From a4bb4acfa1d3c4d9e5b27d6bef5c5ef48207bc4f Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 28 Feb 2022 22:13:35 -0700 Subject: [PATCH 01/45] Update to 3.3.1, removes web interface --- 2590.patch | 92 --------- cobbler-CVE-2021-45082.patch | 75 -------- cobbler-httpd.patch | 18 -- cobbler-nocov.patch | 16 +- cobbler-remove-get-loaders.patch | 316 ------------------------------- cobbler-scripts.patch | 12 -- cobbler.spec | 92 ++++----- sources | 2 +- 8 files changed, 41 insertions(+), 582 deletions(-) delete mode 100644 2590.patch delete mode 100644 cobbler-CVE-2021-45082.patch delete mode 100644 cobbler-httpd.patch delete mode 100644 cobbler-remove-get-loaders.patch delete mode 100644 cobbler-scripts.patch diff --git a/2590.patch b/2590.patch deleted file mode 100644 index 5e7221b..0000000 --- a/2590.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 4b5025e9e30db30d6e264fabeb860a7758d7d7ad Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Mon, 8 Mar 2021 22:04:52 -0700 -Subject: [PATCH] autoinstall_templates are installed into - /var/lib/cobbler/templates - ---- - cobbler/actions/sync.py | 2 +- - config/cobbler/settings.yaml | 4 ++-- - docs/cobbler-conf.rst | 4 ++-- - tests/test_data/settings_old | 4 ++-- - 4 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/cobbler/actions/sync.py b/cobbler/actions/sync.py -index 2667edb56..302c81de7 100644 ---- a/cobbler/actions/sync.py -+++ b/cobbler/actions/sync.py -@@ -179,7 +179,7 @@ def clean_trees(self): - if x not in self.settings.webdir_whitelist: - # delete directories that shouldn't exist - utils.rmtree(path, logger=self.logger) -- if x in ["autoinstall_templates", "autoinstall_templates_sys", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: -+ if x in ["templates", "images", "systems", "distros", "profiles", "repo_profile", "repo_system", "rendered"]: - # clean out directory contents - utils.rmtree_contents(path, logger=self.logger) - # -diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml -index b2e05a7bf..ac8edccbf 100644 ---- a/config/cobbler/settings.yaml -+++ b/config/cobbler/settings.yaml -@@ -77,7 +77,7 @@ cheetah_import_whitelist: - createrepo_flags: "-c cache -s sha" - - # if no autoinstall template is specified to profile add, use this template --default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks -+default_autoinstall: /var/lib/cobbler/templates/default.ks - - # configure all installed systems to use these nameservers by default - # unless defined differently in the profile. For DHCP configurations -@@ -92,7 +92,7 @@ default_ownership: - - "admin" - - # Cobbler has various sample automatic installation templates stored --# in /var/lib/cobbler/autoinstall_templates/. This controls -+# in /var/lib/cobbler/templates/. This controls - # what install (root) password is set up for those - # systems that reference this variable. The factory - # default is "cobbler" and Cobbler check will warn if -diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst -index 52621e278..ef65acc0b 100644 ---- a/docs/cobbler-conf.rst -+++ b/docs/cobbler-conf.rst -@@ -257,7 +257,7 @@ default_autoinstall - - If no autoinstall template is specified to profile add, use this template. - --default: ``/var/lib/cobbler/autoinstall_templates/default.ks`` -+default: ``/var/lib/cobbler/templates/default.ks`` - - default_name_* - ============== -@@ -284,7 +284,7 @@ default: - default_password_crypted - ======================== - --Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/autoinstall_templates/``. This -+Cobbler has various sample automatic installation templates stored in ``/var/lib/cobbler/templates/``. This - controls what install (root) password is set up for those systems that reference this variable. The factory default is - "cobbler" and Cobbler check will warn if this is not changed. The simplest way to change the password is to run - ``openssl passwd -1`` and put the output between the ``""``. -diff --git a/tests/test_data/settings_old b/tests/test_data/settings_old -index acbe8cdc9..1b531d21d 100644 ---- a/tests/test_data/settings_old -+++ b/tests/test_data/settings_old -@@ -92,7 +92,7 @@ cheetah_import_whitelist: - createrepo_flags: "-c cache -s sha" - - # if no autoinstall template is specified to profile add, use this template --default_autoinstall: /var/lib/cobbler/autoinstall_templates/default.ks -+default_autoinstall: /var/lib/cobbler/templates/default.ks - - # configure all installed systems to use these nameservers by default - # unless defined differently in the profile. For DHCP configurations -@@ -107,7 +107,7 @@ default_ownership: - - "admin" - - # cobbler has various sample automatic installation templates stored --# in /var/lib/cobbler/autoinstall_templates/. This controls -+# in /var/lib/cobbler/templates/. This controls - # what install (root) password is set up for those - # systems that reference this variable. The factory - # default is "cobbler" and cobbler check will warn if diff --git a/cobbler-CVE-2021-45082.patch b/cobbler-CVE-2021-45082.patch deleted file mode 100644 index 022f15a..0000000 --- a/cobbler-CVE-2021-45082.patch +++ /dev/null @@ -1,75 +0,0 @@ -diff --git a/cobbler.spec b/cobbler.spec -index bbbbae37..1f81456a 100644 ---- a/cobbler.spec -+++ b/cobbler.spec -@@ -382,6 +382,20 @@ fi - %{_datadir}/%{name}/bin/mkgrub.sh >/dev/null 2>&1 - %endif - %systemd_post cobblerd.service -+# Fixup permission for world readable settings files -+chmod 640 %{_sysconfdir}/cobbler/settings.yaml -+chmod 600 %{_sysconfdir}/cobbler/mongodb.conf -+chmod 600 %{_sysconfdir}/cobbler/modules.conf -+chmod 640 %{_sysconfdir}/cobbler/users.conf -+chmod 640 %{_sysconfdir}/cobbler/users.digest -+chmod 750 %{_sysconfdir}/cobbler/settings.d -+chmod 640 %{_sysconfdir}/cobbler/settings.d/* -+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.yaml -+chgrp %{apache_group} %{_sysconfdir}/cobbler/users.conf -+chgrp %{apache_group} %{_sysconfdir}/cobbler/users.digest -+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d -+chgrp %{apache_group} %{_sysconfdir}/cobbler/settings.d/* -+ - - %preun - %systemd_preun cobblerd.service -@@ -461,8 +475,8 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler - %dir %{_sysconfdir}/cobbler/iso - %config(noreplace) %{_sysconfdir}/cobbler/iso/buildiso.template - %config(noreplace) %{_sysconfdir}/cobbler/logging_config.conf --%config(noreplace) %{_sysconfdir}/cobbler/modules.conf --%config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf -+%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/modules.conf -+%attr(600, root, root) %config(noreplace) %{_sysconfdir}/cobbler/mongodb.conf - %config(noreplace) %{_sysconfdir}/cobbler/named.template - %config(noreplace) %{_sysconfdir}/cobbler/ndjbdns.template - %dir %{_sysconfdir}/cobbler/reporting -@@ -470,13 +484,13 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler - %config(noreplace) %{_sysconfdir}/cobbler/rsync.exclude - %config(noreplace) %{_sysconfdir}/cobbler/rsync.template - %config(noreplace) %{_sysconfdir}/cobbler/secondary.template --%config(noreplace) %{_sysconfdir}/cobbler/settings.yaml --%dir %{_sysconfdir}/cobbler/settings.d --%config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings --%config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings --%config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings --%config(noreplace) %{_sysconfdir}/cobbler/users.conf --%config(noreplace) %{_sysconfdir}/cobbler/users.digest -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.yaml -+%attr(750, root, %{apache_group}) %dir %{_sysconfdir}/cobbler/settings.d -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.conf -+%attr(640, root, %{apache_group}) %config(noreplace) %{_sysconfdir}/cobbler/users.digest - %config(noreplace) %{_sysconfdir}/cobbler/version - %config(noreplace) %{_sysconfdir}/cobbler/zone.template - %dir %{_sysconfdir}/cobbler/zone_templates -diff --git a/cobbler/templar.py b/cobbler/templar.py -index 7321e2d5..58ef16de 100644 ---- a/cobbler/templar.py -+++ b/cobbler/templar.py -@@ -77,10 +77,10 @@ class Templar: - """ - lines = data.split("\n") - for line in lines: -- if line.find("#import") != -1: -- rest = line.replace("#import", "").replace(" ", "").strip() -+ if "#import" in line or "#from" in line: -+ rest = line.replace("#import", "").replace("#from", "").replace("import", ".").replace(" ", "").strip() - if self.settings and rest not in self.settings.cheetah_import_whitelist: -- raise CX("potentially insecure import in template: %s" % rest) -+ raise CX(f"Potentially insecure import in template: {rest}") - - def render(self, data_input: Union[TextIO, str], search_table: dict, out_path: Optional[str], - template_type="default") -> str: diff --git a/cobbler-httpd.patch b/cobbler-httpd.patch deleted file mode 100644 index 2464a8c..0000000 --- a/cobbler-httpd.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up cobbler-3.1.2/config/apache/cobbler_web.conf.httpd cobbler-3.1.2/config/apache/cobbler_web.conf ---- cobbler-3.1.2/config/apache/cobbler_web.conf.httpd 2020-05-27 02:26:44.000000000 -0600 -+++ cobbler-3.1.2/config/apache/cobbler_web.conf 2020-07-07 21:12:53.942577055 -0600 -@@ -16,8 +16,6 @@ WSGIDaemonProcess cobbler_web display-na - WSGIProcessGroup cobbler_web - WSGIPassAuthorization On - -- -- - - - SSLRequireSSL -@@ -42,5 +40,3 @@ WSGIPassAuthorization On - AllowOverride None - Require all granted - -- -- diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index fe6aa76..5bce76e 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,6 +1,6 @@ -diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py ---- cobbler-3.2.2/setup.py.nocov 2022-02-28 20:05:35.388747435 -0700 -+++ cobbler-3.2.2/setup.py 2022-02-28 20:06:31.743251279 -0700 +diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py +--- cobbler-3.3.1/setup.py.nocov 2022-02-18 04:55:15.000000000 -0700 ++++ cobbler-3.3.1/setup.py 2022-02-28 21:51:44.969184938 -0700 @@ -18,7 +18,6 @@ from setuptools import find_packages from sphinx.setup_command import BuildDoc @@ -9,9 +9,7 @@ diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py import pwd import shutil import subprocess ---- cobbler-3.2.2/setup.py.nocov 2022-02-28 21:34:34.996746220 -0700 -+++ cobbler-3.2.2/setup.py 2022-02-28 21:35:51.598440218 -0700 -@@ -373,15 +373,8 @@ +@@ -360,15 +359,8 @@ class test_command(Command): def run(self): import pytest @@ -27,15 +25,15 @@ diff -up cobbler-3.2.2/setup.py.nocov cobbler-3.2.2/setup.py sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) -@@ -505,7 +498,6 @@ - url="https://cobbler.github.io", +@@ -497,7 +489,6 @@ if __name__ == "__main__": + }, license="GPLv2+", setup_requires=[ - "coverage", "distro", "setuptools", "sphinx", -@@ -528,7 +520,7 @@ +@@ -517,7 +508,7 @@ if __name__ == "__main__": ], extras_require={ "lint": ["pyflakes", "pycodestyle"], diff --git a/cobbler-remove-get-loaders.patch b/cobbler-remove-get-loaders.patch deleted file mode 100644 index d2f1981..0000000 --- a/cobbler-remove-get-loaders.patch +++ /dev/null @@ -1,316 +0,0 @@ -commit a798eabd9b9e3e7d4cb8a828a5aa2273c69cec48 -Author: Dominik Gedon -Date: Fri Mar 5 16:25:05 2021 +0100 - - Remove get-loader code - -diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py -index e034071e..4fadab53 100644 ---- a/cobbler/actions/check.py -+++ b/cobbler/actions/check.py -@@ -386,12 +386,11 @@ class CobblerCheck: - not_found.append(loader_name) - - if len(not_found) > 0: -- status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler " -- "get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, " -- "you may ensure that you have installed a *recent* version of the syslinux package " -- "installed and can ignore this message entirely. Files in this directory, should you want " -- "to support all architectures, should include pxelinux.0, menu.c32, and yaboot. The " -- "'cobbler get-loaders' command is the easiest way to resolve these requirements.") -+ status.append("some network boot-loaders are missing from /var/lib/cobbler/loaders. If you only want to " -+ "handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version " -+ "of the syslinux package installed and can ignore this message entirely. Files in this " -+ "directory, should you want to support all architectures, should include pxelinux.0, " -+ "menu.c32, and yaboot.") - - def check_tftpd_dir(self, status): - """ -diff --git a/cobbler/actions/dlcontent.py b/cobbler/actions/dlcontent.py -deleted file mode 100644 -index 84d73b8d..00000000 ---- a/cobbler/actions/dlcontent.py -+++ /dev/null -@@ -1,77 +0,0 @@ --""" --Downloads bootloader content for all arches for when the user doesn't want to supply their own. -- --Copyright 2009, Red Hat, Inc and Others --Michael DeHaan -- --This program is free software; you can redistribute it and/or modify --it under the terms of the GNU General Public License as published by --the Free Software Foundation; either version 2 of the License, or --(at your option) any later version. -- --This program is distributed in the hope that it will be useful, --but WITHOUT ANY WARRANTY; without even the implied warranty of --MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --GNU General Public License for more details. -- --You should have received a copy of the GNU General Public License --along with this program; if not, write to the Free Software --Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA --02110-1301 USA --""" -- --import os -- --from cobbler import clogger --from cobbler import download_manager -- -- --class ContentDownloader: -- -- def __init__(self, collection_mgr, logger=None): -- """ -- Constructor -- -- :param collection_mgr: The main collection manager instance which is used by the current running server. -- :param logger: The logger object which logs to the desired target. -- """ -- self.collection_mgr = collection_mgr -- self.settings = collection_mgr.settings() -- if logger is None: -- logger = clogger.Logger() -- self.logger = logger -- -- def run(self, force: bool = False): -- """ -- Download bootloader content for all of the latest bootloaders, since the user has chosen to not supply their -- own. You may ask "why not get this from yum", we also want this to be able to work on Debian and further do not -- want folks to have to install a cross compiler. For those that don't like this approach they can still source -- their cross-arch bootloader content manually. -- -- :param force: If the target path should be overwritten, even if there are already files present. -- """ -- -- content_server = "https://cobbler.github.io/loaders" -- dest = "/var/lib/cobbler/loaders" -- -- files = ( -- ("%s/README" % content_server, "%s/README" % dest), -- ("%s/COPYING.yaboot" % content_server, "%s/COPYING.yaboot" % dest), -- ("%s/COPYING.syslinux" % content_server, "%s/COPYING.syslinux" % dest), -- ("%s/yaboot-1.3.17" % content_server, "%s/yaboot" % dest), -- ("%s/pxelinux.0-3.86" % content_server, "%s/pxelinux.0" % dest), -- ("%s/menu.c32-3.86" % content_server, "%s/menu.c32" % dest), -- ("%s/grub-0.97-x86.efi" % content_server, "%s/grub-x86.efi" % dest), -- ("%s/grub-0.97-x86_64.efi" % content_server, "%s/grub-x86_64.efi" % dest), -- ) -- -- dlmgr = download_manager.DownloadManager(self.collection_mgr, self.logger) -- for src, dst in files: -- if os.path.exists(dst) and not force: -- self.logger.info("path %s already exists, not overwriting existing content, use --force if you wish " -- "to update" % dst) -- continue -- self.logger.info("downloading %s to %s" % (src, dst)) -- dlmgr.download_file(src, dst) -- --# EOF -diff --git a/cobbler/api.py b/cobbler/api.py -index bdf18391..9c52015e 100644 ---- a/cobbler/api.py -+++ b/cobbler/api.py -@@ -25,7 +25,7 @@ import random - import tempfile - from typing import Optional - --from cobbler.actions import status, dlcontent, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync -+from cobbler.actions import status, hardlink, sync, buildiso, replicate, report, log, acl, check, reposync - from cobbler import autoinstall_manager - from cobbler import clogger - from cobbler.cobbler_collections import manager -@@ -1276,21 +1276,6 @@ class CobblerAPI: - - # ========================================================================== - -- def dlcontent(self, force=False, logger=None): -- """ -- Downloads bootloader content that may not be avialable in packages for the given arch, ex: if installing on PPC, -- get syslinux. If installing on x86_64, get elilo, etc. -- -- :param force: Force the download, although the content may be already downloaded. -- :param logger: The logger to audit the removal with. -- """ -- # FIXME: teach code that copies it to grab from the right place -- self.log("dlcontent") -- grabber = dlcontent.ContentDownloader(self._collection_mgr, logger=logger) -- return grabber.run(force) -- -- # ========================================================================== -- - def validate_autoinstall_files(self, logger=None): - """ - Validate if any of the autoinstallation files are invalid and if yes report this. -diff --git a/cobbler/cli.py b/cobbler/cli.py -index 5441ce0a..9a6c4fff 100644 ---- a/cobbler/cli.py -+++ b/cobbler/cli.py -@@ -55,7 +55,7 @@ OBJECT_ACTIONS = [] - for actions in list(OBJECT_ACTIONS_MAP.values()): - OBJECT_ACTIONS += actions - DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validate-autoinstalls version " \ -- "signature get-loaders hardlink".split() -+ "signature hardlink".split() - - #################################################### - -@@ -687,10 +687,6 @@ class CobblerCLI: - elif action_name == "validate-autoinstalls": - (options, args) = self.parser.parse_args(self.args) - task_id = self.start_task("validate_autoinstall_files", options) -- elif action_name == "get-loaders": -- self.parser.add_option("--force", dest="force", action="store_true", help="overwrite any existing content in /var/lib/cobbler/loaders") -- (options, args) = self.parser.parse_args(self.args) -- task_id = self.start_task("dlcontent", options) - elif action_name == "import": - self.parser.add_option("--arch", dest="arch", help="OS architecture being imported") - self.parser.add_option("--breed", dest="breed", help="the breed being imported") -diff --git a/cobbler/remote.py b/cobbler/remote.py -index 759879a8..ac788752 100644 ---- a/cobbler/remote.py -+++ b/cobbler/remote.py -@@ -200,18 +200,6 @@ class CobblerXMLRPCInterface: - ) - return self.