Fix the dependency on syslinux

Signed-off-by: Cristian Le <git@lecris.dev>
Add patch
2025-12-23 16:48:31 +07:00 · 2025-10-04 21:36:03 -06:00 · 2025-10-04 21:20:47 -06:00 · 2025-10-04 21:04:17 -06:00 · 2025-10-04 20:08:27 -06:00 · 2025-10-04 19:24:45 -06:00
16 changed files with 2188 additions and 2058 deletions
--- a/1804.patch
+++ b/1804.patch
@ -1,23 +0,0 @@
-From 6759cc1b1834eb6b50b6a3c583fc531d8452eaf0 Mon Sep 17 00:00:00 2001
-From: Orion Poplawski <orion@cora.nwra.com>
-Date: Wed, 21 Jun 2017 11:41:45 -0600
-Subject: [PATCH] Suppress "edirecting to /bin/systemctl condrestart 
- cobblerd.service" messages from logrotate on systemd systems
-
---
- config/cobblerd_rotate | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/config/cobblerd_rotate b/config/cobblerd_rotate
-index 2224f6600..17cb10e17 100644
--- a/config/cobblerd_rotate
-+++ b/config/cobblerd_rotate
-@@ -4,7 +4,7 @@
-    rotate 4
-    weekly
-    postrotate
-      /sbin/service cobblerd condrestart > /dev/null
-+      /sbin/service cobblerd condrestart > /dev/null 2>&1
-    endscript
- }
- 
--- a/3945.patch
+++ b/3945.patch
@ -0,0 +1,32 @@
+From 1d83bd29c253ba898ac35683258fec285d5a6529 Mon Sep 17 00:00:00 2001
+From: Orion Poplawski <orion@nwra.com>
+Date: Sat, 4 Oct 2025 19:49:26 -0600
+Subject: [PATCH] Use systemctl is-active --quiet to check status of services
+ (fixes #3942)
+
+---
+ changelog.d/3942.fixed   | 1 +
+ cobbler/actions/check.py | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+ create mode 100644 changelog.d/3942.fixed
+
+diff --git a/changelog.d/3942.fixed b/changelog.d/3942.fixed
+new file mode 100644
+index 0000000000..444bdb800a
+--- /dev/null
+++ b/changelog.d/3942.fixed
+@@ -0,0 +1 @@
+check: Use systemctl is-active --quiet to check the status of services
+diff --git a/cobbler/actions/check.py b/cobbler/actions/check.py
+index b79706aff1..5f6a3fa3bc 100644
+--- a/cobbler/actions/check.py
+++ b/cobbler/actions/check.py
+@@ -142,7 +142,7 @@ def check_service(self, status, which, notes=""):
+                     status.append("service %s is not running%s" % (which, notes))
+                     return
+         elif utils.is_systemd():
+-            return_code = utils.subprocess_call("systemctl status %s > /dev/null 2>/dev/null" % which,
+            return_code = utils.subprocess_call("systemctl is-active --quiet %s > /dev/null 2>/dev/null" % which,
+                                                 shell=True)
+             if return_code != 0:
+                 status.append("service %s is not running%s" % (which, notes))
--- a/354
+++ b/354
@ -0,0 +1,354 @@
+* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Sun Jan 05 2025 Orion Poplawski <orion@nwra.com> - 3.3.7-2
+- Backport upstream patch for Python 3.13 support (rhbz#2335620)
+
+* Sun Nov 17 2024 Orion Poplawski <orion@nwra.com> - 3.3.7-1
+- Update to 3.3.7 (CVE-2024-47533)
+
+* Fri Sep 27 2024 Carl George <carlwgeorge@fedoraproject.org> - 3.3.6-2
+- Fix cheetah dependency rhbz#2314630
+
+* Wed Jul 31 2024 Orion Poplawski <orion@nwra.com> - 3.3.6-1
+- Update to 3.3.6
+
+* Thu Jul 25 2024 Miroslav Suchý <msuchy@redhat.com> - 3.3.5-3
+- convert license to SPDX
+
+* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jul 12 2024 Orion Poplawski <orion@nwra.com> - 3.3.5-1
+- Update to 3.3.5
+
+* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 3.3.4-5
+- Rebuilt for Python 3.13
+
+* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 3.3.4-4
+- Rebuilt for Python 3.13
+
+* Sat Apr 27 2024 Orion Poplawski <orion@nwra.com> - 3.3.4-3
+- Fix service name in selinux post install script
+
+* Fri Apr 26 2024 Orion Poplawski <orion@nwra.com> - 3.3.4-2
+- Test for existence of web.ss before chowning it (bz#2276860)
+
+* Mon Feb 26 2024 Orion Poplawski <orion@nwra.com> - 3.3.4-1
+- Update to 3.3.4
+- Add local SELinux policy and allow cobbler to check service statuses,
+  run mkfs.fat, and check for reposync and yumdownloader (bz#2251220)
+- Change owndership of web.ss to root (bz#2247653)
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jul 17 2023 Orion Poplawski <orion@nwra.com> - 3.3.3-6
+- Add patch to fix build with Sphinx 7
+
+* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 3.3.3-5
+- Rebuilt for Python 3.12
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jun 23 2022 Python Maint <python-maint@redhat.com> - 3.3.3-2
+- Rebuilt for Python 3.11
+
+* Tue Jun 14 2022 Orion Poplawski <orion@nwra.com> - 3.3.3-1
+- Update to 3.3.3
+
+* Wed May 04 2022 Orion Poplawski <orion@nwra.com> - 3.3.2-2
+- Drop setting cache_enabled no longer present in 3.3
+
+* Sat Mar 12 2022 Orion Poplawski <orion@nwra.com> - 3.3.2-1
+- Update to 3.3.2
+
+* Tue Mar 01 2022 Orion Poplawski <orion@nwra.com> - 3.3.1-1
+- Update to 3.3.1, removes web interface
+
+* Tue Mar 01 2022 Orion Poplawski <orion@nwra.com> - 3.2.2-9
+- Apply fixes for CVE-2021-45082/3
+- Remove BR on python3-coverage
+
+* Mon Jan 24 2022 Orion Poplawski <orion@nwra.com> - 3.2.2-8
+- Fix posttrans script
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Dec 23 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-6
+- Fix path to settings.yaml in scriptlet
+
+* Thu Dec 09 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-5
+- Remove defunct get-loaders command
+
+* Mon Nov 22 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-4
+- Add new keys to settings.yaml on migration or if missing
+- Save original settings to settings.rpmorig
+
+* Fri Oct 08 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-3
+- Fix dependencies (bz#2010567)
+
+* Thu Sep 23 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-2
+- Migrate settings to settings.yaml
+- Migrate pre-cobbler 3 data if needed
+- Fix autoinstall_templates -> templates
+
+* Thu Sep 23 2021 Orion Poplawski <orion@nwra.com> - 3.2.2-1
+- Update to 3.2.2
+- bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection
+- bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function
+- bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings
+
+* Wed Sep 22 2021 Orion Poplawski <orion@nwra.com> - 3.2.1-1
+- Update to 3.2.1
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 3.2.0-5
+- Rebuilt for Python 3.10
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3.2.0-4
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.2.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Oct 25 2020 Orion Poplawski <orion@nwra.com> - 3.2.0-2
+- Give root RW permission to /var/lib/cobbler/web.ss
+- Fix SELinux cobbler logging issue
+
+* Sat Oct 24 2020 Orion Poplawski <orion@nwra.com> - 3.2.0-1
+- Update to 3.2.0
+
+* Thu Sep 17 2020 Orion Poplawski <orion@nwra.com> - 3.1.2-4
+- Add requires on python-distro and file
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jul 08 2020 Orion Poplawski <orion@nwra.com> - 3.1.2-2
+- Fix apache configuration
+
+* Fri May 29 2020 Orion Poplawski <orion@nwra.com> - 3.1.2-1
+- Update to 3.1.2
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.1.1-4
+- Rebuilt for Python 3.9
+
+* Fri Feb 21 2020 Orion Poplawski <orion@nwra.com> - 3.1.1-3
+- Add requires for python3-dns
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sun Jan 12 2020 Orion Poplawski <orion@nwra.com> - 3.1.1-1
+- Update to 3.1.1
+
+* Tue Oct 22 2019 Orion Poplawski <orion@nwra.com> - 3.0.1-4
+- Drop koan completely, including obsoletes.  It is a separate package now.
