Bug 1788293
| Summary: | negative test attempts to use a revoked entitlement do not appear in yum repolist (until a second call to yum repolist) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | John Sefler <jsefler> |
| Component: | subscription-manager | Assignee: | Chris Snyder <csnyder> |
| Status: | CLOSED ERRATA | QA Contact: | Red Hat subscription-manager QE Team <rhsm-qe> |
| Severity: | low | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.8 | CC: | candlepin-bugs, csnyder, redakkan |
| Target Milestone: | rc | Keywords: | Regression, Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | subscription-manager-1.24.25-1.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-31 19:41:01 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1744146 | ||
Reproducing the failure on RHEL78 Snapshot 3 compose :
------------------------------------------------------
on version
subscription management server: 2.9.21-1
subscription management rules: 5.37
subscription-manager: 1.24.23-1.el7
1 Register and subscribe the system
[root@kvm-01-guest14 ~]# subscription-manager register --auto-attach
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Username: <snip>
Password:
The system has been registered with ID: 16b4ddd6-5bc6-43d6-a8c4-4a97d0e53849
The registered system name is: kvm-01-guest14.rhts.eng.tlv.redhat.com
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64 High Touch Beta
Status: Subscribed
2. Yum repolist
[root@kvm-01-guest14 ~]# yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
rhel-7-server-htb-rpms | 4.1 kB 00:00:00
(1/3): rhel-7-server-htb-rpms/x86_64/updateinfo | 92 B 00:00:01
(2/3): rhel-7-server-htb-rpms/x86_64/group | 632 kB 00:00:01
(3/3): rhel-7-server-htb-rpms/x86_64/primary_db | 7.0 MB 00:00:01
repo id repo name status
rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (RPMs) 5987
repolist: 5987
3.
[root@kvm-01-guest14 ~]# mv /etc/pki/entitlement/6650032112827229129* /home/
[root@kvm-01-guest14 ~]# subscription-manager remove --serial=6650032112827229129
You are attempting to use a locale that is not installed.
The entitlement server successfully removed these serial numbers:
6650032112827229129
[root@kvm-01-guest14 ~]# yum repolist all
Failed to set locale, defaulting to C
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
repolist: 0
[root@kvm-01-guest14 ~]# mv /home/6650032112827229129* /etc/pki/entitlement/
[root@kvm-01-guest14 ~]# yum repolist all
Failed to set locale, defaulting to C
Loaded plugins: product-id, search-disabled-repos, subscription-manager
repolist: 0
^^ Notice yum repolist fails to list the repos , as mentioned in the description execute `yum repolist all` again to see the repos appear
[root@kvm-01-guest14 ~]# yum repolist all
Failed to set locale, defaulting to C
Loaded plugins: product-id, search-disabled-repos, subscription-manager
repo id repo name status
rhel-7-server-extras-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (Debug RPMs) disabled
rhel-7-server-extras-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (RPMs) disabled
rhel-7-server-extras-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (Source RPMs) disabled
rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (Debug RPMs) disabled
rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (RPMs) enabled: 5987
rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (Source RPMs) disabled
rhel-7-server-optional-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (Debug RPMs) disabled
rhel-7-server-optional-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (RPMs) disabled
rhel-7-server-optional-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (Source RPMs) disabled
rhel-7-server-rt-htb-debug-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Debug RPMs) disabled
rhel-7-server-rt-htb-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (RPMs) disabled
rhel-7-server-rt-htb-source-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Source RPMs) disabled
rhel-ha-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-ha-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (RPMs) disabled
rhel-ha-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Source RPMs) disabled
rhel-lb-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-lb-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (RPMs) disabled
rhel-lb-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Source RPMs) disabled
rhel-rs-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-rs-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (RPMs) disabled
rhel-rs-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Source RPMs) disabled
repolist: 5987
4. Execute rhsmcertd to see the entitlement certs are getting removed
[root@kvm-01-guest14 ~]# /usr/libexec/rhsmcertd-worker
Updating entitlement certificates & repositories
2020-01-13 10:58:11,222 [INFO] rhsmcertd-worker:10028:MainThread @connection.py:905 - Connection built: host=subscription.rhsm.stage.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
1 local certificate has been deleted.