__start_task(runner, token, "aclsetup", "(CLI) ACL Configuration", options) - -- def background_dlcontent(self, options, token) -> str: -- """ -- Download bootloaders and other support files. -- -- :param options: Unknown what this parameter is doing at the moment. -- :param token: The API-token obtained via the login() method. The API-token obtained via the login() method. -- :return: The id of the task which was started. -- """ -- def runner(self): -- self.remote.api.dlcontent(self.options.get("force", False), self.logger) -- return self.__start_task(runner, token, "get_loaders", "Download Bootloader Content", options) -- - def background_sync(self, options, token) -> str: - """ - Run a full Cobbler sync in the background. -diff --git a/config/bash/completion/cobbler b/config/bash/completion/cobbler -index f2d5bd59..169dbaec 100755 ---- a/config/bash/completion/cobbler -+++ b/config/bash/completion/cobbler -@@ -9,7 +9,7 @@ _cobbler_completions() - prev="${COMP_WORDS[COMP_CWORD-1]}" - cobbler_type=${COMP_WORDS[1]} - COMPREPLY=() -- TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature get-loaders hardlink" -+ TYPE="distro profile system repo image mgmtclass package file aclsetup buildiso import list replicate report reposync sync validateks version signature hardlink" - ACTION="add edit copy list remove rename report" - opts=( - [distro]="--ctime --depth --mtime --source-repos --tree-build-time --uid --arch --autoinstall-meta --boot-files --boot-loader --breed --comment --fetchable-files --initrd --kernel --kernel-options --kernel-options-post --mgmt-classes --name --os-version --owners --redhat-management-key --template-files --in-place --help" -diff --git a/config/cobbler/settings.yaml b/config/cobbler/settings.yaml -index 82b8c11f..b2e05a7b 100644 ---- a/config/cobbler/settings.yaml -+++ b/config/cobbler/settings.yaml -@@ -426,7 +426,7 @@ replicate_repo_rsync_options: "-avzH" - # always write DHCP entries, regardless if netboot is enabled - always_write_dhcp_entries: false - --# External proxy - used by: "get-loaders", "reposync", "signature update" -+# External proxy - used by: reposync", "signature update" - # Eg: "http://192.168.1.1:8080" (HTTP), "https://192.168.1.1:8443" (HTTPS) - proxy_url_ext: "" - -diff --git a/docs/cobbler-conf.rst b/docs/cobbler-conf.rst -index 673beffd..808d7738 100644 ---- a/docs/cobbler-conf.rst -+++ b/docs/cobbler-conf.rst -@@ -577,7 +577,7 @@ default: ``ipmilanplus`` - proxy_url_ext - ============= - --External proxy which is used by the following commands: ``get-loaders``, ``reposync``, ``signature update`` -+External proxy which is used by the following commands: ``reposync``, ``signature update`` - - defaults: - -diff --git a/docs/cobbler.rst b/docs/cobbler.rst -index 1fffc41e..6332a662 100644 ---- a/docs/cobbler.rst -+++ b/docs/cobbler.rst -@@ -74,7 +74,7 @@ Long Usage: - .. code-block:: shell - - cobbler ... [add|edit|copy|get-autoinstall*|list|remove|rename|report] [options|--help] -- cobbler [options|--help] -+ cobbler [options|--help] - - Cobbler distro - ============== -@@ -1071,15 +1071,6 @@ Example: - - $ cobbler signature - --Cobbler get-loaders --=================== -- --Example: -- --.. code-block:: shell -- -- $ cobbler get-loaders -- - Cobbler hardlink - ================ - -diff --git a/docs/code-autodoc/cobbler.actions.rst b/docs/code-autodoc/cobbler.actions.rst -index 44f7e1a4..a5845996 100644 ---- a/docs/code-autodoc/cobbler.actions.rst -+++ b/docs/code-autodoc/cobbler.actions.rst -@@ -28,14 +28,6 @@ cobbler.actions.check module - :undoc-members: - :show-inheritance: - --cobbler.actions.dlcontent module ---------------------------------- -- --.. automodule:: cobbler.actions.dlcontent -- :members: -- :undoc-members: -- :show-inheritance: -- - cobbler.actions.hardlink module - ------------------------------- - -diff --git a/tests/cli/cobbler_cli_direct_test.py b/tests/cli/cobbler_cli_direct_test.py -index 7cd6729c..01d42d6d 100644 ---- a/tests/cli/cobbler_cli_direct_test.py -+++ b/tests/cli/cobbler_cli_direct_test.py -@@ -148,11 +148,6 @@ class TestCobblerCliTestDirect: - i = assert_report_section(lines, i, "packages") - i = assert_report_section(lines, i, "files") - -- def test_cobbler_getloaders(self, run_cmd, get_last_line): -- (outputstd, outputerr) = run_cmd(cmd=["get-loaders"]) -- lines = outputstd.split("\n") -- assert "*** TASK COMPLETE ***" == get_last_line(lines) -- - def test_cobbler_hardlink(self, run_cmd, get_last_line): - (outputstd, outputerr) = run_cmd(cmd=["hardlink"]) - lines = outputstd.split("\n") -diff --git a/tests/xmlrpcapi/background_test.py b/tests/xmlrpcapi/background_test.py -index 36c03b01..64e219ca 100644 ---- a/tests/xmlrpcapi/background_test.py -+++ b/tests/xmlrpcapi/background_test.py -@@ -25,15 +25,6 @@ class TestBackground: - # Assert - assert result - -- def test_background_dlccontent(self, remote, token): -- # Arrange -- -- # Act -- result = remote.background_dlcontent({}, token) -- -- # Assert -- assert result -- - def test_background_hardlink(self, remote, token): - # Arrange - diff --git a/cobbler-scripts.patch b/cobbler-scripts.patch deleted file mode 100644 index 97f3058..0000000 --- a/cobbler-scripts.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up cobbler-3.2.1/setup.py.orig cobbler-3.2.1/setup.py ---- cobbler-3.2.1/setup.py.orig 2021-03-04 12:07:10.000000000 -0700 -+++ cobbler-3.2.1/setup.py 2021-03-08 22:25:15.239563778 -0700 -@@ -566,7 +566,7 @@ if __name__ == "__main__": - ("share/cobbler/web", glob("web/*.*")), - ("%s" % webcontent, glob("web/static/*")), - ("%s" % webimages, glob("web/static/images/*")), -- ("share/cobbler/bin", glob("scripts/*.sh")), -+ ("share/cobbler/bin", glob("scripts/*")), - ("share/cobbler/web/templates", glob("web/templates/*")), - ("%s/webui_sessions" % libpath, []), - ("%s/loaders" % libpath, []), diff --git a/cobbler.spec b/cobbler.spec index 86073a8..6cebfa6 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,27 +4,16 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.2.2 -Release: 9%{?dist} +Version: 3.3.1 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz #Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz Source1: migrate-settings.sh -# Revert upstream's VirtualHost addition -# https://github.com/cobbler/cobbler/issues/2286 -Patch0: cobbler-httpd.patch -# Fix autoinstall_templates -> templates -Patch1: https://patch-diff.githubusercontent.com/raw/cobbler/cobbler/pull/2590.patch -# Install migrate-data-v2-to-v3.py - https://github.com/cobbler/cobbler/pull/2591 -Patch2: cobbler-scripts.patch -# Remove get-loaders command -Patch3: cobbler-remove-get-loaders.patch -# Upstream fix for CVE-2021-45082 -Patch4: cobbler-CVE-2021-45082.patch # Do not run coverage tests -Patch5: cobbler-nocov.patch +Patch0: cobbler-nocov.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -67,7 +56,6 @@ Requires: %{py3_dist pyyaml} Requires: %{py3_dist requests} Requires: %{py3_dist schema} Requires: %{py3_dist simplejson} -Requires: %{py3_dist tornado} Requires: genisoimage %if 0%{?fedora} || 0%{?rhel} >= 8 @@ -80,12 +68,15 @@ Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate +Recommends: %{py3_dist ldap} Recommends: %{py3_dist librepo} %else +Requires: %{py3_dist ldap} Requires: yum-utils %endif # https://github.com/cobbler/cobbler/issues/1685 Requires: /sbin/service +Obsoletes: cobbler-web < 3.3 BuildRequires: systemd Requires(post): systemd @@ -93,28 +84,13 @@ Requires(preun): systemd Requires(postun): systemd %description -Cobbler is a network install server. Cobbler supports PXE, ISO -virtualized installs, and re-installing existing Linux machines. -The last two modes use a helper tool, 'koan', that integrates with -cobbler. There is also a web interface 'cobbler-web'. Cobbler's -advanced features include importing distributions from DVDs and rsync -mirrors, kickstart templating, integrated yum mirroring, and built-in -DHCP/DNS Management. Cobbler has a XML-RPC API for integration with -other applications. - - -%package -n cobbler-web -Summary: Web interface for Cobbler -Requires: cobbler = %{version}-%{release} -Requires: %{py3_dist django} -Requires: %{py3_dist mod_wsgi} -Requires: mod_ssl -Requires(post): coreutils -Requires(post): sed - -%description -n cobbler-web -Web interface for Cobbler that allows visiting -http://server/cobbler_web to configure the install server. +Cobbler is a network install server. Cobbler supports PXE, ISO +virtualized installs, and re-installing existing Linux machines. The +last two modes use a helper tool, 'koan', that integrates with cobbler. +Cobbler's advanced features include importing distributions from DVDs +and rsync mirrors, kickstart templating, integrated yum mirroring, and +built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration +with other applications. %package tests @@ -150,9 +126,6 @@ mkdir -p %{buildroot}%{tftpboot_dir}/{boot,etc,grub/system{,_link},images{,2},pp mkdir -p %{buildroot}%{_unitdir} mv %{buildroot}%{_sysconfdir}/cobbler/cobblerd.service %{buildroot}%{_unitdir} -# cobbler-web -rm %{buildroot}%{_sysconfdir}/cobbler/cobbler_web.conf - # ghosted files touch %{buildroot}%{_sharedstatedir}/cobbler/web.ss @@ -179,6 +152,19 @@ fi %post %systemd_post cobblerd.service +# Fixup permission for world readable settings files +chmod 640 %{_sysconfdir}/cobbler/settings.yaml +chmod 600 %{_sysconfdir}/cobbler/mongodb.conf +chmod 600 %{_sysconfdir}/cobbler/modules.conf +chmod 640 %{_sysconfdir}/cobbler/users.conf +chmod 640 %{_sysconfdir}/cobbler/users.digest +chmod 750 %{_sysconfdir}/cobbler/settings.d +chmod 640 %{_sysconfdir}/cobbler/settings.d/* +chgrp apache %{_sysconfdir}/cobbler/settings.yaml +chgrp apache %{_sysconfdir}/cobbler/users.conf +chgrp apache %{_sysconfdir}/cobbler/users.digest +chgrp apache %{_sysconfdir}/cobbler/settings.d +chgrp apache %{_sysconfdir}/cobbler/settings.d/* %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -204,13 +190,6 @@ fi %postun %systemd_postun_with_restart cobblerd.service -%post -n cobbler-web -# Change the SECRET_KEY option in the Django settings.py file -# required for security reasons, should be unique on all systems -# Choose from letters and numbers only, so no special chars like ampersand (&). -RAND_SECRET=$(head /dev/urandom | tr -dc 'A-Za-z0-9!' | head -c 50 ; echo '') -sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler/web/settings.py - %files %license COPYING @@ -221,6 +200,7 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %config(noreplace) %{_sysconfdir}/cobbler/boot_loader_conf/ %config(noreplace) %{_sysconfdir}/cobbler/cheetah_macros %config(noreplace) %{_sysconfdir}/cobbler/dhcp.template +%config(noreplace) %{_sysconfdir}/cobbler/dhcp6.template %config(noreplace) %{_sysconfdir}/cobbler/dnsmasq.template %config(noreplace) %{_sysconfdir}/cobbler/genders.template %config(noreplace) %{_sysconfdir}/cobbler/import_rsync_whitelist @@ -239,17 +219,19 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/bind_manage_ipmi.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/manage_genders.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/nsupdate.settings +%attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/settings.d/windows.settings %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.conf %attr(640, root, apache) %config(noreplace) %{_sysconfdir}/cobbler/users.digest %config(noreplace) %{_sysconfdir}/cobbler/version +%config(noreplace) %{_sysconfdir}/cobbler/windows/ %config(noreplace) %{_sysconfdir}/cobbler/zone.template %config(noreplace) %{_sysconfdir}/cobbler/zone_templates/ %config(noreplace) %{_sysconfdir}/logrotate.d/cobblerd %config(noreplace) /etc/httpd/conf.d/cobbler.conf %{_bindir}/cobbler +%{_bindir}/cobbler-settings %{_bindir}/cobbler-ext-nodes %{_bindir}/cobblerd -%{_sbindir}/tftpd.py %{_datadir}/bash-completion/ %dir %{_datadir}/cobbler %{_datadir}/cobbler/bin @@ -262,25 +244,17 @@ sed -i -e "s/SECRET_KEY = ''/SECRET_KEY = \'$RAND_SECRET\'/" %{_datadir}/cobbler %{tftpboot_dir}/* /var/www/cobbler %config(noreplace) %{_sharedstatedir}/cobbler -%exclude %{_sharedstatedir}/cobbler/web.ss -%exclude %{_sharedstatedir}/cobbler/webui_sessions /var/log/cobbler -%files -n cobbler-web -%license COPYING -%doc AUTHORS.in README.md -%config(noreplace) /etc/httpd/conf.d/cobbler_web.conf -%attr(-,apache,apache) %{_datadir}/cobbler/web -%ghost %attr(0660,apache,root) %{_sharedstatedir}/cobbler/web.ss -%dir %attr(700,apache,root) %{_sharedstatedir}/cobbler/webui_sessions -%attr(-,apache,apache) /var/www/cobbler_webui_content/ - %files tests %dir %{_datadir}/cobbler/tests %{_datadir}/cobbler/tests/* %changelog +* Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 +- Update to 3.3.1, removes web interface + * Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 - Apply fixes for CVE-2021-45082/3 - Remove BR on python3-coverage diff --git a/sources b/sources index e8eac50..f8efb80 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.2.2.tar.gz) = 65f3bf3bb43d1b1a6631ab299cd5a9a807c8e20ea07a61f89edc425b4833be5f2ddf0ac473010906bbcaaa5edfad577378185290bd2db01d9d64f276c2ad6be9 +SHA512 (cobbler-3.3.1.tar.gz) = 0ffbb67608c01447c51076780982b16e173ec3c0a22733654ad9522a17ade1a60da095ab8e77d5ae10f9d958050d4bcda61965d3aec37bb364fd3ee6666580ea From fed0a69bb7ea5d4bd4ee79463ecfdaeb62bc852f Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 12 Mar 2022 09:53:49 -0700 Subject: [PATCH 02/45] Update to 3.3.2 --- cobbler.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 6cebfa6..70f67c8 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,7 +4,7 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.3.1 +Version: 3.3.2 Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ @@ -252,6 +252,9 @@ fi %changelog +* Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 +- Update to 3.3.2 + * Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 - Update to 3.3.1, removes web interface diff --git a/sources b/sources index f8efb80..002bd94 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.1.tar.gz) = 0ffbb67608c01447c51076780982b16e173ec3c0a22733654ad9522a17ade1a60da095ab8e77d5ae10f9d958050d4bcda61965d3aec37bb364fd3ee6666580ea +SHA512 (cobbler-3.3.2.tar.gz) = 77a2d6c468366178952d68ca67dc8cbb5eb396f2a69f5b2fc1b3a1d38ac186046516d51d891c59e6605e92d31453c947de107ac859500625e029ce5d1f59db60 From a8fe6f7f139d4acef41f510fbb3a49a42615c1d9 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 3 May 2022 19:24:48 -0600 Subject: [PATCH 03/45] Drop setting cache_enabled no longer present in 3.3 --- cobbler.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 70f67c8..fb23430 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -176,7 +176,6 @@ if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then %{_datadir}/cobbler/bin/migrate-settings.sh fi # Add some missing options if needed -grep -q '^cache_enabled:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\ncache_enabled: true' >> %{_sysconfdir}/cobbler/settings.yaml grep -q '^reposync_rsync_flags:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\nreposync_rsync_flags: "-rltDv --copy-unsafe-links"' >> %{_sysconfdir}/cobbler/settings.yaml # Migrate pre-3 configuration data if needed if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then @@ -252,6 +251,9 @@ fi %changelog +* Wed May 04 2022 Orion Poplawski - 3.3.2-2 +- Drop setting cache_enabled no longer present in 3.3 + * Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 - Update to 3.3.2 From 46bf3c8f18c14378071032591223057963d2b197 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 13 Jun 2022 19:37:43 -0600 Subject: [PATCH 04/45] Update to 3.3.3 --- cobbler.