+
+* Thu Oct 10 2019 Orion Poplawski <orion@nwra.com> - 3.0.1-3
+- Require /sbin/service
+
+* Tue Oct  8 2019 Orion Poplawski <orion@nwra.com> - 3.0.1-2
+- Fix requires (requests instead of urlgrabber)
+- Fix BR for EL8
+
+* Mon Sep 09 2019 Nicolas Chauvet <kwizart@gmail.com> - 3.0.1-1
+- Update to 3.0.1
+
+* Fri Aug 30 2019 Nicolas Chauvet <kwizart@gmail.com> - 3.0.0-1
+- Update to 3.0.0
+
+* Mon Aug 26 2019 Nicolas Chauvet <kwizart@gmail.com> - 2.8.5-0.1
+- Update to 2.8.5 - pre-release
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Nov 26 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-5
+- Fix empty man pages (BZ 1653415)
+
+* Mon Nov 26 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-4
+- Revert bind_manage_ipmi feature that is broken on 2.8
+
+* Sun Nov 25 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-3
+- Use pathfix.py to fix python shebangs
+
+* Sun Nov 25 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-2
+- Make koan require python2-ethtool (BZ 1638933)
+
+* Sat Nov 24 2018 Orion Poplawski <orion@nwra.com> - 2.8.4-1
+- Update to 2.8.4 (Fixes BZ 1613292, 1643860, 1614433, CVE-2018-1000226, CVE-2018-10931)
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed May 30 2018 Orion Poplawski <orion@nwra.com> - 2.8.3-3
+- koan requires urlgrabber
+
+* Mon May 28 2018 Nicolas Chauvet <kwizart@gmail.com> - 2.8.3-2
+- Restore mergeability with epel7
+
+* Mon May 28 2018 Nicolas Chauvet <kwizart@gmail.com> - 2.8.3-1
+- Update to 2.8.3 - security bugfix
+
+* Wed Feb 21 2018 Orion Poplawski <orion@nwra.com> - 2.8.2-6
+- Really fix django requires for Fedora 28+
+
+* Tue Feb 20 2018 Orion Poplawski <orion@nwra.com> - 2.8.2-5
+- Fix django requires for Fedora 28+
+
+* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.8.2-4
+- Escape macros in %%changelog
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Tue Feb 06 2018 Iryna Shcherbina <ishcherb@redhat.com> - 2.8.2-2
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Mon Sep 18 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.2-1
+- Update to 2.8.2
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Jun 21 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.1-3
+- Suppress logrotate output
+
+* Mon Jun 12 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.1-2
+- Fix module loading
+
+* Wed May 24 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.1-1
+- Update to 2.8.1
+
+* Fri Feb 17 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-6
+- Add patch to fix handling of multiple bridge interfaces
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Jan 27 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-4
+- Fix named patch
+
+* Tue Jan 24 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-3
+- Restart named-chroot service if used
+
+* Fri Jan 20 2017 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-2
+- Fix logrotate script for systemd (bug #1414617)
+
+* Thu Dec 1 2016 Orion Poplawski <orion@cora.nwra.com> - 2.8.0-1
+- Update to 2.8.0
+- Restructure spec file
+
+* Thu Sep 1 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-11.gitf78af86
+- Add patches to fix TEMPLATE_DIRS and use OrderedDict
+
+* Thu Aug 11 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-10.gitf78af86
+- Force IPv4 connections to cobblerd from web proxy
+
+* Thu Jul 21 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-9.gitf78af86
+- Suppress "virt-install --os-variant list" error messages
+
+* Thu Jul 21 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-8.git5680bf8
+- Fix handling unknown os variants with osinfo-query
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.11-7.git95749a6
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Wed Jul 13 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-6.git95749a6
+- Fix typo in koan/app.py
+
+* Wed Jul 13 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-5.git13b035f
+- Update to current git snapshot (bug #1276896)
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.11-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Feb 1 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-3
+- Require dnf-plugins-core
+
+* Sun Jan 24 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-2
+- Require dnf-core-plugins instead of yum-utils for repoquery on Fedora 23+
+
+* Sun Jan 24 2016 Orion Poplawski <orion@cora.nwra.com> - 2.6.11-1
+- Update to 2.6.11
+- Make cobbler arch specific to allow for arch specific requires
+
+* Thu Oct 1 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.10-1
+- Update to 2.6.10
+
+* Mon Jun 22 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.9-1
+- Update to 2.6.9
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue May 12 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.8-2
+- Support django 1.8 in Fedora 22+
+
+* Fri May 8 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.8-1
+- Update to 2.6.8
+- Backport upstream patch to fix centos version detection (bug #1201879)
+
+* Tue Apr 28 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.7-3
+- Add patch to fix virt-install support for F21+/EL7 (bug #1188424)
+
+* Mon Apr 27 2015 Orion Poplawski <orion@cora.nwra.com> - 2.6.7-2
+- Create and own directories in tftp_dir
+
+* Wed Dec 31 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.7-1
+- Update to 2.6.7
+
+* Sun Oct 19 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.6-1
+- Update to 2.6.6
+
+* Fri Aug 15 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.5-1
+- Update to 2.6.5
+
+* Wed Aug 13 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.4-2
+- Require Django >= 1.4
+
+* Mon Aug 11 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.4-1
+- Update to 2.6.4
+
+* Fri Jul 18 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.3-1
+- Update to 2.6.3
+
+* Wed Jul 16 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.2-1
+- Update to 2.6.2
+- Spec cleanup
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Fri May 23 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.1-1
+- Update to 2.6.1
+- Drop koan patch applied upstream
+
+* Tue Apr 22 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.0-2
+- Only require syslinux on x86
+
+* Mon Apr 21 2014 Orion Poplawski <orion@cora.nwra.com> - 2.6.0-1
+- Update to 2.6.0
--- a/cobbler-CVE-2021-45082.patch
+++ b/cobbler-CVE-2021-45082.patch
@ -1,34 +0,0 @@
-commit 267184cc5c8db764847eee2d9ba0f5006879adfe
-Author: Alexander Graul <agraul@suse.com>
-Date:   Wed Feb 16 09:48:40 2022 +0100
-
-    Security: Fix incomplete template sanitization
-    
-    This only affects Cheetah templating.
-    
-    Without this commit, it is possible to evade the
-    "cheetah_import_whitelist" and import arbitraty Python code.
-    
-    Example exploit: #from exploit import pwned
-    
-    CVE-ID: CVE-2021-45082
-
-diff --git a/cobbler/templar.py b/cobbler/templar.py
-index c425908f..b2b99cb2 100644
--- a/cobbler/templar.py
-+++ b/cobbler/templar.py
-@@ -76,10 +76,10 @@ class Templar:
-         """
-         lines = data.split("\n")
-         for line in lines:
-            if line.find("#import") != -1:
-               rest=line.replace("#import","").replace(" ","").strip()
-               if self.settings and rest not in self.settings.cheetah_import_whitelist:
-                   raise CX("potentially insecure import in template: %s" % rest)
-+            if "#import" in line or "#from" in line:
-+                rest = line.replace("#import", "").replace("#from", "").replace("import", ".").replace(" ", "").strip()
-+                if self.settings and rest not in self.settings.cheetah_import_whitelist:
-+                    raise CX("Potentially insecure import in template: %s" % rest)
- 
-     def render(self, data_input, search_table, out_path, subject=None, template_type=None):
-         """
--- a/cobbler-CVE-2022-0860.patch
+++ b/cobbler-CVE-2022-0860.patch
@ -1,25 +0,0 @@
-diff --git a/cobbler/modules/authn_pam.py b/cobbler/modules/authn_pam.py
-index 80ac4e7..26981f7 100644
--- a/cobbler/modules/authn_pam.py
-+++ b/cobbler/modules/authn_pam.py
-@@ -114,6 +114,10 @@ PAM_AUTHENTICATE = LIBPAM.pam_authenticate
- PAM_AUTHENTICATE.restype = c_int
- PAM_AUTHENTICATE.argtypes = [PamHandle, c_int]
- 
-+PAM_ACCT_MGMT = LIBPAM.pam_acct_mgmt
-+PAM_ACCT_MGMT.restype = c_int
-+PAM_ACCT_MGMT.argtypes = [PamHandle, c_int]
-+
- def authenticate(api_handle, username, password):
-     """
-     Returns True if the given username and password authenticate for the
-@@ -152,5 +156,9 @@ def authenticate(api_handle, username, password):
-         return False
- 
-     retval = PAM_AUTHENTICATE(handle, 0)
-+
-+    if retval == 0:
-+        retval = PAM_ACCT_MGMT(handle, 0)
-+
-     return retval == 0
- 
--- a/cobbler-nocov.patch
+++ b/cobbler-nocov.patch
@ -0,0 +1,41 @@
+diff --git a/setup.py b/setup.py
+index 59f7601..023d84b 100644
+--- a/setup.py
+++ b/setup.py
+@@ -341,17 +341,9 @@ class test_command(Command):
+ 
+     def run(self):
+         import pytest
+-        from coverage import Coverage
+-
+-        cov = Coverage()
+-        cov.erase()
+-        cov.start()
+ 
+         result = pytest.main()
+ 
+-        cov.stop()
+-        cov.save()
+-        cov.html_report(directory="covhtml")
+         sys.exit(int(bool(len(result.failures) > 0 or len(result.errors) > 0)))
+ 
+ 
+@@ -479,7 +471,6 @@ if __name__ == "__main__":
+         },
+         license="GPLv2+",
+         setup_requires=[
+-            "coverage",
+             "distro",
+             "setuptools",
+             "sphinx",
+@@ -501,10 +492,7 @@ if __name__ == "__main__":
+             "lint": ["pyflakes", "pycodestyle", "pylint", "black", "mypy"],
+             "test": [
+                 "pytest>6",
+-                "pytest-cov",
+-                "codecov",
+                 "pytest-mock",
+-                "pytest-benchmark",
+             ],
+             "docs": ["sphinx", "sphinx-rtd-theme", "sphinxcontrib-apidoc"],
+             # We require the current version to properly detect duplicate issues
--- a/cobbler-python3.13.patch
+++ b/cobbler-python3.13.patch
@ -0,0 +1,972 @@
+diff --git a/changelog.d/3842.fixed b/changelog.d/3842.fixed
+new file mode 100644
+index 00000000..6c6d6313
+--- /dev/null
+++ b/changelog.d/3842.fixed
+@@ -0,0 +1 @@
+Fix compatibility with Python 3.13
+diff --git a/cobbler/actions/reposync.py b/cobbler/actions/reposync.py
+index c0163350..ec5745fb 100644
+--- a/cobbler/actions/reposync.py
+++ b/cobbler/actions/reposync.py
+@@ -23,9 +23,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ import logging
+ import os
+ import os.path
+-import pipes
+-import stat
+import shlex
+ import shutil
+import stat
+ from typing import Optional, Union
+ 
+ from cobbler import utils
+@@ -272,9 +272,9 @@ class RepoSync:
+             blended = utils.blender(self.api, False, repo)
+             flags = blended.get("createrepo_flags", "(ERROR: FLAGS)")
+             try:
+-                cmd = "createrepo %s %s %s" % (" ".join(mdoptions), flags, pipes.quote(dirname))
+-                utils.subprocess_call(cmd)
+-            except:
+                cmd = ["createrepo"] + mdoptions + flags + [shlex.quote(dirname)]
+                utils.subprocess_call(cmd, shell=False)
+            except Exception:
+                 utils.log_exc()
+                 self.logger.error("createrepo failed.")
