simp-rake-helpers 5.11.6 → 5.12.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd1fc58d4764acdc2a2160e63a50a2a16015c1dd2a41f7b530baad394d6a397e
-  data.tar.gz: 6f322c3850b40ff56c8aa49a86146a176311e999495ada8cc8270ecf806f2d81
+  metadata.gz: 33beb8e656840401f0fb3a07f7aee982fe3931d53b2e233f2e0024398fd03d6c
+  data.tar.gz: 81111ce62e4e8b3ca03a478d765e3944ee8b297af7b2ee1ef5e182e8bacf36f3
 SHA512:
-  metadata.gz: d58adb8bae7eba07b696cbfd3add6ce335672a7ddc6d9063f6057ca3da8f23e5492d6cecb805afe13104f377fac3c16cc38a8925791eef9c3f2543017c609bcf
-  data.tar.gz: baaf3228b15df258dcdd6030f7fa95d995ac4a08cf735218cbc941543eef389c881f9f31bed619d605b230da154fee39353eabcebb9165cbb70f3b44b88e595a
+  metadata.gz: 9589c0d228dc77b2e75a641f158ca878c56498566696039c71eca0c414078299c2a7c4951cf48d45e0388b9cb72a1615321381084a11837fbbc42259a65ea880
+  data.tar.gz: 4267702fa365999433e673f26ff0896ad9a088ea7ce7ae26fff38bbc4d9c37b1c6239956bc016644ea8b2aa3b10925989f44fbb178a3d611380eb79db4b5cc6e

data/CHANGELOG.md

@@ -1,3 +1,52 @@
+### 5.12.3 / 2021-09-15
+- Handle multiple options for required applications in build:auto
+- Allow users to populate a `reposync` directory in the YUM build space that
+  will overwrite any target directories on the ISO.
+  - The SIMP tarball is unpacked after the copy so you always get the latest
+    built artifacts.
+  - Pruning will not occur if this technique is used since it is presumed that
+    you are overwriting the data with authoritative content.
+- Added a helpful tip about updating vermap.yaml
+- Fixed the call to repoclosure if on a system with DNF
+- Added support for EL8 to vermap.yaml
+
+### 5.12.2 / 2021-06-22
+- Change to '-1' from '-0' as the default RPM release
+
+### 5.12.1 / 2021-05-27
+- Default `@build_dir` to `@distro_build_dir` in build tasks
+- Use  `file --keep-going` in the **unpack** task's ISO validation check.  This
+  allows the check to work from EL8-based systems, where `ISO 9660 CD-ROM
+  filesystem data` is not the first match.
+
+### 5.12.0 / 2021-02-16
+- Ensure that pkg:install_gem uses the correct documentation options for the
+  version of Ruby in use.
+- Disable brp-mangle-shebangs when building RPMs.
+- Mitigated problem where gpg-agent daemon fails to start because
+  its socket path is longer than 108 characters.
+  - Changed the default location of the GPG keys directory used in the
+    pkg:key_prep and pkg:signrpms Rake tasks to <base_dir>/.dev_gpgkeys.
+  - Added a SIMP_PKG_build_keys_dir environment variable that overrides
+    the default location of the GPG keys directory used in the
+    pkg:key_prep and pkg:signrpms Rake tasks.
+- Added SIMP_PKG_rpmsign_timeout environment variable that overrides
+  default timeout in seconds to wait for an individual RPM signing
+  operation to complete.
+  - Default timeout is 30 seconds.
+  - Most relevant when signing on RPMs on EL8 and the gpg-agent
+    started by rpmsign fails to start, but rpmsign does not detect
+    the failure and hangs.
+- Improved pkg:signrpms error handling and reporting.
+- Fixed bug in GPG handling for GPG 2.1+ in which an existing
+  GPG key that was not cached internally was not detected.
+- Fixed bug where pkg:signrpms failed to sign RPMs on EL8.
+- Fixed bug where pkg:checksig reported failure on EL8, even when
+  the signatures were valid.
+- Deprecated the following top-level Rake tasks for Puppet modules:
+  - compare_latest_tag: use pkg:compare_latest_tag instead
+  - changelog_annotation: use pkg:create_tag_changelog instead
+
 ### 5.11.6 / 2021-02-03
 * Fix GPG handling for GPG 2.1+
 

data/CONTRIBUTING.md

@@ -1,4 +1,4 @@
 ## Contributing
 
-Please refer to the main [SIMP Project Contributing Guide](https://github.com/NationalSecurityAgency/SIMP/blob/master/CONTRIBUTING.md)
+Please refer to the main [SIMP Project Contributing Guide](https://simp-doc.readthedocs.io/en/stable/contributors_guide/index.html)
 for details on contributing to this project.