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index fb23430..6c4969a 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,8 +4,8 @@ %global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: cobbler -Version: 3.3.2 -Release: 2%{?dist} +Version: 3.3.3 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 +- Update to 3.3.3 + * Wed May 04 2022 Orion Poplawski - 3.3.2-2 - Drop setting cache_enabled no longer present in 3.3 diff --git a/sources b/sources index 002bd94..52973e0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.2.tar.gz) = 77a2d6c468366178952d68ca67dc8cbb5eb396f2a69f5b2fc1b3a1d38ac186046516d51d891c59e6605e92d31453c947de107ac859500625e029ce5d1f59db60 +SHA512 (cobbler-3.3.3.tar.gz) = 9011ae3407a3418f476f4d7b76f7b4978904a612f455e31acf44c3e9c223e4aba9bfbc17b7a12b5aedd4f380b6e8f87e0bc57dd826c945adff4fef34857c917f From 017b778961cc6d3c8e0045bdee1a2105ed1366ff Mon Sep 17 00:00:00 2001 From: Python Maint Date: Thu, 23 Jun 2022 17:45:59 +0200 Subject: [PATCH 05/45] Rebuilt for Python 3.11 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6c4969a..ec08d8c 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Thu Jun 23 2022 Python Maint - 3.3.3-2 +- Rebuilt for Python 3.11 + * Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 - Update to 3.3.3 From 5c3c68319dafcbc0602892c376bca6ce7eec8b75 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 20 Jul 2022 23:13:07 +0000 Subject: [PATCH 06/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index ec08d8c..d5dad58 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Thu Jun 23 2022 Python Maint - 3.3.3-2 - Rebuilt for Python 3.11 From c8fb82f394820f7036dc21f8faf320ffd8ca99fd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 00:08:59 +0000 Subject: [PATCH 07/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index d5dad58..066f120 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 375a43720ee461d991f0a63ffb3a020c9e656c45 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Wed, 14 Jun 2023 20:21:15 +0200 Subject: [PATCH 08/45] Rebuilt for Python 3.12 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 066f120..9fe1c64 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,6 +251,9 @@ fi %changelog +* Wed Jun 14 2023 Python Maint - 3.3.3-5 +- Rebuilt for Python 3.12 + * Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 218561053551de5a62d6236df06110aa759343ef Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 16 Jul 2023 22:29:22 -0600 Subject: [PATCH 09/45] Add patch to fix build with Sphinx 7 --- cobbler-sphinx7.patch | 92 +++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 8 +++- 2 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 cobbler-sphinx7.patch diff --git a/cobbler-sphinx7.patch b/cobbler-sphinx7.patch new file mode 100644 index 0000000..55cc655 --- /dev/null +++ b/cobbler-sphinx7.patch @@ -0,0 +1,92 @@ +diff --git a/MANIFEST.in b/MANIFEST.in +index 7554c69..95c5b48 100644 +--- a/MANIFEST.in ++++ b/MANIFEST.in +@@ -2,6 +2,7 @@ include COPYING AUTHORS + include cobbler.spec config/service/cobblerd.service + include AUTHORS.in README.md + include distro_build_configs.sh ++include Makefile + recursive-include misc * + recursive-include bin * + recursive-include config * +diff --git a/Makefile b/Makefile +index 1c41ba4..ff9ff67 100644 +--- a/Makefile ++++ b/Makefile +@@ -55,6 +55,9 @@ doc: ## Creates the documentation with sphinx in html form. + @echo "creating: documentation" + @cd docs; make html > /dev/null 2>&1 + ++man: ## Creates documentation and man pages using Sphinx ++ @${PYTHON} -m sphinx -b man -j auto ./docs ./build/sphinx/man ++ + qa: ## If pyflakes and/or pycodestyle is found then they are run. + ifeq ($(strip $(PYFLAKES)),) + @echo "No pyflakes found" +diff --git a/cobbler.spec b/cobbler.spec +index fb17d8c..01f71e2 100644 +--- a/cobbler.spec ++++ b/cobbler.spec +@@ -304,6 +304,7 @@ sed -e "s|/var/lib/tftpboot|%{tftpboot_dir}|g" -i config/cobbler/settings.yaml + [ "${TFTPROOT}" != %{tftpboot_dir} ] && echo "ERROR: TFTPROOT: ${TFTPROOT} does not match %{tftpboot_dir}" + + %py3_build ++make man + + %install + . distro_build_configs.sh +diff --git a/setup.py b/setup.py +index 502bf2d..cb57be2 100644 +--- a/setup.py ++++ b/setup.py +@@ -14,7 +14,6 @@ from setuptools import dep_util + from distutils.command.build import build as _build + from configparser import ConfigParser + from setuptools import find_packages +-from sphinx.setup_command import BuildDoc + + import codecs + import pwd +@@ -148,16 +147,6 @@ class build(_build): + def run(self): + _build.run(self) + +-##################################################################### +-# # Build man pages using Sphinx ################################### +-##################################################################### +- +- +-class build_man(BuildDoc): +- def initialize_options(self): +- BuildDoc.initialize_options(self) +- self.builder = 'man' +- + ##################################################################### + # # Configure files ################################################## + ##################################################################### +@@ -284,15 +273,7 @@ def has_configure_files(build): + return bool(build.distribution.configure_files) + + +-def has_man_pages(build): +- """Check if the distribution has configuration files to work on.""" +- return bool(build.distribution.man_pages) +- +- +-build.sub_commands.extend(( +- ('build_man', has_man_pages), +- ('build_cfg', has_configure_files) +-)) ++_build.sub_commands.extend((("build_cfg", has_configure_files),)) + + + ##################################################################### +@@ -468,7 +449,6 @@ if __name__ == "__main__": + 'savestate': savestate, + 'restorestate': restorestate, + 'build_cfg': build_cfg, +- 'build_man': build_man + }, + name="cobbler", + version=VERSION, diff --git a/cobbler.spec b/cobbler.spec index 9fe1c64..9b39696 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -14,6 +14,9 @@ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-% Source1: migrate-settings.sh # Do not run coverage tests Patch0: cobbler-nocov.patch +# Fix build with Sphinx 7 +# Backport of https://github.com/cobbler/cobbler/pull/3465.patch +Patch1: cobbler-sphinx7.patch BuildArch: noarch BuildRequires: python%{python3_pkgversion}-devel @@ -251,6 +254,9 @@ fi %changelog +* Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 +- Add patch to fix build with Sphinx 7 + * Wed Jun 14 2023 Python Maint - 3.3.3-5 - Rebuilt for Python 3.12 From d54231a40ce6c4b1331603816cb64c8ad4ad23e0 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 17 Jul 2023 07:34:17 -0600 Subject: [PATCH 10/45] Manually make man pages --- cobbler.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/cobbler.spec b/cobbler.spec index 9b39696..d6988dc 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -110,6 +110,7 @@ Unit test files from the Cobbler project %build . ./distro_build_configs.sh %py3_build +make man %install . ./distro_build_configs.sh From 762bc499517deeff64aedb0189aa8ecd961287f0 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 17 Jul 2023 07:53:50 -0600 Subject: [PATCH 11/45] Add BR on make --- cobbler.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/cobbler.spec b/cobbler.spec index d6988dc..2faf7e9 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -19,6 +19,7 @@ Patch0: cobbler-nocov.patch Patch1: cobbler-sphinx7.patch BuildArch: noarch +BuildRequires: make BuildRequires: python%{python3_pkgversion}-devel %if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: %{py3_dist cheetah3} From 1e0ee4450a73ab8c49600fd9c09c733d7154b4c1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 15:59:35 +0000 Subject: [PATCH 12/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 2faf7e9..e96c710 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -256,6 +256,9 @@ fi %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 - Add patch to fix build with Sphinx 7 From 00d12f25d0c2c34e153129399a62ec044335cb2d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 15:46:52 +0000 Subject: [PATCH 13/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index e96c710..6079455 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -256,6 +256,9 @@ fi %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From 0fc9b61b9b0bdfbbb85b80b32d8d4eb395e7f99f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jan 2024 07:36:17 +0000 Subject: [PATCH 14/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6079455..51f9ce1 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,7 +5,7 @@ Name: cobbler Version: 3.3.3 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -256,6 +256,9 @@ fi %changelog +* Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 40e914ee2905c602bbcbe0209386cee2dc09d766 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 26 Feb 2024 21:43:13 -0700 Subject: [PATCH 15/45] Update to 3.3.4 Add local SELinux policy and allow cobbler to check service statuses, run mkfs.fat, and check for reposync and yumdownloader (bz#225122) Change owndership of web.ss to root (bz#2247652) --- cobbler-nocov.patch | 27 ++--- cobbler-sphinx7.patch | 92 ---------------- cobbler.fc | 28 +++++ cobbler.if | 251 ++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 113 +++++++++++++++++-- cobbler.te | 243 ++++++++++++++++++++++++++++++++++++++++ sources | 2 +- 7 files changed, 638 insertions(+), 118 deletions(-) delete mode 100644 cobbler-sphinx7.patch create mode 100644 cobbler.fc create mode 100644 cobbler.if create mode 100644 cobbler.te diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index 5bce76e..40efcf5 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,15 +1,16 @@ -diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py ---- cobbler-3.3.1/setup.py.nocov 2022-02-18 04:55:15.000000000 -0700 -+++ cobbler-3.3.1/setup.py 2022-02-28 21:51:44.969184938 -0700 -@@ -18,7 +18,6 @@ from setuptools import find_packages - from sphinx.setup_command import BuildDoc +diff --git a/setup.py b/setup.py +index 4b21af3..145bdab 100644 +--- a/setup.py ++++ b/setup.py +@@ -16,7 +16,6 @@ from configparser import ConfigParser + from setuptools import find_packages import codecs -from coverage import Coverage import pwd import shutil import subprocess -@@ -360,15 +359,8 @@ class test_command(Command): +@@ -338,15 +337,8 @@ class test_command(Command): def run(self): import pytest @@ -25,7 +26,7 @@ diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) -@@ -497,7 +489,6 @@ if __name__ == "__main__": +@@ -474,7 +466,6 @@ if __name__ == "__main__": }, license="GPLv2+", setup_requires=[ @@ -33,12 +34,12 @@ diff -up cobbler-3.3.1/setup.py.nocov cobbler-3.3.1/setup.py "distro", "setuptools", "sphinx", -@@ -517,7 +508,7 @@ if __name__ == "__main__": +@@ -494,7 +485,7 @@ if __name__ == "__main__": ], extras_require={ "lint": ["pyflakes", "pycodestyle"], -- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"] -+ "test": ["pytest", "pytest-mock"] - }, - packages=find_packages(exclude=["*tests*"]), - scripts=[ +- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"], ++ "test": ["pytest", "pytest-mock"], + # We require the current version to properly detect duplicate issues + # See: https://github.com/twisted/towncrier/releases/tag/22.8.0 + "changelog": ["towncrier>=22.8.0"], diff --git a/cobbler-sphinx7.patch b/cobbler-sphinx7.patch deleted file mode 100644 index 55cc655..0000000 --- a/cobbler-sphinx7.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff --git a/MANIFEST.in b/MANIFEST.in -index 7554c69..95c5b48 100644 ---- a/MANIFEST.in -+++ b/MANIFEST.in -@@ -2,6 +2,7 @@ include COPYING AUTHORS - include cobbler.spec config/service/cobblerd.service - include AUTHORS.in README.md - include distro_build_configs.sh -+include Makefile - recursive-include misc * - recursive-include bin * - recursive-include config * -diff --git a/Makefile b/Makefile -index 1c41ba4..ff9ff67 100644 ---- a/Makefile -+++ b/Makefile -@@ -55,6 +55,9 @@ doc: ## Creates the documentation with sphinx in html form. - @echo "creating: documentation" - @cd docs; make html > /dev/null 2>&1 - -+man: ## Creates documentation and man pages using Sphinx -+ @${PYTHON} -m sphinx -b man -j auto ./docs ./build/sphinx/man -+ - qa: ## If pyflakes and/or pycodestyle is found then they are run. - ifeq ($(strip $(PYFLAKES)),) - @echo "No pyflakes found" -diff --git a/cobbler.spec b/cobbler.spec -index fb17d8c..01f71e2 100644 ---- a/cobbler.spec -+++ b/cobbler.spec -@@ -304,6 +304,7 @@ sed -e "s|/var/lib/tftpboot|%{tftpboot_dir}|g" -i config/cobbler/settings.yaml - [ "${TFTPROOT}" != %{tftpboot_dir} ] && echo "ERROR: TFTPROOT: ${TFTPROOT} does not match %{tftpboot_dir}" - - %py3_build -+make man - - %install - . distro_build_configs.sh -diff --git a/setup.py b/setup.py -index 502bf2d..cb57be2 100644 ---- a/setup.py -+++ b/setup.py -@@ -14,7 +14,6 @@ from setuptools import dep_util - from distutils.command.build import build as _build - from configparser import ConfigParser - from setuptools import find_packages --from sphinx.setup_command import BuildDoc - - import codecs - import pwd -@@ -148,16 +147,6 @@ class build(_build): - def run(self): - _build.run(self) - --##################################################################### --# # Build man pages using Sphinx ################################### --##################################################################### -- -- --class build_man(BuildDoc): -- def initialize_options(self): -- BuildDoc.initialize_options(self) -- self.builder = 'man' -- - ##################################################################### - # # Configure files ################################################## - ##################################################################### -@@ -284,15 +273,7 @@ def has_configure_files(build): - return bool(build.distribution.configure_files) - - --def has_man_pages(build): -- """Check if the distribution has configuration files to work on.""" -- return bool(build.distribution.man_pages) -- -- --build.sub_commands.extend(( -- ('build_man', has_man_pages), -- ('build_cfg', has_configure_files) --)) -+_build.sub_commands.extend((("build_cfg", has_configure_files),)) - - - ##################################################################### -@@ -468,7 +449,6 @@ if __name__ == "__main__": - 'savestate': savestate, - 'restorestate': restorestate, - 'build_cfg': build_cfg, -- 'build_man': build_man - }, - name="cobbler", - version=VERSION, diff --git a/cobbler.fc b/cobbler.fc new file mode 100644 index 0000000..568bf88 --- /dev/null +++ b/cobbler.fc @@ -0,0 +1,28 @@ +/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t,s0) + +/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t,s0) + +/usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t,s0) + +/usr/lib/systemd/system/cobblerd.* -- gen_context(system_u:object_r:cobblerd_unit_file_t,s0) + +/var/cache/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) + +/var/lib/tftpboot/aarch64(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/boot(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/etc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/grub(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/images(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/images2(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/memdisk -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/menu\.c32 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/ppc(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/pxelinux\.0 -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/pxelinux\.cfg(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/s390x(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) +/var/lib/tftpboot/yaboot -- gen_context(system_u:object_r:cobbler_var_lib_t,s0) + +/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t,s0) + +/var/www/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0) diff --git a/cobbler.if b/cobbler.if new file mode 100644 index 0000000..4054eab --- /dev/null +++ b/cobbler.if @@ -0,0 +1,251 @@ +## Cobbler installation server. + +######################################## +## +## Execute a domain transition to run cobblerd. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`cobblerd_domtrans',` + gen_require(` + type cobblerd_t, cobblerd_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, cobblerd_exec_t, cobblerd_t) +') + +######################################## +## +## Execute cobblerd server in the cobblerd domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`cobblerd_systemctl',` + gen_require(` + type named_unit_file_t; + type named_t; + ') + + systemd_exec_systemctl($1) + init_reload_services($1) + allow $1 named_unit_file_t:file read_file_perms; + allow $1 named_unit_file_t:service manage_service_perms; + + ps_process_pattern($1, named_t) +') + +######################################## +## +## Execute cobblerd init scripts in +## the init script domain. +## +## +## +## Domain allowed to transition. +## +## +# +interface(`cobblerd_initrc_domtrans',` + gen_require(` + type cobblerd_initrc_exec_t; + ') + + init_labeled_script_domtrans($1, cobblerd_initrc_exec_t) +') + + + +######################################## +## +## Read cobbler configuration dirs. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_list_config',` + gen_require(` + type cobbler_etc_t; + ') + + list_dirs_pattern($1, cobbler_etc_t, cobbler_etc_t) + files_search_etc($1) +') + + +######################################## +## +## Read cobbler configuration files. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_read_config',` + gen_require(` + type cobbler_etc_t; + ') + + read_files_pattern($1, cobbler_etc_t, cobbler_etc_t) + files_search_etc($1) +') + +######################################## +## +## Do not audit attempts to read and write +## cobbler log files. +## +## +## +## Domain to not audit. +## +## +# +interface(`cobbler_dontaudit_rw_log',` + gen_require(` + type cobbler_var_log_t; + ') + + dontaudit $1 cobbler_var_log_t:file rw_file_perms; +') + +######################################## +## +## Search cobbler lib directories. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_search_lib',` + gen_require(` + type cobbler_var_lib_t; + ') + + files_search_var_lib($1) + search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) +') + +######################################## +## +## Read cobbler lib files. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_read_lib_files',` + gen_require(` + type cobbler_var_lib_t; + ') + + files_search_var_lib($1) + read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) + read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) +') + +######################################## +## +## Create, read, write, and delete +## cobbler lib files. +## +## +## +## Domain allowed access. +## +## +# +interface(`cobbler_manage_lib_files',` + gen_require(` + type cobbler_var_lib_t; + ') + + files_search_var_lib($1) + manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) + manage_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) + manage_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t) +') + +######################################## +## +## All of the rules required to +## administrate an cobbler environment. +## +## +## +## Domain allowed access. +## +## +## +## +## Role allowed access. +## +## +## +# +interface(`cobblerd_admin',` + refpolicywarn(`$0($*) has been deprecated, use cobbler_admin() instead.') + cobbler_admin($1, $2) +') + +######################################## +## +## All of the rules required to +## administrate an cobbler environment. +## +## +## +## Domain allowed access. +## +## +## +## +## Role allowed access. +## +## +## +# +interface(`cobbler_admin',` + gen_require(` + type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t; + type cobbler_etc_t, cobblerd_initrc_exec_t; + type cobbler_tmp_t; + ') + + allow $1 cobblerd_t:process { ptrace signal_perms }; + ps_process_pattern($1, cobblerd_t) + + cobblerd_initrc_domtrans($1) + domain_system_change_exemption($1) + role_transition $2 cobblerd_initrc_exec_t system_r; + allow $2 system_r; + + files_search_etc($1) + admin_pattern($1, cobbler_etc_t) + + files_search_tmp($1) + admin_pattern($1, cobbler_tmp_t) + + files_search_var_lib($1) + admin_pattern($1, cobbler_var_lib_t) + + logging_search_logs($1) + admin_pattern($1, cobbler_var_log_t) +') diff --git a/cobbler.spec b/cobbler.spec index 51f9ce1..a0ee626 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -1,22 +1,23 @@ %global tftpboot_dir %{_sharedstatedir}/tftpboot/ -%global commit0 172b8a0f79d110dcac1f50acfe412e0a01ff20ab -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) +%global commit 700eb5bdfb28baba4de5e4083bec9e132a763bcb +%global shortcommit %(c=%{commit}; echo ${c:0:7}) +%global selinuxtype targeted Name: cobbler -Version: 3.3.3 -Release: 9%{?dist} +Version: 3.3.4 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz -#Source0: https://github.com/cobbler/cobbler/archive/%{commit0}/%{name}-%{commit0}.tar.gz Source1: migrate-settings.sh +Source2: %{name}.te +Source3: %{name}.if +Source4: %{name}.fc + # Do not run coverage tests Patch0: cobbler-nocov.patch -# Fix build with Sphinx 7 -# Backport of https://github.com/cobbler/cobbler/pull/3465.patch -Patch1: cobbler-sphinx7.patch BuildArch: noarch BuildRequires: make @@ -45,6 +46,10 @@ BuildRequires: python%{python3_pkgversion}-simplejson BuildRequires: python%{python3_pkgversion}-sphinx %endif +# This ensures that the *-selinux package and all it’s dependencies are not pulled +# into containers and other systems that do not use SELinux +Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) + Requires: httpd Requires: tftp-server Requires: createrepo_c @@ -97,22 +102,51 @@ built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. +%package selinux +Summary: SELinux policies for %{name} +Requires: selinux-policy-%{selinuxtype} +Requires(post): selinux-policy-%{selinuxtype} +BuildRequires: selinux-policy-devel +BuildArch: noarch +%{?selinux_requires} + + +%description selinux +SELinux policies for %{name}. + + %package tests Summary: Unit tests for cobbler Requires: cobbler = %{version}-%{release} %description tests -Unit test files from the Cobbler project +Unit test files from the Cobbler project. + + +%package tests-containers +Summary: Dockerfiles and scripts to setup testing containers +Requires: cobbler = %{version}-%{release} + +%description tests-containers +Dockerfiles and scripts to setup testing containers. %prep %autosetup -p1 +mkdir -p selinux +cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux/ + %build . ./distro_build_configs.sh %py3_build make man +# SELinux +make -f %{_datadir}/selinux/devel/Makefile %{name}.pp +bzip2 -9 %{name}.pp + + %install . ./distro_build_configs.sh # bypass install errors ( don't chown in install step) @@ -137,6 +171,15 @@ touch %{buildroot}%{_sharedstatedir}/cobbler/web.ss # migrate-settings.sh install -p -m0755 %SOURCE1 %{buildroot}%{_datadir}/cobbler/bin/migrate-settings.sh +# SELinux +install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if + + +%check +# These require an installed system with root access +#pytest -v + %pre if [ $1 -ge 2 ]; then @@ -170,6 +213,8 @@ chgrp apache %{_sysconfdir}/cobbler/users.conf chgrp apache %{_sysconfdir}/cobbler/users.digest chgrp apache %{_sysconfdir}/cobbler/settings.d chgrp apache %{_sysconfdir}/cobbler/settings.d/* +# Change from apache +chown root %{_sharedstatedir}/cobbler/web.ss %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -195,6 +240,25 @@ fi %systemd_postun_with_restart cobblerd.service +%pre selinux +%selinux_relabel_pre -s %{selinuxtype} + +%post selinux +%selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.bz2 +%selinux_relabel_post -s %{selinuxtype} + +if [ "$1" -le "1" ]; then # First install + # the daemon needs to be restarted for the custom label to be applied + %systemd_postun_with_restart %{name}.service +fi + +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s %{selinuxtype} %{name} + %selinux_relabel_post -s %{selinuxtype} +fi + + %files %license COPYING %doc AUTHORS.in README.md @@ -247,15 +311,40 @@ fi %{_unitdir}/cobblerd.service %{tftpboot_dir}/* /var/www/cobbler -%config(noreplace) %{_sharedstatedir}/cobbler +%dir %{_sharedstatedir}/cobbler +%ghost %attr(0755,root,root) %{_sharedstatedir}/cobbler/backup/ +%config(noreplace) %{_sharedstatedir}/cobbler/collections/ +%config(noreplace) %{_sharedstatedir}/cobbler/distro_signatures.json +%config(noreplace) %{_sharedstatedir}/cobbler/grub_config/ +%config(noreplace) %{_sharedstatedir}/cobbler/loaders/ +%config(noreplace) %{_sharedstatedir}/cobbler/scripts/ +%config(noreplace) %{_sharedstatedir}/cobbler/snippets/ +%config(noreplace) %{_sharedstatedir}/cobbler/templates/ +%config(noreplace) %{_sharedstatedir}/cobbler/triggers/ +%ghost %attr(0644,root,root) %{_sharedstatedir}/cobbler/lock +# Currently used for cli auth +%ghost %attr(0644,root,root) %{_sharedstatedir}/cobbler/web.ss /var/log/cobbler +%files selinux +%{_datadir}/selinux/packages/%{selinuxtype}/%{name}.pp.* +%{_datadir}/selinux/devel/include/distributed/%{name}.if +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{name} + %files tests -%dir %{_datadir}/cobbler/tests -%{_datadir}/cobbler/tests/* +%{_datadir}/cobbler/tests/ + +%files tests-containers +%{_datadir}/cobbler/docker/ %changelog +* Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 +- Update to 3.3.4 +- Add local SELinux policy and allow cobbler to check service statuses, + run mkfs.fat, and check for reposync and yumdownloader (bz#225122) +- Change owndership of web.ss to root (bz#2247652) + * Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/cobbler.te b/cobbler.te new file mode 100644 index 0000000..96bdec4 --- /dev/null +++ b/cobbler.te @@ -0,0 +1,243 @@ +policy_module(cobbler, 1.3.0) + +######################################## +# +# Declarations +# + +## +##

+## Determine whether Cobbler can modify +## public files used for public file +## transfer services. +##

+## +gen_tunable(cobbler_anon_write, false) + +## +##

+## Determine whether Cobbler can connect +## to the network using TCP. +##

+## +gen_tunable(cobbler_can_network_connect, false) + +## +##

+## Determine whether Cobbler can access +## cifs file systems. +##

+## +gen_tunable(cobbler_use_cifs, false) + +## +##

+## Determine whether Cobbler can access +## nfs file systems. +##

+## +gen_tunable(cobbler_use_nfs, false) + +gen_require(` + type debuginfo_exec_t; + type init_exec_t; + class file getattr; +') + +type cobblerd_t; +type cobblerd_exec_t; +init_daemon_domain(cobblerd_t, cobblerd_exec_t) + +type cobblerd_initrc_exec_t; +init_script_file(cobblerd_initrc_exec_t) + +type cobbler_etc_t; +files_config_file(cobbler_etc_t) + +type cobbler_var_log_t; +logging_log_file(cobbler_var_log_t) + +type cobbler_var_lib_t alias cobbler_content_t; +files_type(cobbler_var_lib_t) + +type cobbler_tmp_t; +files_tmp_file(cobbler_tmp_t) + +type cobblerd_unit_file_t; +systemd_unit_file(cobblerd_unit_file_t) + +######################################## +# +# Local policy +# + +allow cobblerd_t self:capability { chown dac_read_search fowner fsetid sys_nice }; +dontaudit cobblerd_t self:capability sys_tty_config; +allow cobblerd_t self:process { getsched setsched signal }; +allow cobblerd_t self:fifo_file rw_fifo_file_perms; +allow cobblerd_t self:tcp_socket { accept listen }; +allow cobblerd_t self:netlink_audit_socket create_socket_perms; + +allow cobblerd_t cobbler_etc_t:dir list_dir_perms; +allow cobblerd_t cobbler_etc_t:file read_file_perms; +allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms; + +allow cobblerd_t cobbler_tmp_t:file mmap_file_perms; +# Allow cobbler to stat /usr/libexec/dnf-utils (aka reposync/yumdownloader) +allow cobblerd_t debuginfo_exec_t:file getattr; +# Allow cobbler to stat /usr/lib/systemd/systemd +allow cobblerd_t init_exec_t:file getattr; +# Allow cobbler to check status of itself +allow cobblerd_t cobblerd_unit_file_t:service status; + +manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) +manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t) +files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file }) + +manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) +manage_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) +manage_lnk_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t) +files_var_lib_filetrans(cobblerd_t, cobbler_var_lib_t, dir) +files_var_filetrans(cobblerd_t, cobbler_var_lib_t, dir, "cobbler") + +append_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +create_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +read_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t) +logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file) + +kernel_read_system_state(cobblerd_t) +kernel_read_network_state(cobblerd_t) + +corecmd_exec_bin(cobblerd_t) +corecmd_exec_shell(cobblerd_t) + +corenet_all_recvfrom_netlabel(cobblerd_t) +corenet_all_recvfrom_unlabeled(cobblerd_t) +corenet_tcp_sendrecv_generic_if(cobblerd_t) +corenet_tcp_sendrecv_generic_node(cobblerd_t) +corenet_tcp_bind_generic_node(cobblerd_t) + +corenet_sendrecv_cobbler_server_packets(cobblerd_t) +corenet_tcp_bind_cobbler_port(cobblerd_t) +corenet_tcp_sendrecv_cobbler_port(cobblerd_t) + +corenet_sendrecv_ftp_client_packets(cobblerd_t) +corenet_tcp_connect_ftp_port(cobblerd_t) +corenet_tcp_sendrecv_ftp_port(cobblerd_t) + +corenet_tcp_sendrecv_http_port(cobblerd_t) +corenet_tcp_connect_http_port(cobblerd_t) +corenet_sendrecv_http_client_packets(cobblerd_t) + +dev_read_sysfs(cobblerd_t) +dev_read_urand(cobblerd_t) + +files_list_boot(cobblerd_t) +files_list_tmp(cobblerd_t) +files_read_boot_files(cobblerd_t) +files_read_etc_runtime_files(cobblerd_t) + +fs_getattr_all_fs(cobblerd_t) +fs_read_iso9660_files(cobblerd_t) + +selinux_get_enforce_mode(cobblerd_t) + +term_use_console(cobblerd_t) + +auth_use_nsswitch(cobblerd_t) + +logging_send_syslog_msg(cobblerd_t) + +miscfiles_read_localization(cobblerd_t) +miscfiles_read_public_files(cobblerd_t) + +sysnet_dns_name_resolve(cobblerd_t) +sysnet_rw_dhcp_config(cobblerd_t) +sysnet_write_config(cobblerd_t) + +tunable_policy(`cobbler_anon_write',` + miscfiles_manage_public_files(cobblerd_t) +') + +tunable_policy(`cobbler_can_network_connect',` + corenet_sendrecv_all_client_packets(cobblerd_t) + corenet_tcp_connect_all_ports(cobblerd_t) + corenet_tcp_sendrecv_all_ports(cobblerd_t) +') + +tunable_policy(`cobbler_use_cifs',` + fs_manage_cifs_dirs(cobblerd_t) + fs_manage_cifs_files(cobblerd_t) + fs_manage_cifs_symlinks(cobblerd_t) +') + +tunable_policy(`cobbler_use_nfs',` + fs_manage_nfs_dirs(cobblerd_t) + fs_manage_nfs_files(cobblerd_t) + fs_manage_nfs_symlinks(cobblerd_t) +') + +optional_policy(` + apache_search_config(cobblerd_t) + apache_domtrans(cobblerd_t) + apache_search_sys_content(cobblerd_t) +') + +optional_policy(` + bind_read_config(cobblerd_t) + bind_write_config(cobblerd_t) + bind_domtrans_ndc(cobblerd_t) + bind_domtrans(cobblerd_t) + bind_initrc_domtrans(cobblerd_t) + bind_manage_zone(cobblerd_t) + bind_systemctl(cobblerd_t) +') + +optional_policy(` + certmaster_exec(cobblerd_t) +') + +optional_policy(` + dhcpd_domtrans(cobblerd_t) + dhcpd_initrc_domtrans(cobblerd_t) + dhcpd_systemctl(cobblerd_t) +') + +optional_policy(` + dnsmasq_domtrans(cobblerd_t) + dnsmasq_initrc_domtrans(cobblerd_t) + dnsmasq_write_config(cobblerd_t) + dnsmasq_systemctl(cobblerd_t) +') + +# To run mkfs.fat when generating ISO +optional_policy(` + fstools_exec(cobblerd_t) +') + +optional_policy(` + libs_exec_ldconfig(cobblerd_t) +') + +optional_policy(` + mysql_stream_connect(cobblerd_t) +') + +optional_policy(` + rpm_exec(cobblerd_t) +') + +optional_policy(` + rsync_exec(cobblerd_t) + rsync_read_config(cobblerd_t) + rsync_manage_config(cobblerd_t) + rsync_etc_filetrans_config(cobblerd_t, file, "rsync.conf") +') + +optional_policy(` + tftp_manage_config(cobblerd_t) + tftp_manage_rw_content(cobblerd_t) + tftp_delete_content_dirs(cobblerd_t) + tftp_filetrans_tftpdir(cobblerd_t, cobbler_var_lib_t, { dir file }) +') diff --git a/sources b/sources index 52973e0..36c8a40 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.3.tar.gz) = 9011ae3407a3418f476f4d7b76f7b4978904a612f455e31acf44c3e9c223e4aba9bfbc17b7a12b5aedd4f380b6e8f87e0bc57dd826c945adff4fef34857c917f +SHA512 (cobbler-3.3.4.tar.gz) = 931dc6e2927d3177a7aa6e83cc15defc77aa624059284e44fb941ff3fa7b78e1d5729af7b819faa3573558e1b5ee8e068378559b67069c7f02ea5c0ed947ab9e From 4411debad78426562945b9400aaa2b3d8209206c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 26 Feb 2024 21:54:57 -0700 Subject: [PATCH 16/45] Fix BZ#s --- cobbler.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index a0ee626..31d6752 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -342,8 +342,8 @@ fi * Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 - Update to 3.3.4 - Add local SELinux policy and allow cobbler to check service statuses, - run mkfs.fat, and check for reposync and yumdownloader (bz#225122) -- Change owndership of web.ss to root (bz#2247652) + run mkfs.fat, and check for reposync and yumdownloader (bz#2251220) +- Change owndership of web.ss to root (bz#2247653) * Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 6428fa3761bb6f014eee44415a90f19fdf0c929e Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 25 Apr 2024 19:30:42 -0600 Subject: [PATCH 17/45] Test for existence of web.ss before chowning it (bz#2276860) --- cobbler.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 31d6752..fed4e21 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -214,7 +214,9 @@ chgrp apache %{_sysconfdir}/cobbler/users.digest chgrp apache %{_sysconfdir}/cobbler/settings.d chgrp apache %{_sysconfdir}/cobbler/settings.d/* # Change from apache -chown root %{_sharedstatedir}/cobbler/web.ss +if [ -f %{_sharedstatedir}/cobbler/web.ss ]; then + chown root %{_sharedstatedir}/cobbler/web.ss +fi %posttrans # Migrate pre-3.2.1 settings to settings.yaml @@ -339,6 +341,9 @@ fi %changelog +* Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 +- Test for existence of web.ss before chowning it (bz#2276860) + * Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 - Update to 3.3.4 - Add local SELinux policy and allow cobbler to check service statuses, From 65c2b1ba5d2a2cb9326634b2b53ede9b4bace15d Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 27 Apr 2024 10:49:25 -0600 Subject: [PATCH 18/45] Fix service name in selinux post install script --- cobbler.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index fed4e21..514a585 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -251,7 +251,7 @@ fi if [ "$1" -le "1" ]; then # First install # the daemon needs to be restarted for the custom label to be applied - %systemd_postun_with_restart %{name}.service + %systemd_postun_with_restart cobblerd.service fi %postun selinux @@ -341,6 +341,9 @@ fi %changelog +* Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 +- Fix service name in selinux post install script + * Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 - Test for existence of web.ss before chowning it (bz#2276860) From ca7ccfbefd0df627e3c4e8139faf2ca01ab1d8e0 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 7 Jun 2024 18:57:18 +0200 Subject: [PATCH 19/45] Rebuilt for Python 3.13 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 514a585..6c122a3 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Fri Jun 07 2024 Python Maint - 3.3.4-4 +- Rebuilt for Python 3.13 + * Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 - Fix service name in selinux post install script From ba39bd45a2da975236348a41671fc6e3155ae10d Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 7 Jun 2024 23:19:34 +0200 Subject: [PATCH 20/45] Rebuilt for Python 3.13 --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6c122a3..3a50858 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.4 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Fri Jun 07 2024 Python Maint - 3.3.4-5 +- Rebuilt for Python 3.13 + * Fri Jun 07 2024 Python Maint - 3.3.4-4 - Rebuilt for Python 3.13 From 0bca026fd8182ab9578945aa1a00463574b43176 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 11 Jul 2024 21:38:48 -0600 Subject: [PATCH 21/45] Update to 3.3.5 Update to 3.3.5 Update to 3.3.5 Update to 3.3.5 --- cobbler-nocov.patch | 26 ++++++++++++++------------ cobbler.spec | 7 +++++-- sources | 2 +- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index 40efcf5..0f36417 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,8 +1,8 @@ diff --git a/setup.py b/setup.py -index 4b21af3..145bdab 100644 +index 587a50a..8eff4a3 100644 --- a/setup.py +++ b/setup.py -@@ -16,7 +16,6 @@ from configparser import ConfigParser +@@ -15,7 +15,6 @@ from configparser import ConfigParser from setuptools import find_packages import codecs @@ -10,7 +10,7 @@ index 4b21af3..145bdab 100644 import pwd import shutil import subprocess -@@ -338,15 +337,8 @@ class test_command(Command): +@@ -343,15 +342,8 @@ class test_command(Command): def run(self): import pytest @@ -26,7 +26,7 @@ index 4b21af3..145bdab 100644 sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0))) -@@ -474,7 +466,6 @@ if __name__ == "__main__": +@@ -479,7 +471,6 @@ if __name__ == "__main__": }, license="GPLv2+", setup_requires=[ @@ -34,12 +34,14 @@ index 4b21af3..145bdab 100644 "distro", "setuptools", "sphinx", -@@ -494,7 +485,7 @@ if __name__ == "__main__": - ], - extras_require={ - "lint": ["pyflakes", "pycodestyle"], -- "test": ["pytest", "pytest-cov", "codecov", "pytest-mock"], -+ "test": ["pytest", "pytest-mock"], +@@ -501,10 +492,7 @@ if __name__ == "__main__": + "lint": ["pyflakes", "pycodestyle", "pylint", "black", "mypy"], + "test": [ + "pytest>6", +- "pytest-cov", +- "codecov", + "pytest-mock", +- "pytest-benchmark", + ], + "docs": ["sphinx", "sphinx-rtd-theme", "sphinxcontrib-apidoc"], # We require the current version to properly detect duplicate issues - # See: https://github.com/twisted/towncrier/releases/tag/22.8.0 - "changelog": ["towncrier>=22.8.0"], diff --git a/cobbler.spec b/cobbler.spec index 3a50858..a7fb66f 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,8 +5,8 @@ %global selinuxtype targeted Name: cobbler -Version: 3.3.4 -Release: 5%{?dist} +Version: 3.3.5 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 +- Update to 3.3.5 + * Fri Jun 07 2024 Python Maint - 3.3.4-5 - Rebuilt for Python 3.13 diff --git a/sources b/sources index 36c8a40..1177e27 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.4.tar.gz) = 931dc6e2927d3177a7aa6e83cc15defc77aa624059284e44fb941ff3fa7b78e1d5729af7b819faa3573558e1b5ee8e068378559b67069c7f02ea5c0ed947ab9e +SHA512 (cobbler-3.3.5.tar.gz) = 4290e92fc4fdd85a53086c287b83f70e1077a7b76d4b25efcbadb1de6f22b1f5d8f7625243abf79d3832e98678d0290d9413e528ab0d05aacde7bc0c8f9a8d14 From da3242e6879d52bd9f794e78b2710f41c691819c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 17 Jul 2024 19:36:15 +0000 Subject: [PATCH 22/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index a7fb66f..26561a0 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ License: GPLv2+ @@ -341,6 +341,9 @@ fi %changelog +* Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 - Update to 3.3.5 From 4f2da8b22a11f8e54a1150a9eb8cffab87c460f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Thu, 25 Jul 2024 23:19:59 +0200 Subject: [PATCH 23/45] convert GPLv2+ license to SPDX This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4 --- cobbler.