+             del fnames[:]  # we're in the right place
+@@ -302,8 +302,19 @@ class RepoSync:
+         dest_path = os.path.join(self.settings.webdir, "repo_mirror", repo.name)
+ 
+         # FIXME: wrapper for subprocess that logs to logger
+-        cmd = ["wget", "-N", "-np", "-r", "-l", "inf", "-nd", "-P", pipes.quote(dest_path), pipes.quote(repo.mirror)]
+-        rc = utils.subprocess_call(cmd)
+        cmd = [
+            "wget",
+            "-N",
+            "-np",
+            "-r",
+            "-l",
+            "inf",
+            "-nd",
+            "-P",
+            shlex.quote(dest_path),
+            shlex.quote(repo.mirror),
+        ]
+        return_value = utils.subprocess_call(cmd, shell=False)
+ 
+         if rc != 0:
+             raise CX("cobbler reposync failed")
+@@ -347,9 +358,14 @@ class RepoSync:
+         if flags == '':
+             flags = self.settings.reposync_rsync_flags
+ 
+-        cmd = "rsync %s --delete-after %s --delete --exclude-from=/etc/cobbler/rsync.exclude %s %s" \
+-              % (flags, spacer, pipes.quote(repo.mirror), pipes.quote(dest_path))
+-        rc = utils.subprocess_call(cmd)
+        cmd = ["rsync"] + flags + ["--delete-after"]
+        cmd += spacer + [
+            "--delete",
+            "--exclude-from=/etc/cobbler/rsync.exclude",
+            shlex.quote(repo.mirror),
+            shlex.quote(dest_path),
+        ]
+        return_code = utils.subprocess_call(cmd, shell=False)
+ 
+         if rc != 0:
+             raise CX("cobbler reposync failed")
+@@ -386,10 +402,11 @@ class RepoSync:
+         if not HAS_LIBREPO:
+             raise CX("no librepo found, please install python3-librepo")
+ 
+-        if os.path.exists("/usr/bin/dnf"):
+-            cmd = "/usr/bin/dnf reposync"
+-        elif os.path.exists("/usr/bin/reposync"):
+-            cmd = "/usr/bin/reposync"
+        if os.path.exists("/usr/bin/reposync"):
+            cmd = ["/usr/bin/reposync"]
+        # DNF5 does not have a reposync subcommand
+        elif os.path.exists("/usr/bin/dnf"):
+            cmd = ["/usr/bin/dnf", "reposync"]
+         else:
+             # Warn about not having yum-utils.  We don't want to require it in the package because Fedora 22+ has moved
+             # to dnf.
+@@ -451,6 +468,11 @@ class RepoSync:
+             # Counter-intuitive, but we want the newish kernels too
+             arch = "i686"
+ 
+        cmd = self.reposync_cmd()
+        cmd += self.rflags + [
+            f"--repo={shlex.quote(rest)}",
+            f"--download-path={shlex.quote(repos_path)}",
+        ]
+         if arch != "none":
+             cmd = "%s -a %s" % (cmd, arch)
+ 
+@@ -544,9 +566,11 @@ class RepoSync:
+ 
+         if not has_rpm_list:
+             # If we have not requested only certain RPMs, use reposync
+-            cmd = "%s %s --config=%s --repoid=%s -p %s" \
+-                  % (cmd, self.rflags, temp_file, pipes.quote(repo.name),
+-                     pipes.quote(repos_path))
+            cmd += self.rflags + [
+                f"--config={temp_file}",
+                f"--repoid={shlex.quote(repo.name)}",
+                f"--download-path={shlex.quote(repos_path)}",
+            ]
+             if arch != "none":
+                 cmd = "%s -a %s" % (cmd, arch)
+ 
+@@ -557,14 +581,14 @@ class RepoSync:
+ 
+             use_source = ""
+             if arch == "src":
+-                use_source = "--source"
+-
+-            # Older yumdownloader sometimes explodes on --resolvedeps if this happens to you, upgrade yum & yum-utils
+-            extra_flags = self.settings.yumdownloader_flags
+-            cmd = "/usr/bin/dnf download"
+-            cmd = "%s %s %s --disablerepo=* --enablerepo=%s -c %s --destdir=%s %s" \
+-                  % (cmd, extra_flags, use_source, pipes.quote(repo.name), temp_file, pipes.quote(dest_path),
+-                     " ".join(repo.rpm_list))
+                cmd.append("--source")
+            cmd += [
+                "--disablerepo=*",
+                f"--enablerepo={shlex.quote(repo.name)}",
+                f"-c={temp_file}",
+                f"--destdir={shlex.quote(dest_path)}",
+            ]
+            cmd += repo.rpm_list
+ 
+         # Now regardless of whether we're doing yumdownloader or reposync or whether the repo was http://, ftp://, or
+         # rhn://, execute all queued commands here.  Any failure at any point stops the operation.
+@@ -669,17 +693,21 @@ class RepoSync:
+             dists = ",".join(repo.apt_dists)
+             components = ",".join(repo.apt_components)
+ 
+-            mirror_data = "--method=%s --host=%s --root=%s --dist=%s --section=%s" \
+-                          % (pipes.quote(method), pipes.quote(host), pipes.quote(mirror), pipes.quote(dists),
+-                             pipes.quote(components))
+            mirror_data = [
+                f"--method={shlex.quote(method)}",
+                f"--host={shlex.quote(host)}",
+                f"--root={shlex.quote(mirror)}",
+                f"--dist={shlex.quote(dists)}",
+                f"--section={shlex.quote(components)}",
+            ]
+ 
+             rflags = "--nocleanup"
+             for x in repo.yumopts:
+                 if repo.yumopts[x]:
+                     rflags += " %s=%s" % (x, repo.yumopts[x])
+                 else:
+-                    rflags += " %s" % x
+-            cmd = "%s %s %s %s" % (mirror_program, rflags, mirror_data, pipes.quote(dest_path))
+                    rflags.append(repo_yumoption)
+            cmd = [mirror_program] + rflags + mirror_data + [shlex.quote(dest_path)]
+             if repo.arch == RepoArchs.SRC:
+                 cmd = "%s --source" % cmd
+             else:
+diff --git a/tests/actions/reposync_test.py b/tests/actions/reposync_test.py
+index 0bee772c..ee8d1549 100644
+--- a/tests/actions/reposync_test.py
+++ b/tests/actions/reposync_test.py
+@@ -1,251 +1,592 @@
+"""
+Tests that validate the functionality of the module that is responsible for repository synchronization.
+"""
+
+ import os
+-import glob
+from pathlib import Path
+from typing import TYPE_CHECKING, Any, Dict, List, Union
+ 
+ import pytest
+ 
+-from cobbler import enums
+from cobbler import cexceptions, enums
+from cobbler.actions import reposync
+ from cobbler.api import CobblerAPI
+-from cobbler.actions.reposync import RepoSync
+ from cobbler.items.repo import Repo
+-from cobbler import cexceptions
+-from tests.conftest import does_not_raise
+ 
+from tests.conftest import does_not_raise
+ 
+-@pytest.fixture(scope="class")
+-def api():
+-    return CobblerAPI()
+if TYPE_CHECKING:
+    from pytest_mock import MockerFixture
+ 
+ 
+-@pytest.fixture(scope="class")
+-def reposync(api):
+-    test_reposync = RepoSync(api, tries=2, nofail=False)
+@pytest.fixture(name="reposync_object", scope="function")
+def fixture_reposync_object(
+    mocker: "MockerFixture", cobbler_api: CobblerAPI
+) -> reposync.RepoSync:
+    settings_mock = mocker.MagicMock()
+    settings_mock.webdir = "/srv/www/cobbler"
+    settings_mock.server = "localhost"
+    settings_mock.http_port = 80
+    settings_mock.proxy_url_ext = ""
+    settings_mock.yumdownloader_flags = "--testflag"
+    settings_mock.reposync_rsync_flags = "--testflag"
+    settings_mock.reposync_flags = "--testflag"
+    mocker.patch.object(cobbler_api, "settings", return_value=settings_mock)
+    test_reposync = reposync.RepoSync(cobbler_api, tries=2, nofail=False)
+     return test_reposync
+ 
+ 
+-@pytest.fixture
+-def repo(api):
+@pytest.fixture(name="repo")
+def fixture_repo(cobbler_api: CobblerAPI) -> Repo:
+     """
+     Creates a Repository "testrepo0" with a keep_updated=True and mirror_locally=True".
+     """
+-    test_repo = Repo(api)
+    test_repo = Repo(cobbler_api)
+     test_repo.name = "testrepo0"
+     test_repo.mirror_locally = True
+     test_repo.keep_updated = True
+-    api.add_repo(test_repo)
+     return test_repo
+ 
+ 
+ @pytest.fixture
+-def remove_repo(api):
+def remove_repo(cobbler_api: CobblerAPI):
+     """
+     Removes the Repository "testrepo0" which can be created with repo.
+     """
+     yield
+-    test_repo = api.find_repo("testrepo0")
+-    if test_repo is not None:
+-        api.remove_repo(test_repo.name)
+    test_repo = cobbler_api.find_repo("testrepo0")
+    if test_repo is not None and not isinstance(test_repo, list):
+        cobbler_api.remove_repo(test_repo.name)
+ 
+ 
+-class TestRepoSync:
+-    @pytest.mark.usefixtures("remove_repo")
+-    @pytest.mark.parametrize(
+-        "input_mirror_type,input_mirror,expected_exception",
+-        [
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.MIRRORLIST,
+-                "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.METALINK,
+-                "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://www.example.com/path/to/some/repo",
+-                pytest.raises(cexceptions.CX)
+-            ),
+@pytest.fixture(scope="function", autouse=True)
+def reset_librepo():
+    has_librepo = reposync.HAS_LIBREPO
+    yield
+    reposync.HAS_LIBREPO = has_librepo
+
+
+def test_repo_walker(mocker: "MockerFixture", tmp_path: Path):
+    # Arrange
+    def test_fun(arg: Any, top: Any, names: Any):
+        pass
+
+    subdir1 = tmp_path / "sub1"
+    subdir2 = tmp_path / "sub2"
+    subdir1.mkdir()
+    subdir2.mkdir()
+    spy = mocker.Mock(wraps=test_fun)
+
+    # Act
+    reposync.repo_walker(tmp_path, spy, None)  # type: ignore
+
+    # Assert
+    assert spy.mock_calls == [
+        # settings.yaml is here because of our autouse fixture that we use to restore the settings
+        mocker.call(None, tmp_path, ["settings.yaml", "sub1", "sub2"]),
+        mocker.call(None, str(subdir1), []),
+        mocker.call(None, str(subdir2), []),
+    ]
+
+
+@pytest.mark.parametrize(
+    "input_has_librepo,input_path_exists_side_effect,expected_exception,expected_result",
+    [
+        (True, [False, True], does_not_raise(), ["/usr/bin/dnf", "reposync"]),
+        (True, [True, False], does_not_raise(), ["/usr/bin/reposync"]),
+        (True, [False, False], pytest.raises(cexceptions.CX), ""),
+        (False, [False, True], pytest.raises(cexceptions.CX), ""),
+    ],
+)
+def test_reposync_cmd(
+    mocker: "MockerFixture",
+    reposync_object: reposync.RepoSync,
+    input_has_librepo: bool,
+    input_path_exists_side_effect: List[bool],
+    expected_exception: Any,
+    expected_result: Union[List[str], str],
+):
+    # Arrange
+    mocker.patch("os.path.exists", side_effect=input_path_exists_side_effect)
+    reposync.HAS_LIBREPO = input_has_librepo
+
+    # Act
+    with expected_exception:
+        result = reposync_object.reposync_cmd()
+
+        # Assert
+        assert result == expected_result
+
+
+def test_run(mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo):
+    # Arrange
+    env_vars: Dict[str, Any] = {}
+    mocker.patch("os.makedirs")
+    mocker.patch("os.path.isdir", return_value=True)
+    mocker.patch(
+        "os.path.join",
+        side_effect=[
+            "/srv/www/cobbler/repo_mirror",
+            "/srv/www/cobbler/repo_mirror/%s" % repo.name,
+         ],
+     )
+-    def test_reposync_yum(
+-        self,
+-        input_mirror_type,
+-        input_mirror,
+-        expected_exception,
+-        api,
+-        repo,
+-        reposync
+-    ):
+-        # Arrange
+-        test_repo = repo
+-        test_repo.breed = enums.RepoBreeds.YUM
+-        test_repo.mirror = input_mirror
+-        test_repo.mirror_type = input_mirror_type
+-        test_repo.rpm_list = "fedora-gpg-keys"
+-        test_settings = api.settings()
+-        repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+-
+-        # Act & Assert
+-        with expected_exception:
+-            reposync.run(test_repo.name)
+-            result = os.path.exists(repo_path)
+-            if test_repo.rpm_list and test_repo.rpm_list != []:
+-                for rpm in test_repo.rpm_list:
+-                    assert glob.glob(os.path.join(repo_path, "**", rpm) + "*.rpm", recursive=True) != []
+-            assert result
+-            # Test that re-downloading the metadata in .origin/repodata will not result in an error
+-            reposync.run(test_repo.name)
+-
+-    @pytest.mark.usefixtures("remove_repo")
+-    @pytest.mark.parametrize(
+-        "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception",
+    mocker.patch("os.environ", return_value=env_vars)
+    mocker.patch.object(reposync_object, "repos", return_value=[repo])
+    mocker.patch.object(reposync_object, "sync")
+    mocker.patch.object(reposync_object, "update_permissions")
+    reposync_object.repos = [repo]  # type: ignore
+
+    # Act
+    reposync_object.run()
+
+    # Assert
+    # This has to be 0 since all env vars need to be removed after reposync has run.