2020-01-13 10:58:13,129 [INFO] rhsmcertd-worker:10028:MainThread @entcertlib.py:131 - certs updated:
Total updates: 1
Found (local) serial# [6650032112827229129L]
Expected (UEP) serial# []
Added (new)
<NONE>
Deleted (rogue):
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP Applications for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Container Images HTB,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 Workstation High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 for HPC Compute Node High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux High Availability High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for Real Time High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux Atomic Host HTB,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 Load Balancer High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP HANA for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux Resilient Storage High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP HANA for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP Applications for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 Desktop High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP Applications for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
2020-01-13 10:58:16,892 [WARNING] rhsmcertd-worker:10028:MainThread @host_collector.py:76 - Unable to get default locale (bad environment variable?): unknown locale: UTF-8
Total updates: 1
Found (local) serial# [6650032112827229129L]
Expected (UEP) serial# []
Added (new)
<NONE>
Deleted (rogue):
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP Applications for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Container Images HTB,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 Workstation High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 for HPC Compute Node High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux High Availability High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for Real Time High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux Atomic Host HTB,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 Load Balancer High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP HANA for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat CodeReady Linux Builder for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux Resilient Storage High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP HANA for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP Applications for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux 7 Desktop High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
[sn:6650032112827229129 (Red Hat Enterprise Linux for SAP Applications for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6650032112827229129.pem]
Report
status: 1
updates: []
exceptions:
Fact updates
status: None
updates: []
exceptions:
Package profile updates
status: 0
updates: []
exceptions:
Installed Products
status: 0
updates: []
exceptions:
Syspurpose Sync
status: Successfully synced system purpose
updates:
exceptions:
[root@kvm-01-guest14 ~]# yum repolist
Failed to set locale, defaulting to C
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
repolist: 0
Preliminary verification on nightly compose with the build :
subscription-manager-rhsm-1.24.25-1.el7.x86_64
subscription-manager-1.24.25-1.el7.x86_64
subscription-manager-rhsm-certificates-1.24.25-1.el7.x86_64
# rpm -q subscription-manager --changelog | grep 1788293
- 1788293: Update repos in postconfig_hook to see new repos immediately
1. Register and subscribe the system
[root@kvm-04-guest24 ~]# subscription-manager register --auto-attach
You are attempting to use a locale that is not installed.
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Username: <snip>
Password:
The system has been registered with ID: 2e301fe3-75f4-488e-a127-0c1aa9c3bac3
The registered system name is: kvm-04-guest24.hv2.lab.eng.bos.redhat.com
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64 High Touch Beta
Status: Subscribed
2. Yum repolist
[root@kvm-04-guest24 ~]# yum repolist all
Loaded plugins: product-id, search-disabled-repos, subscription-manager
repo id repo name status
rhel-7-server-extras-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (Debug RPMs) disabled
rhel-7-server-extras-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (RPMs) disabled
rhel-7-server-extras-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (Source RPMs) disabled
rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (Debug RPMs) disabled
rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (RPMs) enabled: 5987
rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (Source RPMs) disabled
rhel-7-server-optional-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (Debug RPMs) disabled
rhel-7-server-optional-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (RPMs) disabled
rhel-7-server-optional-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (Source RPMs) disabled
rhel-7-server-rt-htb-debug-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Debug RPMs) disabled
rhel-7-server-rt-htb-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (RPMs) disabled
rhel-7-server-rt-htb-source-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Source RPM disabled
rhel-ha-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-ha-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (RPMs) disabled
rhel-ha-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Source R disabled
rhel-lb-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-lb-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (RPMs) disabled
rhel-lb-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Source RPMs) disabled
rhel-rs-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-rs-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (RPMs) disabled
rhel-rs-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Source RPMs) disabled
repolist: 5987
3. Move entitlement to a different folder and check yum repolist again
[root@kvm-04-guest24 ~]# mv /etc/pki/entitlement/1402530850367673742* /home/test/
[root@kvm-04-guest24 ~]# subscription-manager remove --serial=1402530850367673742
You are attempting to use a locale that is not installed.