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 26561a0..24d6846 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,10 +6,11 @@ Name: cobbler Version: 3.3.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ -License: GPLv2+ +# Automatically converted from old format: GPLv2+ - review is highly recommended. +License: GPL-2.0-or-later Source0: https://github.com/cobbler/cobbler/archive/v%{version}/%{name}-%{version}.tar.gz Source1: migrate-settings.sh Source2: %{name}.te @@ -341,6 +342,9 @@ fi %changelog +* Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 +- convert license to SPDX + * Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From e4ad2811c560a929f27b3e764a58ea85c2d9b6ce Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 30 Jul 2024 19:58:58 -0600 Subject: [PATCH 24/45] Update to 3.3.6 Update to 3.3.6 Update to 3.3.6 Update to 3.3.6 --- cobbler.spec | 8 ++++++-- sources | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 24d6846..f53ac71 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,8 +5,8 @@ %global selinuxtype targeted Name: cobbler -Version: 3.3.5 -Release: 3%{?dist} +Version: 3.3.6 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -53,6 +53,7 @@ Requires: (%{name}-selinux if selinux-policy-%{selinuxtype}) Requires: httpd Requires: tftp-server +Requires: dosfstools Requires: createrepo_c Requires: rsync Requires: xorriso @@ -342,6 +343,9 @@ fi %changelog +* Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 +- Update to 3.3.6 + * Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 - convert license to SPDX diff --git a/sources b/sources index 1177e27..518b62e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.5.tar.gz) = 4290e92fc4fdd85a53086c287b83f70e1077a7b76d4b25efcbadb1de6f22b1f5d8f7625243abf79d3832e98678d0290d9413e528ab0d05aacde7bc0c8f9a8d14 +SHA512 (cobbler-3.3.6.tar.gz) = 0cb19f7479845861b9d08f491eb735acdce02d9a0eea38439e8abd2678fd2c5ff895766df148a0d7bee8c88b5f6c05a24168529f5a1e3993d137b525d31f1ba7 From a8bdaff8349854324a8f30d23ff84efaa8cf85d7 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Tue, 30 Jul 2024 19:59:46 -0600 Subject: [PATCH 25/45] Drop old conditionals --- cobbler.spec | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index f53ac71..bd3658a 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -23,7 +23,6 @@ BuildArch: noarch BuildRequires: make BuildRequires: python%{python3_pkgversion}-devel -%if 0%{?fedora} || 0%{?rhel} >= 8 BuildRequires: %{py3_dist cheetah3} BuildRequires: %{py3_dist distro} BuildRequires: %{py3_dist netaddr} @@ -34,18 +33,6 @@ BuildRequires: %{py3_dist setuptools} BuildRequires: %{py3_dist simplejson} # For docs BuildRequires: %{py3_dist sphinx} -%else -BuildRequires: python%{python3_pkgversion}-cheetah -BuildRequires: python%{python3_pkgversion}-distro -BuildRequires: python%{python3_pkgversion}-netaddr -BuildRequires: python%{python3_pkgversion}-PyYAML -BuildRequires: python%{python3_pkgversion}-requests -BuildRequires: python%{python3_pkgversion}-schema -BuildRequires: python%{python3_pkgversion}-setuptools -BuildRequires: python%{python3_pkgversion}-simplejson -# For docs -BuildRequires: python%{python3_pkgversion}-sphinx -%endif # This ensures that the *-selinux package and all it’s dependencies are not pulled # into containers and other systems that do not use SELinux @@ -69,7 +56,6 @@ Requires: %{py3_dist schema} Requires: %{py3_dist simplejson} Requires: genisoimage -%if 0%{?fedora} || 0%{?rhel} >= 8 # Not everyone wants bash-completion...? Recommends: bash-completion Requires: dnf-plugins-core @@ -81,10 +67,6 @@ Recommends: grub2-efi-x64 Recommends: logrotate Recommends: %{py3_dist ldap} Recommends: %{py3_dist librepo} -%else -Requires: %{py3_dist ldap} -Requires: yum-utils -%endif # https://github.com/cobbler/cobbler/issues/1685 Requires: /sbin/service Obsoletes: cobbler-web < 3.3 From 0db922ecdf16ab558c554d4e13685f3f907c4a07 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:13:58 -0500 Subject: [PATCH 26/45] Remove simplejson dependency This was removed upstream in version 3.3.0. https://github.com/cobbler/cobbler/commit/ba64e5ef76c37601c99e55179fc990e13f02a21e --- cobbler.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index bd3658a..8c27c2e 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -30,7 +30,6 @@ BuildRequires: %{py3_dist pyyaml} BuildRequires: %{py3_dist requests} BuildRequires: %{py3_dist schema} BuildRequires: %{py3_dist setuptools} -BuildRequires: %{py3_dist simplejson} # For docs BuildRequires: %{py3_dist sphinx} @@ -53,7 +52,6 @@ Requires: %{py3_dist netaddr} Requires: %{py3_dist pyyaml} Requires: %{py3_dist requests} Requires: %{py3_dist schema} -Requires: %{py3_dist simplejson} Requires: genisoimage # Not everyone wants bash-completion...? From 38e625d09c8a0ede8242f1ffa11c4b8b4b877d05 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:18:42 -0500 Subject: [PATCH 27/45] Remove duplicate run-time dependencies The automatic run-time dependency generator already covers all of these. https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#Automatically-generated-dependencies --- cobbler.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 8c27c2e..6907e56 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -43,15 +43,6 @@ Requires: dosfstools Requires: createrepo_c Requires: rsync Requires: xorriso -Requires: %{py3_dist cheetah3} -Requires: %{py3_dist distro} -Requires: %{py3_dist dnspython} -Requires: %{py3_dist file-magic} -Requires: %{py3_dist mod_wsgi} -Requires: %{py3_dist netaddr} -Requires: %{py3_dist pyyaml} -Requires: %{py3_dist requests} -Requires: %{py3_dist schema} Requires: genisoimage # Not everyone wants bash-completion...? From a67153671d690419105d6ff88e72bfb7f4755364 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:22:24 -0500 Subject: [PATCH 28/45] Remove python3dist(ldap) weak dependency Nothing in Fedora provides python3dist(ldap), so this recommends has no effect. On PyPI ldap is an uninstallable dummy project with a description that directs people to python-ldap. Cobbler already has a run-time dependency on python-ldap from the automatic generator. --- cobbler.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 6907e56..f9e41eb 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -54,7 +54,6 @@ Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate -Recommends: %{py3_dist ldap} Recommends: %{py3_dist librepo} # https://github.com/cobbler/cobbler/issues/1685 Requires: /sbin/service From 47027a0994e98fb7da00b135b93bc438d4991fe6 Mon Sep 17 00:00:00 2001 From: Carl George Date: Fri, 27 Sep 2024 01:30:16 -0500 Subject: [PATCH 29/45] Fix cheetah dependency Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. The Fedora package name is the same, but since we're using %py3_dist to specify the build-time dependency we must use the new metadata name. We also must adjust cobbler's metadata to specify the correct metadata name as a run-time dependency, because that is what the automatic Python run-time dependency generator uses. https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec Resolves: rhbz#2314630 --- cobbler.spec | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index f9e41eb..f4ebdfa 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -6,7 +6,7 @@ Name: cobbler Version: 3.3.6 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -23,7 +23,13 @@ BuildArch: noarch BuildRequires: make BuildRequires: python%{python3_pkgversion}-devel +# Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. +# https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec +%if 0%{?fedora} >= 42 || 0%{?rhel} >= 10 +BuildRequires: %{py3_dist ct3} +%else BuildRequires: %{py3_dist cheetah3} +%endif BuildRequires: %{py3_dist distro} BuildRequires: %{py3_dist netaddr} BuildRequires: %{py3_dist pyyaml} @@ -108,6 +114,12 @@ Dockerfiles and scripts to setup testing containers. mkdir -p selinux cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux/ +# Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. +# https://github.com/CheetahTemplate3/cheetah3/commit/673259b2d139b4ea970b1c2da12607b7ac39cbec +%if 0%{?fedora} >= 42 || 0%{?rhel} >= 10 +sed -e 's/Cheetah3/CT3/' -i setup.py +%endif + %build . ./distro_build_configs.sh @@ -313,6 +325,9 @@ fi %changelog +* Fri Sep 27 2024 Carl George - 3.3.6-2 +- Fix cheetah dependency rhbz#2314630 + * Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 - Update to 3.3.6 From 694275065e02a2275589f89f0cbd0c0ae479c500 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 17 Nov 2024 16:24:53 -0700 Subject: [PATCH 30/45] Update to 3.3.7 (CVE-2024-47533) --- cobbler-nocov.patch | 16 +++++----------- cobbler.spec | 7 +++++-- sources | 2 +- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/cobbler-nocov.patch b/cobbler-nocov.patch index 0f36417..c50edfd 100644 --- a/cobbler-nocov.patch +++ b/cobbler-nocov.patch @@ -1,23 +1,17 @@ diff --git a/setup.py b/setup.py -index 587a50a..8eff4a3 100644 +index 59f7601..023d84b 100644 --- a/setup.py +++ b/setup.py -@@ -15,7 +15,6 @@ from configparser import ConfigParser - from setuptools import find_packages +@@ -341,17 +341,9 @@ class test_command(Command): - import codecs --from coverage import Coverage - import pwd - import shutil - import subprocess -@@ -343,15 +342,8 @@ class test_command(Command): def run(self): import pytest - +- from coverage import Coverage +- - cov = Coverage() - cov.erase() - cov.start() -- + result = pytest.main() - cov.stop() diff --git a/cobbler.spec b/cobbler.spec index f4ebdfa..764ad3b 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -5,8 +5,8 @@ %global selinuxtype targeted Name: cobbler -Version: 3.3.6 -Release: 2%{?dist} +Version: 3.3.7 +Release: 1%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -325,6 +325,9 @@ fi %changelog +* Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 +- Update to 3.3.7 (CVE-2024-47533) + * Fri Sep 27 2024 Carl George - 3.3.6-2 - Fix cheetah dependency rhbz#2314630 diff --git a/sources b/sources index 518b62e..ba2585a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cobbler-3.3.6.tar.gz) = 0cb19f7479845861b9d08f491eb735acdce02d9a0eea38439e8abd2678fd2c5ff895766df148a0d7bee8c88b5f6c05a24168529f5a1e3993d137b525d31f1ba7 +SHA512 (cobbler-3.3.7.tar.gz) = df6570dd7c6cbe50464624267df1bbecbb29e60513bba312a6c726502d4670670f3113f24b6b7e465d0b3353c0721e6fe3725dbc4569b4f624ec2b4a29682d1a From fbd4957ccbbd51db9a69b13de06bbf569bcd9fea Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 17 Nov 2024 16:56:21 -0700 Subject: [PATCH 31/45] Drop unused patches --- ...ermissions-to-var-lib-cobbler-web.ss.patch | 25 ---------------- 2441.patch | 30 ------------------- cobbler-rhel.patch | 13 -------- 3 files changed, 68 deletions(-) delete mode 100644 0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch delete mode 100644 2441.patch delete mode 100644 cobbler-rhel.patch diff --git a/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch b/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch deleted file mode 100644 index bf55655..0000000 --- a/0001-Give-root-RW-permissions-to-var-lib-cobbler-web.ss.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 782dd7a1deacfcaa4318519f1cae2c0b4748661b Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Sun, 25 Oct 2020 11:43:25 -0600 -Subject: [PATCH] Give root RW permissions to /var/lib/cobbler/web.ss - ---- - cobbler/cobblerd.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cobbler/cobblerd.py b/cobbler/cobblerd.py -index fe1cf889..34aedf97 100644 ---- a/cobbler/cobblerd.py -+++ b/cobbler/cobblerd.py -@@ -57,7 +57,7 @@ def regen_ss_file(): - data = fd.read(512) - fd.close() - -- fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o600) -+ fd = os.open(ssfile, os.O_CREAT | os.O_RDWR, 0o660) - os.write(fd, binascii.hexlify(data)) - os.close(fd) - --- -2.29.0 - diff --git a/2441.patch b/2441.patch deleted file mode 100644 index fb1f0f4..0000000 --- a/2441.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 8c04ef7d81f33900fda1ad3c4efa710827e22064 Mon Sep 17 00:00:00 2001 -From: Orion Poplawski -Date: Sun, 25 Oct 2020 13:49:25 -0600 -Subject: [PATCH] Do not try to access log file if we are not running as root - ---- - cobbler/clogger.py | 10 ++-------- - 1 file changed, 2 insertions(+), 8 deletions(-) - -diff --git a/cobbler/clogger.py b/cobbler/clogger.py -index 191455113..635865dc1 100644 ---- a/cobbler/clogger.py -+++ b/cobbler/clogger.py -@@ -30,14 +30,8 @@ - # Cobbler. - - # This is necessary to prevent apache to try to access the file --LOG_FILE = "/var/log/cobbler/cobbler.log" --try: -- if not os.path.isfile(LOG_FILE): -- open(LOG_FILE, 'a').close() -- if os.access(LOG_FILE, os.W_OK): -- logging.config.fileConfig('/etc/cobbler/logging_config.conf') --except Exception: -- pass -+if os.geteuid() == 0: -+ logging.config.fileConfig('/etc/cobbler/logging_config.conf') - - - class Logger(object): diff --git a/cobbler-rhel.patch b/cobbler-rhel.patch deleted file mode 100644 index 021f46c..0000000 --- a/cobbler-rhel.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/distro_build_configs.sh b/distro_build_configs.sh -index bad43e3c..52eb1136 100644 ---- a/distro_build_configs.sh -+++ b/distro_build_configs.sh -@@ -24,7 +24,7 @@ if [ "$DISTRO" = "" ] && [ -r /etc/os-release ];then - sle*|*suse*) - DISTRO="SUSE" - ;; -- fedora*|centos*) -+ fedora*|centos*|rhel*) - DISTRO="FEDORA" - ;; - ubuntu*|debian*) From 11a217ef3c1ba065599aca1bfface305e593fc9c Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 5 Jan 2025 11:02:23 -0700 Subject: [PATCH 32/45] Backport upstream patch for Python 3.13 support (rhbz#2335620) --- cobbler-python3.13.patch | 972 +++++++++++++++++++++++++++++++++++++++ cobbler.spec | 23 +- 2 files changed, 992 insertions(+), 3 deletions(-) create mode 100644 cobbler-python3.13.patch diff --git a/cobbler-python3.13.patch b/cobbler-python3.13.patch new file mode 100644 index 0000000..78847a4 --- /dev/null +++ b/cobbler-python3.13.patch @@ -0,0 +1,972 @@ +diff --git a/changelog.d/3842.fixed b/changelog.d/3842.fixed +new file mode 100644 +index 00000000..6c6d6313 +--- /dev/null ++++ b/changelog.d/3842.fixed +@@ -0,0 +1 @@ ++Fix compatibility with Python 3.13 +diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py +index c0163350..ec5745fb 100644 +--- a/cobbler/actions/reposync.py ++++ b/cobbler/actions/reposync.py +@@ -23,9 +23,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + import logging + import os + import os.path +-import pipes +-import stat ++import shlex + import shutil ++import stat + from typing import Optional, Union + + from cobbler import utils +@@ -272,9 +272,9 @@ class RepoSync: + blended = utils.blender(self.api, False, repo) + flags = blended.get("createrepo_flags", "(ERROR: FLAGS)") + try: +- cmd = "createrepo %s %s %s" % (" ".join(mdoptions), flags, pipes.quote(dirname)) +- utils.subprocess_call(cmd) +- except: ++ cmd = ["createrepo"] + mdoptions + flags + [shlex.quote(dirname)] ++ utils.subprocess_call(cmd, shell=False) ++ except Exception: + utils.log_exc() + self.logger.error("createrepo failed.") + del fnames[:] # we're in the right place +@@ -302,8 +302,19 @@ class RepoSync: + dest_path = os.path.join(self.settings.webdir, "repo_mirror", repo.name) + + # FIXME: wrapper for subprocess that logs to logger +- cmd = ["wget", "-N", "-np", "-r", "-l", "inf", "-nd", "-P", pipes.quote(dest_path), pipes.quote(repo.mirror)] +- rc = utils.subprocess_call(cmd) ++ cmd = [ ++ "wget", ++ "-N", ++ "-np", ++ "-r", ++ "-l", ++ "inf", ++ "-nd", ++ "-P", ++ shlex.quote(dest_path), ++ shlex.quote(repo.mirror), ++ ] ++ return_value = utils.subprocess_call(cmd, shell=False) + + if rc != 0: + raise CX("cobbler reposync failed") +@@ -347,9 +358,14 @@ class RepoSync: + if flags == '': + flags = self.settings.reposync_rsync_flags + +- cmd = "rsync %s --delete-after %s --delete --exclude-from=/etc/cobbler/rsync.exclude %s %s" \ +- % (flags, spacer, pipes.quote(repo.mirror), pipes.quote(dest_path)) +- rc = utils.subprocess_call(cmd) ++ cmd = ["rsync"] + flags + ["--delete-after"] ++ cmd += spacer + [ ++ "--delete", ++ "--exclude-from=/etc/cobbler/rsync.exclude", ++ shlex.quote(repo.mirror), ++ shlex.quote(dest_path), ++ ] ++ return_code = utils.subprocess_call(cmd, shell=False) + + if rc != 0: + raise CX("cobbler reposync failed") +@@ -386,10 +402,11 @@ class RepoSync: + if not HAS_LIBREPO: + raise CX("no librepo found, please install python3-librepo") + +- if os.path.exists("/usr/bin/dnf"): +- cmd = "/usr/bin/dnf reposync" +- elif os.path.exists("/usr/bin/reposync"): +- cmd = "/usr/bin/reposync" ++ if os.path.exists("/usr/bin/reposync"): ++ cmd = ["/usr/bin/reposync"] ++ # DNF5 does not have a reposync subcommand ++ elif os.path.exists("/usr/bin/dnf"): ++ cmd = ["/usr/bin/dnf", "reposync"] + else: + # Warn about not having yum-utils. We don't want to require it in the package because Fedora 22+ has moved + # to dnf. +@@ -451,6 +468,11 @@ class RepoSync: + # Counter-intuitive, but we want the newish kernels too + arch = "i686" + ++ cmd = self.reposync_cmd() ++ cmd += self.rflags + [ ++ f"--repo={shlex.quote(rest)}", ++ f"--download-path={shlex.quote(repos_path)}", ++ ] + if