+    assert len(env_vars) == 0
+
+
+def test_gen_urlgrab_ssl_opts(reposync_object: reposync.RepoSync):
+    # Arrange
+    input_dict: Dict[str, Any] = {}
+
+    # Act
+    result = reposync_object.gen_urlgrab_ssl_opts(input_dict)
+
+    # Assert
+    assert isinstance(result, tuple)
+    assert len(result) == 2
+    # The data of the first element is kind of flexible let's skip asserting it for now
+    assert isinstance(result[1], bool)
+
+
+@pytest.mark.usefixtures("remove_repo")
+@pytest.mark.parametrize(
+    "input_mirror_type,input_mirror,expected_exception",
+    [
+        (
+            enums.MirrorType.BASEURL,
+            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os",
+            does_not_raise(),
+        ),
+        (
+            enums.MirrorType.MIRRORLIST,
+            "https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64",
+            does_not_raise(),
+        ),
+        (
+            enums.MirrorType.METALINK,
+            "https://mirrors.fedoraproject.org/metalink?repo=rawhide&arch=x86_64",
+            does_not_raise(),
+        ),
+    ],
+)
+def test_reposync_yum(
+    mocker: "MockerFixture",
+    input_mirror_type: enums.MirrorType,
+    input_mirror: str,
+    expected_exception: Any,
+    cobbler_api: CobblerAPI,
+    repo: Repo,
+    reposync_object: reposync.RepoSync,
+):
+    # Arrange
+    test_repo = repo
+    test_repo.breed = enums.RepoBreeds.YUM
+    test_repo.mirror = input_mirror
+    test_repo.mirror_type = input_mirror_type
+    test_repo.rpm_list = "fedora-gpg-keys"
+    test_settings = cobbler_api.settings()
+    repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+    mocked_subprocess = mocker.patch(
+        "cobbler.utils.subprocess_call", autospec=True, return_value=0
+    )
+    mocker.patch.object(
+        reposync_object, "create_local_file", return_value="/create/local/file"
+    )
+    mocker.patch.object(
+        reposync_object, "reposync_cmd", return_value=["/my/fake/dnf", "reposync"]
+    )
+    mocker.patch.object(reposync_object, "rflags", return_value="--fake-r-flakg")
+    mocker.patch.object(
+        reposync_object,
+        "gen_urlgrab_ssl_opts",
+        return_value=(("TODO", "TODO", "TODO"), False),
+    )
+    mocker.patch("os.path.exists", return_value=True)
+    mocker.patch("shutil.rmtree")
+    mocker.patch("os.makedirs")
+    mocked_repo_walker = mocker.patch("cobbler.actions.reposync.repo_walker")
+    handle_mock = mocker.MagicMock()
+    result_mock = mocker.MagicMock()
+    mocker.patch("librepo.Handle", return_value=handle_mock)
+    mocker.patch("librepo.Result", return_value=result_mock)
+
+    # Act & Assert
+    with expected_exception:
+        reposync_object.yum_sync(repo)
+
+        mocked_subprocess.assert_called_with(
+            [
+                "/usr/bin/dnf",
+                "download",
+                "--testflag",
+                "--disablerepo=*",
+                f"--enablerepo={repo.name}",
+                "-c=/create/local/file",
+                f"--destdir={repo_path}",
+                "fedora-gpg-keys",
+            ],
+            shell=False,
+        )
+        handle_mock.perform.assert_called_with(result_mock)
+        assert mocked_repo_walker.call_count == 1
+
+
+@pytest.mark.usefixtures("remove_repo")
+@pytest.mark.parametrize(
+    "input_mirror_type,input_mirror,input_arch,input_rpm_list,expected_exception",
+    [
+        (
+            enums.MirrorType.BASEURL,
+            "http://ftp.debian.org/debian",
+            enums.RepoArchs.X86_64,
+            "",
+            does_not_raise(),
+        ),
+        (
+            enums.MirrorType.MIRRORLIST,
+            "http://ftp.debian.org/debian",
+            enums.RepoArchs.X86_64,
+            "",
+            pytest.raises(cexceptions.CX),
+        ),
+        (
+            enums.MirrorType.METALINK,
+            "http://ftp.debian.org/debian",
+            enums.RepoArchs.X86_64,
+            "",
+            pytest.raises(cexceptions.CX),
+        ),
+        (
+            enums.MirrorType.BASEURL,
+            "http://ftp.debian.org/debian",
+            enums.RepoArchs.NONE,
+            "",
+            pytest.raises(cexceptions.CX),
+        ),
+        (
+            enums.MirrorType.BASEURL,
+            "http://ftp.debian.org/debian",
+            enums.RepoArchs.X86_64,
+            "dpkg",
+            pytest.raises(cexceptions.CX),
+        ),
+    ],
+)
+def test_reposync_apt(
+    mocker: "MockerFixture",
+    input_mirror_type: enums.MirrorType,
+    input_mirror: str,
+    input_arch: enums.RepoArchs,
+    input_rpm_list: str,
+    expected_exception: Any,
+    cobbler_api: CobblerAPI,
+    repo: Repo,
+    reposync_object: reposync.RepoSync,
+):
+    # Arrange
+    test_repo = repo
+    test_repo.breed = enums.RepoBreeds.APT
+    test_repo.arch = input_arch
+    test_repo.apt_components = "main"
+    test_repo.apt_dists = "stable"
+    test_repo.mirror = input_mirror
+    test_repo.mirror_type = input_mirror_type
+    test_repo.rpm_list = input_rpm_list
+    test_settings = cobbler_api.settings()
+    repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+    mocked_subprocess = mocker.patch(
+        "cobbler.utils.subprocess_call", autospec=True, return_value=0
+    )
+    mocker.patch("os.path.exists", return_value=True)
+
+    # Act
+    with expected_exception:
+        reposync_object.apt_sync(repo)
+
+        # Assert
+        mocked_subprocess.assert_called_with(
+            [
+                "/usr/bin/debmirror",
+                "--nocleanup",
+                "--method=http",
+                "--host=ftp.debian.org",
+                "--root=/debian",
+                "--dist=stable",
+                "--section=main",
+                repo_path,
+                "--nosource",
+                "-a=amd64",
+            ],
+            shell=False,
+        )
+
+
+@pytest.mark.usefixtures("remove_repo")
+@pytest.mark.parametrize(
+    "input_mirror_type,input_mirror,expected_exception",
+    [
+        (
+            enums.MirrorType.BASEURL,
+            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+            does_not_raise(),
+        ),
+        (
+            enums.MirrorType.MIRRORLIST,
+            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+            pytest.raises(cexceptions.CX),
+        ),
+        (
+            enums.MirrorType.METALINK,
+            "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+            pytest.raises(cexceptions.CX),
+        ),
+    ],
+)
+def test_reposync_wget(
+    mocker: "MockerFixture",
+    input_mirror_type: enums.MirrorType,
+    input_mirror: str,
+    expected_exception: Any,
+    cobbler_api: CobblerAPI,
+    repo: Repo,
+    reposync_object: reposync.RepoSync,
+):
+    # Arrange
+    test_repo = repo
+    test_repo.breed = enums.RepoBreeds.WGET
+    test_repo.mirror = input_mirror
+    test_repo.mirror_type = input_mirror_type
+    repo_path = os.path.join(
+        reposync_object.settings.webdir, "repo_mirror", test_repo.name
+    )
+    mocked_subprocess = mocker.patch(
+        "cobbler.utils.subprocess_call", autospec=True, return_value=0
+    )
+    mocker.patch("cobbler.actions.reposync.repo_walker")
+    mocker.patch.object(reposync_object, "create_local_file")
+
+    # Act
+    with expected_exception:
+        reposync_object.wget_sync(test_repo)
+
+        # Assert
+        mocked_subprocess.assert_called_with(
+            [
+                "wget",
+                "-N",
+                "-np",
+                "-r",
+                "-l",
+                "inf",
+                "-nd",
+                "-P",
+                repo_path,
+                input_mirror,
+            ],
+            shell=False,
+        )
+
+
+def test_reposync_rhn(
+    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
+):
+    # Arrange
+    repo.mirror = "rhn://%s" % repo.name
+    mocked_subprocess = mocker.patch(
+        "cobbler.utils.subprocess_call", autospec=True, return_value=0
+    )
+    mocker.patch("os.path.isdir", return_value=True)
+    mocker.patch("os.makedirs")
+    mocker.patch("cobbler.actions.reposync.repo_walker")
+    mocker.patch.object(reposync_object, "create_local_file")
+    mocker.patch.object(
+        reposync_object, "reposync_cmd", return_value=["/my/fake/reposync"]
+    )
+
+    # Act
+    reposync_object.rhn_sync(repo)
+
+    # Assert
+    # TODO: Check this more and document how its actually working
+    mocked_subprocess.assert_called_with(
+         [
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.MIRRORLIST,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.METALINK,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://www.example.com/path/to/some/repo",
+-                enums.RepoArchs.X86_64,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.NONE,
+-                "",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://ftp.debian.org/debian",
+-                enums.RepoArchs.X86_64,
+-                "dpkg",
+-                pytest.raises(cexceptions.CX)
+-            ),
+            "/my/fake/reposync",
+            "--testflag",
+            "--repo=testrepo0",
+            "--download-path=/srv/www/cobbler/repo_mirror",
+         ],
+        shell=False,
+     )
+-    def test_reposync_apt(
+-        self,
+-        input_mirror_type,
+-        input_mirror,
+-        input_arch,
+-        input_rpm_list,
+-        expected_exception,
+-        api,
+-        repo,
+-        reposync
+-    ):
+-        # Arrange
+-        test_repo = repo
+-        test_repo.breed = enums.RepoBreeds.APT
+-        test_repo.arch = input_arch
+-        test_repo.apt_components = "main"
+-        test_repo.apt_dists = "stable"
+-        test_repo.mirror = input_mirror
+-        test_repo.mirror_type = input_mirror_type
+-        test_repo.rpm_list = input_rpm_list
+-        test_repo.yumopts = "--exclude=.* --include=dpkg.* --no-check-gpg --rsync-extra=none"
+-        test_settings = api.settings()
+-        repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+-
+-        # Act & Assert
+-        with expected_exception:
+-            reposync.run(test_repo.name)
+-            result = os.path.exists(repo_path)
+-            for rpm in ["dpkg"]:
+-                assert glob.glob(os.path.join(repo_path, "**", "dpkg") + "*", recursive=True) != []
+-            assert result
+-
+-    @pytest.mark.skip("To flaky and thus not reliable. Needs to be mocked to be of use.")
