Bug 1992699

Summary: Publishing a cv threw an error and marked successfull with no error in /var/log/messages on a FIPS enabled system
Product: Red Hat Satellite Reporter: Lai <ltran>
Component: PulpAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED WONTFIX QA Contact: Lai <ltran>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.9.0CC: rchan, ttereshc
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-09-23 15:15:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lai 2021-08-11 15:24:39 UTC 
Description of problem:
On a FIPS enabled system, I was able to sync md5 and sha1 repos successfully.  I was also able to publish those repos on a cv successfully as well, but it threw errors in the logs.

Version-Release number of selected component (if applicable):
6.9.5 snap 1

How reproducible:


Steps to Reproduce:
1. On a 6.9 satellite box, enabled FIPS following the instructions on https://access.redhat.com/solutions/137833
2. Sync rhel6, rhel7, rhel8 repos
3. Create a custom yum repo and sync https://fixtures.pulpproject.org/rpm-with-md5/ & https://fixtures.pulpproject.org/rpm-with-sha-1-modular/ for sha1 and md5
4. Create a content view and add the repos from 2 and 3.
5. Publish content view
6. Check /var/log/messages

Actual results:
log contains errors.

Expected results:
Should see no errors in log.

Additional info:
Comment 2 Tanya Tereshchenko 2021-08-17 21:09:28 UTC 
This is a pulp2 issue.
Looking at the code, it looks like an old issue. I expect it to exist in all previous Sat versions.

Lai, could you share the resulted repomd.xml for the md5 and sha1 repositories?
I'd like to check the its correctness.

Thanks.
Comment 7 Robin Chan 2021-09-23 15:15:07 UTC 
Since this issue will be fixed upon upgrade to Satellite 6.10 (repomd.xml file is incomplete for md5 repo but migration to Satellite 6.10 will regenerate the repo metadata correctly,) we won't plan to fix this in 6.9.z. This has not been reported by any customers so it's likely customers using FIPS aren't syncing md5 repos.