Bug 1578266

Summary: "rpm -V pulp-server" reports a mismatch in a clean environment
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: Radek Bíba <rbiba>
Component: PulpAssignee: RHUI Bug List <rhui-bugs>
Status: CLOSED ERRATA QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.0.3   
Target Milestone: 3.1.0   
Target Release: 3.1.x   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-28 12:05:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Radek Bíba 2018-05-15 07:12:11 UTC
Description of problem:
Package integrity verification fails even in a vanilla Pulp installation. That doesn't look nice.

Version-Release number of selected component (if applicable):
pulp-server-2.8.3.3-4.el7ui

How reproducible:
Always, but only on RHEL 7. I guess RPM isn't so strict on RHEL 6 in this regard and ignores this mismatch there. (The mismatch does exist there, too.)

Steps to Reproduce:
1. Install pulp-server from the RHUI 3 repo on a clean machine.
2. rpm -V pulp-server

Actual results:
.M.......  g /etc/pki/pulp/rsa_pub.key

Specifically, the mode is 644 on the disk but 600 in the RPM metadata. It's a ghost file, FWIW.

Expected results:
No such output.

Additional info:
The file is packaged this way:

%defattr(640,root,apache,-)
<snip>
%ghost %{_sysconfdir}/pki/%{name}/rsa_pub.key

Resulting in: # rpm -qlv pulp-server | grep rsa_pub.key$
-rw-r-----    1 root    apache                      0 Jul  7  2016 /etc/pki/pulp/rsa_pub.key

But the following post-installation script changes the mode afterwards:

KEY_DIR="%{_sysconfdir}/pki/%{name}"
<snip>
KEY_PATH_PUB="$KEY_DIR/rsa_pub.key"
<snip>
chmod 644 $KEY_PATH_PUB

Resulting in: # ll /etc/pki/pulp/rsa_pub.key
-rw-r--r--. 1 root apache 451 May 14 03:11 /etc/pki/pulp/rsa_pub.key

And the mismatch is created.

Comment 8 errata-xmlrpc 2019-05-28 12:05:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:1283