+-    @pytest.mark.usefixtures("remove_repo")
+-    @pytest.mark.parametrize(
+-        "input_mirror_type,input_mirror,expected_exception",
+
+
+def test_reposync_rsync(
+    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
+):
+    # Arrange
+    mocked_subprocess = mocker.patch("cobbler.utils.subprocess_call", return_value=0)
+    mocker.patch("cobbler.actions.reposync.repo_walker")
+    mocker.patch.object(reposync_object, "create_local_file")
+    repo_path = os.path.join(reposync_object.settings.webdir, "repo_mirror", repo.name)
+
+    # Act
+    reposync_object.rsync_sync(repo)
+
+    # Assert
+    mocked_subprocess.assert_called_with(
+         [
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+-                does_not_raise()
+-            ),
+-            (
+-                enums.MirrorType.MIRRORLIST,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.METALINK,
+-                "http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/2",
+-                pytest.raises(cexceptions.CX)
+-            ),
+-            (
+-                enums.MirrorType.BASEURL,
+-                "http://www.example.com/path/to/some/repo",
+-                pytest.raises(cexceptions.CX)
+-            ),
+            "rsync",
+            "--testflag",
+            "--delete-after",
+            "-e ssh",
+            "--delete",
+            "--exclude-from=/etc/cobbler/rsync.exclude",
+            "/",
+            repo_path,
+         ],
+        shell=False,
+     )
+-    def test_reposync_wget(
+-        self,
+-        input_mirror_type,
+-        input_mirror,
+-        expected_exception,
+-        api,
+-        repo,
+-        reposync
+-    ):
+-        # Arrange
+-        test_repo = repo
+-        test_repo.breed = enums.RepoBreeds.WGET
+-        test_repo.mirror = input_mirror
+-        test_repo.mirror_type = input_mirror_type
+-        test_settings = api.settings()
+-        repo_path = os.path.join(test_settings.webdir, "repo_mirror", test_repo.name)
+-
+-        # Act & Assert
+-        with expected_exception:
+-            reposync.run(test_repo.name)
+-            result = os.path.exists(repo_path)
+-            for rpm in ["rpm"]:
+-                assert glob.glob(os.path.join(repo_path, "**", "2") + "*", recursive=True) != []
+-            assert result
+-
+-
+-@pytest.mark.skip("TODO")
+-def test_reposync_rhn():
+
+
+def test_createrepo_walker(
+    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
+):
+     # Arrange
+    input_repo = repo
+    input_repo.breed = enums.RepoBreeds.RSYNC
+    input_dirname = ""
+    input_fnames = []
+    expected_call = ["createrepo", "--testflags", f"'{input_dirname}'"]
+    mocked_subprocess = mocker.patch(
+        "cobbler.utils.subprocess_call", autospec=True, return_value=0
+    )
+    mocker.patch(
+        "cobbler.utils.blender",
+        autospec=True,
+        return_value={"createrepo_flags": "--testflags"},
+    )
+    mocker.patch("cobbler.utils.remove_yum_olddata")
+    mocker.patch("cobbler.utils.subprocess_get", return_value="5")
+    mocker.patch("cobbler.utils.get_family", return_value="TODO")
+    mocker.patch("os.path.exists", return_value=True)
+    mocker.patch("os.path.isfile", return_value=True)
+    mocker.patch.object(reposync_object, "librepo_getinfo", return_value={})
+
+     # Act
+    reposync_object.createrepo_walker(input_repo, input_dirname, input_fnames)
+
+     # Assert
+-    assert False
+    # TODO: Improve coverage over different cases in method
+    mocked_subprocess.assert_called_with(expected_call, shell=False)
+ 
+ 
+-@pytest.mark.skip("TODO")
+-def test_reposync_rsync():
+@pytest.mark.parametrize(
+    "input_repotype,expected_exception",
+    [
+        (enums.RepoBreeds.YUM, does_not_raise()),
+        (enums.RepoBreeds.RHN, does_not_raise()),
+        (enums.RepoBreeds.APT, does_not_raise()),
+        (enums.RepoBreeds.RSYNC, does_not_raise()),
+        (enums.RepoBreeds.WGET, does_not_raise()),
+        (enums.RepoBreeds.NONE, pytest.raises(cexceptions.CX)),
+    ],
+)
+def test_sync(
+    mocker: "MockerFixture",
+    cobbler_api: CobblerAPI,
+    reposync_object: reposync.RepoSync,
+    input_repotype: enums.RepoBreeds,
+    expected_exception: Any,
+):
+     # Arrange
+    test_repo = Repo(cobbler_api)
+    test_repo.breed = input_repotype
+    rhn_sync_mock = mocker.patch.object(reposync_object, "rhn_sync")
+    yum_sync_mock = mocker.patch.object(reposync_object, "yum_sync")
+    apt_sync_mock = mocker.patch.object(reposync_object, "apt_sync")
+    rsync_sync_mock = mocker.patch.object(reposync_object, "rsync_sync")
+    wget_sync_mock = mocker.patch.object(reposync_object, "wget_sync")
+
+     # Act
+    with expected_exception:
+        reposync_object.sync(test_repo)
+
+        # Assert
+        call_count = sum(
+            (
+                rhn_sync_mock.call_count,
+                yum_sync_mock.call_count,
+                apt_sync_mock.call_count,
+                rsync_sync_mock.call_count,
+                wget_sync_mock.call_count,
+            )
+        )
+        assert call_count == 1
+
+
+def test_librepo_getinfo(
+    mocker: "MockerFixture", reposync_object: reposync.RepoSync, tmp_path: Path
+):
+    # Arrange
+    handle_mock = mocker.MagicMock()
+    result_mock = mocker.MagicMock()
+    mocker.patch("librepo.Handle", return_value=handle_mock)
+    mocker.patch("librepo.Result", return_value=result_mock)
+
+    # Act
+    reposync_object.librepo_getinfo(str(tmp_path))
+
+    # Assert
+    handle_mock.perform.assert_called_with(result_mock)
+    result_mock.getinfo.assert_called()
+
+
+def test_create_local_file(
+    mocker: "MockerFixture", reposync_object: reposync.RepoSync, repo: Repo
+):
+    # Arrange
+    mocker.patch("cobbler.utils.filesystem_helpers.mkdir", autospec=True)
+    mock_open = mocker.patch("builtins.open", mocker.mock_open())
+    input_dest_path = ""
+    input_repo = repo
+    input_output = True
+
+    # Act
+    reposync_object.create_local_file(input_dest_path, input_repo, output=input_output)
+
+    # Assert
+    # TODO: Extend checks
+    assert mock_open.call_count == 1
+    assert mock_open.mock_calls[0] == mocker.call("config.repo", "w", encoding="UTF-8")
+    mock_open_handle = mock_open()
+    assert mock_open_handle.write.mock_calls[0] == mocker.call("[testrepo0]\n")
+    assert mock_open_handle.write.mock_calls[1] == mocker.call("name=testrepo0\n")
+
+
+def test_update_permissions(
+    mocker: "MockerFixture", reposync_object: reposync.RepoSync
+):
+    # Arrange
+    mocked_subprocess = mocker.patch(
+        "cobbler.utils.subprocess_call", autospec=True, return_value=0
+    )
+    path_to_update = "/my/fake/path"
+    expected_calls = [
+        mocker.call(["chown", "-R", "root:www", path_to_update], shell=False),
+        mocker.call(["chmod", "-R", "755", path_to_update], shell=False),
+    ]
+
+    # Act
+    reposync_object.update_permissions(path_to_update)
+
+     # Assert
+-    assert False
+    assert mocked_subprocess.mock_calls == expected_calls
--- a/cobbler-remove-get-loaders.patch
+++ b/cobbler-remove-get-loaders.patch
@ -1,111 +0,0 @@
-commit fdf493ae4095c3266997e8b9c9cbcb31767b06d6
-Author: Orion Poplawski <orion@nwra.com>
-Date:   Wed Dec 8 20:19:51 2021 -0700
-
-    Remove get-loaders
-
-diff --git a/cobbler/action_check.py b/cobbler/action_check.py
-index c1980a39..825e666d 100644
--- a/cobbler/action_check.py
-+++ b/cobbler/action_check.py
-@@ -335,7 +335,7 @@ class BootCheck:
-              not_found.append(loader_name)
- 
-        if len(not_found) > 0:
-          status.append("Some network boot-loaders are missing from /var/lib/cobbler/loaders, you may run 'cobbler get-loaders' to download them, or, if you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot. The 'cobbler get-loaders' command is the easiest way to resolve these requirements.")