data/Gemfile

@@ -13,9 +13,6 @@ gem 'simp-build-helpers'
 gem 'simp-beaker-helpers'
 gem 'beaker-puppet_install_helper'
 gem 'rake', '>= 12.3.3'
-# You'll need the following if using podman until they are released upstream
-#gem 'beaker-docker', :git => 'https://github.com/trevor-vaughan/beaker-docker', :branch => 'support_rootless_podman'
-#gem 'docker-api', :git => 'https://github.com/trevor-vaughan/docker-api', :branch => 'podman-compat'
 gem 'beaker-docker'
 
 if puppetversion

data/README.md

@@ -26,7 +26,6 @@
     * [`rake pkg:rpm`](#rake-pkgrpm)
     * [`rake pkg:tar`](#rake-pkgtar)
 * [Limitations](#limitations)
-  * [Some versions of bundler fail on FIPS-enabled Systems](#some-versions-of-bundler-fail-on-fips-enabled-systems)
 * [Development](#development)
   * [License](#license)
   * [History](#history)
@@ -39,7 +38,7 @@ The `simp-rake-helpers` gem provides common Rake tasks to support the SIMP build
 
 ### This gem is part of SIMP
 
-This gem is part of (the build tooling for) the [System Integrity Management Platform](https://github.com/NationalSecurityAgency/SIMP), a compliance-management framework built on [Puppet](https://puppetlabs.com/).
+This gem is part of (the build tooling for) the [System Integrity Management Platform](https://simp-project.com), a compliance-management framework built on [Puppet](https://puppetlabs.com/).
 
