 +102,7 @@ def authenticate(api_handle, username, password) -> bool: + return False + + # if we're not allowed to search anonymously, grok the search bind settings and attempt to bind +- if api_handle.settings().ldap_anonymous_bind: ++ if not api_handle.settings().ldap_anonymous_bind: + searchdn = api_handle.settings().ldap_search_bind_dn + searchpw = api_handle.settings().ldap_search_passwd + + +From 22cdc2d1475bc5df2581c713336f07efc135e104 Mon Sep 17 00:00:00 2001 +From: Xavier Bachelot +Date: Tue, 18 Jan 2022 19:04:54 +0100 +Subject: [PATCH 2/8] Sync signatures from master + +--- + config/cobbler/distro_signatures.json | 704 ++++++++++++++++++++++---- + 1 file changed, 609 insertions(+), 95 deletions(-) + +diff --git a/config/cobbler/distro_signatures.json b/config/cobbler/distro_signatures.json +index ca7943481..92fd6d758 100644 +--- a/config/cobbler/distro_signatures.json ++++ b/config/cobbler/distro_signatures.json +@@ -12,9 +12,11 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "i386", +- "x86_64", ++ "ia64", + "ppc", +- "ppc64" ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -42,9 +44,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "i386", +- "x86_64", ++ "ia64", + "ppc", +- "ppc64" ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -69,8 +72,9 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "i386", +- "x86_64", +- "ppc64" ++ "ppc64", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -94,10 +98,11 @@ + "kernel_arch": "kernel-(.*).rpm", + "kernel_arch_regex": null, + "supported_arches": [ +- "i386", +- "x86_64", ++ "aarch64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -129,11 +134,37 @@ + "kernel_arch": "kernel-(.*).rpm", + "kernel_arch_regex": null, + "supported_arches": [ +- "i386", +- "x86_64", +- "ppc", +- "ppc64", +- "ppc64le" ++ "aarch64", ++ "ppc64le", ++ "s390x", ++ "x86_64" ++ ], ++ "supported_repo_breeds": [ ++ "rsync", ++ "rhn", ++ "yum" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.img", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "rhel9": { ++ "signatures": [ ++ "BaseOS" ++ ], ++ "version_file": "(redhat|sl|slf|almalinux|centos|centos-linux|centos-stream|oraclelinux|rocky|vzlinux)-release-(?!notes)([\\w]*-)*9[\\.-]+(.*)\\.rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*).rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -208,10 +239,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "arm", ++ "armhfp", + "i386", + "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "s390", ++ "s390x" + ], + "supported_repo_breeds": [ + "rsync", +@@ -235,10 +270,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "arm", ++ "armhfp", + "i386", +- "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "x86_64", ++ "s390", ++ "s390x" + ], + "supported_repo_breeds": [ + "rsync", +@@ -262,10 +301,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "arm", + "i386", +- "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -289,10 +331,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "armhfp", + "i386", +- "x86_64", + "ppc", +- "ppc64" ++ "ppc64", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -321,11 +366,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -354,11 +402,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -387,11 +438,14 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -420,11 +474,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -453,11 +509,13 @@ + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, + "supported_arches": [ ++ "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -487,10 +545,12 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -520,10 +580,12 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -553,10 +615,12 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", + "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -586,10 +650,11 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -619,9 +684,11 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", ++ "armhfp", + "i386", +- "x86_64", +- "ppc64le" ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -651,9 +718,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", +- "i386", +- "x86_64", +- "ppc64le" ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -683,9 +751,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", +- "i386", +- "x86_64", +- "ppc64le" ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -715,9 +784,10 @@ + "kernel_arch_regex": null, + "supported_arches": [ + "aarch64", +- "i386", +- "x86_64", +- "ppc64le" ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" + ], + "supported_repo_breeds": [ + "rsync", +@@ -737,6 +807,68 @@ + ] + } + }, ++ "fedora34": { ++ "signatures": [ ++ "Packages" ++ ], ++ "version_file": "(fedora)-release-34-(.*)\\.noarch\\.rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" ++ ], ++ "supported_repo_breeds": [ ++ "rsync", ++ "rhn", ++ "yum" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.img", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.ks", ++ "kernel_options": "repo=$tree", ++ "kernel_options_post": "", ++ "boot_files": [], ++ "boot_loaders": { ++ "ppc64": [ ++ "grub" ++ ] ++ } ++ }, ++ "fedora35": { ++ "signatures": [ ++ "Packages" ++ ], ++ "version_file": "(fedora)-release-35-(.*)\\.noarch\\.rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "armhfp", ++ "ppc64le", ++ "s390x", ++ "x86_64" ++ ], ++ "supported_repo_breeds": [ ++ "rsync", ++ "rhn", ++ "yum" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.img", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.ks", ++ "kernel_options": "repo=$tree", ++ "kernel_options_post": "", ++ "boot_files": [], ++ "boot_loaders": [] ++ }, + "cloudlinux6": { + "signatures": [ + "Packages" +@@ -880,6 +1012,29 @@ + "kernel_options": "", + "kernel_options_post": "", + "boot_files": [] ++ }, ++ "bullseye": { ++ "signatures": [ ++ "dists" ++ ], ++ "version_file": "Release", ++ "version_file_regex": "Codename: bullseye", ++ "kernel_arch": "linux-headers-(.*)\\.deb", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64" ++ ], ++ "supported_repo_breeds": [ ++ "apt" ++ ], ++ "kernel_file": "vmlinuz(.*)", ++ "initrd_file": "initrd(.*)\\.gz", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample.seed", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] + } + }, + "ubuntu": { +@@ -1394,6 +1549,32 @@ + "template_files": "", + "boot_files": [], + "boot_loaders": {} ++ }, ++ "impish": { ++ "signatures": [ ++ "dists", ++ ".disk" ++ ], ++ "version_file": "Release|info", ++ "version_file_regex": "Suite: impish|Ubuntu-Server 21\\.10", ++ "kernel_arch": "linux-headers-(.*)\\.deb", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64" ++ ], ++ "supported_repo_breeds": [ ++ "apt" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd($|.gz$|.lz$)", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "template_files": "", ++ "boot_files": [], ++ "boot_loaders": {} + } + }, + "suse": { +@@ -1613,11 +1794,107 @@ + "kernel_options_post": "", + "boot_files": [] + }, +- "opensuse15generic": { ++ "opensuse15.0": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.0-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.1": { + "signatures": [ + "" + ], +- "version_file": "openSUSE-release-15.(.*).rpm", ++ "version_file": "openSUSE-release-15.1-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.2": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.2-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.3": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.3-(.*).rpm", ++ "version_file_regex": null, ++ "kernel_arch": "kernel-(.