Fix the dependency on syslinux

Signed-off-by: Cristian Le <git@lecris.dev>

3945.patch

@@ -0,0 +1,32 @@
+From 1d83bd29c253ba898ac35683258fec285d5a6529 Mon Sep 17 00:00:00 2001
+From: Orion Poplawski <orion@nwra.com>
+Date: Sat, 4 Oct 2025 19:49:26 -0600
+Subject: [PATCH] Use systemctl is-active --quiet to check status of services
+ (fixes #3942)
+
+---
+ changelog.d/3942.fixed   | 1 +
+ cobbler/actions/check.py | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+ create mode 100644 changelog.d/3942.fixed
+
+diff --git a/changelog.d/3942.fixed b/changelog.d/3942.fixed
+new file mode 100644
+index 0000000000..444bdb800a
+--- /dev/null
++++ b/changelog.d/3942.fixed
+@@ -0,0 +1 @@
++check: Use systemctl is-active --quiet to check the status of services
+diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py
+index b79706aff1..5f6a3fa3bc 100644
+--- a/cobbler/actions/check.py
++++ b/cobbler/actions/check.py
+@@ -142,7 +142,7 @@ def check_service(self, status, which, notes=""):
+                     status.append("service %s is not running%s" % (which, notes))
+                     return
+         elif utils.is_systemd():
+-            return_code = utils.subprocess_call("systemctl status %s > /dev/null 2>/dev/null" % which,
++            return_code = utils.subprocess_call("systemctl is-active --quiet %s > /dev/null 2>/dev/null" % which,
+                                                 shell=True)
+             if return_code != 0:
+                 status.append("service %s is not running%s" % (which, notes))

changelog

@@ -0,0 +1,354 @@
+* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Sun Jan 05 2025 Orion Poplawski <orion@nwra.com> - 3.3.7-2
+- Backport upstream patch for Python 3.13 support (rhbz#2335620)
+
+* Sun Nov 17 2024 Orion Poplawski <orion@nwra.com> - 3.3.7-1
+- Update to 3.3.7 (CVE-2024-47533)
+
+* Fri Sep 27 2024 Carl George <carlwgeorge@fedoraproject.org> - 3.3.6-2
+- Fix cheetah dependency rhbz#2314630
+
+* Wed Jul 31 2024 Orion Poplawski <orion@nwra.com> - 3.3.6-1
+- Update to 3.3.6
+
+* Thu Jul 25 2024 Miroslav Suchý <msuchy@redhat.com> - 3.3.5-3
+- convert license to SPDX
+
+* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jul 12 2024 Orion Poplawski <orion@nwra.com> - 3.3.5-1
+- Update to 3.3.5
+
+* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 3.3.4-5
+- Rebuilt for Python 3.13
+
+* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 3.3.4-4
+- Rebuilt for Python 3.13
+
+* Sat Apr 27 2024 Orion Poplawski <orion@nwra.com> - 3.3.4-3
+- Fix service name in selinux post install script
+
+* Fri Apr 26 2024 Orion Poplawski <orion@nwra.com> - 3.3.4-2
+- Test for existence of web.ss before chowning it (bz#2276860)
+
+* Mon Feb 26 2024 Orion Poplawski <orion@nwra.com> - 3.3.4-1
+- Update to 3.3.4
+- Add local SELinux policy and allow cobbler to check service statuses,
+  run mkfs.fat, and check for reposync and yumdownloader (bz#2251220)
+- Change owndership of web.ss to root (bz#2247653)
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jul 17 2023 Orion Poplawski <orion@nwra.com> - 3.3.3-6
+- Add patch to fix build with Sphinx 7
+
+* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 3.3.3-5
+- Rebuilt for Python 3.12
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jun 23 2022 Python Maint <python-maint@redhat.com> - 3.3.3-2
+- Rebuilt for Python 3.11
+
+* Tue Jun 14 2022 Orion Poplawski <orion@nwra.com> - 3.3.3-1
+- Update to 3.3.3
+
+* Wed May 04 2022 Orion Poplawski <orion@nwra.com> - 3.3.2-2
+- Drop setting cache_enabled no longer present in 3.3
+
+* Sat Mar 12 2022 Orion Poplawski <orion@nwra.com> - 3.3.2-1
+- Update to 3.3.2
+
+* Tue Mar 01 2022 Orion Poplawski <orion@nwra.com> - 3.3.1-1
+- Update to 3.3.1, removes web interface
+
+* Tue Mar 01 2022 Orion Poplawski <orion@nwra.com> - 3.2.2-9
+- Apply fixes for CVE-2021-45082/3
+- Remove BR on python3-coverage
+
+* Mon Jan 24 2022 Orion Poplawski <orion@nwra.com> - 3.2.2-8
+- Fix posttrans script
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Dec 23 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-6
+- Fix path to settings.yaml in scriptlet
+
+* Thu Dec 09 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-5
+- Remove defunct get-loaders command
+
+* Mon Nov 22 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-4
+- Add new keys to settings.yaml on migration or if missing
+- Save original settings to settings.rpmorig
+
+* Fri Oct 08 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-3
+- Fix dependencies (bz#2010567)
+
+* Thu Sep 23 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-2
+- Migrate settings to settings.yaml
+- Migrate pre-cobbler 3 data if needed
+- Fix autoinstall_templates -> templates
+
+* Thu Sep 23 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-1
+- Update to 3.2.2
+- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection
+- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function
+- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings
+
+* Wed Sep 22 2021 Orion Poplawski <orion@nwra.com> - 3.2.1-1
+- Update to 3.2.1
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 3.2.0-5
+- Rebuilt for Python 3.10
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.2.0-4
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Oct 25 2020 Orion Poplawski <orion@nwra.com> - 3.2.0-2
+- Give root RW permission to /var/lib/cobbler/web.ss
+- Fix SELinux cobbler logging issue
+
+* Sat Oct 24 2020 Orion Poplawski <orion@nwra.com> - 3.2.0-1
+- Update to 3.2.0
+
+* Thu Sep 17 2020 Orion Poplawski <orion@nwra.com> - 3.1.2-4
+- Add requires on python-distro and file
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 08 2020 Orion Poplawski <orion@nwra.com> - 3.1.2-2
+- Fix apache configuration
+
+* Fri May 29 2020 Orion Poplawski <orion@nwra.com> - 3.1.2-1
+- Update to 3.1.2
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.1.1-4
+- Rebuilt for Python 3.9
+
+* Fri Feb 21 2020 Orion Poplawski <orion@nwra.com> - 3.1.1-3
+- Add requires for python3-dns
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sun Jan 12 2020 Orion Poplawski <orion@nwra.com> - 3.1.1-1
+- Update to 3.1.1
+
+* Tue Oct 22 2019 Orion Poplawski <orion@nwra.com> - 3.0.1-4
+- Drop koan completely, including obsoletes.  It is a separate package now.
+
+* Thu Oct 10 2019 Orion Poplawski <orion@nwra.com> - 3.0.1-3
+- Require /sbin/service
+
+* Tue Oct  8 2019 Orion Poplawski <orion@nwra.com> - 3.0.1-2
+- Fix requires (requests instead of urlgrabber)
+- Fix BR for EL8
+
+* Mon Sep 09 2019 Nicolas Chauvet <kwizart@gmail.com> - 3.0.1-1
+- Update to 3.0.1
+
+* Fri Aug 30 2019 Nicolas Chauvet <kwizart@gmail.com> - 3.0.0-1
+- Update to 3.0.0
+
+* Mon Aug 26 2019 Nicolas Chauvet <kwizart@gmail.com> - 2.8.5-0.1
+- Update to 2.8.5 - pre-release
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Nov 26 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-5
+- Fix empty man pages (BZ 1653415)
+
+* Mon Nov 26 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-4
+- Revert bind_manage_ipmi feature that is broken on 2.8
+
+* Sun Nov 25 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-3
+- Use pathfix.py to fix python shebangs
+
+* Sun Nov 25 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-2
+- Make koan require python2-ethtool (BZ 1638933)
+
+* Sat Nov 24 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-1
+- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931)
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed May 30 2018 Orion Poplawski <orion@nwra.com> - 2.8.3-3
+- koan requires urlgrabber
+
+* Mon May 28 2018 Nicolas Chauvet <kwizart@gmail.com> - 2.8.3-2
+- Restore mergeability with epel7
+
+* Mon May 28 2018 Nicolas Chauvet <kwizart@gmail.com> - 2.8.3-1
+- Update to 2.8.3 - security bugfix
+
+* Wed Feb 21 2018 Orion Poplawski <orion@nwra.com> - 2.8.2-6
+- Really fix django requires for Fedora 28+
+
+* Tue Feb 20 2018 Orion Poplawski <orion@nwra.com> - 2.8.2-5
+- Fix django requires for Fedora 28+
+
+* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.8.2-4
+- Escape macros in %%changelog
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Tue Feb 06 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.8.2-2
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Mon Sep 18 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.2-1
+- Update to 2.8.2
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Jun 21 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.1-3
+- Suppress logrotate output
+
+* Mon Jun 12 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.1-2
+- Fix module loading
+
+* Wed May 24 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.1-1
+- Update to 2.8.1
+
+* Fri Feb 17 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-6
+- Add patch to fix handling of multiple bridge interfaces
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Jan 27 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-4
+- Fix named patch
+
+* Tue Jan 24 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-3
+- Restart named-chroot service if used
+
+* Fri Jan 20 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-2
+- Fix logrotate script for systemd (bug #1414617)
+
+* Thu Dec 1 2016 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-1
+- Update to 2.8.0
+- Restructure spec file
+
+* Thu Sep 1 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-11.gitf78af86
+- Add patches to fix TEMPLATE_DIRS and use OrderedDict
+
+* Thu Aug 11 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-10.gitf78af86
+- Force IPv4 connections to cobblerd from web proxy
+
+* Thu Jul 21 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-9.gitf78af86
+- Suppress "virt-install --os-variant list" error messages
+
+* Thu Jul 21 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-8.git5680bf8
+- Fix handling unknown os variants with osinfo-query
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.11-7.git95749a6
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Wed Jul 13 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-6.git95749a6
+- Fix typo in koan/app.py
+
+* Wed Jul 13 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-5.git13b035f
+- Update to current git snapshot (bug #1276896)
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.11-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Feb 1 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-3
+- Require dnf-plugins-core
+
+* Sun Jan 24 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-2
+- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+
+
+* Sun Jan 24 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-1
+- Update to 2.6.11
+- Make cobbler arch specific to allow for arch specific requires
+
+* Thu Oct 1 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.10-1
+- Update to 2.6.10
+
+* Mon Jun 22 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.9-1
+- Update to 2.6.9
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue May 12 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.8-2
+- Support django 1.8 in Fedora 22+
+
+* Fri May 8 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.8-1
+- Update to 2.6.8
+- Backport upstream patch to fix centos version detection (bug #1201879)
+
+* Tue Apr 28 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.7-3
+- Add patch to fix virt-install support for F21+/EL7 (bug #1188424)
+
+* Mon Apr 27 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.7-2
+- Create and own directories in tftp_dir
+
+* Wed Dec 31 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.7-1
+- Update to 2.6.7
+
+* Sun Oct 19 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.6-1
+- Update to 2.6.6
+
+* Fri Aug 15 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.5-1
+- Update to 2.6.5
+
+* Wed Aug 13 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.4-2
+- Require Django >= 1.4
+
+* Mon Aug 11 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.4-1
+- Update to 2.6.4
+
+* Fri Jul 18 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.3-1
+- Update to 2.6.3
+
+* Wed Jul 16 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.2-1
+- Update to 2.6.2
+- Spec cleanup
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Fri May 23 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.1-1
+- Update to 2.6.1
+- Drop koan patch applied upstream
+
+* Tue Apr 22 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.0-2
+- Only require syslinux on x86
+
+* Mon Apr 21 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.0-1
+- Update to 2.6.0