 
 ### Features
@@ -66,25 +65,6 @@ group :test do
   gem 'puppet', puppetversion
   gem 'beaker-rspec'
   gem 'vagrant-wrapper'
-
-  # Puppet 4+ has issues with Hiera 3.1+
-   if puppetversion.to_s =~ />(\d+)/
-     pversion = $1
-     else
-     pversion = puppetversion
-   end
-
-   if Gem::Dependency.new('puppet', '~> 4.0').match?('puppet', pversion)
-     gem 'hiera', '~> 3.0.0'
-   end
-
-  # simp-rake-helpers does not suport puppet 2.7.X
-  if "#{ENV['PUPPET_VERSION']}".scan(/\d+/).first != '2' &&
-      # simp-rake-helpers and ruby 1.8.7 bomb Travis tests
-      # TODO: fix upstream deps (parallel in simp-rake-helpers)
-      RUBY_VERSION.sub(/\.\d+$/,'') != '1.8'
-    gem 'simp-rake-helpers'
-  end
 end
 ```
 
@@ -164,7 +144,7 @@ directory .  The full list of files considered are:
 ├── CHANGELOG         # OPTIONAL written in RPM's CHANGELOG format
 └── build/            # OPTIONAL
     └── rpm_metadata/ # OPTIONAL
-        ├── release   # OPTIONAL defines the RPM's "-0" release number
+        ├── release   # OPTIONAL defines the RPM's "-<qualifier>" release qualifier
         ├── requires  # OPTIONAL supplementary 'Requires','Provides','Obsoletes'
         └── custom/   # OPTIONAL
           └── *       # OPTIONAL custom snippets in RPM .spec format
@@ -187,7 +167,7 @@ level of the project, if it exists.
 
     Example:
 
-        * Mon Nov 06 2017 Tom Smith <tom.smith@simp.com> - 3.8.0-0
+        * Mon Nov 06 2017 Tom Smith <tom.smith@simp.com> - 3.8.0
         - Add feature x
 
     **Important:** Note the leading zero in "`Nov 05`".  It is a convention
@@ -227,21 +207,6 @@ Build the tar package for the current SIMP project
 
 ## Limitations
 
-### Some versions of bundler fail on FIPS-enabled Systems
-
-This is a limitation of Bundler, not the gem.
-
-If you are running on a FIPS-enabled system, you will need to use
-`bundler '~> 1.14.0'` or `bundler '~> 1.16'`
-
-If you are using RVM, the appropriate steps are as follows:
-
-```shell
-rm Gemfile.lock ||:
-rvm @global do gem uninstall bundler -a -x
-rvm @global do gem install bundler -v '~> 1.14.0'
-```
-
 ## Development
 
 Please see the [SIMP Contribution Guidelines](https://simp-project.atlassian.net/wiki/display/SD/Contributing+to+SIMP).

data/Rakefile

@@ -1,5 +1,3 @@
-# -*- ruby -*-
-
 require "rubygems"
 require 'rake/clean'
 require 'find'
@@ -12,5 +10,6 @@ require 'rspec/core/rake_task'
 require 'simp/rake/rubygem'
 Simp::Rake::Rubygem.new(@package, @rakefile_dir)
 
+require 'simp/rake/beaker'
 
-# vim: syntax=ruby
+Simp::Rake::Beaker.new(Dir.pwd)

data/lib/simp/command_utils.rb

@@ -0,0 +1,21 @@
+module Simp; end
+module Simp::CommandUtils
+  require 'facter'
+
+  def which(cmd, fail=false)
+    @which_cache ||= {}
+
+    if @which_cache.has_key?(cmd)
+      command = @which_cache[cmd]
+    else
+      command = Facter::Core::Execution.which(cmd)
+      @which_cache[cmd] = command
+    end
+
+    msg = "Warning: Command #{cmd} not found on the system."
+
+    ( fail ? raise(msg) : warn(msg) ) unless command
+
+    command
+  end
+end

data/lib/simp/local_gpg_signing_key.rb

@@ -1,5 +1,6 @@
 require 'securerandom'
 require 'rake'
+require 'simp/command_utils'
 
 module Simp
   # Ensure that a valid GPG signing key exists in a local directory
@@ -14,49 +15,52 @@ module Simp
   #     - New keys are generated using a temporary GPG agent with its own
   #       settings and socket.
   #
-  #   The local signing key's directory is structured like this:
+  #   The local signing key's directory includes the following:
+  #   gpg < 2.1.0 (EL7):
   #
   #   ```
   #   #{key_name}/                        # key directory
   #     +-- RPM-GPG-KEY-SIMP-#{key_name}  # key file
   #     +-- gengpgkey                     # --gen-key params file **
+  #     +-- gpg-agent-info.env            # Lists location of gpg-agent socket + pid
+  #     +-- run_gpg_agnet                 # Script used to start gpg-agent
   #     +-- pubring.gpg
   #     +-- secring.gpg
-  #     +-- trustring.gpg
+  #     +-- trustdb.gpg
   #   ```
   #
-  #   `**` = `SIMP::RPM.sign_keys` will use the values in the `gengpgkey` file
+  #   gpg >= 2.1.0 (EL8):
+  #   ```
+  #   #{key_name}/                        # key directory