*)\\.rpm", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "aarch64", ++ "x86_64", ++ "ppc64le" ++ ], ++ "supported_repo_breeds": [ ++ "yum" ++ ], ++ "kernel_file": "(linux|vmlinuz(.*))", ++ "initrd_file": "initrd(.*)", ++ "isolinux_ok": false, ++ "default_autoinstall": "sample_autoyast.xml", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "opensuse15.4": { ++ "signatures": [ ++ "" ++ ], ++ "version_file": "openSUSE-release-15.4-(.*).rpm", + "version_file_regex": null, + "kernel_arch": "kernel-(.*)\\.rpm", + "kernel_arch_regex": null, +@@ -2613,6 +2890,81 @@ + "kernel_options": "", + "kernel_options_post": "", + "boot_files": [] ++ }, ++ "freebsd12.2": { ++ "signatures": [ ++ "boot" ++ ], ++ "version_file": "freebsd-version", ++ "version_file_regex": "USERLAND_VERSION=\"12.2-RELEASE\"", ++ "kernel_arch": "device\\.hints", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64", ++ "ppc64", ++ "ppc64le", ++ "ppc64el", ++ "aarch64" ++ ], ++ "supported_repo_breeds": [], ++ "kernel_file": "base.txz", ++ "initrd_file": "base.txz", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "freebsd12.3": { ++ "signatures": [ ++ "boot" ++ ], ++ "version_file": "freebsd-version", ++ "version_file_regex": "USERLAND_VERSION=\"12.3-RELEASE\"", ++ "kernel_arch": "device\\.hints", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64", ++ "ppc64", ++ "ppc64le", ++ "ppc64el", ++ "aarch64" ++ ], ++ "supported_repo_breeds": [], ++ "kernel_file": "base.txz", ++ "initrd_file": "base.txz", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "freebsd13.0": { ++ "signatures": [ ++ "boot" ++ ], ++ "version_file": "freebsd-version", ++ "version_file_regex": "USERLAND_VERSION=\"13.0-RELEASE\"", ++ "kernel_arch": "device\\.hints", ++ "kernel_arch_regex": null, ++ "supported_arches": [ ++ "i386", ++ "amd64", ++ "ppc64", ++ "ppc64le", ++ "ppc64el", ++ "aarch64" ++ ], ++ "supported_repo_breeds": [], ++ "kernel_file": "base.txz", ++ "initrd_file": "base.txz", ++ "isolinux_ok": false, ++ "default_autoinstall": "", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] + } + }, + "xen": { +@@ -2752,42 +3104,204 @@ + "unix": { + }, + "windows": { +- "2003": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub"]} +- }, +- "2008": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "2012": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "2016": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "2019": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "XP": { +- "supported_arches":["i386","x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub"]} +- }, +- "7": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "8": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- }, +- "10": { +- "supported_arches":["x86_64"], +- "boot_loaders":{"x86_64":["pxelinux","grub","ipxe"]} +- } ++ "2003": { ++ "signatures": [ ++ "amd64", ++ "i386", ++ "autorun.inf" ++ ], ++ "version_file": "relnotes\\.htm", ++ "version_file_regex": "^.*Microsoft Windows Server 2003.*$", ++ "kernel_arch": "(i386|amd64)", ++ "kernel_arch_regex": null, ++ "supported_arches":["i386","amd64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [ ++ "i386/*.*", ++ "amd64/*.*" ++ ] ++ }, ++ "2008": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2008.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "2012": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2012.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86_64)$", ++ "supported_arches":["x86_64"], ++ "boot_loaders":{"x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "2016": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2016.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86_64)$", ++ "supported_arches":["x86_64"], ++ "boot_loaders":{"x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "2019": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows Server 2019.