Bug 1718320

Summary: [Satellite 6.5] Installation of katello-ca-consumer fails on FIPS enabled RHEL 8.
Product: Red Hat Satellite Reporter: Raviraj Lavande <rlavande>
Component: RegistrationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Stephen Wadeley <swadeley>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5.0CC: inecas, kupadhya
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-21 18:47:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Raviraj Lavande 2019-06-07 13:19:44 UTC 
Description of problem:

ENV
---

Satellite 6.5
RHEL 8.0 (probably 8.x)
-------------------------

Installation of the katello-ca-consumer package on "FIPS" enabled RHEL 8 fails with the following error.

~~~
Error: Transaction check error:
  package katello-ca-consumer-mysat.lab.pune.redhat.com-1.0-1.noarch does not verify: no digest
~~~
=============================

~~~
[root@host1 ~]# fips-mode-setup --enable
Setting system policy to FIPS
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
FIPS mode will be enabled.
Please reboot the system for the setting to take effect.
[root@host1 ~]# reboot 
~~~

~~~
[root@host1 ~]# curl --insecure --output katello-ca-consumer-latest.noarch.rpm https://mysat.lab.pune.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  7421  100  7421    0     0  47877      0 --:--:-- --:--:-- --:--:-- 47570
[root@host1 ~]#
~~~

~~~
[root@host1 ~]# yum localinstall katello-ca-consumer-latest.noarch.rpm 
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Dependencies resolved.
==============================================================================================================================================================================================================================================
 Package                                                                                   Arch                                         Version                                      Repository                                          Size
==============================================================================================================================================================================================================================================
Installing:
 katello-ca-consumer-mysat.lab.pune.redhat.com                                       noarch                                       1.0-1                                        @commandline                                       7.2 k

Transaction Summary
==============================================================================================================================================================================================================================================
Install  1 Package

Total size: 7.2 k
Installed size: 16 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Error: Transaction check error:
  package katello-ca-consumer-mysat.lab.pune.redhat.com-1.0-1.noarch does not verify: no digest

Error Summary
-------------

[root@host1 ~]# 
~~~

We have a workaround for this issue, (sharing here)

----------
WORKAROUND
----------


~~~
[root@host1 ~]# rpm -Uvh --nodigest --nofiledigest http://mysat.lab.pune.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
Retrieving http://mysat.lab.pune.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:katello-ca-consumer-mysat.lab################################# [100%]
[root@host1 ~]# 
~~~



Version-Release number of selected component (if applicable):

ENV
---

Satellite 6.5
RHEL 8.0 (probably 8.x)

How reproducible:
Always

Steps to Reproduce:
1. Enable the FIPS
2. Download the katello-ca-consumer
3. Try to install it, it fails

Actual results:

~~~
Error: Transaction check error:
  package katello-ca-consumer-mysat.lab.pune.redhat.com-1.0-1.noarch does not verify: no digest
~~~

Expected results:

~~~
[root@host1 ~]# rpm -Uvh --nodigest --nofiledigest http://vmysat.lab.pune.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
Retrieving http://mysat.lab.pune.redhat.com/pub/katello-ca-consumer-latest.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:katello-ca-consumer-mysat.lab################################# [100%]
[root@host1 ~]# 
~~~

Additional info:
Comment 5 Brad Buckingham 2019-06-21 18:47:07 UTC 

*** This bug has been marked as a duplicate of bug 1713401 ***