+  #     +-- RPM-GPG-KEY-SIMP-#{key_name}  # key file
+  #     +-- gengpgkey                     # --gen-key params file **
+  #     +-- openpgp-revocs.d/<fingerprint id>.rev
+  #     +-- private-keys-v1.d/<user id>.key
+  #     +-- pubring.kbx
+  #     +-- trustdb.gpg
+  #   ```
+  #
+  #   `**` = `SIMP::RpmSigner.sign_rpms` will use the values in the `gengpgkey` file
   #     for the GPG signing key's email and passphrase
   #
   #   If a new key is required, a project-only `gpg-agent` daemon is momentarily
   #   created to generate it, and destroyed after this is done.  The daemon does
-  #   not interact with any other `gpg-agent` daemons on the system--it is
-  #   launched on a random socket and keeps all its files under the
-  #   #{key_name/} directory.
-  #
-  #   When instantiated, the daemon writes an "env-file" to the #{key_name}
-  #   directory.  This file specifies the location of the daemon's socket and
-  #   pid.
-  #
-  #   A typical env-file looks like:
-  #
-  #   ```sh
-  #   GPG_AGENT_INFO=/tmp/gpg-4yhfOB/S.gpg-agent:15495:1
-  #   ```
+  #   not interact with any other `gpg-agent` daemons on the system. It is
+  #   launched on random socket(s) whose socket file(s) can be found as follows:
   #
-  #   A brand-new gpg-agent daemon will output similar information, with an
-  #   additional export:
+  #   Location                           Environment
+  #   #{key_name} dir                    Docker container for EL8
+  #   temp dir in /run/user/<uid>/gnupg  EL8
+  #   temp dir in /tmp                   EL7
   #
-  #   ```sh
-  #   GPG_AGENT_INFO=/tmp/gpg-4yhfOB/S.gpg-agent:15495:1; export GPG_AGENT_INFO;\n"
-  #   ```
   class LocalGpgSigningKey
     include FileUtils
+    include Simp::CommandUtils
 
-    # `SIMP::RPM.sign_keys` will look for a 'gengpgkey' file to
+    # `SIMP::RpmSigner.sign_rpms` will look for a 'gengpgkey' file to
     #   non-interactively sign packages.
     #
-    #   @see SIMP::RPM.sign_keys
+    #   @see SIMP::RpmSigner.sign_rpms
     GPG_GENKEY_PARAMS_FILENAME = 'gengpgkey'.freeze
 
     # @param dir  [String] path to gpg-agent / key directory
@@ -74,11 +78,12 @@ module Simp
       @key_file  = opts[:file]    || "RPM-GPG-KEY-SIMP-#{@label.capitalize}"
       @verbose   = opts[:verbose] || false
 
+      # for EL7 only
       @gpg_agent_env_file = 'gpg-agent-info.env'
       @gpg_agent_script   = 'run_gpg_agent'
     end
 
-    # Return the version of GPG instealled on the system
+    # Return the version of GPG installed on the system
     #
     # @return [Gem::Version]
     def gpg_version
@@ -111,17 +116,45 @@ module Simp
       info
     end
 
-    # Return the number of days left before the GPG signing key expires
+    # Return the number of days left before the GPG signing key expires or
+    # 0 if the key does not exist or the key is missing an expiration date.
     def dev_key_days_left
+      which('gpg', true)
       ensure_gpg_directory
-      days_left   = 0
 
-      which('gpg', true)
-      current_key = %x(GPG_AGENT_INFO='' gpg --homedir=#{@dir} --list-keys #{@key_email} 2>/dev/null)
-      unless current_key.empty?
-        lasts_until = current_key.lines.first.strip.split("\s").last.delete(']')
-        days_left = (Date.parse(lasts_until) - Date.today).to_i
+      days_left = 0
+      cmd = "gpg --with-colons --homedir=#{@dir} --list-keys '<#{@key_email}>' 2>&1"
+      puts "Executing: #{cmd}" if @verbose
+      %x(#{cmd}).each_line do |line|
+        # See https://github.com/CSNW/gnupg/blob/master/doc/DETAILS
+        # Index  Content
+        #   0    record type
+        #   6    expiration date
+        #
+        # If expiration date contains a 'T', it is in an ISO 8601 format
+        # (e.g., 20210223T091500). Otherwise it is seconds since the epoch.
+        #
+        fields = line.split(':')
+        if fields[0] && (fields[0] == 'pub')
+          raw_exp_date = fields[6]
+          unless raw_exp_date.nil? || raw_exp_date.strip.empty?
+            require 'date'
+
+            exp_date = nil
+            if raw_exp_date.include?('T')
+              exp_date = DateTime.parse(raw_exp_date).to_date
+            else
+              exp_date = Time.at(raw_exp_date.to_i).to_date