The entitlement server successfully removed these serial numbers:
1402530850367673742
[root@kvm-04-guest24 ~]# yum repolist all
Failed to set locale, defaulting to C
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
repolist: 0
4. Restore the entitlement cert back to original directory and execute yum repolist
[root@kvm-04-guest24 ~]# mv /home/test/1402530850367673742* /etc/pki/entitlement/
[root@kvm-04-guest24 ~]# yum repolist all
Loaded plugins: product-id, search-disabled-repos, subscription-manager
repo id repo name status
rhel-7-server-extras-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (Debug RPMs) disabled
rhel-7-server-extras-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (RPMs) disabled
rhel-7-server-extras-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Extras HTB (Source RPMs) disabled
rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (Debug RPMs) . disabled
rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (RPMs) enabled: 5987
rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB (Source RPMs) disabled
rhel-7-server-optional-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (Debug RPMs) disabled
rhel-7-server-optional-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (RPMs) disabled
rhel-7-server-optional-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Optional HTB (Source RPMs) disabled
rhel-7-server-rt-htb-debug-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Debug RPMs) disabled
rhel-7-server-rt-htb-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (RPMs) disabled
rhel-7-server-rt-htb-source-rpms/x86_64 Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Source RPMs) disabled
rhel-ha-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Debug RPM) disabled
rhel-ha-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (RPMs) disabled
rhel-ha-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Source RPMs) disabled
rhel-lb-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-lb-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (RPMs) disabled
rhel-lb-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Source RPMs) disabled
rhel-rs-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Debug RPMs) disabled
rhel-rs-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (RPMs) disabled
rhel-rs-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Source RPMs) disabled
repolist: 5987
^^ NOTICE THAT THE REPOS NOW APPEAR IMMEDIATELY AFTER THE ENTITLEMENT CERTS ARE MOVED
5. Entitlement certs are removed after rhsmcertd servie was run
[root@kvm-04-guest24 ~]# /usr/libexec/rhsmcertd-worker
Updating entitlement certificates & repositories
2020-01-13 04:33:51,168 [INFO] rhsmcertd-worker:20745:MainThread @connection.py:905 - Connection built: host=subscription.rhsm.stage.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
1 local certificate has been deleted.
2020-01-13 04:33:52,047 [INFO] rhsmcertd-worker:20745:MainThread @entcertlib.py:131 - certs updated:
Total updates: 1
Found (local) serial# [1402530850367673742L]
Expected (UEP) serial# []
Added (new)
<NONE>
Deleted (rogue):
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP Applications for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Container Images HTB,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 Workstation High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 for HPC Compute Node High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux High Availability High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for Real Time High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux Atomic Host HTB,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 Load Balancer High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP HANA for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux Resilient Storage High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP HANA for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP Applications for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 Desktop High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP Applications for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
2020-01-13 04:33:53,850 [WARNING] rhsmcertd-worker:20745:MainThread @host_collector.py:76 - Unable to get default locale (bad environment variable?): unknown locale: UTF-8
Total updates: 1
Found (local) serial# [1402530850367673742L]
Expected (UEP) serial# []
Added (new)
<NONE>
Deleted (rogue):
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP Applications for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Container Images HTB,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 Workstation High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 for HPC Compute Node High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux High Availability High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for Real Time High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux Atomic Host HTB,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 Load Balancer High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP HANA for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat CodeReady Linux Builder for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux Resilient Storage High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP HANA for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP Applications for x86_64 High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux 7 Desktop High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
[sn:1402530850367673742 (Red Hat Enterprise Linux for SAP Applications for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/1402530850367673742.pem]
Report
status: 1
updates: []
exceptions:
Fact updates
status: None
updates: []
exceptions:
Package profile updates
status: 0
updates: []
exceptions:
Installed Products
status: 0
updates: []
exceptions:
Syspurpose Sync
status: Successfully synced system purpose
updates:
exceptions:
[root@kvm-04-guest24 ~]# yum repolist
Failed to set locale, defaulting to C
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
repolist: 0
^^ AS SHOWN EARLIER REVOKED ENTITLEMENTS ARE TAKEN BACK AFTER THE RHSMCERTD SERVICE WAS RUN
Verifying fix included in RHEL compose RHEL-7.8-Snapshot-4.0 RHEL-7.8-20200116.0 ...