-+          status.append("Some network boot-loaders are missing from /var/lib/cobbler/loaders.  If you only want to handle x86/x86_64 netbooting, you may ensure that you have installed a *recent* version of the syslinux package installed and can ignore this message entirely.  Files in this directory, should you want to support all architectures, should include pxelinux.0, menu.c32, elilo.efi, and yaboot.")
- 
-    def check_tftpd_bin(self,status):
-        """
-diff --git a/cobbler/api.py b/cobbler/api.py
-index 77ffc689..30f4b878 100644
--- a/cobbler/api.py
-+++ b/cobbler/api.py
-@@ -36,7 +36,6 @@ import action_report
- import action_power
- import action_log
- import action_hardlink
-import action_dlcontent
- from cexceptions import CX
- import kickgen
- import yumgen
-@@ -723,19 +722,6 @@ class BootAPI:
- 
-     # ==========================================================================
- 
-    def dlcontent(self,force=False,logger=None):
-        """
-        Downloads bootloader content that may not be avialable in packages
-        for the given arch, ex: if installing on PPC, get syslinux. If installing
-        on x86_64, get elilo, etc.
-        """
-        # FIXME: teach code that copies it to grab from the right place
-        self.log("dlcontent")
-        grabber = action_dlcontent.ContentDownloader(self._config, logger=logger)
-        return grabber.run(force)
-
-    # ==========================================================================
-
-     def validateks(self, logger=None):
-         """
-         Use ksvalidator (from pykickstart, if available) to determine
-diff --git a/cobbler/cli.py b/cobbler/cli.py
-index a1aa815e..71af6853 100755
--- a/cobbler/cli.py
-+++ b/cobbler/cli.py
-@@ -56,7 +56,7 @@ OBJECT_TYPES = OBJECT_ACTIONS_MAP.keys()
- OBJECT_ACTIONS = []
- for actions in OBJECT_ACTIONS_MAP.values():
-    OBJECT_ACTIONS += actions
-DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validateks version signature get-loaders hardlink".split()
-+DIRECT_ACTIONS = "aclsetup buildiso import list replicate report reposync sync validateks version signature hardlink".split()
- 
- ####################################################
- 
-@@ -501,10 +501,6 @@ class BootCLI:
-         elif action_name == "validateks":
-             (options, args) = self.parser.parse_args()
-             task_id = self.start_task("validateks",options)
-        elif action_name == "get-loaders":
-            self.parser.add_option("--force", dest="force", action="store_true", help="overwrite any existing content in /var/lib/cobbler/loaders")
-            (options, args) = self.parser.parse_args()
-            task_id = self.start_task("dlcontent",options)
-         elif action_name == "import":
-             self.parser.add_option("--arch",         dest="arch",           help="OS architecture being imported")
-             self.parser.add_option("--breed",        dest="breed",          help="the breed being imported")
-diff --git a/cobbler/remote.py b/cobbler/remote.py
-index f7b93abc..d2b5d0b5 100644
--- a/cobbler/remote.py
-+++ b/cobbler/remote.py
-@@ -168,14 +168,6 @@ class CobblerXMLRPCInterface:
-             )
-         return self.__start_task(runner, token, "aclsetup", "(CLI) ACL Configuration", options)
- 
-    def background_dlcontent(self, options, token):
-        """
-        Download bootloaders and other support files.
-        """
-        def runner(self):
-            return self.remote.api.dlcontent(self.options.get("force",False), self.logger)
-        return self.__start_task(runner, token, "get_loaders", "Download Bootloader Content", options)
-
-     def background_sync(self, options, token):
-         def runner(self):
-             return self.remote.api.sync(self.options.get("verbose",False),logger=self.logger)
-diff --git a/docs/appendix.rst b/docs/appendix.rst
-index b1945c72..7dc73411 100644
--- a/docs/appendix.rst
-+++ b/docs/appendix.rst
-@@ -611,12 +611,6 @@ Steps
- DBAN 2.2.6
- **********
- 
-Retrieve the extra loader parts that DBAN 2.2.6 needs:
-
-.. code-block:: bash
-
-    cobbler get-loaders
-
- Download DBAN:
- 
- .. code-block:: bash
--- a/cobbler-reposync.patch
+++ b/cobbler-reposync.patch
@ -0,0 +1,18 @@
+diff -up cobbler-3.3.7/cobbler/cli.py.reposync cobbler-3.3.7/cobbler/cli.py
+--- cobbler-3.3.7/cobbler/cli.py.reposync	2024-11-17 14:02:02.000000000 -0700
+++ cobbler-3.3.7/cobbler/cli.py	2025-10-04 19:21:03.379260526 -0600
+@@ -1184,7 +1184,13 @@ class CobblerCLI:
+             task_id = self.start_task("import", options)
+         elif action_name == "reposync":
+             self.parser.add_option("--only", dest="only", help="update only this repository name")
+-            self.parser.add_option("--tries", dest="tries", help="try each repo this many times", default=1)
+            self.parser.add_option(
+                "--tries",
+                dest="tries",
+                help="try each repo this many times",
+                default=1,
+                type="int",
+            )
+             self.parser.add_option("--no-fail", dest="nofail", help="don't stop reposyncing if a failure occurs",
+                                    action="store_true")
+             (options, args) = self.parser.parse_args(self.args)
--- a/cobbler.fc
+++ b/cobbler.fc
@ -0,0 +1,28 @@
+/etc/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_etc_t,s0)
+
+/etc/rc\.d/init\.d/cobblerd	--	gen_context(system_u:object_r:cobblerd_initrc_exec_t,s0)
+
+/usr/bin/cobblerd	--	gen_context(system_u:object_r:cobblerd_exec_t,s0)
+
+/usr/lib/systemd/system/cobblerd.*	--	gen_context(system_u:object_r:cobblerd_unit_file_t,s0)
+
+/var/cache/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+
+/var/lib/tftpboot/aarch64(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/boot(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/etc(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/grub(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/images(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/images2(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/memdisk	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/menu\.c32	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/ppc(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/pxelinux\.0	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/pxelinux\.cfg(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/s390x(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+/var/lib/tftpboot/yaboot	--	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
+
+/var/log/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_log_t,s0)
+
+/var/www/cobbler(/.*)?	gen_context(system_u:object_r:cobbler_var_lib_t,s0)
--- a/cobbler.if
+++ b/cobbler.if
@ -0,0 +1,251 @@
+## <summary>Cobbler installation server.</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run cobblerd.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`cobblerd_domtrans',`
+	gen_require(`
+		type cobblerd_t, cobblerd_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, cobblerd_exec_t, cobblerd_t)
+')
+
+########################################
+## <summary>
+##	Execute cobblerd server in the cobblerd domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`cobblerd_systemctl',`
+	gen_require(`
+		type named_unit_file_t;
+		type named_t;
+	')
+
+	systemd_exec_systemctl($1)
+	init_reload_services($1)
+	allow $1 named_unit_file_t:file read_file_perms;
+	allow $1 named_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, named_t)
+')
+
+########################################
+## <summary>
+##	Execute cobblerd init scripts in
+##	the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`cobblerd_initrc_domtrans',`
+	gen_require(`
+		type cobblerd_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, cobblerd_initrc_exec_t)
+')
+
+
+
+########################################
+## <summary>
+##	Read cobbler configuration dirs.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_list_config',`
+	gen_require(`
+		type cobbler_etc_t;
+	')
+
+	list_dirs_pattern($1, cobbler_etc_t, cobbler_etc_t)
+	files_search_etc($1)
+')
+
+
+########################################
+## <summary>
+##	Read cobbler configuration files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_read_config',`
+	gen_require(`
+		type cobbler_etc_t;
+	')
+
+	read_files_pattern($1, cobbler_etc_t, cobbler_etc_t)
+	files_search_etc($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to read and write
+##	cobbler log files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`cobbler_dontaudit_rw_log',`
+	gen_require(`
+		type cobbler_var_log_t;
+	')
+
+	dontaudit $1 cobbler_var_log_t:file rw_file_perms;
+')
+
+########################################
+## <summary>
+##	Search cobbler lib directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_search_lib',`
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Read cobbler lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_read_lib_files',`
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	read_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+    read_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+')
+
+########################################
+## <summary>
+##	Create, read, write, and delete
+##	cobbler lib files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`cobbler_manage_lib_files',`
+	gen_require(`
+		type cobbler_var_lib_t;
+	')
+
+	files_search_var_lib($1)
+	manage_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+    manage_lnk_files_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+    manage_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
+')
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cobbler environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`cobblerd_admin',`
+	refpolicywarn(`$0($*) has been deprecated, use cobbler_admin() instead.')
+	cobbler_admin($1, $2)
+')
+
+########################################
+## <summary>
+##	All of the rules required to
+##	administrate an cobbler environment.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`cobbler_admin',`
+	gen_require(`
+		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
+		type cobbler_etc_t, cobblerd_initrc_exec_t;
+		type cobbler_tmp_t;
+	')
+
+	allow $1 cobblerd_t:process { ptrace signal_perms };
+	ps_process_pattern($1, cobblerd_t)
+
+	cobblerd_initrc_domtrans($1)
+	domain_system_change_exemption($1)
+	role_transition $2 cobblerd_initrc_exec_t system_r;
+	allow $2 system_r;
+
+	files_search_etc($1)
+	admin_pattern($1, cobbler_etc_t)
+
+	files_search_tmp($1)
+	admin_pattern($1, cobbler_tmp_t)
+
+	files_search_var_lib($1)
+	admin_pattern($1, cobbler_var_lib_t)
+
+	logging_search_logs($1)
+	admin_pattern($1, cobbler_var_log_t)
+')
--- a/cobbler.spec
+++ b/cobbler.spec
--- a/cobbler.te
+++ b/cobbler.te
@ -0,0 +1,249 @@
+policy_module(cobbler, 1.3.0)
+
+########################################
+#
+# Declarations
+#
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can modify
+##	public files used for public file
+##	transfer services.
+##	</p>
+## </desc>
+gen_tunable(cobbler_anon_write, false)
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can connect
+##	to the network using TCP.
+##	</p>
+## </desc>
+gen_tunable(cobbler_can_network_connect, false)
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can access
+##	cifs file systems.
+##	</p>
+## </desc>
+gen_tunable(cobbler_use_cifs, false)
+
+## <desc>
+##	<p>
+##	Determine whether Cobbler can access
+##	nfs file systems.
