Bug 1336024

Summary: certificates installed to client by katello-ca-consumer-... package can not be verified via `rpm -V`
Product: Red Hat Satellite Reporter: Jan Hutař <jhutar>
Component: katello-agentAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED WONTFIX QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: bbuckingham, cduryee
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-04 17:43:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Hutař 2016-05-13 20:48:37 UTC 
Description of problem:
Certificates installed to client by katello-ca-consumer-... package can not be verified via `rpm -V`.


Version-Release number of selected component (if applicable):
satellite-6.2.0-11.0.el7sat.noarch


How reproducible:
always


Steps to Reproduce:
1. I have client who installed katello-ca-consumer-... package from capsule
   connected to satellite
3. # :>/etc/rhsm/ca/katello-server-ca.pem
2. # rpm -V katello-ca-consumer-...


Actual results:
Even with certificates altered/corrupted sometime after package was installed, rpm verification does not show they were changed.


Expected results:
# rpm -V katello-ca-consumer-...
S.5....T.    /etc/rhsm/ca/katello-server-ca.pem


Additional info:
Initially discussed on:

  http://post-office.corp.redhat.com/archives/satellite6-list/2016-May/msg00257.html

where ehelms pointed to original pull-request:

  https://github.com/Katello/puppet-certs/pull/67
Comment 2 Bryan Kearney 2016-08-18 20:15:25 UTC 
Upstream bug component is Client & Agent
Comment 3 Bryan Kearney 2018-09-04 17:43:41 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.