[root@kvm-02-guest03 ~]# subscription-manager version
server type: This system is currently not registered.
subscription management server: 2.9.21-1
subscription management rules: 5.37
subscription-manager: 1.24.25-1.el7
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# rpm -q subscription-manager --changelog | grep 1788293
- 1788293: Update repos in postconfig_hook to see new repos immediately
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# subscription-manager register --username stage_auto_testuser --auto-attach --serverurl=subscription.rhsm.stage.redhat.com
Registering to: subscription.rhsm.stage.redhat.com:443/subscription
Password:
The system has been registered with ID: 4572a4fb-a043-4780-b98f-74597727253e
The registered system name is: kvm-02-guest03.lab.eng.rdu2.redhat.com
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64 High Touch Beta
Status: Subscribed
[root@kvm-02-guest03 ~]# cd /etc/yum.repos.d/
[root@kvm-02-guest03 yum.repos.d]# mkdir beakerDir
[root@kvm-02-guest03 yum.repos.d]# mv beaker-* beakerDir/
[root@kvm-02-guest03 yum.repos.d]# cd
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# yum repolist all
Loaded plugins: product-id, search-disabled-repos, subscription-manager
rhel-7-server-htb-rpms | 4.1 kB 00:00:00
(1/3): rhel-7-server-htb-rpms/x86_64/updateinfo | 92 B 00:00:00
(2/3): rhel-7-server-htb-rpms/x86_64/group | 632 kB 00:00:00
(3/3): rhel-7-server-htb-rpms/x86_64/primary_db | 7.8 MB 00:00:00
repo id repo name status
rhel-7-server-extras-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled
rhel-7-server-extras-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled
rhel-7-server-extras-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled
rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled
rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( enabled: 6,061
rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled
rhel-7-server-optional-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled
rhel-7-server-optional-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled
rhel-7-server-optional-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled
rhel-7-server-rt-htb-debug-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled
rhel-7-server-rt-htb-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled
rhel-7-server-rt-htb-source-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled
rhel-ha-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled
rhel-ha-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled
rhel-ha-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled
rhel-lb-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled
rhel-lb-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled
rhel-lb-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled
rhel-rs-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled
rhel-rs-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled
rhel-rs-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled
repolist: 6,061
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# mkdir /tmp/testDir/
[root@kvm-02-guest03 ~]# cp /etc/pki/entitlement/* /tmp/testDir/
[root@kvm-02-guest03 ~]# ls /tmp/testDir/
6821811280042149878-key.pem 6821811280042149878.pem
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# subscription-manager remove --serial=6821811280042149878
1 local certificate has been deleted.