cobbler-nocov.patch

@@ -0,0 +1,41 @@
+diff --git a/setup.py b/setup.py
+index 59f7601..023d84b 100644
+--- a/setup.py
++++ b/setup.py
+@@ -341,17 +341,9 @@ class test_command(Command):
+ 
+     def run(self):
+         import pytest
+-        from coverage import Coverage
+-
+-        cov = Coverage()
+-        cov.erase()
+-        cov.start()
+ 
+         result = pytest.main()
+ 
+-        cov.stop()
+-        cov.save()
+-        cov.html_report(directory="covhtml")
+         sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0)))
+ 
+ 
+@@ -479,7 +471,6 @@ if __name__ == "__main__":
+         },
+         license="GPLv2+",
+         setup_requires=[
+-            "coverage",
+             "distro",
+             "setuptools",
+             "sphinx",
+@@ -501,10 +492,7 @@ if __name__ == "__main__":
+             "lint": ["pyflakes", "pycodestyle", "pylint", "black", "mypy"],
+             "test": [
+                 "pytest>6",
+-                "pytest-cov",
+-                "codecov",
+                 "pytest-mock",
+-                "pytest-benchmark",
+             ],
+             "docs": ["sphinx", "sphinx-rtd-theme", "sphinxcontrib-apidoc"],
+             # We require the current version to properly detect duplicate issues