+##	</p>
+## </desc>
+gen_tunable(cobbler_use_nfs, false)
+
+gen_require(`
+	type debuginfo_exec_t;
+	type init_exec_t;
+	class file getattr;
+')
+
+type cobblerd_t;
+type cobblerd_exec_t;
+init_daemon_domain(cobblerd_t, cobblerd_exec_t)
+
+type cobblerd_initrc_exec_t;
+init_script_file(cobblerd_initrc_exec_t)
+
+type cobbler_etc_t;
+files_config_file(cobbler_etc_t)
+
+type cobbler_var_log_t;
+logging_log_file(cobbler_var_log_t)
+
+type cobbler_var_lib_t alias cobbler_content_t;
+files_type(cobbler_var_lib_t)
+
+type cobbler_tmp_t;
+files_tmp_file(cobbler_tmp_t)
+
+type cobblerd_unit_file_t;
+systemd_unit_file(cobblerd_unit_file_t)
+
+########################################
+#
+# Local policy
+#
+
+allow cobblerd_t self:capability { chown dac_read_search  fowner fsetid sys_nice };
+dontaudit cobblerd_t self:capability sys_tty_config;
+allow cobblerd_t self:process { getsched setsched signal };
+allow cobblerd_t self:fifo_file rw_fifo_file_perms;
+allow cobblerd_t self:tcp_socket { accept listen };
+allow cobblerd_t self:netlink_audit_socket create_socket_perms;
+
+allow cobblerd_t cobbler_etc_t:dir list_dir_perms;
+allow cobblerd_t cobbler_etc_t:file read_file_perms;
+allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms;
+
+allow cobblerd_t cobbler_tmp_t:file mmap_file_perms;
+# Allow cobbler to stat /usr/libexec/dnf-utils (aka reposync/yumdownloader)
+allow cobblerd_t debuginfo_exec_t:file getattr;
+# Allow cobbler to stat /usr/lib/systemd/systemd
+allow cobblerd_t init_exec_t:file getattr;
+# Allow cobbler to check status of itself
+allow cobblerd_t cobblerd_unit_file_t:service status;
+
+manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
+manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
+files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file })
+
+manage_dirs_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+manage_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+manage_lnk_files_pattern(cobblerd_t, cobbler_var_lib_t, cobbler_var_lib_t)
+files_var_lib_filetrans(cobblerd_t, cobbler_var_lib_t, dir)
+files_var_filetrans(cobblerd_t, cobbler_var_lib_t, dir, "cobbler")
+
+append_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+create_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+read_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
+logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file)
+
+kernel_read_system_state(cobblerd_t)
+kernel_read_network_state(cobblerd_t)
+
+corecmd_exec_bin(cobblerd_t)
+corecmd_exec_shell(cobblerd_t)
+
+corenet_all_recvfrom_netlabel(cobblerd_t)
+corenet_all_recvfrom_unlabeled(cobblerd_t)
+corenet_tcp_sendrecv_generic_if(cobblerd_t)
+corenet_tcp_sendrecv_generic_node(cobblerd_t)
+corenet_tcp_bind_generic_node(cobblerd_t)
+
+corenet_sendrecv_cobbler_server_packets(cobblerd_t)
+corenet_tcp_bind_cobbler_port(cobblerd_t)
+corenet_tcp_sendrecv_cobbler_port(cobblerd_t)
+
+corenet_sendrecv_ftp_client_packets(cobblerd_t)
+corenet_tcp_connect_ftp_port(cobblerd_t)
+corenet_tcp_sendrecv_ftp_port(cobblerd_t)
+
+corenet_tcp_sendrecv_http_port(cobblerd_t)
+corenet_tcp_connect_http_port(cobblerd_t)
+corenet_sendrecv_http_client_packets(cobblerd_t)
+
+dev_read_sysfs(cobblerd_t)
+dev_read_urand(cobblerd_t)
+
+files_list_boot(cobblerd_t)
+files_list_tmp(cobblerd_t)
+files_read_boot_files(cobblerd_t)
+files_read_etc_runtime_files(cobblerd_t)
+
+fs_getattr_all_fs(cobblerd_t)
+fs_read_iso9660_files(cobblerd_t)
+
+selinux_get_enforce_mode(cobblerd_t)
+
+term_use_console(cobblerd_t)
+
+auth_use_nsswitch(cobblerd_t)
+
+logging_send_syslog_msg(cobblerd_t)
+
+miscfiles_read_localization(cobblerd_t)
+miscfiles_read_public_files(cobblerd_t)
+
+sysnet_dns_name_resolve(cobblerd_t)
+sysnet_rw_dhcp_config(cobblerd_t)
+sysnet_write_config(cobblerd_t)
+
+tunable_policy(`cobbler_anon_write',`
+	miscfiles_manage_public_files(cobblerd_t)
+')
+
+tunable_policy(`cobbler_can_network_connect',`
+	corenet_sendrecv_all_client_packets(cobblerd_t)
+	corenet_tcp_connect_all_ports(cobblerd_t)
+	corenet_tcp_sendrecv_all_ports(cobblerd_t)
+')
+
+tunable_policy(`cobbler_use_cifs',`
+	fs_manage_cifs_dirs(cobblerd_t)
+	fs_manage_cifs_files(cobblerd_t)
+	fs_manage_cifs_symlinks(cobblerd_t)
+')
+
+tunable_policy(`cobbler_use_nfs',`
+	fs_manage_nfs_dirs(cobblerd_t)
+	fs_manage_nfs_files(cobblerd_t)
+	fs_manage_nfs_symlinks(cobblerd_t)
+')
+
+optional_policy(`
+	apache_search_config(cobblerd_t)
+	apache_domtrans(cobblerd_t)
+	apache_search_sys_content(cobblerd_t)
+')
+
+optional_policy(`
+	bind_read_config(cobblerd_t)
+	bind_write_config(cobblerd_t)
+	bind_domtrans_ndc(cobblerd_t)
+	bind_domtrans(cobblerd_t)
+	bind_initrc_domtrans(cobblerd_t)
+	bind_manage_zone(cobblerd_t)
+	bind_systemctl(cobblerd_t)
+')
+
+optional_policy(`
+	certmaster_exec(cobblerd_t)
+')
+
+optional_policy(`
+	dhcpd_domtrans(cobblerd_t)
+	dhcpd_initrc_domtrans(cobblerd_t)
+	dhcpd_systemctl(cobblerd_t)
+')
+
+optional_policy(`
+	dnsmasq_domtrans(cobblerd_t)
+	dnsmasq_initrc_domtrans(cobblerd_t)
+	dnsmasq_write_config(cobblerd_t)
+	dnsmasq_systemctl(cobblerd_t)
+')
+
+# To read /boot/efi
+optional_policy(`
+	fs_list_dos(cobblerd_t)
+	fs_read_dos_files(cobblerd_t)
+')
+
+# To run mkfs.fat when generating ISO
+optional_policy(`
+	fstools_exec(cobblerd_t)
+')
+
+optional_policy(`
+	libs_exec_ldconfig(cobblerd_t)
+')
+
+optional_policy(`
+	mysql_stream_connect(cobblerd_t)
+')
+
+optional_policy(`
+	rpm_exec(cobblerd_t)
+')
+
+optional_policy(`
+	rsync_exec(cobblerd_t)
+	rsync_read_config(cobblerd_t)
+	rsync_manage_config(cobblerd_t)
+	rsync_etc_filetrans_config(cobblerd_t, file, "rsync.conf")
+')
+
+optional_policy(`
+	tftp_manage_config(cobblerd_t)
+	tftp_manage_rw_content(cobblerd_t)
+	tftp_delete_content_dirs(cobblerd_t)
+	tftp_filetrans_tftpdir(cobblerd_t, cobbler_var_lib_t, { dir file })
+')
--- a/cobblerd.service
+++ b/cobblerd.service
@ -1,13 +0,0 @@
-[Unit]
-Description=Cobbler Helper Daemon
-After=syslog.target network.target
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/cobblerd
-RemainAfterExit=yes
-PrivateTmp=yes
-
-[Install]
-WantedBy=multi-user.target
-
--- a/migrate-settings.sh
+++ b/migrate-settings.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+sed -i -e 's,^default_kickstart: */var/lib/cobbler/kickstarts,default_autoinstall: /var/lib/cobbler/templates,' \
+       -e '/^\(consoles\|func_\|kernel_options_s390x\|power_template_dir\|pxe_template_dir\|redhat_management_type\|snippetsdir\|template_remote_kickstarts\):/s/^/# REMOVED: /' \
+       -e '$a#ADDED:' -e '$acache_enabled: true' -e '$areposync_rsync_flags: "-rltDv --copy-unsafe-links"' /etc/cobbler/settings.yaml
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (cobbler-2.8.5.tar.gz) = 6587308eb9eb49f7a894ddd052e1e3e226b4bcbffcf5c7e909e035b3faba1a8ae00631b96e11f0274d058b41b985b9a53776428b4587708111ef8158dec4e9d1
+SHA512 (cobbler-3.3.7.tar.gz) = df6570dd7c6cbe50464624267df1bbecbb29e60513bba312a6c726502d4670670f3113f24b6b7e465d0b3353c0721e6fe3725dbc4569b4f624ec2b4a29682d1a
Author	SHA1	Message	Date
Cristian Le	9be7a60c6c	Fix the dependency on syslinux Signed-off-by: Cristian Le <git@lecris.dev>	2025-12-23 16:48:31 +07:00
Orion Poplawski	20b9555db9	Add patch [skip changelog]	2025-10-04 21:36:03 -06:00
Orion Poplawski	dd50735347	Drop running migrate-data-v2-to-v3.py (rhbz#2349260)	2025-10-04 21:20:47 -06:00
Orion Poplawski	05d3a3d92b	Allow cobblerd access to /boot/efi (rhbz#2353901)	2025-10-04 21:04:17 -06:00
Orion Poplawski	87a66c903a	Add patch to use systemctl is-active to check status, avoids SELinux AVCs (rhbz#2353898)	2025-10-04 20:08:27 -06:00
Orion Poplawski	58e09a595a	Add upstream patch to fix reposync (rhbz#2401605)	2025-10-04 19:24:45 -06:00
Python Maint	5cc13feffb	Rebuilt for Python 3.14.0rc3 bytecode	2025-09-19 12:11:21 +02:00
Python Maint	4195c16d1e	Rebuilt for Python 3.14.0rc2 bytecode	2025-08-15 12:42:08 +02:00
Fedora Release Engineering	cd2b41fa6a	Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild	2025-07-23 18:28:15 +00:00
Python Maint	70baef3349	Rebuilt for Python 3.14	2025-06-03 12:20:23 +02:00
Orion Poplawski	eb1d04f77e	Drop Requires: /sbin/service, no longer needed (rhbz#2365434)	2025-05-11 14:58:50 -06:00
Orion Poplawski	0788c790c2	Convert to %autorelease and %autochangelog [skip changelog]	2025-05-11 14:57:39 -06:00
Fedora Release Engineering	2c824d747a	Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild	2025-01-16 14:04:56 +00:00