+            end
+
+            days_left = (exp_date - Date.today).to_i
+            days_left = 0 if days_left < 0
+          end
+
+          break
+        end
       end
+
       days_left
     end
 
@@ -153,55 +186,16 @@ module Simp
 
         clean_gpg_agent_directory
         write_genkey_parameter_file
-        write_gpg_agent_startup_script
 
+        agent_info = nil
         begin
           if gpg_version < Gem::Version.new('2.1')
-            # Start the GPG agent.
-            gpg_agent_output = %x(./#{@gpg_agent_script}).strip
-
-            # Provide a local socket (needed by the `gpg` command when
-            local_socket = File.join(Dir.pwd, 'S.gpg-agent')
-
-            # This condition was handled differently in previous logic.
-            #
-            #   a.) As the surrounding logic works now, it will _always_ be a new
-            #       agent by this point, because the directory is cleaned out
-            #   b.) The agent's information will be read from the env-file it
-            #        writes at startup
-            #   c.) The old command `gpg-agent --homedir=#{Dir.pwd} /get serverpid`
-            #       did not work on EL6 or EL7.
-            #
-            warn(empty_gpg_agent_message) if gpg_agent_output.empty?
-
-            agent_info = gpg_agent_info
-
-            # The socket is useful to get back info on the command line.
-            unless File.exist?(File.join(Dir.pwd, File.basename(agent_info[:socket])))
-              ln_s(agent_info[:socket], local_socket, :verbose => @verbose)
-            end
-
-            generate_key(agent_info[:info])
+            agent_info = start_gpg_agent_old
           else
-            which('gpg', true)
-            which('gpg-agent', true)
-            which('gpg-connect-agent', true)
-
-            # Start the GPG agent
-            %x{gpg-agent --homedir=#{Dir.pwd} >&/dev/null || gpg-agent --homedir=#{Dir.pwd} --daemon >&/dev/null}
-
-            agent_info = {}
-
-            # Provide a local socket (needed by the `gpg` command when
-            agent_info[:socket] = %x{echo 'GETINFO socket_name' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip
-
-            # Get the pid
-            agent_info[:pid] = %x{echo 'GETINFO pid' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip.to_i
-
-            generate_key(%{#{agent_info[:socket]}:#{agent_info[:pid]}:1})
+            agent_info = start_gpg_agent
           end
         ensure
-          kill_agent(agent_info[:pid])
+          kill_agent(agent_info[:pid]) if agent_info
         end
 
         agent_info
@@ -213,7 +207,7 @@ module Simp
     #
     # @return [String] Warning message
     def empty_gpg_agent_message
-      <<-WARNING.gsub(/^\s{8}/,'')
+      <<~WARNING
         WARNING: Tried to start an project-only gpg-agent daemon on a random socket by
                  running the script:
 
@@ -234,7 +228,6 @@ module Simp
     #
     # @param pid [String] The GPG Agent PID to kill
     def kill_agent(pid)
-      rm('S.gpg-agent') if File.symlink?('S.gpg-agent')
       if pid
         Process.kill(0, pid)
         Process.kill(15, pid)
@@ -254,8 +247,8 @@ module Simp
       gpg_cmd = %(GPG_AGENT_INFO=#{gpg_agent_info_str} gpg --homedir="#{@dir}")
 
       pipe    = @verbose ? '| tee' : '>'
-      sh %(#{gpg_cmd} --batch --gen-key #{GPG_GENKEY_PARAMS_FILENAME})
-      sh %(#{gpg_cmd} --armor --export #{@key_email} #{pipe} "#{@key_file}")
+      %x(#{gpg_cmd} --batch --gen-key #{GPG_GENKEY_PARAMS_FILENAME})
+      %x(#{gpg_cmd} --armor --export '<#{@key_email}>' #{pipe} "#{@key_file}")
 
       if File.stat(@key_file).size == 0
         fail "Error: Something went wrong generating #{@key_file}"
@@ -271,6 +264,62 @@ module Simp
       { info: info.strip, socket: matches[:socket], pid: matches[:pid].to_i }
     end
 
+    # Start the gpg-agent
+    # @return Hash of agent info
+    # @raise if gpg-agent fails to start
+    def start_gpg_agent
+      which('gpg', true)
+      which('gpg-agent', true)
+      which('gpg-connect-agent', true)
+
+      # Start the GPG agent, if it is not already running
+      check_agent = "gpg-agent -q --homedir=#{Dir.pwd} >&/dev/null"
+      start_agent = "gpg-agent --homedir=#{Dir.pwd} --daemon >&/dev/null"