cobbler-python3.13.patch

@@ -0,0 +1,972 @@
+diff --git a/changelog.d/3842.fixed b/changelog.d/3842.fixed
+new file mode 100644
+index 00000000..6c6d6313
+--- /dev/null
++++ b/changelog.d/3842.fixed
+@@ -0,0 +1 @@
++Fix compatibility with Python 3.13
+diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py
+index c0163350..ec5745fb 100644
+--- a/cobbler/actions/reposync.py
++++ b/cobbler/actions/reposync.py
+@@ -23,9 +23,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ import logging
+ import os
+ import os.path
+-import pipes
+-import stat
++import shlex
+ import shutil
++import stat
+ from typing import Optional, Union
+ 
+ from cobbler import utils
+@@ -272,9 +272,9 @@ class RepoSync:
+             blended = utils.blender(self.api, False, repo)
+             flags = blended.get("createrepo_flags", "(ERROR: FLAGS)")
+             try:
+-                cmd = "createrepo %s %s %s" % (" ".join(mdoptions), flags, pipes.quote(dirname))
+-                utils.subprocess_call(cmd)
+-            except:
++                cmd = ["createrepo"] + mdoptions + flags + [shlex.quote(dirname)]
++                utils.subprocess_call(cmd, shell=False)
++            except Exception:
+                 utils.log_exc()
+                 self.logger.error("createrepo failed.")
+             del fnames[:]  # we're in the right place
+@@ -302,8 +302,19 @@ class RepoSync:
+         dest_path = os.path.join(self.settings.webdir, "repo_mirror", repo.name)
+ 
+         # FIXME: wrapper for subprocess that logs to logger
+-        cmd = ["wget", "-N", "-np", "-r", "-l", "inf", "-nd", "-P", pipes.quote(dest_path), pipes.quote(repo.mirror)]
+-        rc = utils.subprocess_call(cmd)
++        cmd = [
++            "wget",
++            "-N",
++            "-np",
++            "-r",
++            "-l",
++            "inf",
++            "-nd",
++            "-P",
++            shlex.quote(dest_path),
++            shlex.quote(repo.mirror),
++        ]
++        return_value = utils.subprocess_call(cmd, shell=False)
+ 
+         if rc != 0:
+             raise CX("cobbler reposync failed")
+@@ -347,9 +358,14 @@ class RepoSync:
+         if flags == '':
+             flags = self.settings.reposync_rsync_flags
+ 
+-        cmd = "rsync %s --delete-after %s --delete --exclude-from=/etc/cobbler/rsync.exclude %s %s" \
+-              % (flags, spacer, pipes.quote(repo.mirror), pipes.quote(dest_path))
+-        rc = utils.subprocess_call(cmd)
++        cmd = ["rsync"] + flags + ["--delete-after"]
++        cmd += spacer + [
++            "--delete",
++            "--exclude-from=/etc/cobbler/rsync.exclude",
++            shlex.quote(repo.mirror),
++            shlex.quote(dest_path),
++        ]
++        return_code = utils.subprocess_call(cmd, shell=False)
+ 
+         if rc != 0:
+             raise CX("cobbler reposync failed")
+@@ -386,10 +402,11 @@ class RepoSync:
+         if not HAS_LIBREPO:
+             raise CX("no librepo found, please install python3-librepo")
+ 
+-        if os.path.exists("/usr/bin/dnf"):
+-            cmd = "/usr/bin/dnf reposync"
+-        elif os.path.exists("/usr/bin/reposync"):
+-            cmd = "/usr/bin/reposync"
++        if os.path.exists("/usr/bin/reposync"):
++            cmd = ["/usr/bin/reposync"]
++        # DNF5 does not have a reposync subcommand
++        elif os.path.exists("/usr/bin/dnf"):
++            cmd = ["/usr/bin/dnf", "reposync"]
+         else:
+             # Warn about not having yum-utils.  We don't want to require it in the package because Fedora 22+ has moved
+             # to dnf.
+@@ -451,6 +468,11 @@ class RepoSync:
+             # Counter-intuitive, but we want the newish kernels too
+             arch = "i686"
+ 
++        cmd = self.reposync_cmd()
++        cmd += self.rflags + [
++            f"--repo={shlex.quote(rest)}",
++            f"--download-path={shlex.quote(repos_path)}",
++        ]
+         if arch != "none":
+             cmd = "%s -a %s" % (cmd, arch)
+ 
+@@ -544,9 +566,11 @@ class RepoSync:
+ 
+         if not has_rpm_list:
+             # If we have not requested only certain RPMs, use reposync
+-            cmd = "%s %s --config=%s --repoid=%s -p %s" \
+-                  % (cmd, self.rflags, temp_file, pipes.quote(repo.name),
+-                     pipes.quote(repos_path))
++            cmd += self.rflags + [
++                f"--config={temp_file}",
++                f"--repoid={shlex.quote(repo.name)}",
++                f"--download-path={shlex.quote(repos_path)}",
++            ]
+             if arch != "none":
+                 cmd = "%s -a %s" % (cmd, arch)
+ 
+@@ -557,14 +581,14 @@ class RepoSync:
+ 
+             use_source = ""
+             if arch == "src":
+-                use_source = "--source"
+-
+-            # Older yumdownloader sometimes explodes on --resolvedeps if this happens to you, upgrade yum & yum-utils
+-            extra_flags = self.settings.yumdownloader_flags
+-            cmd = "/usr/bin/dnf download"
+-            cmd = "%s %s %s --disablerepo=* --enablerepo=%s -c %s --destdir=%s %s" \
+-                  % (cmd, extra_flags, use_source, pipes.quote(repo.name), temp_file, pipes.quote(dest_path),
+-                     " ".join(repo.rpm_list))
++                cmd.append("--source")
++            cmd += [
++                "--disablerepo=*",
++                f"--enablerepo={shlex.quote(repo.name)}",
++                f"-c={temp_file}",
++                f"--destdir={shlex.quote(dest_path)}",
++            ]
++            cmd += repo.rpm_list
+ 
+         # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or
+         # rhn://, execute all queued commands here.  Any failure at any point stops the operation.
+@@ -669,17 +693,21 @@ class RepoSync:
+             dists = ",".join(repo.apt_dists)
+             components = ",".join(repo.apt_components)
+ 
+-            mirror_data = "--method=%s --host=%s --root=%s --dist=%s --section=%s" \
+-                          % (pipes.quote(method), pipes.quote(host), pipes.quote(mirror), pipes.quote(dists),
+-                             pipes.quote(components))
++            mirror_data = [
++                f"--method={shlex.quote(method)}",
++                f"--host={shlex.quote(host)}",
++                f"--root={shlex.quote(mirror)}",
++                f"--dist={shlex.quote(dists)}",
++                f"--section={shlex.quote(components)}",
++            ]
+ 
+             rflags = "--nocleanup"
+             for x in repo.yumopts:
+                 if repo.yumopts[x]:
+                     rflags += " %s=%s" % (x, repo.yumopts[x])
+                 else:
+-                    rflags += " %s" % x
+-            cmd = "%s %s %s %s" % (mirror_program, rflags, mirror_data, pipes.quote(dest_path))
++                    rflags.append(repo_yumoption)
++            cmd = [mirror_program] + rflags + mirror_data + [shlex.quote(dest_path)]
+             if repo.arch == RepoArchs.SRC:
+                 cmd = "%s --source" % cmd
+             else:
+diff --git a/tests/actions/reposync_test.py b/tests/actions/reposync_test.py
+index 0bee772c..ee8d1549 100644
+--- a/tests/actions/reposync_test.py
++++ b/tests/actions/reposync_test.py
+@@ -1,251 +1,592 @@
++"""
++Tests that validate the functionality of the module that is responsible for repository synchronization.
++"""
++
+ import os
+-import glob
++from pathlib import Path
++from typing import TYPE_CHECKING, Any, Dict, List, Union
+ 
+ import pytest
+ 
+-from cobbler import enums
++from cobbler import cexceptions, enums
++from cobbler.actions import reposync
+ from cobbler.api import CobblerAPI
+-from cobbler.actions.reposync import RepoSync
+ from cobbler.items.repo import Repo
+-from cobbler import cexceptions
+-from tests.conftest import does_not_raise
+ 
++from tests.conftest import does_not_raise
+ 
+-@pytest.fixture(scope="class")
+-def api():
+-    return CobblerAPI()
++if TYPE_CHECKING:
++    from pytest_mock import MockerFixture
+ 
+ 
+-@pytest.fixture(scope="class")
+-def reposync(api):
+-    test_reposync = RepoSync(api, tries=2, nofail=False)
++@pytest.fixture(name="reposync_object", scope="function")
++def fixture_reposync_object(
++    mocker: "MockerFixture", cobbler_api: CobblerAPI
++) -> reposync.RepoSync:
++    settings_mock = mocker.MagicMock()
++    settings_mock.webdir = "/srv/www/cobbler"
++    settings_mock.server = "localhost"
++    settings_mock.http_port = 80
++    settings_mock.proxy_url_ext = ""
++    settings_mock.yumdownloader_flags = "--testflag"
++    settings_mock.reposync_rsync_flags = "--testflag"
++    settings_mock.reposync_flags = "--testflag"
++    mocker.patch.object(cobbler_api, "settings", return_value=settings_mock)
++    test_reposync = reposync.RepoSync(cobbler_api, tries=2, nofail=False)
+     return test_reposync
+ 
+ 
+-@pytest.fixture
+-def repo(api):
++@pytest.fixture(name="repo")
++def fixture_repo(cobbler_api: CobblerAPI) -> Repo:
+     """
+     Creates a Repository "testrepo0" with a keep_updated=True and mirror_locally=True".
+     """
+-    test_repo = Repo(api)
++    test_repo = Repo(cobbler_api)
+     test_repo.name = "testrepo0"
+     test_repo.mirror_locally = True
+     test_repo.keep_updated = True
+-    api.add_repo(test_repo)
+     return test_repo
+ 
+ 
+ @pytest.fixture
+-def remove_repo(api):
++def remove_repo(cobbler_api: CobblerAPI):
+     """
+     Removes the Repository "testrepo0" which can be created with repo.
+     """
+     yield
+-    test_repo = api.find_repo("testrepo0")
+-    if test_repo is not None:
+-        api.remove_repo(test_repo.name)
++    test_repo = cobbler_api.find_repo("testrepo0")
++    if test_repo is not None and not isinstance(test_repo, list):
++        cobbler_api.remove_repo(test_repo.name)
+ 
+ 
+-class TestRepoSync:
+-    @pytest.mark.usefixtures("remove_repo")
+-    @pytest.mark.parametrize(
+-        "input_mirror_type,input_mirror,expected_exception",
+-        [
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.MIRRORLIST,
+-                "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.METALINK,
+-                "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://www.example.com/path/to/some/repo",
+-                pytest.raises(cexceptions.CX)
+-            ),
++@pytest.fixture(scope="function", autouse=True)
++def reset_librepo():
++    has_librepo = reposync.HAS_LIBREPO
++    yield
++    reposync.HAS_LIBREPO = has_librepo
++
++
++def test_repo_walker(mocker: "MockerFixture", tmp_path: Path):
++    # Arrange
++    def test_fun(arg: Any, top: Any, names: Any):
++        pass
++
++    subdir1 = tmp_path / "sub1"
++    subdir2 = tmp_path / "sub2"
++    subdir1.mkdir()
++    subdir2.mkdir()
++    spy = mocker.Mock(wraps=test_fun)
++
++    # Act
++    reposync.repo_walker(tmp_path, spy, None)  # type: ignore
++
++    # Assert
++    assert spy.mock_calls == [
++        # settings.yaml is here because of our autouse fixture that we use to restore the settings
++        mocker.call(None, tmp_path, ["settings.yaml", "sub1", "sub2"]),
++        mocker.call(None, str(subdir1), []),
++        mocker.call(None, str(subdir2), []),
++    ]
++
++
++@pytest.mark.parametrize(
++    "input_has_librepo,input_path_exists_side_effect,expected_exception,expected_result",
++    [
++        (True, [False, True], does_not_raise(), ["/usr/bin/dnf", "reposync"]),
++        (True, [True, False], does_not_raise(), ["/usr/bin/reposync"]),
++        (True, [False, False], pytest.raises(cexceptions.CX), ""),
++        (False, [False, True], pytest.raises(cexceptions.CX), ""),
++    ],
++)
++def test_reposync_cmd(
++    mocker: "MockerFixture",
++    reposync_object: reposync.RepoSync,
++    input_has_librepo: bool,
++    input_path_exists_side_effect: List[bool],
++    expected_exception: Any,
++    expected_result: Union[List[str], str],
++):
++    # Arrange
++    mocker.patch("os.path.exists", side_effect=input_path_exists_side_effect)
++    reposync.HAS_LIBREPO = input_has_librepo
++
++    # Act
++    with expected_exception:
++        result = reposync_object.reposync_cmd()
++
++        # Assert
++        assert result == expected_result
++
++
++def test_run(mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo):
++    # Arrange
++    env_vars: Dict[str, Any] = {}
++    mocker.patch("os.makedirs")
++    mocker.patch("os.path.isdir", return_value=True)
++    mocker.patch(
++        "os.path.join",
++        side_effect=[
++            "/srv/www/cobbler/repo_mirror",
++            "/srv/www/cobbler/repo_mirror/%s" % repo.name,
+         ],
+     )
+-    def test_reposync_yum(
+-        self,
+-        input_mirror_type,
+-        input_mirror,
+-        expected_exception,
+-        api,
+-        repo,
+-        reposync
+-    ):
+-        # Arrange
+-        test_repo = repo
+-        test_repo.breed = enums.RepoBreeds.YUM
+-        test_repo.mirror = input_mirror
+-        test_repo.mirror_type = input_mirror_type
+-        test_repo.rpm_list = "fedora-gpg-keys"
+-        test_settings = api.settings()
+-        repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+-
+-        # Act & Assert
+-        with expected_exception:
+-            reposync.run(test_repo.name)
+-            result = os.path.exists(repo_path)
+-            if test_repo.rpm_list and test_repo.rpm_list != []:
+-                for rpm in test_repo.rpm_list:
+-                    assert glob.glob(os.path.join(repo_path, "**", rpm) + "*.rpm", recursive=True) != []
+-            assert result
+-            # Test that re-downloading the metadata in .origin/repodata will not result in an error
+-            reposync.run(test_repo.name)
+-
+-    @pytest.mark.usefixtures("remove_repo")
+-    @pytest.mark.parametrize(
+-        "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception",
++    mocker.patch("os.environ", return_value=env_vars)
++    mocker.patch.object(reposync_object, "repos", return_value=[repo])
++    mocker.patch.object(reposync_object, "sync")
++    mocker.patch.object(reposync_object, "update_permissions")
++    reposync_object.repos = [repo]  # type: ignore
++
++    # Act
++    reposync_object.run()
++
++    # Assert
++    # This has to be 0 since all env vars need to be removed after reposync has run.
++    assert len(env_vars) == 0
++
++
++def test_gen_urlgrab_ssl_opts(reposync_object: reposync.RepoSync):
++    # Arrange
++    input_dict: Dict[str, Any] = {}
++
++    # Act
++    result = reposync_object.gen_urlgrab_ssl_opts(input_dict)
++
++    # Assert
++    assert isinstance(result, tuple)
++    assert len(result) == 2
++    # The data of the first element is kind of flexible let's skip asserting it for now
++    assert isinstance(result[1], bool)
++
++
++@pytest.mark.usefixtures("remove_repo")
++@pytest.mark.parametrize(
++    "input_mirror_type,input_mirror,expected_exception",
++    [
++        (
++            enums.MirrorType.BASEURL,
++            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os",
++            does_not_raise(),
++        ),
++        (
++            enums.MirrorType.MIRRORLIST,
++            "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64",
++            does_not_raise(),
++        ),
++        (
++            enums.MirrorType.METALINK,
++            "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64",
++            does_not_raise(),
++        ),
++    ],
++)
++def test_reposync_yum(
++    mocker: "MockerFixture",
++    input_mirror_type: enums.MirrorType,
++    input_mirror: str,
++    expected_exception: Any,
++    cobbler_api: CobblerAPI,
++    repo: Repo,
++    reposync_object: reposync.RepoSync,
++):
++    # Arrange
++    test_repo = repo
++    test_repo.breed = enums.RepoBreeds.YUM
++    test_repo.mirror = input_mirror
++    test_repo.mirror_type = input_mirror_type
++    test_repo.rpm_list = "fedora-gpg-keys"
++    test_settings = cobbler_api.settings()
