Bug 2019563

Summary: Missing fields on MD5 repos in repomd.xml on a FIPS enabled satellite
Product: Red Hat Satellite Reporter: Lai <ltran>
Component: PulpAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Peter Ondrejka <pondrejk>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.9.7CC: ahumbe, ggainey, lvrtelov, osousa, pmendezh, rchan, swadeley, ttereshc
Target Milestone: 6.9.9Keywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pulp-rpm-2.21.5.2-3.el7sat Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-20 20:34:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1929347    
Attachments:
Description Flags
Potential fix for FIPS-publish issue. none

Description Lai 2021-11-02 20:08:00 UTC 
Description of problem:
There seems to be missing metadata fields within the repodmd.xml for MD5.  At the moment, it only contains "group" data type in the repodmd.xml file.

Version-Release number of selected component (if applicable):
6.9.7 snap 3

How reproducible:
100%

Steps to reproduce
1. On a 6.9.7 satellite box, enabled FIPS following the instructions on https://access.redhat.com/solutions/137833
2. Create a custom yum repo and sync https://fixtures.pulpproject.org/rpm-with-md5/ & https://fixtures.pulpproject.org/rpm-with-sha-1-modular/ for sha1 and md5
3. In the repos details page, click the "published at" link and drill into the repodata and repomd.xml file

Actual results:
repomd.xml file only has the "group" data type within the file.

Expected results:
The repomd.xml should have 'primary', 'filelists` and `updateinfo`.


Additional info:
I have only seen this with MD5 Repos.  I have not looked if it's also impacting SHA1, SHA256, or any of the rhel6,7,8 repos yet.  I would leave the investigation up to dev.
Comment 5 Grant Gainey 2021-11-04 18:05:06 UTC 
Created attachment 1839904 [details]
Potential fix for FIPS-publish issue.
Comment 6 pulp-infra@redhat.com 2021-12-09 21:07:53 UTC 
The Pulp upstream bug status is at POST. Updating the external tracker on this bug.
Comment 7 pulp-infra@redhat.com 2021-12-09 21:07:54 UTC 
The Pulp upstream bug priority is at Normal. Updating the external tracker on this bug.
Comment 8 pulp-infra@redhat.com 2021-12-21 15:08:58 UTC 
The Pulp upstream bug status is at MODIFIED. Updating the external tracker on this bug.
Comment 9 pulp-infra@redhat.com 2021-12-21 16:12:50 UTC 
All upstream Pulp bugs are at MODIFIED+. Moving this bug to POST.
Comment 11 Peter Ondrejka 2022-03-24 10:57:36 UTC 
Hello, checked on Satellite 6.9.9 snap1 (python3-pulp-rpm-3.11.4-1.el7pc.noarch), the repomd.xml problem persists when syncing  https://fixtures.pulpproject.org/rpm-with-md5/ to a fips-enabled satellite. The synced repomd.xml looks as follows 

<repomd>
<revision>1648117368</revision>
<data type="group">
<location href="repodata/e909ddae328b9f59c3f3b3fdaad8acbe-comps.xml"/>
<timestamp>1648117368</timestamp>
<size>2357</size>
<checksum type="md5">e909ddae328b9f59c3f3b3fdaad8acbe</checksum>
</data>
</repomd>


Journalctl exhibits the exact same error as mentioned in comment 3

Reproducer machine available upon ping.
Comment 14 Peter Ondrejka 2022-03-28 11:36:04 UTC 
Verified on Satellite 6.9.9 snap 2, the md5 repo is synced with complete metadata on fips-enabled satellite.
Comment 19 errata-xmlrpc 2022-04-20 20:34:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.9.9 Async Bug Fix Update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1478