+      cmd = "#{check_agent} || #{start_agent}"
+      puts "Executing: #{cmd}" if @verbose
+      %x(#{cmd})
+      if $? && ($?.exitstatus != 0)
+        err_msg = [
+          'Failed to start gpg-agent during key creation.',
+          "  Execute '#{start_agent.gsub(' >&/dev/null','')}' to debug."
+        ].join("\n")
+        raise(err_msg)
+      end
+
+      agent_info = {}
+
+      # Provide a local socket (needed by the `gpg` command when
+      agent_info[:socket] = %x{echo 'GETINFO socket_name' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip
+
+      # Get the pid
+      agent_info[:pid] = %x{echo 'GETINFO pid' | gpg-connect-agent --homedir=#{Dir.pwd}}.lines.first[1..-1].strip.to_i
+
+      generate_key(%{#{agent_info[:socket]}:#{agent_info[:pid]}:1})
+
+      agent_info
+    end
+
+    # Start the gpg-agent with options suitable for gpg version < 2.1
+    # @return Hash of agent info
+    def start_gpg_agent_old
+      write_gpg_agent_startup_script
+      gpg_agent_output = %x(./#{@gpg_agent_script}).strip
+
+      # By the time we get here, we can be assured we will be starting a
+      # new agent, because the directory is cleaned out.
+      #
+      # Follow-on gpg actions will read the agent's information from
+      # the env-file the agent writes at startup.
+
+      # We're using the --sh option which will spew out the agent config
+      # when the agent starts. If it is empty, this is a problem.
+      warn(empty_gpg_agent_message) if gpg_agent_output.empty?
+
+      agent_info = gpg_agent_info
+      generate_key(agent_info[:info])
+      agent_info
+    end
+
     # Write the `gpg --genkey --batch` control parameter file
     #
     # @see "Unattended key generation" in /usr/share/doc/gnupg2-*/DETAILS for
@@ -311,7 +360,7 @@ module Simp
       which('gpg-agent', true)
       pinentry_cmd = which('pinentry-curses', true)
 
-      gpg_agent_script = <<-AGENT_SCRIPT.gsub(%r{^ {20}}, '')
+      gpg_agent_script = <<~AGENT_SCRIPT
         #!/bin/sh
 
         gpg-agent --homedir=#{Dir.pwd} --daemon \

data/lib/simp/rake/build/auto.rb

@@ -18,6 +18,8 @@ module Simp::Rake::Build
   class Auto < ::Rake::TaskLib
 
     # Commands that are required by some part of the rake stack
+    #
+    # Use an array for commands that may have multiple valid options
     BUILD_REQUIRED_COMMANDS = [
       'basename',
       'cat',
@@ -42,7 +44,7 @@ module Simp::Rake::Build
       'make',
       'mkdir',
       'mktemp',
-      'python',
+      ['python','python2','python3'],
       'readlink',
       'repoclosure',
       'rm',
@@ -62,7 +64,7 @@ module Simp::Rake::Build
       'wc',
       'which',
       'xargs',
-      'yum',
+      ['dnf','yum'],
       'yumdownloader'
     ]
 

data/lib/simp/rake/build/build.rb

@@ -25,7 +25,7 @@ module Simp::Rake::Build
       namespace :build do
         task :prep do
           if $simp6
-            @build_dir = $simp6_build_dir
+            @build_dir = $simp6_build_dir || @distro_build_dir
           end
         end
 
@@ -96,7 +96,7 @@ module Simp::Rake::Build
           task :prep do
             if $simp6
               # `$simp6_build_dir` is set by the build:auto task
-              @build_dir = $simp6_build_dir
+              @build_dir = $simp6_build_dir || @distro_build_dir
 
               unless @build_dir
                 if ENV['SIMP_BUILD_yum_dir'] && File.exist?(File.join(ENV['SIMP_BUILD_yum_dir'], 'yum_data'))
@@ -204,7 +204,8 @@ module Simp::Rake::Build
 
             Dir.chdir(target_dir) do
               if File.exist?('packages.yaml')
-                known_package_hash = YAML::load_file('packages.yaml')
+                # The empty YAML file returns 'false'
+                known_package_hash = YAML::load_file('packages.yaml') || {}
               end
             end
 
@@ -276,7 +277,7 @@ module Simp::Rake::Build
                 pkg = downloaded_package_hash[pkg][:rpm_name]
               }.compact
 
-              if known_packages.empty? && downloaded_packages.empty?
+              if known_packages.empty? && downloaded_packages.empty? && Dir.glob('reposync/**/repomd.xml').empty?
                 fail <<-EOM
         Error: Could not find anything to do!