++    repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
++    mocked_subprocess = mocker.patch(
++        "cobbler.utils.subprocess_call", autospec=True, return_value=0
++    )
++    mocker.patch.object(
++        reposync_object, "create_local_file", return_value="/create/local/file"
++    )
++    mocker.patch.object(
++        reposync_object, "reposync_cmd", return_value=["/my/fake/dnf", "reposync"]
++    )
++    mocker.patch.object(reposync_object, "rflags", return_value="--fake-r-flakg")
++    mocker.patch.object(
++        reposync_object,
++        "gen_urlgrab_ssl_opts",
++        return_value=(("TODO", "TODO", "TODO"), False),
++    )
++    mocker.patch("os.path.exists", return_value=True)
++    mocker.patch("shutil.rmtree")
++    mocker.patch("os.makedirs")
++    mocked_repo_walker = mocker.patch("cobbler.actions.reposync.repo_walker")
++    handle_mock = mocker.MagicMock()
++    result_mock = mocker.MagicMock()
++    mocker.patch("librepo.Handle", return_value=handle_mock)
++    mocker.patch("librepo.Result", return_value=result_mock)
++
++    # Act & Assert
++    with expected_exception:
++        reposync_object.yum_sync(repo)
++
++        mocked_subprocess.assert_called_with(
++            [
++                "/usr/bin/dnf",
++                "download",
++                "--testflag",
++                "--disablerepo=*",
++                f"--enablerepo={repo.name}",
++                "-c=/create/local/file",
++                f"--destdir={repo_path}",
++                "fedora-gpg-keys",
++            ],
++            shell=False,
++        )
++        handle_mock.perform.assert_called_with(result_mock)
++        assert mocked_repo_walker.call_count == 1
++
++
++@pytest.mark.usefixtures("remove_repo")
++@pytest.mark.parametrize(
++    "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception",
++    [
++        (
++            enums.MirrorType.BASEURL,
++            "http://ftp.debian.org/debian",
++            enums.RepoArchs.X86_64,
++            "",
++            does_not_raise(),
++        ),
++        (
++            enums.MirrorType.MIRRORLIST,
++            "http://ftp.debian.org/debian",
++            enums.RepoArchs.X86_64,
++            "",
++            pytest.raises(cexceptions.CX),
++        ),
++        (
++            enums.MirrorType.METALINK,
++            "http://ftp.debian.org/debian",
++            enums.RepoArchs.X86_64,
++            "",
++            pytest.raises(cexceptions.CX),
++        ),
++        (
++            enums.MirrorType.BASEURL,
++            "http://ftp.debian.org/debian",
++            enums.RepoArchs.NONE,
++            "",
++            pytest.raises(cexceptions.CX),
++        ),
++        (
++            enums.MirrorType.BASEURL,
++            "http://ftp.debian.org/debian",
++            enums.RepoArchs.X86_64,
++            "dpkg",
++            pytest.raises(cexceptions.CX),
++        ),
++    ],
++)
++def test_reposync_apt(
++    mocker: "MockerFixture",
++    input_mirror_type: enums.MirrorType,
++    input_mirror: str,
++    input_arch: enums.RepoArchs,
++    input_rpm_list: str,
++    expected_exception: Any,
++    cobbler_api: CobblerAPI,
++    repo: Repo,
++    reposync_object: reposync.RepoSync,
++):
++    # Arrange
++    test_repo = repo
++    test_repo.breed = enums.RepoBreeds.APT
++    test_repo.arch = input_arch
++    test_repo.apt_components = "main"
++    test_repo.apt_dists = "stable"
++    test_repo.mirror = input_mirror
++    test_repo.mirror_type = input_mirror_type
++    test_repo.rpm_list = input_rpm_list
++    test_settings = cobbler_api.settings()
++    repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
++    mocked_subprocess = mocker.patch(
++        "cobbler.utils.subprocess_call", autospec=True, return_value=0
++    )
++    mocker.patch("os.path.exists", return_value=True)
++
++    # Act
++    with expected_exception:
++        reposync_object.apt_sync(repo)
++
++        # Assert
++        mocked_subprocess.assert_called_with(
++            [
++                "/usr/bin/debmirror",
++                "--nocleanup",
++                "--method=http",
++                "--host=ftp.debian.org",
++                "--root=/debian",
++                "--dist=stable",
++                "--section=main",
++                repo_path,
++                "--nosource",
++                "-a=amd64",
++            ],
++            shell=False,
++        )
++
++
++@pytest.mark.usefixtures("remove_repo")
++@pytest.mark.parametrize(
++    "input_mirror_type,input_mirror,expected_exception",
++    [
++        (
++            enums.MirrorType.BASEURL,
++            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
++            does_not_raise(),
++        ),
++        (
++            enums.MirrorType.MIRRORLIST,
++            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
++            pytest.raises(cexceptions.CX),
++        ),
++        (
++            enums.MirrorType.METALINK,
++            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
++            pytest.raises(cexceptions.CX),
++        ),
++    ],
++)
++def test_reposync_wget(
++    mocker: "MockerFixture",
++    input_mirror_type: enums.MirrorType,
++    input_mirror: str,
++    expected_exception: Any,
++    cobbler_api: CobblerAPI,
++    repo: Repo,
++    reposync_object: reposync.RepoSync,
++):
++    # Arrange
++    test_repo = repo
++    test_repo.breed = enums.RepoBreeds.WGET
++    test_repo.mirror = input_mirror
++    test_repo.mirror_type = input_mirror_type
++    repo_path = os.path.join(
++        reposync_object.settings.webdir, "repo_mirror", test_repo.name
++    )
++    mocked_subprocess = mocker.patch(
++        "cobbler.utils.subprocess_call", autospec=True, return_value=0
++    )
++    mocker.patch("cobbler.actions.reposync.repo_walker")
++    mocker.patch.object(reposync_object, "create_local_file")
++
++    # Act
++    with expected_exception:
++        reposync_object.wget_sync(test_repo)
++
++        # Assert
++        mocked_subprocess.assert_called_with(
++            [
++                "wget",
++                "-N",
++                "-np",
++                "-r",
++                "-l",
++                "inf",
++                "-nd",
++                "-P",
++                repo_path,
++                input_mirror,
++            ],
++            shell=False,
++        )
++
++
++def test_reposync_rhn(
++    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
++):
++    # Arrange
++    repo.mirror = "rhn://%s" % repo.name
++    mocked_subprocess = mocker.patch(
++        "cobbler.utils.subprocess_call", autospec=True, return_value=0
++    )
++    mocker.patch("os.path.isdir", return_value=True)
++    mocker.patch("os.makedirs")
++    mocker.patch("cobbler.actions.reposync.repo_walker")
++    mocker.patch.object(reposync_object, "create_local_file")
++    mocker.patch.object(
++        reposync_object, "reposync_cmd", return_value=["/my/fake/reposync"]
++    )
++
++    # Act
++    reposync_object.rhn_sync(repo)
++
++    # Assert
++    # TODO: Check this more and document how its actually working
++    mocked_subprocess.assert_called_with(
+         [
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.MIRRORLIST,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.METALINK,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://www.example.com/path/to/some/repo",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.NONE,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "dpkg",
+-                pytest.raises(cexceptions.CX)
+-            ),
++            "/my/fake/reposync",
++            "--testflag",
++            "--repo=testrepo0",
++            "--download-path=/srv/www/cobbler/repo_mirror",
+         ],
++        shell=False,
+     )
+-    def test_reposync_apt(
+-        self,
+-        input_mirror_type,
+-        input_mirror,
+-        input_arch,
+-        input_rpm_list,
+-        expected_exception,