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86_64)$", ++ "supported_arches":["x86_64"], ++ "boot_loaders":{"x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "XP": { ++ "signatures": [ ++ "amd64", ++ "i386", ++ "autorun.inf" ++ ], ++ "version_file": "readme\\.htm", ++ "version_file_regex": "^Version of Microsoft Windows XP.*$", ++ "kernel_arch": "(i386|amd64)", ++ "kernel_arch_regex": null, ++ "supported_arches":["i386","amd64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [ ++ "i386/*.*", ++ "amd64/*.*" ++ ] ++ }, ++ "7": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 7.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "8": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 8.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "10": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 10.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(x86|x86_64)$", ++ "supported_arches":["x86","x86_64"], ++ "boot_loaders":{"i386":["pxe","ipxe"], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ }, ++ "11": { ++ "signatures": [ ++ "sources", ++ "autorun.inf" ++ ], ++ "version_file": "install\\.wim", ++ "version_file_regex": "^Name:.*Windows 11.*$", ++ "kernel_arch": "install\\.wim", ++ "kernel_arch_regex": "^Architecture:.*(ARM64|x86_64)$", ++ "supported_arches":["ARM64","x86_64"], ++ "boot_loaders":{"aarch64":[], "x86_64":["pxe","ipxe"]}, ++ "supported_repo_breeds": [], ++ "kernel_file": "pxeboot\\.n12", ++ "initrd_file": "boot\\.sdi", ++ "default_autoinstall": "win.ks", ++ "kernel_options": "", ++ "kernel_options_post": "", ++ "boot_files": [] ++ } + }, + "powerkvm": { + "2.1": { +@@ -2815,7 +3329,7 @@ + "boot_files": [], + "boot_loaders": { + "ppc64": [ +- "pxelinux" ++ "pxe" + ] + } + } + +From e60691af699a1bb2045fedf4c74fc4deb107cd7c Mon Sep 17 00:00:00 2001 +From: Xavier Bachelot +Date: Tue, 18 Jan 2022 19:11:31 +0100 +Subject: [PATCH 3/8] Add support for older anaconda (tftpgen) + +--- + cobbler/tftpgen.py | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/cobbler/tftpgen.py b/cobbler/tftpgen.py +index 3e2da2124..d8aa91d2f 100644 +--- a/cobbler/tftpgen.py ++++ b/cobbler/tftpgen.py +@@ -730,8 +730,10 @@ def build_kernel_options(self, system, profile, distro, image, arch: str, autoin + + if distro.breed is None or distro.breed == "redhat": + +- append_line += " kssendmac" +- append_line = "%s inst.ks=%s" % (append_line, autoinstall_path) ++ if distro.os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " kssendmac ks=%s" % autoinstall_path ++ else: ++ append_line += " inst.ks.sendmac inst.ks=%s" % autoinstall_path + gpxe = blended["enable_gpxe"] + if gpxe: + append_line = append_line.replace('ksdevice=bootif', 'ksdevice=${net0/mac}') + +From 365a9d6b1c33f14a1a390a1070d5d822c9db7ce5 Mon Sep 17 00:00:00 2001 +From: Xavier Bachelot +Date: Tue, 18 Jan 2022 19:19:26 +0100 +Subject: [PATCH 4/8] Add support for older anaconda (buildiso) + +--- + cobbler/actions/buildiso.py | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/cobbler/actions/buildiso.py b/cobbler/actions/buildiso.py +index 9b204aabf..31772c067 100644 +--- a/cobbler/actions/buildiso.py ++++ b/cobbler/actions/buildiso.py +@@ -223,7 +223,10 @@ def generate_netboot_iso(self, imagesdir, isolinuxdir, profiles=None, systems=No + if dist.breed == "redhat": + if "proxy" in data and data["proxy"] != "": + append_line += " proxy=%s http_proxy=%s" % (data["proxy"], data["proxy"]) +- append_line += " inst.ks=%s" % data["autoinstall"] ++ if dist.os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " ks=%s" % self.data["autoinstall"] ++ else: ++ append_line += " inst.ks=%s" % self.data["autoinstall"] + + if dist.breed in ["ubuntu", "debian"]: + append_line += " auto-install/enable=true url=%s" % data["autoinstall"] +@@ -273,7 +276,10 @@ def generate_netboot_iso(self, imagesdir, isolinuxdir, profiles=None, systems=No + if dist.breed == "redhat": + if "proxy" in data and data["proxy"] != "": + append_line += " proxy=%s http_proxy=%s" % (data["proxy"], data["proxy"]) +- append_line += " inst.ks=%s" % data["autoinstall"] ++ if os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " ks=%s" % self.data["autoinstall"] ++ else: ++ append_line += " inst.ks=%s" % self.data["autoinstall"] + + if dist.breed in ["ubuntu", "debian"]: + append_line += " auto-install/enable=true url=%s netcfg/disable_autoconfig=true" % data["autoinstall"] +@@ -540,7 +546,10 @@ def generate_standalone_iso(self, imagesdir, isolinuxdir, distname, filesource, + + append_line = " append initrd=%s" % os.path.basename(distro.initrd) + if distro.breed == "redhat": +- append_line += " inst.ks=cdrom:/isolinux/%s.cfg" % descendant.name ++ if distro.os_version in ["rhel4", "rhel5", "rhel6", "fedora16"]: ++ append_line += " ks=cdrom:/isolinux/%s.cfg" % descendant.name ++ else: ++ append_line += " inst.ks=cdrom:/isolinux/%s.cfg" % descendant.name + if distro.breed == "suse": + append_line += " autoyast=file:///isolinux/%s.cfg install=cdrom:///" % descendant.name + if "install" in data["kernel_options"]: + diff --git a/cobbler.spec b/cobbler.spec index f5ca371..6a3bc04 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -27,6 +27,8 @@ Patch4: cobbler-CVE-2021-45082.patch Patch5: cobbler-nocov.patch # Upstream fix for CVE-2022-0860 (expired accounts) Patch6: https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa.patch +# Based on https://github.com/cobbler/cobbler/pull/2965 +Patch7: 2965.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -297,6 +299,12 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Fri Apr 22 2022 Xavier Bachelot - 3.2.2-12 +- Add patch7: + - fix ldap anonymous bind + - sync distro signatures + - support older anaconda boot line options + * Wed Mar 23 2022 Orion Poplawski - 3.2.2-11 - Add upstream patch for CVE-2022-0860 (bz#2066592) From 98d0179877c104ccc457ef75179be186728054ec Mon Sep 17 00:00:00 2001 From: Robby Callicotte Date: Thu, 11 Aug 2022 14:27:26 -0500 Subject: [PATCH 4/5] Added upstream patch fix for reposync errors --- 3227.patch | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 7 ++++++- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 3227.patch diff --git a/3227.patch b/3227.patch new file mode 100644 index 0000000..2374c11 --- /dev/null +++ b/3227.patch @@ -0,0 +1,56 @@ +From 68d16bd35540df8a8e10a53bb4ba845bb37322ec Mon Sep 17 00:00:00 2001 +From: Robby Callicotte +Date: Thu, 11 Aug 2022 13:46:23 -0500 +Subject: [PATCH] Added backport fix for reposync + +--- + cobbler/actions/reposync.py | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py +index 2900dfd665..417aa5d491 100644 +--- a/cobbler/actions/reposync.py ++++ b/cobbler/actions/reposync.py +@@ -443,6 +443,9 @@ def rhn_sync(self, repo): + if repo.arch != "": + cmd = "%s -a %s" % (cmd, repo.arch) + ++ if repo.arch == "": ++ cmd = "%s" % (cmd) ++ + # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or + # rhn://, execute all queued commands here. Any failure at any point stops the operation. + +@@ -537,7 +540,9 @@ def yum_sync(self, repo): + # Counter-intuitive, but we want the newish kernels too + cmd = "%s -a i686" % (cmd) + else: +- cmd = "%s -a %s" % (cmd, repo.arch) ++ # Backport fix for ++ # https://github.com/cobbler/cobbler/issues/2865 ++ cmd = "%s" % (cmd) + + else: + # Create the output directory if it doesn't exist +@@ -570,12 +575,18 @@ def yum_sync(self, repo): + proxy = repo.proxy + (cert, verify) = self.gen_urlgrab_ssl_opts(repo.yumopts) + +- # FIXME: These two variables were deleted +- repodata_path = "" +- repomd_path = "" ++ # Backport fix for ++ # https://github.com/cobbler/cobbler/issues/2865 ++ repodata_path = os.path.join(temp_path, "repodata") ++ repomd_path = os.path.join(repodata_path, "repomd.xml") + if os.path.exists(repodata_path) and not os.path.isfile(repomd_path): + shutil.rmtree(repodata_path, ignore_errors=False, onerror=None) + ++ repodata_path = os.path.join(temp_path, "repodata") ++ if os.path.exists(repodata_path): ++ self.logger.info("Deleted old repo metadata for %s" % repodata_path) ++ shutil.rmtree(repodata_path, ignore_errors=False, onerror=None) ++ + h = librepo.Handle() + r = librepo.Result() + h.setopt(librepo.LRO_REPOTYPE, librepo.LR_YUMREPO) diff --git a/cobbler.spec b/cobbler.spec index f5ca371..05082d1 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.2.2 -Release: 11%{?dist} +Release: 12%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -27,6 +27,8 @@ Patch4: cobbler-CVE-2021-45082.patch Patch5: cobbler-nocov.patch # Upstream fix for CVE-2022-0860 (expired accounts) Patch6: https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa.patch +# Upstream fix for reposync_librepo +Patch7: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/3227.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -297,6 +299,9 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %changelog +* Wed Aug 10 2022 Robby Callicotte - 3.2.2-12 +- Add upstream patch for reposync errors (bz#2117750) + * Wed Mar 23 2022 Orion Poplawski - 3.2.2-11 - Add upstream patch for CVE-2022-0860 (bz#2066592) From 802b141f1b17b7a0e00879526a5769354f9773d6 Mon Sep 17 00:00:00 2001 From: Robby Callicotte Date: Tue, 23 Aug 2022 14:12:16 -0500 Subject: [PATCH 5/5] Updated patch to sync with upstream --- 3227.patch | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/3227.patch b/3227.patch index 2374c11..f7dcee1 100644 --- a/3227.patch +++ b/3227.patch @@ -1,14 +1,14 @@ -From 68d16bd35540df8a8e10a53bb4ba845bb37322ec Mon Sep 17 00:00:00 2001 -From: Robby Callicotte +From 7d5e0bb4a206365ce2cb1de30ba0f49ad43e97d2 Mon Sep 17 00:00:00 2001 +From: Robby Callicotte Date: Thu, 11 Aug 2022 13:46:23 -0500 Subject: [PATCH] Added backport fix for reposync --- - cobbler/actions/reposync.py | 19 +++++++++++++++---- - 1 file changed, 15 insertions(+), 4 deletions(-) + cobbler/actions/reposync.py | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py -index 2900dfd665..417aa5d491 100644 +index 2900dfd665..651514f36a 100644 --- a/cobbler/actions/reposync.py +++ b/cobbler/actions/reposync.py @@ -443,6 +443,9 @@ def rhn_sync(self, repo): @@ -21,26 +21,22 @@ index 2900dfd665..417aa5d491 100644 # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or # rhn://, execute all queued commands here. Any failure at any point stops the operation. -@@ -537,7 +540,9 @@ def yum_sync(self, repo): +@@ -537,7 +540,7 @@ def yum_sync(self, repo): # Counter-intuitive, but we want the newish kernels too cmd = "%s -a i686" % (cmd) else: - cmd = "%s -a %s" % (cmd, repo.arch) -+ # Backport fix for -+ # https://github.com/cobbler/cobbler/issues/2865 -+ cmd = "%s" % (cmd) ++ cmd = "%s -a %s -a noarch" % (cmd, repo.arch) else: # Create the output directory if it doesn't exist -@@ -570,12 +575,18 @@ def yum_sync(self, repo): +@@ -570,12 +573,16 @@ def yum_sync(self, repo): proxy = repo.proxy (cert, verify) = self.gen_urlgrab_ssl_opts(repo.yumopts) - # FIXME: These two variables were deleted - repodata_path = "" - repomd_path = "" -+ # Backport fix for -+ # https://github.com/cobbler/cobbler/issues/2865 + repodata_path = os.path.join(temp_path, "repodata") + repomd_path = os.path.join(repodata_path, "repomd.xml") if os.path.exists(repodata_path) and not os.path.isfile(repomd_path):