The entitlement server successfully removed these serial numbers:
6821811280042149878
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# yum repolist all
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
repolist: 0
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# cp /tmp/testDir/* /etc/pki/entitlement/
[root@kvm-02-guest03 ~]# ls /etc/pki/entitlement/
6821811280042149878-key.pem 6821811280042149878.pem
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# yum repolist all
Loaded plugins: product-id, search-disabled-repos, subscription-manager
repo id repo name status
rhel-7-server-extras-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled
rhel-7-server-extras-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled
rhel-7-server-extras-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled
rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled
rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( enabled: 6,061
rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled
rhel-7-server-optional-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled
rhel-7-server-optional-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled
rhel-7-server-optional-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled
rhel-7-server-rt-htb-debug-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled
rhel-7-server-rt-htb-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled
rhel-7-server-rt-htb-source-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled
rhel-ha-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled
rhel-ha-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled
rhel-ha-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled
rhel-lb-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled
rhel-lb-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled
rhel-lb-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled
rhel-rs-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled
rhel-rs-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled
rhel-rs-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled
repolist: 6,061
[root@kvm-02-guest03 ~]#
VERIFIED: The successful single call to "yum repolist all" reflects the entitlement cert that was maliciously copied from the tmp directory as expected - veryfying the fixed "postconfig_hook to see new repos immediately". Now we can run the rhsmcertd-worker which will take away the revoked entitlement (which was always working)...
[root@kvm-02-guest03 ~]# /usr/libexec/rhsmcertd-worker
Updating entitlement certificates & repositories
1 local certificate has been deleted.
Total updates: 1
Found (local) serial# [6821811280042149878L]
Expected (UEP) serial# []
Added (new)
<NONE>
Deleted (rogue):
[sn:6821811280042149878 (Red Hat Enterprise Linux for SAP Applications for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Container Images HTB,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux 7 Workstation High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux 7 for HPC Compute Node High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat CodeReady Linux Builder for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat CodeReady Linux Builder for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat CodeReady Linux Builder for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for Real Time High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux High Availability High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux Atomic Host HTB,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat CodeReady Linux Builder for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for SAP HANA for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux 7 Load Balancer High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for SAP HANA for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux Resilient Storage High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for SAP Applications for x86_64 High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux 7 Desktop High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
[sn:6821811280042149878 (Red Hat Enterprise Linux for SAP Applications for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/6821811280042149878.pem]
Report
status: 1
updates: []
exceptions:
Fact updates
status: None
updates: []
exceptions:
Package profile updates
status: 0
updates: []
exceptions:
Installed Products
status: 0
updates: []
exceptions:
Syspurpose Sync
status: Successfully synced system purpose
updates:
exceptions:
[root@kvm-02-guest03 ~]#
[root@kvm-02-guest03 ~]# yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.
repolist: 0
[root@kvm-02-guest03 ~]#
Moving to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1028 |