+-        api,
+-        repo,
+-        reposync
+-    ):
+-        # Arrange
+-        test_repo = repo
+-        test_repo.breed = enums.RepoBreeds.APT
+-        test_repo.arch = input_arch
+-        test_repo.apt_components = "main"
+-        test_repo.apt_dists = "stable"
+-        test_repo.mirror = input_mirror
+-        test_repo.mirror_type = input_mirror_type
+-        test_repo.rpm_list = input_rpm_list
+-        test_repo.yumopts = "--exclude=.* --include=dpkg.* --no-check-gpg --rsync-extra=none"
+-        test_settings = api.settings()
+-        repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+-
+-        # Act & Assert
+-        with expected_exception:
+-            reposync.run(test_repo.name)
+-            result = os.path.exists(repo_path)
+-            for rpm in ["dpkg"]:
+-                assert glob.glob(os.path.join(repo_path, "**", "dpkg") + "*", recursive=True) != []
+-            assert result
+-
+-    @pytest.mark.skip("To flaky and thus not reliable. Needs to be mocked to be of use.")
+-    @pytest.mark.usefixtures("remove_repo")
+-    @pytest.mark.parametrize(
+-        "input_mirror_type,input_mirror,expected_exception",
++
++
++def test_reposync_rsync(
++    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
++):
++    # Arrange
++    mocked_subprocess = mocker.patch("cobbler.utils.subprocess_call", return_value=0)
++    mocker.patch("cobbler.actions.reposync.repo_walker")
++    mocker.patch.object(reposync_object, "create_local_file")
++    repo_path = os.path.join(reposync_object.settings.webdir, "repo_mirror", repo.name)
++
++    # Act
++    reposync_object.rsync_sync(repo)
++
++    # Assert
++    mocked_subprocess.assert_called_with(
+         [
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.MIRRORLIST,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.METALINK,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://www.example.com/path/to/some/repo",
+-                pytest.raises(cexceptions.CX)
+-            ),
++            "rsync",
++            "--testflag",
++            "--delete-after",
++            "-e ssh",
++            "--delete",
++            "--exclude-from=/etc/cobbler/rsync.exclude",
++            "/",
++            repo_path,
+         ],
++        shell=False,
+     )
+-    def test_reposync_wget(
+-        self,
+-        input_mirror_type,
+-        input_mirror,
+-        expected_exception,
+-        api,
+-        repo,
+-        reposync
+-    ):
+-        # Arrange
+-        test_repo = repo
+-        test_repo.breed = enums.RepoBreeds.WGET
+-        test_repo.mirror = input_mirror
+-        test_repo.mirror_type = input_mirror_type
+-        test_settings = api.settings()
+-        repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+-
+-        # Act & Assert
+-        with expected_exception:
+-            reposync.run(test_repo.name)
+-            result = os.path.exists(repo_path)
+-            for rpm in ["rpm"]:
+-                assert glob.glob(os.path.join(repo_path, "**", "2") + "*", recursive=True) != []
+-            assert result
+-
+-
+-@pytest.mark.skip("TODO")
+-def test_reposync_rhn():
++
++
++def test_createrepo_walker(
++    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
++):
+     # Arrange
++    input_repo = repo
++    input_repo.breed = enums.RepoBreeds.RSYNC
++    input_dirname = ""
++    input_fnames = []
++    expected_call = ["createrepo", "--testflags", f"'{input_dirname}'"]
++    mocked_subprocess = mocker.patch(
++        "cobbler.utils.subprocess_call", autospec=True, return_value=0
++    )
++    mocker.patch(
++        "cobbler.utils.blender",
++        autospec=True,
++        return_value={"createrepo_flags": "--testflags"},
++    )
++    mocker.patch("cobbler.utils.remove_yum_olddata")
++    mocker.patch("cobbler.utils.subprocess_get", return_value="5")
++    mocker.patch("cobbler.utils.get_family", return_value="TODO")
++    mocker.patch("os.path.exists", return_value=True)
++    mocker.patch("os.path.isfile", return_value=True)
++    mocker.patch.object(reposync_object, "librepo_getinfo", return_value={})
++
+     # Act
++    reposync_object.createrepo_walker(input_repo, input_dirname, input_fnames)
++
+     # Assert
+-    assert False
++    # TODO: Improve coverage over different cases in method
++    mocked_subprocess.assert_called_with(expected_call, shell=False)
+ 
+ 
+-@pytest.mark.skip("TODO")
+-def test_reposync_rsync():
++@pytest.mark.parametrize(
++    "input_repotype,expected_exception",
++    [
++        (enums.RepoBreeds.YUM, does_not_raise()),
++        (enums.RepoBreeds.RHN, does_not_raise()),
++        (enums.RepoBreeds.APT, does_not_raise()),
++        (enums.RepoBreeds.RSYNC, does_not_raise()),
++        (enums.RepoBreeds.WGET, does_not_raise()),
++        (enums.RepoBreeds.NONE, pytest.raises(cexceptions.CX)),
++    ],
++)
++def test_sync(
++    mocker: "MockerFixture",
++    cobbler_api: CobblerAPI,
++    reposync_object: reposync.RepoSync,
++    input_repotype: enums.RepoBreeds,
++    expected_exception: Any,
++):
+     # Arrange
++    test_repo = Repo(cobbler_api)
++    test_repo.breed = input_repotype
++    rhn_sync_mock = mocker.patch.object(reposync_object, "rhn_sync")
++    yum_sync_mock = mocker.patch.object(reposync_object, "yum_sync")
++    apt_sync_mock = mocker.patch.object(reposync_object, "apt_sync")
++    rsync_sync_mock = mocker.patch.object(reposync_object, "rsync_sync")
++    wget_sync_mock = mocker.patch.object(reposync_object, "wget_sync")
++
+     # Act
++    with expected_exception:
++        reposync_object.sync(test_repo)
++
++        # Assert
++        call_count = sum(
++            (
++                rhn_sync_mock.call_count,
++                yum_sync_mock.call_count,
++                apt_sync_mock.call_count,
++                rsync_sync_mock.call_count,
++                wget_sync_mock.call_count,
++            )
++        )
++        assert call_count == 1
++
++
++def test_librepo_getinfo(
++    mocker: "MockerFixture", reposync_object: reposync.RepoSync, tmp_path: Path
++):
++    # Arrange
++    handle_mock = mocker.MagicMock()
++    result_mock = mocker.MagicMock()
++    mocker.patch("librepo.Handle", return_value=handle_mock)
++    mocker.patch("librepo.Result", return_value=result_mock)
++
++    # Act
++    reposync_object.librepo_getinfo(str(tmp_path))
++
++    # Assert
++    handle_mock.perform.assert_called_with(result_mock)
++    result_mock.getinfo.assert_called()
++
++
++def test_create_local_file(
++    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
++):
++    # Arrange
++    mocker.patch("cobbler.utils.filesystem_helpers.mkdir", autospec=True)
++    mock_open = mocker.patch("builtins.open", mocker.mock_open())
++    input_dest_path = ""
++    input_repo = repo
++    input_output = True
++
++    # Act
++    reposync_object.create_local_file(input_dest_path, input_repo, output=input_output)
++
++    # Assert
++    # TODO: Extend checks
++    assert mock_open.call_count == 1
++    assert mock_open.mock_calls[0] == mocker.call("config.repo", "w", encoding="UTF-8")
++    mock_open_handle = mock_open()
++    assert mock_open_handle.write.mock_calls[0] == mocker.call("[testrepo0]\n")
++    assert mock_open_handle.write.mock_calls[1] == mocker.call("name=testrepo0\n")
++
++
++def test_update_permissions(
++    mocker: "MockerFixture", reposync_object: reposync.RepoSync
++):
++    # Arrange
++    mocked_subprocess = mocker.patch(
++        "cobbler.utils.subprocess_call", autospec=True, return_value=0
++    )
++    path_to_update = "/my/fake/path"
++    expected_calls = [
++        mocker.call(["chown", "-R", "root:www", path_to_update], shell=False),
++        mocker.call(["chmod", "-R", "755", path_to_update], shell=False),
++    ]
++
++    # Act
++    reposync_object.update_permissions(path_to_update)
++
+     # Assert
+-    assert False
++    assert mocked_subprocess.mock_calls == expected_calls