arch != "none": + cmd = "%s -a %s" % (cmd, arch) + +@@ -544,9 +566,11 @@ class RepoSync: + + if not has_rpm_list: + # If we have not requested only certain RPMs, use reposync +- cmd = "%s %s --config=%s --repoid=%s -p %s" \ +- % (cmd, self.rflags, temp_file, pipes.quote(repo.name), +- pipes.quote(repos_path)) ++ cmd += self.rflags + [ ++ f"--config={temp_file}", ++ f"--repoid={shlex.quote(repo.name)}", ++ f"--download-path={shlex.quote(repos_path)}", ++ ] + if arch != "none": + cmd = "%s -a %s" % (cmd, arch) + +@@ -557,14 +581,14 @@ class RepoSync: + + use_source = "" + if arch == "src": +- use_source = "--source" +- +- # Older yumdownloader sometimes explodes on --resolvedeps if this happens to you, upgrade yum & yum-utils +- extra_flags = self.settings.yumdownloader_flags +- cmd = "/usr/bin/dnf download" +- cmd = "%s %s %s --disablerepo=* --enablerepo=%s -c %s --destdir=%s %s" \ +- % (cmd, extra_flags, use_source, pipes.quote(repo.name), temp_file, pipes.quote(dest_path), +- " ".join(repo.rpm_list)) ++ cmd.append("--source") ++ cmd += [ ++ "--disablerepo=*", ++ f"--enablerepo={shlex.quote(repo.name)}", ++ f"-c={temp_file}", ++ f"--destdir={shlex.quote(dest_path)}", ++ ] ++ cmd += repo.rpm_list + + # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or + # rhn://, execute all queued commands here. Any failure at any point stops the operation. +@@ -669,17 +693,21 @@ class RepoSync: + dists = ",".join(repo.apt_dists) + components = ",".join(repo.apt_components) + +- mirror_data = "--method=%s --host=%s --root=%s --dist=%s --section=%s" \ +- % (pipes.quote(method), pipes.quote(host), pipes.quote(mirror), pipes.quote(dists), +- pipes.quote(components)) ++ mirror_data = [ ++ f"--method={shlex.quote(method)}", ++ f"--host={shlex.quote(host)}", ++ f"--root={shlex.quote(mirror)}", ++ f"--dist={shlex.quote(dists)}", ++ f"--section={shlex.quote(components)}", ++ ] + + rflags = "--nocleanup" + for x in repo.yumopts: + if repo.yumopts[x]: + rflags += " %s=%s" % (x, repo.yumopts[x]) + else: +- rflags += " %s" % x +- cmd = "%s %s %s %s" % (mirror_program, rflags, mirror_data, pipes.quote(dest_path)) ++ rflags.append(repo_yumoption) ++ cmd = [mirror_program] + rflags + mirror_data + [shlex.quote(dest_path)] + if repo.arch == RepoArchs.SRC: + cmd = "%s --source" % cmd + else: +diff --git a/tests/actions/reposync_test.py b/tests/actions/reposync_test.py +index 0bee772c..ee8d1549 100644 +--- a/tests/actions/reposync_test.py ++++ b/tests/actions/reposync_test.py +@@ -1,251 +1,592 @@ ++""" ++Tests that validate the functionality of the module that is responsible for repository synchronization. ++""" ++ + import os +-import glob ++from pathlib import Path ++from typing import TYPE_CHECKING, Any, Dict, List, Union + + import pytest + +-from cobbler import enums ++from cobbler import cexceptions, enums ++from cobbler.actions import reposync + from cobbler.api import CobblerAPI +-from cobbler.actions.reposync import RepoSync + from cobbler.items.repo import Repo +-from cobbler import cexceptions +-from tests.conftest import does_not_raise + ++from tests.conftest import does_not_raise + +-@pytest.fixture(scope="class") +-def api(): +- return CobblerAPI() ++if TYPE_CHECKING: ++ from pytest_mock import MockerFixture + + +-@pytest.fixture(scope="class") +-def reposync(api): +- test_reposync = RepoSync(api, tries=2, nofail=False) ++@pytest.fixture(name="reposync_object", scope="function") ++def fixture_reposync_object( ++ mocker: "MockerFixture", cobbler_api: CobblerAPI ++) -> reposync.RepoSync: ++ settings_mock = mocker.MagicMock() ++ settings_mock.webdir = "/srv/www/cobbler" ++ settings_mock.server = "localhost" ++ settings_mock.http_port = 80 ++ settings_mock.proxy_url_ext = "" ++ settings_mock.yumdownloader_flags = "--testflag" ++ settings_mock.reposync_rsync_flags = "--testflag" ++ settings_mock.reposync_flags = "--testflag" ++ mocker.patch.object(cobbler_api, "settings", return_value=settings_mock) ++ test_reposync = reposync.RepoSync(cobbler_api, tries=2, nofail=False) + return test_reposync + + +-@pytest.fixture +-def repo(api): ++@pytest.fixture(name="repo") ++def fixture_repo(cobbler_api: CobblerAPI) -> Repo: + """ + Creates a Repository "testrepo0" with a keep_updated=True and mirror_locally=True". + """ +- test_repo = Repo(api) ++ test_repo = Repo(cobbler_api) + test_repo.name = "testrepo0" + test_repo.mirror_locally = True + test_repo.keep_updated = True +- api.add_repo(test_repo) + return test_repo + + + @pytest.fixture +-def remove_repo(api): ++def remove_repo(cobbler_api: CobblerAPI): + """ + Removes the Repository "testrepo0" which can be created with repo. + """ + yield +- test_repo = api.find_repo("testrepo0") +- if test_repo is not None: +- api.remove_repo(test_repo.name) ++ test_repo = cobbler_api.find_repo("testrepo0") ++ if test_repo is not None and not isinstance(test_repo, list): ++ cobbler_api.remove_repo(test_repo.name) + + +-class TestRepoSync: +- @pytest.mark.usefixtures("remove_repo") +- @pytest.mark.parametrize( +- "input_mirror_type,input_mirror,expected_exception", +- [ +- ( +- enums.MirrorType.BASEURL, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os", +- does_not_raise() +- ), +- ( +- enums.MirrorType.MIRRORLIST, +- "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64", +- does_not_raise() +- ), +- ( +- enums.MirrorType.METALINK, +- "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64", +- does_not_raise() +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://www.example.com/path/to/some/repo", +- pytest.raises(cexceptions.CX) +- ), ++@pytest.fixture(scope="function", autouse=True) ++def reset_librepo(): ++ has_librepo = reposync.HAS_LIBREPO ++ yield ++ reposync.HAS_LIBREPO = has_librepo ++ ++ ++def test_repo_walker(mocker: "MockerFixture", tmp_path: Path): ++ # Arrange ++ def test_fun(arg: Any, top: Any, names: Any): ++ pass ++ ++ subdir1 = tmp_path / "sub1" ++ subdir2 = tmp_path / "sub2" ++ subdir1.mkdir() ++ subdir2.mkdir() ++ spy = mocker.Mock(wraps=test_fun) ++ ++ # Act ++ reposync.repo_walker(tmp_path, spy, None) # type: ignore ++ ++ # Assert ++ assert spy.mock_calls == [ ++ # settings.yaml is here because of our autouse fixture that we use to restore the settings ++ mocker.call(None, tmp_path, ["settings.yaml", "sub1", "sub2"]), ++ mocker.call(None, str(subdir1), []), ++ mocker.call(None, str(subdir2), []), ++ ] ++ ++ ++@pytest.mark.parametrize( ++ "input_has_librepo,input_path_exists_side_effect,expected_exception,expected_result", ++ [ ++ (True, [False, True], does_not_raise(), ["/usr/bin/dnf", "reposync"]), ++ (True, [True, False], does_not_raise(), ["/usr/bin/reposync"]), ++ (True, [False, False], pytest.raises(cexceptions.CX), ""), ++ (False, [False, True], pytest.raises(cexceptions.CX), ""), ++ ], ++) ++def test_reposync_cmd( ++ mocker: "MockerFixture", ++ reposync_object: reposync.RepoSync, ++ input_has_librepo: bool, ++ input_path_exists_side_effect: List[bool], ++ expected_exception: Any, ++ expected_result: Union[List[str], str], ++): ++ # Arrange ++ mocker.patch("os.path.exists", side_effect=input_path_exists_side_effect) ++ reposync.HAS_LIBREPO = input_has_librepo ++ ++ # Act ++ with expected_exception: ++ result = reposync_object.reposync_cmd() ++ ++ # Assert ++ assert result == expected_result ++ ++ ++def test_run(mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo): ++ # Arrange ++ env_vars: Dict[str, Any] = {} ++ mocker.patch("os.makedirs") ++ mocker.patch("os.path.isdir", return_value=True) ++ mocker.patch( ++ "os.path.join", ++ side_effect=[ ++ "/srv/www/cobbler/repo_mirror", ++ "/srv/www/cobbler/repo_mirror/%s" % repo.name, + ], + ) +- def test_reposync_yum( +- self, +- input_mirror_type, +- input_mirror, +- expected_exception, +- api, +- repo, +- reposync +- ): +- # Arrange +- test_repo = repo +- test_repo.breed = enums.RepoBreeds.YUM +- test_repo.mirror = input_mirror +- test_repo.mirror_type = input_mirror_type +- test_repo.rpm_list = "fedora-gpg-keys" +- test_settings = api.settings() +- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) +- +- # Act & Assert +- with expected_exception: +- reposync.run(test_repo.name) +- result = os.path.exists(repo_path) +- if test_repo.rpm_list and test_repo.rpm_list != []: +- for rpm in test_repo.rpm_list: +- assert glob.glob(os.path.join(repo_path, "**", rpm) + "*.rpm", recursive=True) != [] +- assert result +- # Test that re-downloading the metadata in .origin/repodata will not result in an error +- reposync.run(test_repo.name) +- +- @pytest.mark.usefixtures("remove_repo") +- @pytest.mark.parametrize( +- "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception", ++ mocker.patch("os.environ", return_value=env_vars) ++ mocker.patch.object(reposync_object, "repos", return_value=[repo]) ++ mocker.patch.object(reposync_object, "sync") ++ mocker.patch.object(reposync_object, "update_permissions") ++ reposync_object.repos = [repo] # type: ignore ++ ++ # Act ++ reposync_object.run() ++ ++ # Assert ++ # This has to be 0 since all env vars need to be removed after reposync has run. ++ assert len(env_vars) == 0 ++ ++ ++def test_gen_urlgrab_ssl_opts(reposync_object: reposync.RepoSync): ++ # Arrange ++ input_dict: Dict[str, Any] = {} ++ ++ # Act ++ result = reposync_object.gen_urlgrab_ssl_opts(input_dict) ++ ++ # Assert ++ assert isinstance(result, tuple) ++ assert len(result) == 2 ++ # The data of the first element is kind of flexible let's skip asserting it for now ++ assert isinstance(result[1], bool) ++ ++ ++@pytest.mark.usefixtures("remove_repo") ++@pytest.mark.parametrize( ++ "input_mirror_type,input_mirror,expected_exception", ++ [ ++ ( ++ enums.MirrorType.BASEURL, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.MIRRORLIST, ++ "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.METALINK, ++ "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64", ++ does_not_raise(), ++ ), ++ ], ++) ++def test_reposync_yum( ++ mocker: "MockerFixture", ++ input_mirror_type: enums.MirrorType, ++ input_mirror: str, ++ expected_exception: Any, ++ cobbler_api: CobblerAPI, ++ repo: Repo, ++ reposync_object: reposync.RepoSync, ++): ++ # Arrange ++ test_repo = repo ++ test_repo.breed = enums.RepoBreeds.YUM ++ test_repo.mirror = input_mirror ++ test_repo.mirror_type = input_mirror_type ++ test_repo.rpm_list = "fedora-gpg-keys" ++ test_settings = cobbler_api.settings() ++ repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch.object( ++ reposync_object, "create_local_file", return_value="/create/local/file" ++ ) ++ mocker.patch.object( ++ reposync_object, "reposync_cmd", return_value=["/my/fake/dnf", "reposync"] ++ ) ++ mocker.patch.object(reposync_object, "rflags", return_value="--fake-r-flakg") ++ mocker.patch.object( ++ reposync_object, ++ "gen_urlgrab_ssl_opts", ++ return_value=(("TODO", "TODO", "TODO"), False), ++ ) ++ mocker.patch("os.path.exists", return_value=True) ++ mocker.patch("shutil.rmtree") ++ mocker.patch("os.makedirs") ++ mocked_repo_walker = mocker.patch("cobbler.actions.reposync.repo_walker") ++ handle_mock = mocker.MagicMock() ++ result_mock = mocker.MagicMock() ++ mocker.patch("librepo.Handle", return_value=handle_mock) ++ mocker.patch("librepo.Result", return_value=result_mock) ++ ++ # Act & Assert ++ with expected_exception: ++ reposync_object.yum_sync(repo) ++ ++ mocked_subprocess.assert_called_with( ++ [ ++ "/usr/bin/dnf", ++ "download", ++ "--testflag", ++ "--disablerepo=*", ++ f"--enablerepo={repo.name}", ++ "-c=/create/local/file", ++ f"--destdir={repo_path}", ++ "fedora-gpg-keys", ++ ], ++ shell=False, ++ ) ++ handle_mock.perform.assert_called_with(result_mock) ++ assert mocked_repo_walker.call_count == 1 ++ ++ ++@pytest.mark.usefixtures("remove_repo") ++@pytest.mark.parametrize( ++ "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception", ++ [ ++ ( ++ enums.MirrorType.BASEURL, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.MIRRORLIST, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.METALINK, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.BASEURL, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.NONE, ++ "", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.BASEURL, ++ "http://ftp.debian.org/debian", ++ enums.RepoArchs.X86_64, ++ "dpkg", ++ pytest.raises(cexceptions.CX), ++ ), ++ ], ++) ++def test_reposync_apt( ++ mocker: "MockerFixture", ++ input_mirror_type: enums.MirrorType, ++ input_mirror: str, ++ input_arch: enums.RepoArchs, ++ input_rpm_list: str, ++ expected_exception: Any, ++ cobbler_api: CobblerAPI, ++ repo: Repo, ++ reposync_object: reposync.RepoSync, ++): ++ # Arrange ++ test_repo = repo ++ test_repo.breed = enums.RepoBreeds.APT ++ test_repo.arch = input_arch ++ test_repo.apt_components = "main" ++ test_repo.apt_dists = "stable" ++ test_repo.mirror = input_mirror ++ test_repo.mirror_type = input_mirror_type ++ test_repo.rpm_list = input_rpm_list ++ test_settings = cobbler_api.settings() ++ repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch("os.path.exists", return_value=True) ++ ++ # Act ++ with expected_exception: ++ reposync_object.apt_sync(repo) ++ ++ # Assert ++ mocked_subprocess.assert_called_with( ++ [ ++ "/usr/bin/debmirror", ++ "--nocleanup", ++ "--method=http", ++ "--host=ftp.debian.org", ++ "--root=/debian", ++ "--dist=stable", ++ "--section=main", ++ repo_path, ++ "--nosource", ++ "-a=amd64", ++ ], ++ shell=False, ++ ) ++ ++ ++@pytest.mark.usefixtures("remove_repo") ++@pytest.mark.parametrize( ++ "input_mirror_type,input_mirror,expected_exception", ++ [ ++ ( ++ enums.MirrorType.BASEURL, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", ++ does_not_raise(), ++ ), ++ ( ++ enums.MirrorType.MIRRORLIST, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", ++ pytest.raises(cexceptions.CX), ++ ), ++ ( ++ enums.MirrorType.METALINK, ++ "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", ++ pytest.raises(cexceptions.CX), ++ ), ++ ], ++) ++def test_reposync_wget( ++ mocker: "MockerFixture", ++ input_mirror_type: enums.MirrorType, ++ input_mirror: str, ++ expected_exception: Any, ++ cobbler_api: CobblerAPI, ++ repo: Repo, ++ reposync_object: reposync.RepoSync, ++): ++ # Arrange ++ test_repo = repo ++ test_repo.breed = enums.RepoBreeds.WGET ++ test_repo.mirror = input_mirror ++ test_repo.mirror_type = input_mirror_type ++ repo_path = os.path.join( ++ reposync_object.settings.webdir, "repo_mirror", test_repo.name ++ ) ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch("cobbler.actions.reposync.repo_walker") ++ mocker.patch.object(reposync_object, "create_local_file") ++ ++ # Act ++ with expected_exception: ++ reposync_object.wget_sync(test_repo) ++ ++ # Assert ++ mocked_subprocess.assert_called_with( ++ [ ++ "wget", ++ "-N", ++ "-np", ++ "-r", ++ "-l", ++ "inf", ++ "-nd", ++ "-P", ++ repo_path, ++ input_mirror, ++ ], ++ shell=False, ++ ) ++ ++ ++def test_reposync_rhn( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): ++ # Arrange ++ repo.mirror = "rhn://%s" % repo.name ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch("os.path.isdir", return_value=True) ++ mocker.patch("os.makedirs") ++ mocker.patch("cobbler.actions.reposync.repo_walker") ++ mocker.patch.object(reposync_object, "create_local_file") ++ mocker.patch.object( ++ reposync_object, "reposync_cmd", return_value=["/my/fake/reposync"] ++ ) ++ ++ # Act ++ reposync_object.rhn_sync(repo) ++ ++ # Assert ++ # TODO: Check this more and document how its actually working ++ mocked_subprocess.assert_called_with( + [ +- ( +- enums.MirrorType.BASEURL, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "", +- does_not_raise() +- ), +- ( +- enums.MirrorType.MIRRORLIST, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.METALINK, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://www.example.com/path/to/some/repo", +- enums.RepoArchs.X86_64, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.NONE, +- "", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://ftp.debian.org/debian", +- enums.RepoArchs.X86_64, +- "dpkg", +- pytest.raises(cexceptions.CX) +- ), ++ "/my/fake/reposync", ++ "--testflag", ++ "--repo=testrepo0", ++ "--download-path=/srv/www/cobbler/repo_mirror", + ], ++ shell=False, + ) +- def test_reposync_apt( +- self, +- input_mirror_type, +- input_mirror, +- input_arch, +- input_rpm_list, +- expected_exception, +- api, +- repo, +- reposync +- ): +- # Arrange +- test_repo = repo +- test_repo.breed = enums.RepoBreeds.APT +- test_repo.arch = input_arch +- test_repo.apt_components = "main" +- test_repo.apt_dists = "stable" +- test_repo.mirror = input_mirror +- test_repo.mirror_type = input_mirror_type +- test_repo.rpm_list = input_rpm_list +- test_repo.yumopts = "--exclude=.* --include=dpkg.