Description of problem: This bug report stems from an automated old negative test that attempts to maliciously re-use an entitlement cert that has been revoked. The idea is to register, subscribe, run yum repolist to see the ENTITLED REPOS, copy the granted entitlement E to the side, unsubscribe, run yum repolist to show no entitled repos, copy the revoked entitlement E back to /etc/pki/entitlement/, run yum repolist (verify that yum reports the ENTITLED REPOS). The problem is here - it now takes two calls for yum to see the ENTITLED REPOS run /usr/libexec/rhsmcertd-worker verify that the yum repolist no longer reports the ENTITLED REPOS because they were deleted due to the certificate revocation list. This bug behavior started appearing on rhel-7.8 test automation runs. They did not appear on rhel-7.7 and older nor on rhel-8. Version-Release number of selected component (if applicable): [root@kvm-02-guest01 ~]# subscription-manager version server type: Red Hat Subscription Management subscription management server: 2.9.21-1 subscription management rules: 5.37 subscription-manager: 1.24.23-1.el7 How reproducible: Steps to Reproduce: [root@kvm-02-guest01 ~]# subscription-manager register --username stage_auto_testuser --auto-attach --serverurl=subscription.rhsm.stage.redhat.com Registering to: subscription.rhsm.stage.redhat.com:443/subscription Password: The system has been registered with ID: eef519a6-f4e1-4ed6-bd1f-940b284191ad The registered system name is: kvm-02-guest01.lab.eng.rdu2.redhat.com Installed Product Current Status: Product Name: Red Hat Enterprise Linux for x86_64 High Touch Beta Status: Subscribed [root@kvm-02-guest01 ~]# yum repolist all Loaded plugins: product-id, search-disabled-repos, subscription-manager repo id repo name status rhel-7-server-extras-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled rhel-7-server-extras-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled rhel-7-server-extras-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( enabled: 5,987 rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled rhel-7-server-optional-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled rhel-7-server-optional-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled rhel-7-server-optional-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled rhel-7-server-rt-htb-debug-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled rhel-7-server-rt-htb-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled rhel-7-server-rt-htb-source-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled rhel-ha-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled rhel-ha-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled rhel-ha-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled rhel-lb-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled rhel-lb-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled rhel-lb-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled rhel-rs-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled rhel-rs-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled rhel-rs-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled repolist: 5,987 [root@kvm-02-guest01 ~]# [root@kvm-02-guest01 ~]# mkdir /tmp/testDir/ [root@kvm-02-guest01 ~]# cp /etc/pki/entitlement/* /tmp/testDir/ [root@kvm-02-guest01 ~]# ls /tmp/testDir/ 5712325381928997174-key.pem 5712325381928997174.pem [root@kvm-02-guest01 ~]# [root@kvm-02-guest01 ~]# subscription-manager remove --serial=5712325381928997174 1 local certificate has been deleted. The entitlement server successfully removed these serial numbers: 5712325381928997174 [root@kvm-02-guest01 ~]# [root@kvm-02-guest01 ~]# yum repolist all Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions. This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions. repolist: 0 [root@kvm-02-guest01 ~]# AT THIS POINT WE HAVE AN EMPTY REDHAT.REPO LIST AS EXPECTED. NOW LET'S MALICIOUSLY TRY TO RECOVER OUR REVOKED REPOS. [root@kvm-02-guest01 ~]# cp /tmp/testDir/* /etc/pki/entitlement/ [root@kvm-02-guest01 ~]# ls /etc/pki/entitlement/ 5712325381928997174-key.pem 5712325381928997174.pem [root@kvm-02-guest01 ~]# [root@kvm-02-guest01 ~]# yum repolist all Loaded plugins: product-id, search-disabled-repos, subscription-manager repolist: 0 [root@kvm-02-guest01 ~]# BANG! THIS REPOLIST ABOVE SHOULD NOT BE EMPTY. (WORKAROUND IS RUN YUM REPOLIST AGAIN) [root@kvm-02-guest01 ~]# yum repolist all Loaded plugins: product-id, search-disabled-repos, subscription-manager repo id repo name status rhel-7-server-extras-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled rhel-7-server-extras-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled rhel-7-server-extras-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Ext disabled rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( enabled: 5,987 rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server HTB ( disabled rhel-7-server-optional-htb-debug-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled rhel-7-server-optional-htb-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled rhel-7-server-optional-htb-source-rpms/x86_64 Red Hat Enterprise Linux 7 Server - Opt disabled rhel-7-server-rt-htb-debug-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled rhel-7-server-rt-htb-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled rhel-7-server-rt-htb-source-rpms/x86_64 Red Hat Enterprise Linux for Real Time disabled rhel-ha-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled rhel-ha-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled rhel-ha-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux High Availabil disabled rhel-lb-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled rhel-lb-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled rhel-lb-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Load Balancer disabled rhel-rs-for-rhel-7-server-htb-debug-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled rhel-rs-for-rhel-7-server-htb-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled rhel-rs-for-rhel-7-server-htb-source-rpms/x86_64 Red Hat Enterprise Linux Resilient Stor disabled repolist: 5,987 [root@kvm-02-guest01 ~]# THE WORKAROUND ABOVE WAS NOT NEEDED ON RHEL-7.7 AND PRIOR TO SEE THE REPOLIST AND THE FOLLOWING STEPS ARE WORKING AS EXPECTED TO COMPLETE THE TEST AND TAKE AWAY THE REVOKED ENTITLEMENT.... [root@kvm-02-guest01 ~]# /usr/libexec/rhsmcertd-worker Updating entitlement certificates & repositories 1 local certificate has been deleted. Total updates: 1 Found (local) serial# [5712325381928997174L] Expected (UEP) serial# [] Added (new) <NONE> Deleted (rogue): [sn:5712325381928997174 (Red Hat Enterprise Linux for SAP Applications for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for x86_64 High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Container Images HTB,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux 7 Workstation High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux 7 for HPC Compute Node High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat CodeReady Linux Builder for x86_64 High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat CodeReady Linux Builder for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat CodeReady Linux Builder for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for Real Time High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for ARM 64 High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux High Availability High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux Atomic Host HTB,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat CodeReady Linux Builder for IBM z Systems High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for SAP HANA for x86_64 High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux 7 Load Balancer High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for SAP HANA for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux Resilient Storage High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for SAP Applications for x86_64 High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux 7 Desktop High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] [sn:5712325381928997174 (Red Hat Enterprise Linux for SAP Applications for Power, little endian High Touch Beta,) @ /etc/pki/entitlement/5712325381928997174.pem] Report status: 1 updates: [] exceptions: Fact updates status: None updates: [] exceptions: Package profile updates status: 0 updates: [] exceptions: Installed Products status: 0 updates: [] exceptions: Syspurpose Sync status: Successfully synced system purpose updates: exceptions: [root@kvm-02-guest01 ~]# yum repolist all Loaded plugins: product-id, search-disabled-repos, subscription-manager This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions. This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions. repolist: 0 [root@kvm-02-guest01 ~]# Additional info: [root@kvm-02-guest01 ~]# tail -f /var/log/rhsm/rhsm.log (WHEN BANG! OCCURRED) 2020-01-06 16:30:10,838 [DEBUG] yum:30984:MainThread @identity.py:139 - Loading consumer info from identity certificates. 