cobbler-reposync.patch

@@ -0,0 +1,18 @@
+diff -up cobbler-3.3.7/cobbler/cli.py.reposync cobbler-3.3.7/cobbler/cli.py
+--- cobbler-3.3.7/cobbler/cli.py.reposync	2024-11-17 14:02:02.000000000 -0700
++++ cobbler-3.3.7/cobbler/cli.py	2025-10-04 19:21:03.379260526 -0600
+@@ -1184,7 +1184,13 @@ class CobblerCLI:
+             task_id = self.start_task("import", options)
+         elif action_name == "reposync":
+             self.parser.add_option("--only", dest="only", help="update only this repository name")
+-            self.parser.add_option("--tries", dest="tries", help="try each repo this many times", default=1)
++            self.parser.add_option(
++                "--tries",
++                dest="tries",
++                help="try each repo this many times",
++                default=1,
++                type="int",
++            )
+             self.parser.add_option("--no-fail", dest="nofail", help="don't stop reposyncing if a failure occurs",
+                                    action="store_true")
+             (options, args) = self.parser.parse_args(self.args)

cobbler.fc

@@ -0,0 +1,28 @@
+/etc/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_etc_t,s0)
+
+/etc/rc\.d/init\.d/cobblerd	--	gen_context(system_u:object_r:cobblerd_initrc_exec_t,s0)
+
+/usr/bin/cobblerd	--	gen_context(system_u:object_r:cobblerd_exec_t,s0)
+
+/usr/lib/systemd/system/cobblerd.*	--	gen_context(system_u:object_r:cobblerd_unit_file_t,s0)
+
+/var/cache/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+
+/var/lib/tftpboot/aarch64(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/boot(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/etc(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/grub(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/images(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/images2(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/memdisk	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/menu\.c32	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/ppc(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/pxelinux\.0	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/pxelinux\.cfg(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/s390x(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/yaboot	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+
+/var/log/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_log_t,s0)
+
+/var/www/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)

cobbler.if

@@ -0,0 +1,251 @@
+## <summary>Cobbler installation server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run cobblerd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`cobblerd_domtrans',`
+	gen_require(`
+		type cobblerd_t, cobblerd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cobblerd_exec_t, cobblerd_t)
+')
+
+########################################
+## <summary>
+##	Execute cobblerd server in the cobblerd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`cobblerd_systemctl',`
+	gen_require(`
+		type named_unit_file_t;
+		type named_t;
+	')
+
+	systemd_exec_systemctl($1)
+	init_reload_services($1)
+	allow $1 named_unit_file_t:file read_file_perms;
+	allow $1 named_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, named_t)
+')
+
+########################################
+## <summary>
+##	Execute cobblerd init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`cobblerd_initrc_domtrans',`
+	gen_require(`
+		type cobblerd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, cobblerd_initrc_exec_t)
+')
+
+
+
+########################################
+## <summary>
+##	Read cobbler configuration dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_list_config',`
+	gen_require(`
+		type cobbler_etc_t;
+	')
+
+	list_dirs_pattern($1, cobbler_etc_t, cobbler_etc_t)
+	files_search_etc($1)
+')
+
+
+########################################
+## <summary>
+##	Read cobbler configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_read_config',`
+	gen_require(`
+		type cobbler_etc_t;
+	')
+
+	read_files_pattern($1, cobbler_etc_t, cobbler_etc_t)
+	files_search_etc($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	cobbler log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`cobbler_dontaudit_rw_log',`
+	gen_require(`
+		type cobbler_var_log_t;
+	')
+
+	dontaudit $1 cobbler_var_log_t:file rw_file_perms;
+')
+
+########################################
+## <summary>
+##	Search cobbler lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_search_lib',`
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read cobbler lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_read_lib_files',`
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+    read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	cobbler lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_manage_lib_files',`
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+    manage_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+    manage_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cobbler environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`cobblerd_admin',`
+	refpolicywarn(`$0($*) has been deprecated, use cobbler_admin() instead.')
+	cobbler_admin($1, $2)
+')
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cobbler environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`cobbler_admin',`
+	gen_require(`
+		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
+		type cobbler_etc_t, cobblerd_initrc_exec_t;
+		type cobbler_tmp_t;
+	')
+
+	allow $1 cobblerd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cobblerd_t)
+
+	cobblerd_initrc_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 cobblerd_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	files_search_etc($1)
+	admin_pattern($1, cobbler_etc_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, cobbler_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, cobbler_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, cobbler_var_log_t)
+')