* --no-check-gpg --rsync-extra=none" +- test_settings = api.settings() +- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) +- +- # Act & Assert +- with expected_exception: +- reposync.run(test_repo.name) +- result = os.path.exists(repo_path) +- for rpm in ["dpkg"]: +- assert glob.glob(os.path.join(repo_path, "**", "dpkg") + "*", recursive=True) != [] +- assert result +- +- @pytest.mark.skip("To flaky and thus not reliable. Needs to be mocked to be of use.") +- @pytest.mark.usefixtures("remove_repo") +- @pytest.mark.parametrize( +- "input_mirror_type,input_mirror,expected_exception", ++ ++ ++def test_reposync_rsync( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): ++ # Arrange ++ mocked_subprocess = mocker.patch("cobbler.utils.subprocess_call", return_value=0) ++ mocker.patch("cobbler.actions.reposync.repo_walker") ++ mocker.patch.object(reposync_object, "create_local_file") ++ repo_path = os.path.join(reposync_object.settings.webdir, "repo_mirror", repo.name) ++ ++ # Act ++ reposync_object.rsync_sync(repo) ++ ++ # Assert ++ mocked_subprocess.assert_called_with( + [ +- ( +- enums.MirrorType.BASEURL, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", +- does_not_raise() +- ), +- ( +- enums.MirrorType.MIRRORLIST, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.METALINK, +- "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2", +- pytest.raises(cexceptions.CX) +- ), +- ( +- enums.MirrorType.BASEURL, +- "http://www.example.com/path/to/some/repo", +- pytest.raises(cexceptions.CX) +- ), ++ "rsync", ++ "--testflag", ++ "--delete-after", ++ "-e ssh", ++ "--delete", ++ "--exclude-from=/etc/cobbler/rsync.exclude", ++ "/", ++ repo_path, + ], ++ shell=False, + ) +- def test_reposync_wget( +- self, +- input_mirror_type, +- input_mirror, +- expected_exception, +- api, +- repo, +- reposync +- ): +- # Arrange +- test_repo = repo +- test_repo.breed = enums.RepoBreeds.WGET +- test_repo.mirror = input_mirror +- test_repo.mirror_type = input_mirror_type +- test_settings = api.settings() +- repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name) +- +- # Act & Assert +- with expected_exception: +- reposync.run(test_repo.name) +- result = os.path.exists(repo_path) +- for rpm in ["rpm"]: +- assert glob.glob(os.path.join(repo_path, "**", "2") + "*", recursive=True) != [] +- assert result +- +- +-@pytest.mark.skip("TODO") +-def test_reposync_rhn(): ++ ++ ++def test_createrepo_walker( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): + # Arrange ++ input_repo = repo ++ input_repo.breed = enums.RepoBreeds.RSYNC ++ input_dirname = "" ++ input_fnames = [] ++ expected_call = ["createrepo", "--testflags", f"'{input_dirname}'"] ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ mocker.patch( ++ "cobbler.utils.blender", ++ autospec=True, ++ return_value={"createrepo_flags": "--testflags"}, ++ ) ++ mocker.patch("cobbler.utils.remove_yum_olddata") ++ mocker.patch("cobbler.utils.subprocess_get", return_value="5") ++ mocker.patch("cobbler.utils.get_family", return_value="TODO") ++ mocker.patch("os.path.exists", return_value=True) ++ mocker.patch("os.path.isfile", return_value=True) ++ mocker.patch.object(reposync_object, "librepo_getinfo", return_value={}) ++ + # Act ++ reposync_object.createrepo_walker(input_repo, input_dirname, input_fnames) ++ + # Assert +- assert False ++ # TODO: Improve coverage over different cases in method ++ mocked_subprocess.assert_called_with(expected_call, shell=False) + + +-@pytest.mark.skip("TODO") +-def test_reposync_rsync(): ++@pytest.mark.parametrize( ++ "input_repotype,expected_exception", ++ [ ++ (enums.RepoBreeds.YUM, does_not_raise()), ++ (enums.RepoBreeds.RHN, does_not_raise()), ++ (enums.RepoBreeds.APT, does_not_raise()), ++ (enums.RepoBreeds.RSYNC, does_not_raise()), ++ (enums.RepoBreeds.WGET, does_not_raise()), ++ (enums.RepoBreeds.NONE, pytest.raises(cexceptions.CX)), ++ ], ++) ++def test_sync( ++ mocker: "MockerFixture", ++ cobbler_api: CobblerAPI, ++ reposync_object: reposync.RepoSync, ++ input_repotype: enums.RepoBreeds, ++ expected_exception: Any, ++): + # Arrange ++ test_repo = Repo(cobbler_api) ++ test_repo.breed = input_repotype ++ rhn_sync_mock = mocker.patch.object(reposync_object, "rhn_sync") ++ yum_sync_mock = mocker.patch.object(reposync_object, "yum_sync") ++ apt_sync_mock = mocker.patch.object(reposync_object, "apt_sync") ++ rsync_sync_mock = mocker.patch.object(reposync_object, "rsync_sync") ++ wget_sync_mock = mocker.patch.object(reposync_object, "wget_sync") ++ + # Act ++ with expected_exception: ++ reposync_object.sync(test_repo) ++ ++ # Assert ++ call_count = sum( ++ ( ++ rhn_sync_mock.call_count, ++ yum_sync_mock.call_count, ++ apt_sync_mock.call_count, ++ rsync_sync_mock.call_count, ++ wget_sync_mock.call_count, ++ ) ++ ) ++ assert call_count == 1 ++ ++ ++def test_librepo_getinfo( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, tmp_path: Path ++): ++ # Arrange ++ handle_mock = mocker.MagicMock() ++ result_mock = mocker.MagicMock() ++ mocker.patch("librepo.Handle", return_value=handle_mock) ++ mocker.patch("librepo.Result", return_value=result_mock) ++ ++ # Act ++ reposync_object.librepo_getinfo(str(tmp_path)) ++ ++ # Assert ++ handle_mock.perform.assert_called_with(result_mock) ++ result_mock.getinfo.assert_called() ++ ++ ++def test_create_local_file( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo ++): ++ # Arrange ++ mocker.patch("cobbler.utils.filesystem_helpers.mkdir", autospec=True) ++ mock_open = mocker.patch("builtins.open", mocker.mock_open()) ++ input_dest_path = "" ++ input_repo = repo ++ input_output = True ++ ++ # Act ++ reposync_object.create_local_file(input_dest_path, input_repo, output=input_output) ++ ++ # Assert ++ # TODO: Extend checks ++ assert mock_open.call_count == 1 ++ assert mock_open.mock_calls[0] == mocker.call("config.repo", "w", encoding="UTF-8") ++ mock_open_handle = mock_open() ++ assert mock_open_handle.write.mock_calls[0] == mocker.call("[testrepo0]\n") ++ assert mock_open_handle.write.mock_calls[1] == mocker.call("name=testrepo0\n") ++ ++ ++def test_update_permissions( ++ mocker: "MockerFixture", reposync_object: reposync.RepoSync ++): ++ # Arrange ++ mocked_subprocess = mocker.patch( ++ "cobbler.utils.subprocess_call", autospec=True, return_value=0 ++ ) ++ path_to_update = "/my/fake/path" ++ expected_calls = [ ++ mocker.call(["chown", "-R", "root:www", path_to_update], shell=False), ++ mocker.call(["chmod", "-R", "755", path_to_update], shell=False), ++ ] ++ ++ # Act ++ reposync_object.update_permissions(path_to_update) ++ + # Assert +- assert False ++ assert mocked_subprocess.mock_calls == expected_calls diff --git a/cobbler.spec b/cobbler.spec index 764ad3b..97485eb 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -4,9 +4,12 @@ %global shortcommit %(c=%{commit}; echo ${c:0:7}) %global selinuxtype targeted +# Tests require an installed system with root access +%bcond check 0 + Name: cobbler Version: 3.3.7 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -19,6 +22,9 @@ Source4: %{name}.fc # Do not run coverage tests Patch0: cobbler-nocov.patch +# Python 3.13 support (backport of https://github.com/cobbler/cobbler/pull/3842) +# https://bugzilla.redhat.com/show_bug.cgi?id=2335620 +Patch1: cobbler-python3.13.patch BuildArch: noarch BuildRequires: make @@ -38,6 +44,13 @@ BuildRequires: %{py3_dist schema} BuildRequires: %{py3_dist setuptools} # For docs BuildRequires: %{py3_dist sphinx} +%if %{with check} +# For tests +BuildRequires: %{py3_dist crypt-r} +BuildRequires: %{py3_dist dnspython} +BuildRequires: %{py3_dist file-magic} +BuildRequires: %{py3_dist pytest-benchmark} +%endif # This ensures that the *-selinux package and all it’s dependencies are not pulled # into containers and other systems that do not use SELinux @@ -160,9 +173,10 @@ install -D -m 0644 %{name}.pp.bz2 %{buildroot}%{_datadir}/selinux/packages/%{sel install -D -p -m 0644 selinux/%{name}.if %{buildroot}%{_datadir}/selinux/devel/include/distributed/%{name}.if +%if %{with check} %check -# These require an installed system with root access -#pytest -v +%pytest -v +%endif %pre @@ -325,6 +339,9 @@ fi %changelog +* Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 +- Backport upstream patch for Python 3.13 support (rhbz#2335620) + * Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 - Update to 3.3.7 (CVE-2024-47533) From 2c824d747ac993db801cbc0dd19c3f0813ac45f8 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 14:04:56 +0000 Subject: [PATCH 33/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- cobbler.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index 97485eb..71c0bd8 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -9,7 +9,7 @@ Name: cobbler Version: 3.3.7 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -339,6 +339,9 @@ fi %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 3.3.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 - Backport upstream patch for Python 3.13 support (rhbz#2335620) From 0788c790c2a47ab9bae746d4a504d59d82ab3547 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 11 May 2025 14:57:39 -0600 Subject: [PATCH 34/45] Convert to %autorelease and %autochangelog [skip changelog] --- changelog | 354 ++++++++++++++++++++++++++++++++++++++++++++++++++ cobbler.spec | 357 +-------------------------------------------------- 2 files changed, 356 insertions(+), 355 deletions(-) create mode 100644 changelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..291772a --- /dev/null +++ b/changelog @@ -0,0 +1,354 @@ +* Thu Jan 16 2025 Fedora Release Engineering - 3.3.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 +- Backport upstream patch for Python 3.13 support (rhbz#2335620) + +* Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 +- Update to 3.3.7 (CVE-2024-47533) + +* Fri Sep 27 2024 Carl George - 3.3.6-2 +- Fix cheetah dependency rhbz#2314630 + +* Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 +- Update to 3.3.6 + +* Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 +- convert license to SPDX + +* Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 +- Update to 3.3.5 + +* Fri Jun 07 2024 Python Maint - 3.3.4-5 +- Rebuilt for Python 3.13 + +* Fri Jun 07 2024 Python Maint - 3.3.4-4 +- Rebuilt for Python 3.13 + +* Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 +- Fix service name in selinux post install script + +* Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 +- Test for existence of web.ss before chowning it (bz#2276860) + +* Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 +- Update to 3.3.4 +- Add local SELinux policy and allow cobbler to check service statuses, + run mkfs.fat, and check for reposync and yumdownloader (bz#2251220) +- Change owndership of web.ss to root (bz#2247653) + +* Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 +- Add patch to fix build with Sphinx 7 + +* Wed Jun 14 2023 Python Maint - 3.3.3-5 +- Rebuilt for Python 3.12 + +* Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jun 23 2022 Python Maint - 3.3.3-2 +- Rebuilt for Python 3.11 + +* Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 +- Update to 3.3.3 + +* Wed May 04 2022 Orion Poplawski - 3.3.2-2 +- Drop setting cache_enabled no longer present in 3.3 + +* Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 +- Update to 3.3.2 + +* Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 +- Update to 3.3.1, removes web interface + +* Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 +- Apply fixes for CVE-2021-45082/3 +- Remove BR on python3-coverage + +* Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 +- Fix posttrans script + +* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 +- Fix path to settings.yaml in scriptlet + +* Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 +- Remove defunct get-loaders command + +* Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 +- Add new keys to settings.yaml on migration or if missing +- Save original settings to settings.rpmorig + +* Fri Oct 08 2021 Orion Poplawski - 3.2.2-3 +- Fix dependencies (bz#2010567) + +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 +- Migrate settings to settings.yaml +- Migrate pre-cobbler 3 data if needed +- Fix autoinstall_templates -> templates + +* Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 +- Update to 3.2.2 +- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection +- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function +- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings + +* Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 +- Update to 3.2.1 + +* Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Jun 04 2021 Python Maint - 3.2.0-5 +- Rebuilt for Python 3.10 + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 +- Give root RW permission to /var/lib/cobbler/web.ss +- Fix SELinux cobbler logging issue + +* Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 +- Update to 3.2.0 + +* Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 +- Add requires on python-distro and file + +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 +- Fix apache configuration + +* Fri May 29 2020 Orion Poplawski - 3.1.2-1 +- Update to 3.1.2 + +* Tue May 26 2020 Miro Hrončok - 3.1.1-4 +- Rebuilt for Python 3.9 + +* Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 +- Add requires for python3-dns + +* Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 +- Update to 3.1.1 + +* Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 +- Drop koan completely, including obsoletes. It is a separate package now. + +* Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 +- Require /sbin/service + +* Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 +- Fix requires (requests instead of urlgrabber) +- Fix BR for EL8 + +* Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 +- Update to 3.0.1 + +* Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 +- Update to 3.0.0 + +* Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 +- Update to 2.8.5 - pre-release + +* Wed Jul 24 2019 Fedora Release Engineering - 2.8.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 2.8.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Nov 26 2018 Orion Poplawski - 2.8.4-5 +- Fix empty man pages (BZ 1653415) + +* Mon Nov 26 2018 Orion Poplawski - 2.8.4-4 +- Revert bind_manage_ipmi feature that is broken on 2.8 + +* Sun Nov 25 2018 Orion Poplawski - 2.8.4-3 +- Use pathfix.py to fix python shebangs + +* Sun Nov 25 2018 Orion Poplawski - 2.8.4-2 +- Make koan require python2-ethtool (BZ 1638933) + +* Sat Nov 24 2018 Orion Poplawski - 2.8.4-1 +- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931) + +* Thu Jul 12 2018 Fedora Release Engineering - 2.8.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed May 30 2018 Orion Poplawski - 2.8.3-3 +- koan requires urlgrabber + +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2 +- Restore mergeability with epel7 + +* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 +- Update to 2.8.3 - security bugfix + +* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6 +- Really fix django requires for Fedora 28+ + +* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 +- Fix django requires for Fedora 28+ + +* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 +- Update to 2.8.2 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.8.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.8.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 +- Suppress logrotate output + +* Mon Jun 12 2017 Orion Poplawski - 2.8.1-2 +- Fix module loading + +* Wed May 24 2017 Orion Poplawski - 2.8.1-1 +- Update to 2.8.1 + +* Fri Feb 17 2017 Orion Poplawski - 2.8.0-6 +- Add patch to fix handling of multiple bridge interfaces + +* Fri Feb 10 2017 Fedora Release Engineering - 2.8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 27 2017 Orion Poplawski - 2.8.0-4 +- Fix named patch + +* Tue Jan 24 2017 Orion Poplawski - 2.8.0-3 +- Restart named-chroot service if used + +* Fri Jan 20 2017 Orion Poplawski - 2.8.0-2 +- Fix logrotate script for systemd (bug #1414617) + +* Thu Dec 1 2016 Orion Poplawski - 2.8.0-1 +- Update to 2.8.0 +- Restructure spec file + +* Thu Sep 1 2016 Orion Poplawski - 2.6.11-11.gitf78af86 +- Add patches to fix TEMPLATE_DIRS and use OrderedDict + +* Thu Aug 11 2016 Orion Poplawski - 2.6.11-10.gitf78af86 +- Force IPv4 connections to cobblerd from web proxy + +* Thu Jul 21 2016 Orion Poplawski - 2.6.11-9.gitf78af86 +- Suppress "virt-install --os-variant list" error messages + +* Thu Jul 21 2016 Orion Poplawski - 2.6.11-8.git5680bf8 +- Fix handling unknown os variants with osinfo-query + +* Tue Jul 19 2016 Fedora Release Engineering - 2.6.11-7.git95749a6 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Wed Jul 13 2016 Orion Poplawski - 2.6.11-6.git95749a6 +- Fix typo in koan/app.py + +* Wed Jul 13 2016 Orion Poplawski - 2.6.11-5.git13b035f +- Update to current git snapshot (bug #1276896) + +* Wed Feb 03 2016 Fedora Release Engineering - 2.6.11-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Feb 1 2016 Orion Poplawski - 2.6.11-3 +- Require dnf-plugins-core + +* Sun Jan 24 2016 Orion Poplawski - 2.6.11-2 +- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+ + +* Sun Jan 24 2016 Orion Poplawski - 2.6.11-1 +- Update to 2.6.11 +- Make cobbler arch specific to allow for arch specific requires + +* Thu Oct 1 2015 Orion Poplawski - 2.6.10-1 +- Update to 2.6.10 + +* Mon Jun 22 2015 Orion Poplawski - 2.6.9-1 +- Update to 2.6.9 + +* Wed Jun 17 2015 Fedora Release Engineering - 2.6.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue May 12 2015 Orion Poplawski - 2.6.8-2 +- Support django 1.8 in Fedora 22+ + +* Fri May 8 2015 Orion Poplawski - 2.6.8-1 +- Update to 2.6.8 +- Backport upstream patch to fix centos version detection (bug #1201879) + +* Tue Apr 28 2015 Orion Poplawski - 2.6.7-3 +- Add patch to fix virt-install support for F21+/EL7 (bug #1188424) + +* Mon Apr 27 2015 Orion Poplawski - 2.6.7-2 +- Create and own directories in tftp_dir + +* Wed Dec 31 2014 Orion Poplawski - 2.6.7-1 +- Update to 2.6.7 + +* Sun Oct 19 2014 Orion Poplawski - 2.6.6-1 +- Update to 2.6.6 + +* Fri Aug 15 2014 Orion Poplawski - 2.6.5-1 +- Update to 2.6.5 + +* Wed Aug 13 2014 Orion Poplawski - 2.6.4-2 +- Require Django >= 1.4 + +* Mon Aug 11 2014 Orion Poplawski - 2.6.4-1 +- Update to 2.6.4 + +* Fri Jul 18 2014 Orion Poplawski - 2.6.3-1 +- Update to 2.6.3 + +* Wed Jul 16 2014 Orion Poplawski - 2.6.2-1 +- Update to 2.6.2 +- Spec cleanup + +* Sat Jun 07 2014 Fedora Release Engineering - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri May 23 2014 Orion Poplawski - 2.6.1-1 +- Update to 2.6.1 +- Drop koan patch applied upstream + +* Tue Apr 22 2014 Orion Poplawski - 2.6.0-2 +- Only require syslinux on x86 + +* Mon Apr 21 2014 Orion Poplawski - 2.6.0-1 +- Update to 2.6.0 diff --git a/cobbler.spec b/cobbler.spec index 71c0bd8..5eafc81 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -9,7 +9,7 @@ Name: cobbler Version: 3.3.7 -Release: 3%{?dist} +Release: %autorelease Summary: Boot server configurator URL: https://cobbler.github.io/ # Automatically converted from old format: GPLv2+ - review is highly recommended. @@ -339,357 +339,4 @@ fi %changelog -* Thu Jan 16 2025 Fedora Release Engineering - 3.3.7-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Sun Jan 05 2025 Orion Poplawski - 3.3.7-2 -- Backport upstream patch for Python 3.13 support (rhbz#2335620) - -* Sun Nov 17 2024 Orion Poplawski - 3.3.7-1 -- Update to 3.3.7 (CVE-2024-47533) - -* Fri Sep 27 2024 Carl George - 3.3.6-2 -- Fix cheetah dependency rhbz#2314630 - -* Wed Jul 31 2024 Orion Poplawski - 3.3.6-1 -- Update to 3.3.6 - -* Thu Jul 25 2024 Miroslav Suchý - 3.3.5-3 -- convert license to SPDX - -* Wed Jul 17 2024 Fedora Release Engineering - 3.3.