Orion Poplawski	11a217ef3c	Backport upstream patch for Python 3.13 support (rhbz#2335620)	2025-01-05 11:02:23 -07:00
Orion Poplawski	fbd4957ccb	Drop unused patches	2024-11-17 16:56:21 -07:00
Orion Poplawski	694275065e	Update to 3.3.7 (CVE-2024-47533)	2024-11-17 16:24:53 -07:00
Carl George	47027a0994	Fix cheetah dependency Cheetah switched names from Cheetah3 to CT3 in its metadata in version 3.3.0. The Fedora package name is the same, but since we're using %py3_dist to specify the build-time dependency we must use the new metadata name. We also must adjust cobbler's metadata to specify the correct metadata name as a run-time dependency, because that is what the automatic Python run-time dependency generator uses. `673259b2d1` Resolves: rhbz#2314630	2024-09-30 19:15:04 -05:00
Carl George	a67153671d	Remove python3dist(ldap) weak dependency Nothing in Fedora provides python3dist(ldap), so this recommends has no effect. On PyPI ldap is an uninstallable dummy project with a description that directs people to python-ldap. Cobbler already has a run-time dependency on python-ldap from the automatic generator.	2024-09-27 01:22:24 -05:00
Carl George	38e625d09c	Remove duplicate run-time dependencies The automatic run-time dependency generator already covers all of these. https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#Automatically-generated-dependencies	2024-09-27 01:18:42 -05:00
Carl George	0db922ecdf	Remove simplejson dependency This was removed upstream in version 3.3.0. `ba64e5ef76`	2024-09-27 01:13:58 -05:00
Orion Poplawski	a8bdaff834	Drop old conditionals	2024-07-30 19:59:46 -06:00
Orion Poplawski	e4ad2811c5	Update to 3.3.6 Update to 3.3.6 Update to 3.3.6 Update to 3.3.6	2024-07-30 19:58:58 -06:00
Miroslav Suchý	4f2da8b22a	convert GPLv2+ license to SPDX This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4	2024-07-25 23:19:59 +02:00
Fedora Release Engineering	da3242e687	Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild	2024-07-17 19:36:15 +00:00
Orion Poplawski	0bca026fd8	Update to 3.3.5 Update to 3.3.5 Update to 3.3.5 Update to 3.3.5	2024-07-11 21:38:48 -06:00
Python Maint	ba39bd45a2	Rebuilt for Python 3.13	2024-06-07 23:19:34 +02:00
Python Maint	ca7ccfbefd	Rebuilt for Python 3.13	2024-06-07 18:57:18 +02:00
Orion Poplawski	65c2b1ba5d	Fix service name in selinux post install script	2024-04-27 10:49:25 -06:00
Orion Poplawski	6428fa3761	Test for existence of web.ss before chowning it (bz#2276860)	2024-04-25 19:30:42 -06:00
Orion Poplawski	4411debad7	Fix BZ#s	2024-02-26 21:54:57 -07:00
Orion Poplawski	40e914ee29	Update to 3.3.4 Add local SELinux policy and allow cobbler to check service statuses, run mkfs.fat, and check for reposync and yumdownloader (bz#225122) Change owndership of web.ss to root (bz#2247652)	2024-02-26 21:43:13 -07:00
Fedora Release Engineering	0fc9b61b9b	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-24 07:36:17 +00:00
Fedora Release Engineering	00d12f25d0	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-19 15:46:52 +00:00
Fedora Release Engineering	1e0ee4450a	Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-07-19 15:59:35 +00:00
Orion Poplawski	762bc49951	Add BR on make	2023-07-17 07:53:50 -06:00
Orion Poplawski	d54231a40c	Manually make man pages	2023-07-17 07:34:17 -06:00
Orion Poplawski	2185610535	Add patch to fix build with Sphinx 7	2023-07-16 22:29:22 -06:00
Python Maint	375a43720e	Rebuilt for Python 3.12	2023-06-14 20:21:15 +02:00
Fedora Release Engineering	c8fb82f394	Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-01-19 00:08:59 +00:00
Fedora Release Engineering	5c3c68319d	Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-07-20 23:13:07 +00:00
Python Maint	017b778961	Rebuilt for Python 3.11	2022-06-23 17:45:59 +02:00
Orion Poplawski	46bf3c8f18	Update to 3.3.3	2022-06-13 19:37:43 -06:00
Orion Poplawski	a8fe6f7f13	Drop setting cache_enabled no longer present in 3.3	2022-05-03 19:24:48 -06:00
Orion Poplawski	fed0a69bb7	Update to 3.3.2	2022-03-12 09:53:49 -07:00
Orion Poplawski	a4bb4acfa1	Update to 3.3.1, removes web interface	2022-02-28 22:13:35 -07:00
Orion Poplawski	c2e0a09f15	More complete coverage removal	2022-02-28 21:42:21 -07:00
Orion Poplawski	65bb1a43d6	Apply fixes for CVE-2021-45082/3 Remove BR on python3-coverage	2022-02-28 21:03:09 -07:00
Orion Poplawski	cf0d310ec1	Fix posttrans script	2022-01-23 19:07:14 -07:00
Fedora Release Engineering	b10b6d5001	- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-01-19 23:28:52 +00:00
Orion Poplawski	f610a3843e	Fix path to settings.yaml in scriptlet	2021-12-23 13:17:34 -07:00
Orion Poplawski	8e9ce1e0db	Remove defunct get-loaders command	2021-12-08 19:57:06 -07:00
Orion Poplawski	6cbc1cbb46	Add new keys to settings.yaml on migration or if missing Save original settings to settings.rpmorig	2021-11-22 19:50:41 -07:00
Orion Poplawski	478eae1835	Fix dependencies (bz#2010567)	2021-10-07 22:27:46 -06:00
Orion Poplawski	aa1eab6b0f	Migrate settings to settings.yaml Migrate pre-cobbler 3 data if needed Fix autoinstall_templates -> templates	2021-09-23 22:05:34 -06:00
Orion Poplawski	eaa83c6591	Update to 3.2.2 bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings	2021-09-22 21:59:49 -06:00
Orion Poplawski	2648f0332c	Update to 3.2.1	2021-09-22 21:53:48 -06:00
Fedora Release Engineering	709edc8c43	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 19:42:42 +00:00
Fedora Release Engineering	ec0b8b57f3	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 14:44:55 +00:00
Python Maint	ed73b55b2a	Rebuilt for Python 3.10	2021-06-04 20:01:43 +02:00
Zbigniew Jędrzejewski-Szmek	462fed2ca9	Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583.	2021-03-02 16:14:04 +01:00
Fedora Release Engineering	300d4bdffb	- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-01-26 02:13:12 +00:00
Orion Poplawski	54c6b86861	Give root RW permission to /var/lib/cobbler/web.ss Fix SELinux cobbler logging issue	2020-10-25 14:46:31 -06:00
Orion Poplawski	b4e6cfc1e8	Add patch to support RHEL	2020-10-25 11:19:51 -06:00
Orion Poplawski	af4d6648c7	Update to 3.2.0	2020-10-24 19:14:41 -06:00
Orion Poplawski	a25d0bee4f	Add requires on python-distro and file	2020-09-17 19:45:53 -06:00
Fedora Release Engineering	f40bf31101	- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2020-07-27 14:13:13 +00:00
Orion Poplawski	fe6ff07988	Fix apache configuration	2020-07-07 21:22:20 -06:00
Orion Poplawski	29f603a135	Update to 3.1.2	2020-05-30 20:13:52 -06:00
Miro Hrončok	a0bed46104	Rebuilt for Python 3.9	2020-05-26 02:42:50 +02:00
Miro Hrončok	868c803385	Escape % in date format to prevent RPM errors cobbler.spec: line 119: %S: argument expected	2020-05-04 00:36:52 +02:00
Orion Poplawski	9f18f64d20	Add requires for python3-dns	2020-02-21 15:25:32 -07:00
Orion Poplawski	3afa6212c0	Use %{python3_pkgversion} for EL7 compatibility	2020-02-20 21:50:02 -07:00
Fedora Release Engineering	99d963f283	- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2020-01-28 14:21:32 +00:00
Orion Poplawski	89e9d569da	Update to 3.1.1	2020-01-11 22:33:28 -07:00
Orion Poplawski	7a96e69917	Drop koan completely, including obsoletes. It is a separate package now.	2019-10-22 21:28:55 -06:00
Orion Poplawski	d745480593	Require /sbin/service	2019-10-10 20:15:14 -06:00
Orion Poplawski	4cf006ccde	Fix requires (requests instead of urlgrabber) Fix BR for EL8	2019-10-08 21:14:00 -06:00
Nicolas Chauvet	280ff18862	Add patch for tftp_boot location	2019-09-17 16:40:00 +02:00
Nicolas Chauvet	b60ad4d5af	Exclude mongodb serializer - optional alpha state plugin	2019-09-17 16:07:24 +02:00
Nicolas Chauvet	0cd7658cf6	cobbler is truly a noarch package	2019-09-17 16:07:23 +02:00
Nicolas Chauvet	9bdab009e7	Avoid to obsoletes on el8	2019-09-17 16:07:23 +02:00
Nicolas Chauvet	ce3617316f	Fixup rhel7 requires	2019-09-17 16:07:23 +02:00
Nicolas Chauvet	b4d4215db3	Add missing BR	2019-09-17 16:07:23 +02:00
Nicolas Chauvet	6e7187fa0a	Add https	2019-09-17 13:54:30 +02:00
Nicolas Chauvet	a015a1c26e	Add python3 future and re-order	2019-09-10 15:25:54 +02:00
Nicolas Chauvet	0906ca93e2	Remove source file	2019-09-09 10:19:05 +02:00
Nicolas Chauvet	8c8742f9b2	Update to 3.0.1	2019-09-09 10:17:50 +02:00
Nicolas Chauvet	be40789b90	Add python3-tornado - rhbz#1061907	2019-09-03 13:59:12 +02:00
Nicolas Chauvet	4304822915	Update to 3.0.0	2019-08-30 16:57:38 +02:00