cobbler.te

@@ -0,0 +1,249 @@
+policy_module(cobbler, 1.3.0)
+
+########################################
+#
+# Declarations
+#
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can modify
+##	public files used for public file
+##	transfer services.
+##	</p>
+## </desc>
+gen_tunable(cobbler_anon_write, false)
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can connect
+##	to the network using TCP.
+##	</p>
+## </desc>
+gen_tunable(cobbler_can_network_connect, false)
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can access
+##	cifs file systems.
+##	</p>
+## </desc>
+gen_tunable(cobbler_use_cifs, false)
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can access
+##	nfs file systems.
+##	</p>
+## </desc>
+gen_tunable(cobbler_use_nfs, false)
+
+gen_require(`
+	type debuginfo_exec_t;
+	type init_exec_t;
+	class file getattr;
+')
+
+type cobblerd_t;
+type cobblerd_exec_t;
+init_daemon_domain(cobblerd_t, cobblerd_exec_t)
+
+type cobblerd_initrc_exec_t;
+init_script_file(cobblerd_initrc_exec_t)
+
+type cobbler_etc_t;
+files_config_file(cobbler_etc_t)
+
+type cobbler_var_log_t;
+logging_log_file(cobbler_var_log_t)
+
+type cobbler_var_lib_t alias cobbler_content_t;
+files_type(cobbler_var_lib_t)
+
+type cobbler_tmp_t;
+files_tmp_file(cobbler_tmp_t)
+
+type cobblerd_unit_file_t;
+systemd_unit_file(cobblerd_unit_file_t)
+
+########################################
+#
+# Local policy
+#
+
+allow cobblerd_t self:capability { chown dac_read_search  fowner fsetid sys_nice };
+dontaudit cobblerd_t self:capability sys_tty_config;
+allow cobblerd_t self:process { getsched setsched signal };
+allow cobblerd_t self:fifo_file rw_fifo_file_perms;
+allow cobblerd_t self:tcp_socket { accept listen };
+allow cobblerd_t self:netlink_audit_socket create_socket_perms;
+
+allow cobblerd_t cobbler_etc_t:dir list_dir_perms;
+allow cobblerd_t cobbler_etc_t:file read_file_perms;
+allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms;
+
+allow cobblerd_t cobbler_tmp_t:file mmap_file_perms;
+# Allow cobbler to stat /usr/libexec/dnf-utils (aka reposync/yumdownloader)
+allow cobblerd_t debuginfo_exec_t:file getattr;
+# Allow cobbler to stat /usr/lib/systemd/systemd
+allow cobblerd_t init_exec_t:file getattr;
+# Allow cobbler to check status of itself
+allow cobblerd_t cobblerd_unit_file_t:service status;
+
+manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
+manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
+files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file })
+
+manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+manage_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+manage_lnk_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+files_var_lib_filetrans(cobblerd_t, cobbler_var_lib_t, dir)
+files_var_filetrans(cobblerd_t, cobbler_var_lib_t, dir, "cobbler")
+
+append_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+create_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+read_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file)
+
+kernel_read_system_state(cobblerd_t)
+kernel_read_network_state(cobblerd_t)
+
+corecmd_exec_bin(cobblerd_t)
+corecmd_exec_shell(cobblerd_t)
+
+corenet_all_recvfrom_netlabel(cobblerd_t)
+corenet_all_recvfrom_unlabeled(cobblerd_t)
+corenet_tcp_sendrecv_generic_if(cobblerd_t)
+corenet_tcp_sendrecv_generic_node(cobblerd_t)
+corenet_tcp_bind_generic_node(cobblerd_t)
+
+corenet_sendrecv_cobbler_server_packets(cobblerd_t)
+corenet_tcp_bind_cobbler_port(cobblerd_t)
+corenet_tcp_sendrecv_cobbler_port(cobblerd_t)
+
+corenet_sendrecv_ftp_client_packets(cobblerd_t)
+corenet_tcp_connect_ftp_port(cobblerd_t)
+corenet_tcp_sendrecv_ftp_port(cobblerd_t)
+
+corenet_tcp_sendrecv_http_port(cobblerd_t)
+corenet_tcp_connect_http_port(cobblerd_t)
+corenet_sendrecv_http_client_packets(cobblerd_t)
+
+dev_read_sysfs(cobblerd_t)
+dev_read_urand(cobblerd_t)
+
+files_list_boot(cobblerd_t)
+files_list_tmp(cobblerd_t)
+files_read_boot_files(cobblerd_t)
+files_read_etc_runtime_files(cobblerd_t)
+
+fs_getattr_all_fs(cobblerd_t)
+fs_read_iso9660_files(cobblerd_t)
+
+selinux_get_enforce_mode(cobblerd_t)
+
+term_use_console(cobblerd_t)
+
+auth_use_nsswitch(cobblerd_t)
+
+logging_send_syslog_msg(cobblerd_t)
+
+miscfiles_read_localization(cobblerd_t)
+miscfiles_read_public_files(cobblerd_t)
+
+sysnet_dns_name_resolve(cobblerd_t)
+sysnet_rw_dhcp_config(cobblerd_t)
+sysnet_write_config(cobblerd_t)
+
+tunable_policy(`cobbler_anon_write',`
+	miscfiles_manage_public_files(cobblerd_t)
+')
+
+tunable_policy(`cobbler_can_network_connect',`
+	corenet_sendrecv_all_client_packets(cobblerd_t)
+	corenet_tcp_connect_all_ports(cobblerd_t)
+	corenet_tcp_sendrecv_all_ports(cobblerd_t)
+')
+
+tunable_policy(`cobbler_use_cifs',`
+	fs_manage_cifs_dirs(cobblerd_t)
+	fs_manage_cifs_files(cobblerd_t)
+	fs_manage_cifs_symlinks(cobblerd_t)
+')
+
+tunable_policy(`cobbler_use_nfs',`
+	fs_manage_nfs_dirs(cobblerd_t)
+	fs_manage_nfs_files(cobblerd_t)
+	fs_manage_nfs_symlinks(cobblerd_t)
+')
+
+optional_policy(`
+	apache_search_config(cobblerd_t)
+	apache_domtrans(cobblerd_t)
+	apache_search_sys_content(cobblerd_t)
+')
+
+optional_policy(`
+	bind_read_config(cobblerd_t)
+	bind_write_config(cobblerd_t)
+	bind_domtrans_ndc(cobblerd_t)
+	bind_domtrans(cobblerd_t)
+	bind_initrc_domtrans(cobblerd_t)
+	bind_manage_zone(cobblerd_t)
+	bind_systemctl(cobblerd_t)
+')
+
+optional_policy(`
+	certmaster_exec(cobblerd_t)
+')
+
+optional_policy(`
+	dhcpd_domtrans(cobblerd_t)
+	dhcpd_initrc_domtrans(cobblerd_t)
+	dhcpd_systemctl(cobblerd_t)
+')
+
+optional_policy(`
+	dnsmasq_domtrans(cobblerd_t)
+	dnsmasq_initrc_domtrans(cobblerd_t)
+	dnsmasq_write_config(cobblerd_t)
+	dnsmasq_systemctl(cobblerd_t)
+')
+
+# To read /boot/efi
+optional_policy(`
+	fs_list_dos(cobblerd_t)
+	fs_read_dos_files(cobblerd_t)
+')
+
+# To run mkfs.fat when generating ISO
+optional_policy(`
+	fstools_exec(cobblerd_t)
+')
+
+optional_policy(`
+	libs_exec_ldconfig(cobblerd_t)
+')
+
+optional_policy(`
+	mysql_stream_connect(cobblerd_t)
+')
+
+optional_policy(`
+	rpm_exec(cobblerd_t)
+')
+
+optional_policy(`
+	rsync_exec(cobblerd_t)
+	rsync_read_config(cobblerd_t)
+	rsync_manage_config(cobblerd_t)
+	rsync_etc_filetrans_config(cobblerd_t, file, "rsync.conf")
+')
+
+optional_policy(`
+	tftp_manage_config(cobblerd_t)
+	tftp_manage_rw_content(cobblerd_t)
+	tftp_delete_content_dirs(cobblerd_t)
+	tftp_filetrans_tftpdir(cobblerd_t, cobbler_var_lib_t, { dir file })
+')

cobblerd.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Cobbler Helper Daemon
-After=syslog.target network.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/cobblerd
-RemainAfterExit=yes
-PrivateTmp=yes
-
-[Install]
-WantedBy=multi-user.target
-

migrate-settings.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+sed -i -e 's,^default_kickstart: */var/lib/cobbler/kickstarts,default_autoinstall: /var/lib/cobbler/templates,' \
+       -e '/^\(consoles\|func_\|kernel_options_s390x\|power_template_dir\|pxe_template_dir\|redhat_management_type\|snippetsdir\|template_remote_kickstarts\):/s/^/# REMOVED: /' \
+       -e '$a#ADDED:' -e '$acache_enabled: true' -e '$areposync_rsync_flags: "-rltDv --copy-unsafe-links"' /etc/cobbler/settings.yaml

sources

@@ -1 +1 @@
-SHA512 (cobbler-2.8.5.tar.gz) = 6097618b6ad394f23f496eee14a74a334162b2d420c39059bf54472a44b4a6a645faf9ee50139f7c169503d34524489282b03a2f7318ca8b276745cc518567a7
+SHA512 (cobbler-3.3.7.tar.gz) = df6570dd7c6cbe50464624267df1bbecbb29e60513bba312a6c726502d4670670f3113f24b6b7e465d0b3353c0721e6fe3725dbc4569b4f624ec2b4a29682d1a