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Fri Jul 12 2024 Orion Poplawski - 3.3.5-1 -- Update to 3.3.5 - -* Fri Jun 07 2024 Python Maint - 3.3.4-5 -- Rebuilt for Python 3.13 - -* Fri Jun 07 2024 Python Maint - 3.3.4-4 -- Rebuilt for Python 3.13 - -* Sat Apr 27 2024 Orion Poplawski - 3.3.4-3 -- Fix service name in selinux post install script - -* Fri Apr 26 2024 Orion Poplawski - 3.3.4-2 -- Test for existence of web.ss before chowning it (bz#2276860) - -* Mon Feb 26 2024 Orion Poplawski - 3.3.4-1 -- Update to 3.3.4 -- Add local SELinux policy and allow cobbler to check service statuses, - run mkfs.fat, and check for reposync and yumdownloader (bz#2251220) -- Change owndership of web.ss to root (bz#2247653) - -* Wed Jan 24 2024 Fedora Release Engineering - 3.3.3-9 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 3.3.3-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Jul 19 2023 Fedora Release Engineering - 3.3.3-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Mon Jul 17 2023 Orion Poplawski - 3.3.3-6 -- Add patch to fix build with Sphinx 7 - -* Wed Jun 14 2023 Python Maint - 3.3.3-5 -- Rebuilt for Python 3.12 - -* Thu Jan 19 2023 Fedora Release Engineering - 3.3.3-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Wed Jul 20 2022 Fedora Release Engineering - 3.3.3-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Thu Jun 23 2022 Python Maint - 3.3.3-2 -- Rebuilt for Python 3.11 - -* Tue Jun 14 2022 Orion Poplawski - 3.3.3-1 -- Update to 3.3.3 - -* Wed May 04 2022 Orion Poplawski - 3.3.2-2 -- Drop setting cache_enabled no longer present in 3.3 - -* Sat Mar 12 2022 Orion Poplawski - 3.3.2-1 -- Update to 3.3.2 - -* Tue Mar 01 2022 Orion Poplawski - 3.3.1-1 -- Update to 3.3.1, removes web interface - -* Tue Mar 01 2022 Orion Poplawski - 3.2.2-9 -- Apply fixes for CVE-2021-45082/3 -- Remove BR on python3-coverage - -* Mon Jan 24 2022 Orion Poplawski - 3.2.2-8 -- Fix posttrans script - -* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Thu Dec 23 2021 Orion Poplawski - 3.2.2-6 -- Fix path to settings.yaml in scriptlet - -* Thu Dec 09 2021 Orion Poplawski - 3.2.2-5 -- Remove defunct get-loaders command - -* Mon Nov 22 2021 Orion Poplawski - 3.2.2-4 -- Add new keys to settings.yaml on migration or if missing -- Save original settings to settings.rpmorig - -* Fri Oct 08 2021 Orion Poplawski - 3.2.2-3 -- Fix dependencies (bz#2010567) - -* Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 -- Migrate settings to settings.yaml -- Migrate pre-cobbler 3 data if needed -- Fix autoinstall_templates -> templates - -* Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 -- Update to 3.2.2 -- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection -- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function -- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings - -* Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 -- Update to 3.2.1 - -* Wed Jul 21 2021 Fedora Release Engineering - 3.2.0-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Fri Jun 04 2021 Python Maint - 3.2.0-5 -- Rebuilt for Python 3.10 - -* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2.0-4 -- Rebuilt for updated systemd-rpm-macros - See https://pagure.io/fesco/issue/2583. - -* Tue Jan 26 2021 Fedora Release Engineering - 3.2.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sun Oct 25 2020 Orion Poplawski - 3.2.0-2 -- Give root RW permission to /var/lib/cobbler/web.ss -- Fix SELinux cobbler logging issue - -* Sat Oct 24 2020 Orion Poplawski - 3.2.0-1 -- Update to 3.2.0 - -* Thu Sep 17 2020 Orion Poplawski - 3.1.2-4 -- Add requires on python-distro and file - -* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Wed Jul 08 2020 Orion Poplawski - 3.1.2-2 -- Fix apache configuration - -* Fri May 29 2020 Orion Poplawski - 3.1.2-1 -- Update to 3.1.2 - -* Tue May 26 2020 Miro Hrončok - 3.1.1-4 -- Rebuilt for Python 3.9 - -* Fri Feb 21 2020 Orion Poplawski - 3.1.1-3 -- Add requires for python3-dns - -* Tue Jan 28 2020 Fedora Release Engineering - 3.1.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Sun Jan 12 2020 Orion Poplawski - 3.1.1-1 -- Update to 3.1.1 - -* Tue Oct 22 2019 Orion Poplawski - 3.0.1-4 -- Drop koan completely, including obsoletes. It is a separate package now. - -* Thu Oct 10 2019 Orion Poplawski - 3.0.1-3 -- Require /sbin/service - -* Tue Oct 8 2019 Orion Poplawski - 3.0.1-2 -- Fix requires (requests instead of urlgrabber) -- Fix BR for EL8 - -* Mon Sep 09 2019 Nicolas Chauvet - 3.0.1-1 -- Update to 3.0.1 - -* Fri Aug 30 2019 Nicolas Chauvet - 3.0.0-1 -- Update to 3.0.0 - -* Mon Aug 26 2019 Nicolas Chauvet - 2.8.5-0.1 -- Update to 2.8.5 - pre-release - -* Wed Jul 24 2019 Fedora Release Engineering - 2.8.4-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Thu Jan 31 2019 Fedora Release Engineering - 2.8.4-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Nov 26 2018 Orion Poplawski - 2.8.4-5 -- Fix empty man pages (BZ 1653415) - -* Mon Nov 26 2018 Orion Poplawski - 2.8.4-4 -- Revert bind_manage_ipmi feature that is broken on 2.8 - -* Sun Nov 25 2018 Orion Poplawski - 2.8.4-3 -- Use pathfix.py to fix python shebangs - -* Sun Nov 25 2018 Orion Poplawski - 2.8.4-2 -- Make koan require python2-ethtool (BZ 1638933) - -* Sat Nov 24 2018 Orion Poplawski - 2.8.4-1 -- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931) - -* Thu Jul 12 2018 Fedora Release Engineering - 2.8.3-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Wed May 30 2018 Orion Poplawski - 2.8.3-3 -- koan requires urlgrabber - -* Mon May 28 2018 Nicolas Chauvet - 2.8.3-2 -- Restore mergeability with epel7 - -* Mon May 28 2018 Nicolas Chauvet - 2.8.3-1 -- Update to 2.8.3 - security bugfix - -* Wed Feb 21 2018 Orion Poplawski - 2.8.2-6 -- Really fix django requires for Fedora 28+ - -* Tue Feb 20 2018 Orion Poplawski - 2.8.2-5 -- Fix django requires for Fedora 28+ - -* Fri Feb 09 2018 Igor Gnatenko - 2.8.2-4 -- Escape macros in %%changelog - -* Wed Feb 07 2018 Fedora Release Engineering - 2.8.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Tue Feb 06 2018 Iryna Shcherbina - 2.8.2-2 -- Update Python 2 dependency declarations to new packaging standards - (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - -* Mon Sep 18 2017 Orion Poplawski - 2.8.2-1 -- Update to 2.8.2 - -* Wed Aug 02 2017 Fedora Release Engineering - 2.8.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 2.8.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Wed Jun 21 2017 Orion Poplawski - 2.8.1-3 -- Suppress logrotate output - -* Mon Jun 12 2017 Orion Poplawski - 2.8.1-2 -- Fix module loading - -* Wed May 24 2017 Orion Poplawski - 2.8.1-1 -- Update to 2.8.1 - -* Fri Feb 17 2017 Orion Poplawski - 2.8.0-6 -- Add patch to fix handling of multiple bridge interfaces - -* Fri Feb 10 2017 Fedora Release Engineering - 2.8.0-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Fri Jan 27 2017 Orion Poplawski - 2.8.0-4 -- Fix named patch - -* Tue Jan 24 2017 Orion Poplawski - 2.8.0-3 -- Restart named-chroot service if used - -* Fri Jan 20 2017 Orion Poplawski - 2.8.0-2 -- Fix logrotate script for systemd (bug #1414617) - -* Thu Dec 1 2016 Orion Poplawski - 2.8.0-1 -- Update to 2.8.0 -- Restructure spec file - -* Thu Sep 1 2016 Orion Poplawski - 2.6.11-11.gitf78af86 -- Add patches to fix TEMPLATE_DIRS and use OrderedDict - -* Thu Aug 11 2016 Orion Poplawski - 2.6.11-10.gitf78af86 -- Force IPv4 connections to cobblerd from web proxy - -* Thu Jul 21 2016 Orion Poplawski - 2.6.11-9.gitf78af86 -- Suppress "virt-install --os-variant list" error messages - -* Thu Jul 21 2016 Orion Poplawski - 2.6.11-8.git5680bf8 -- Fix handling unknown os variants with osinfo-query - -* Tue Jul 19 2016 Fedora Release Engineering - 2.6.11-7.git95749a6 -- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - -* Wed Jul 13 2016 Orion Poplawski - 2.6.11-6.git95749a6 -- Fix typo in koan/app.py - -* Wed Jul 13 2016 Orion Poplawski - 2.6.11-5.git13b035f -- Update to current git snapshot (bug #1276896) - -* Wed Feb 03 2016 Fedora Release Engineering - 2.6.11-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Feb 1 2016 Orion Poplawski - 2.6.11-3 -- Require dnf-plugins-core - -* Sun Jan 24 2016 Orion Poplawski - 2.6.11-2 -- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+ - -* Sun Jan 24 2016 Orion Poplawski - 2.6.11-1 -- Update to 2.6.11 -- Make cobbler arch specific to allow for arch specific requires - -* Thu Oct 1 2015 Orion Poplawski - 2.6.10-1 -- Update to 2.6.10 - -* Mon Jun 22 2015 Orion Poplawski - 2.6.9-1 -- Update to 2.6.9 - -* Wed Jun 17 2015 Fedora Release Engineering - 2.6.8-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Tue May 12 2015 Orion Poplawski - 2.6.8-2 -- Support django 1.8 in Fedora 22+ - -* Fri May 8 2015 Orion Poplawski - 2.6.8-1 -- Update to 2.6.8 -- Backport upstream patch to fix centos version detection (bug #1201879) - -* Tue Apr 28 2015 Orion Poplawski - 2.6.7-3 -- Add patch to fix virt-install support for F21+/EL7 (bug #1188424) - -* Mon Apr 27 2015 Orion Poplawski - 2.6.7-2 -- Create and own directories in tftp_dir - -* Wed Dec 31 2014 Orion Poplawski - 2.6.7-1 -- Update to 2.6.7 - -* Sun Oct 19 2014 Orion Poplawski - 2.6.6-1 -- Update to 2.6.6 - -* Fri Aug 15 2014 Orion Poplawski - 2.6.5-1 -- Update to 2.6.5 - -* Wed Aug 13 2014 Orion Poplawski - 2.6.4-2 -- Require Django >= 1.4 - -* Mon Aug 11 2014 Orion Poplawski - 2.6.4-1 -- Update to 2.6.4 - -* Fri Jul 18 2014 Orion Poplawski - 2.6.3-1 -- Update to 2.6.3 - -* Wed Jul 16 2014 Orion Poplawski - 2.6.2-1 -- Update to 2.6.2 -- Spec cleanup - -* Sat Jun 07 2014 Fedora Release Engineering - 2.6.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Fri May 23 2014 Orion Poplawski - 2.6.1-1 -- Update to 2.6.1 -- Drop koan patch applied upstream - -* Tue Apr 22 2014 Orion Poplawski - 2.6.0-2 -- Only require syslinux on x86 - -* Mon Apr 21 2014 Orion Poplawski - 2.6.0-1 -- Update to 2.6.0 +%autochangelog From eb1d04f77eafa6829cc98bbd6cce36626c98da0b Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sun, 11 May 2025 14:58:50 -0600 Subject: [PATCH 35/45] Drop Requires: /sbin/service, no longer needed (rhbz#2365434) --- cobbler.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 5eafc81..b843a24 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -74,8 +74,6 @@ Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64 Recommends: logrotate Recommends: %{py3_dist librepo} -# https://github.com/cobbler/cobbler/issues/1685 -Requires: /sbin/service Obsoletes: cobbler-web < 3.3 BuildRequires: systemd From 70baef33491cb585556de1acdc53f81990ea9bba Mon Sep 17 00:00:00 2001 From: Python Maint Date: Tue, 3 Jun 2025 12:20:23 +0200 Subject: [PATCH 36/45] Rebuilt for Python 3.14 From cd2b41fa6aa379ce271e4eefd272645c9614abde Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 18:28:15 +0000 Subject: [PATCH 37/45] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 4195c16d1e9a022ab451b0073450f0e2770c93c5 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 15 Aug 2025 12:42:08 +0200 Subject: [PATCH 38/45] Rebuilt for Python 3.14.0rc2 bytecode From 5cc13feffb4bdbfdb816e439a17ff5e16a6ccd4b Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 19 Sep 2025 12:11:21 +0200 Subject: [PATCH 39/45] Rebuilt for Python 3.14.0rc3 bytecode From 58e09a595a2a7e220451daefc719e13af144d6ce Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 19:24:45 -0600 Subject: [PATCH 40/45] Add upstream patch to fix reposync (rhbz#2401605) --- cobbler-reposync.patch | 18 ++++++++++++++++++ cobbler.spec | 4 ++++ 2 files changed, 22 insertions(+) create mode 100644 cobbler-reposync.patch diff --git a/cobbler-reposync.patch b/cobbler-reposync.patch new file mode 100644 index 0000000..4a2fff1 --- /dev/null +++ b/cobbler-reposync.patch @@ -0,0 +1,18 @@ +diff -up cobbler-3.3.7/cobbler/cli.py.reposync cobbler-3.3.7/cobbler/cli.py +--- cobbler-3.3.7/cobbler/cli.py.reposync 2024-11-17 14:02:02.000000000 -0700 ++++ cobbler-3.3.7/cobbler/cli.py 2025-10-04 19:21:03.379260526 -0600 +@@ -1184,7 +1184,13 @@ class CobblerCLI: + task_id = self.start_task("import", options) + elif action_name == "reposync": + self.parser.add_option("--only", dest="only", help="update only this repository name") +- self.parser.add_option("--tries", dest="tries", help="try each repo this many times", default=1) ++ self.parser.add_option( ++ "--tries", ++ dest="tries", ++ help="try each repo this many times", ++ default=1, ++ type="int", ++ ) + self.parser.add_option("--no-fail", dest="nofail", help="don't stop reposyncing if a failure occurs", + action="store_true") + (options, args) = self.parser.parse_args(self.args) diff --git a/cobbler.spec b/cobbler.spec index b843a24..485867d 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -25,6 +25,10 @@ Patch0: cobbler-nocov.patch # Python 3.13 support (backport of https://github.com/cobbler/cobbler/pull/3842) # https://bugzilla.redhat.com/show_bug.cgi?id=2335620 Patch1: cobbler-python3.13.patch +# Upstream fix for reposync --tries +# https://bugzilla.redhat.com/show_bug.cgi?id=2401605 +# Backport of https://github.com/cobbler/cobbler/pull/3378 +Patch2: cobbler-reposync.patch BuildArch: noarch BuildRequires: make From 87a66c903a04567784243f2d5d2ebb8691951a39 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 20:08:27 -0600 Subject: [PATCH 41/45] Add patch to use systemctl is-active to check status, avoids SELinux AVCs (rhbz#2353898) --- cobbler.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cobbler.spec b/cobbler.spec index 485867d..20a7539 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -29,6 +29,9 @@ Patch1: cobbler-python3.13.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2401605 # Backport of https://github.com/cobbler/cobbler/pull/3378 Patch2: cobbler-reposync.patch +# Use systemctl is-active to prevent some SELinux denials checking service status +# https://bugzilla.redhat.com/show_bug.cgi?id=2353898 +Patch3: https://github.com/cobbler/cobbler/pull/3945.patch BuildArch: noarch BuildRequires: make From 05d3a3d92b5314ce66313269396379cc4fab43cc Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 21:04:17 -0600 Subject: [PATCH 42/45] Allow cobblerd access to /boot/efi (rhbz#2353901) --- cobbler.te | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cobbler.te b/cobbler.te index 96bdec4..d233f01 100644 --- a/cobbler.te +++ b/cobbler.te @@ -211,6 +211,12 @@ optional_policy(` dnsmasq_systemctl(cobblerd_t) ') +# To read /boot/efi +optional_policy(` + fs_list_dos(cobblerd_t) + fs_read_dos_files(cobblerd_t) +') + # To run mkfs.fat when generating ISO optional_policy(` fstools_exec(cobblerd_t) From dd50735347618e139352f24a399e463502a3bed2 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 21:20:47 -0600 Subject: [PATCH 43/45] Drop running migrate-data-v2-to-v3.py (rhbz#2349260) --- cobbler.spec | 5 ----- 1 file changed, 5 deletions(-) diff --git a/cobbler.spec b/cobbler.spec index 20a7539..a93a1f6 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -232,11 +232,6 @@ if [ -f %{_sysconfdir}/cobbler/settings.rpmsave ]; then fi # Add some missing options if needed grep -q '^reposync_rsync_flags:' %{_sysconfdir}/cobbler/settings.yaml || echo -e '#ADDED:\nreposync_rsync_flags: "-rltDv --copy-unsafe-links"' >> %{_sysconfdir}/cobbler/settings.yaml -# Migrate pre-3 configuration data if needed -if [ -d %{_sharedstatedir}/cobbler/kickstarts -a $(find %{_sharedstatedir}/cobbler/collections -type f | wc -l) -eq 0 ]; then - echo warning: migrating pre cobbler 3 configuration data - %{_datadir}/cobbler/bin/migrate-data-v2-to-v3.py -fi %preun %systemd_preun cobblerd.service From 20b9555db9c838e2ddc2b5893ce60c5467f569ba Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Sat, 4 Oct 2025 21:36:03 -0600 Subject: [PATCH 44/45] Add patch [skip changelog] --- 3945.patch | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 3945.patch diff --git a/3945.patch b/3945.patch new file mode 100644 index 0000000..e75c349 --- /dev/null +++ b/3945.patch @@ -0,0 +1,32 @@ +From 1d83bd29c253ba898ac35683258fec285d5a6529 Mon Sep 17 00:00:00 2001 +From: Orion Poplawski +Date: Sat, 4 Oct 2025 19:49:26 -0600 +Subject: [PATCH] Use systemctl is-active --quiet to check status of services + (fixes #3942) + +--- + changelog.d/3942.fixed | 1 + + cobbler/actions/check.py | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + create mode 100644 changelog.d/3942.fixed + +diff --git a/changelog.d/3942.fixed b/changelog.d/3942.fixed +new file mode 100644 +index 0000000000..444bdb800a +--- /dev/null ++++ b/changelog.d/3942.fixed +@@ -0,0 +1 @@ ++check: Use systemctl is-active --quiet to check the status of services +diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py +index b79706aff1..5f6a3fa3bc 100644 +--- a/cobbler/actions/check.py ++++ b/cobbler/actions/check.py +@@ -142,7 +142,7 @@ def check_service(self, status, which, notes=""): + status.append("service %s is not running%s" % (which, notes)) + return + elif utils.is_systemd(): +- return_code = utils.subprocess_call("systemctl status %s > /dev/null 2>/dev/null" % which, ++ return_code = utils.subprocess_call("systemctl is-active --quiet %s > /dev/null 2>/dev/null" % which, + shell=True) + if return_code != 0: + status.append("service %s is not running%s" % (which, notes)) From 9be7a60c6c727160854cc8dd5a250f10672b8223 Mon Sep 17 00:00:00 2001 From: Cristian Le Date: Tue, 23 Dec 2025 16:48:31 +0700 Subject: [PATCH 45/45] Fix the dependency on syslinux Signed-off-by: Cristian Le --- cobbler.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cobbler.spec b/cobbler.spec index a93a1f6..69d7d40 100644 --- a/cobbler.spec +++ b/cobbler.spec @@ -75,7 +75,7 @@ Requires: genisoimage Recommends: bash-completion Requires: dnf-plugins-core # syslinux is only available on x86 -Requires: (syslinux if (filesystem.x86_64 or filesystem.i686)) +Requires: (syslinux if (filesystem(x86-64) or filesystem(x86-32))) # grub2 efi stuff is only available on x86 Recommends: grub2-efi-ia32 Recommends: grub2-efi-x64