2020-01-06 16:30:10,847 [DEBUG] yum:30984:MainThread @__init__.py:92 - Searching for content of type: yum 2020-01-06 16:30:10,847 [DEBUG] yum:30984:MainThread @__init__.py:92 - Searching for content of type: deb 2020-01-06 16:30:10,865 [DEBUG] yum:30984:MainThread @cache.py:114 - Wrote cache: /var/lib/rhsm/cache/written_overrides.json 2020-01-06 16:30:10,866 [DEBUG] yum:30984:MainThread @repolib.py:466 - repos updated: Repo updates Total repo updates: 21 Updated <NONE> Added (new) [id:rhel-lb-for-rhel-7-server-htb-rpms Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (RPMs)] [id:rhel-7-server-htb-source-rpms Red Hat Enterprise Linux 7 Server HTB (Source RPMs)] [id:rhel-7-server-rt-htb-source-rpms Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Source RPMs)] [id:rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux 7 Server HTB (Debug RPMs)] [id:rhel-lb-for-rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Debug RPMs)] [id:rhel-lb-for-rhel-7-server-htb-source-rpms Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Source RPMs)] [id:rhel-rs-for-rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Debug RPMs)] [id:rhel-ha-for-rhel-7-server-htb-rpms Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (RPMs)] [id:rhel-7-server-extras-htb-rpms Red Hat Enterprise Linux 7 Server - Extras HTB (RPMs)] [id:rhel-7-server-optional-htb-rpms Red Hat Enterprise Linux 7 Server - Optional HTB (RPMs)] [id:rhel-7-server-extras-htb-source-rpms Red Hat Enterprise Linux 7 Server - Extras HTB (Source RPMs)] [id:rhel-ha-for-rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Debug RPMs)] [id:rhel-ha-for-rhel-7-server-htb-source-rpms Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Source RPMs)] [id:rhel-7-server-optional-htb-debug-rpms Red Hat Enterprise Linux 7 Server - Optional HTB (Debug RPMs)] [id:rhel-7-server-extras-htb-debug-rpms Red Hat Enterprise Linux 7 Server - Extras HTB (Debug RPMs)] [id:rhel-rs-for-rhel-7-server-htb-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (RPMs)] [id:rhel-7-server-rt-htb-rpms Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (RPMs)] [id:rhel-rs-for-rhel-7-server-htb-source-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Source RPMs)] [id:rhel-7-server-rt-htb-debug-rpms Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Debug RPMs)] [id:rhel-7-server-optional-htb-source-rpms Red Hat Enterprise Linux 7 Server - Optional HTB (Source RPMs)] [id:rhel-7-server-htb-rpms Red Hat Enterprise Linux 7 Server HTB (RPMs)] Deleted <NONE> [root@kvm-02-guest01 ~]# tail -f /var/log/rhsm/rhsm.log (WHEN WORKAROUND WAS INVOKED) 2020-01-06 16:33:18,642 [DEBUG] yum:30997:MainThread @identity.py:139 - Loading consumer info from identity certificates. 2020-01-06 16:33:18,683 [DEBUG] yum:30997:MainThread @__init__.py:92 - Searching for content of type: yum 2020-01-06 16:33:18,684 [DEBUG] yum:30997:MainThread @__init__.py:92 - Searching for content of type: deb 2020-01-06 16:33:18,750 [DEBUG] yum:30997:MainThread @cache.py:114 - Wrote cache: /var/lib/rhsm/cache/written_overrides.json 2020-01-06 16:33:18,750 [DEBUG] yum:30997:MainThread @repolib.py:466 - repos updated: Repo updates Total repo updates: 21 Updated [id:rhel-lb-for-rhel-7-server-htb-rpms Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (RPMs)] [id:rhel-7-server-htb-source-rpms Red Hat Enterprise Linux 7 Server HTB (Source RPMs)] [id:rhel-7-server-rt-htb-source-rpms Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Source RPMs)] [id:rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux 7 Server HTB (Debug RPMs)] [id:rhel-lb-for-rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Debug RPMs)] [id:rhel-lb-for-rhel-7-server-htb-source-rpms Red Hat Enterprise Linux Load Balancer (for RHEL 7 Server) HTB (Source RPMs)] [id:rhel-rs-for-rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Debug RPMs)] [id:rhel-ha-for-rhel-7-server-htb-rpms Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (RPMs)] [id:rhel-7-server-extras-htb-rpms Red Hat Enterprise Linux 7 Server - Extras HTB (RPMs)] [id:rhel-7-server-optional-htb-rpms Red Hat Enterprise Linux 7 Server - Optional HTB (RPMs)] [id:rhel-7-server-extras-htb-source-rpms Red Hat Enterprise Linux 7 Server - Extras HTB (Source RPMs)] [id:rhel-ha-for-rhel-7-server-htb-debug-rpms Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Debug RPMs)] [id:rhel-ha-for-rhel-7-server-htb-source-rpms Red Hat Enterprise Linux High Availability (for RHEL 7 Server) HTB (Source RPMs)] [id:rhel-7-server-optional-htb-debug-rpms Red Hat Enterprise Linux 7 Server - Optional HTB (Debug RPMs)] [id:rhel-7-server-extras-htb-debug-rpms Red Hat Enterprise Linux 7 Server - Extras HTB (Debug RPMs)] [id:rhel-rs-for-rhel-7-server-htb-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (RPMs)] [id:rhel-7-server-rt-htb-rpms Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (RPMs)] [id:rhel-rs-for-rhel-7-server-htb-source-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL 7 Server) HTB (Source RPMs)] [id:rhel-7-server-rt-htb-debug-rpms Red Hat Enterprise Linux for Real Time HTB (RHEL 7 Server) (Debug RPMs)] [id:rhel-7-server-optional-htb-source-rpms Red Hat Enterprise Linux 7 Server - Optional HTB (Source RPMs)] [id:rhel-7-server-htb-rpms Red Hat Enterprise Linux 7 Server HTB (RPMs)] Added (new) <NONE> Deleted <NONE>