Bug 706265

Summary: product cert is not getting removed after removing all the installed packages from its repo using yum
Product: Red Hat Enterprise Linux 5 Reporter: John Sefler <jsefler>
Component: subscription-managerAssignee: Adrian Likins <alikins>
Status: CLOSED DUPLICATE QA Contact: John Sefler <jsefler>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.7CC: cduryee, spandey
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-24 18:16:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 675214    

Description John Sefler 2011-05-19 21:27:54 UTC 
Description of problem:
When subscribing to a subscription pool and installing the first package from that repo, the product-id plugin will lay down the product cert pem into /etc/pki/product, but then when you yum remove that same package, the product cert should be removed.  Currently it is not getting removed.

This is important because once all the packages from a product are removed, then the product id should not stay on the client otherwise subscription manager will report the product as "invalid/out-of-compliance".


Version-Release number of selected component (if applicable):
[root@jsefler-onprem-5server ~]# rpm -qa | grep subscription-manager
subscription-manager-firstboot-0.95.5.18-1.el5
subscription-manager-0.95.5.18-1.el5
subscription-manager-gnome-0.95.5.18-1.el5


How reproducible:


Steps to Reproduce:
# create the following repo:
[root@jsefler-onprem-5server ~]# cat /etc/yum.repos.d/rhel57test.repo 
[rhel57test]
name=test $releasever - $basearch
baseurl=http://porkchop.devel.redhat.com/rel-eng/RHEL-5.7-Server-Beta-1.2/tree-x86_64/Server/
enabled=1
gpgcheck=0

root@jsefler-onprem-5server ~]# grep hostname /etc/rhsm/rhsm.conf 
# Server hostname:
hostname = subscription.rhn.stage.redhat.com
proxy_hostname =
[root@jsefler-onprem-5server yum.repos.d]# subscription-manager register --username=stage_test_10 --password=redhat
1be4ad84-5fbe-4e7d-a41b-af08b731fcbd jsefler-onprem-5server.usersys.redhat.com

[root@jsefler-onprem-5server yum.repos.d]# subscription-manager list --installed
No installed Products to list


^^^^ Notice that no products are installed (nothing in /etc/pki/product)

[root@jsefler-onprem-5server ~]# yum list zsh
Loaded plugins: product-id, security, subscription-manager
Updating Red Hat repositories.
Available Packages
zsh.x86_64                                                          4.2.6-5.el5                                                           rhel57test
[root@jsefler-onprem-5server ~]# 
[root@jsefler-onprem-5server ~]# yum install zsh
Loaded plugins: product-id, security, subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package zsh.x86_64 0:4.2.6-5.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================================
 Package                       Arch                             Version                                  Repository                            Size
====================================================================================================================================================
Installing:
 zsh                           x86_64                           4.2.6-5.el5                              rhel57test                           1.8 M

Transaction Summary
====================================================================================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 1.8 M
Is this ok [y/N]: y
Downloading Packages:
zsh-4.2.6-5.el5.x86_64.rpm                                                                                                   | 1.8 MB     00:01     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : zsh                                                                                                                          1/1 
rhel57test/productid                                                                                                         | 1.7 kB     00:00     
duration: 344(ms)
installing: 95.pem
Installed products updated.

Installed:
  zsh.x86_64 0:4.2.6-5.el5                                                                                                                          

Complete!


^^^^ Notice that package zsh was installed from the rhel57test repo and that the 95.pem product cert was installed...

[root@jsefler-onprem-5server ~]# ls /etc/pki/product/
95.pem
[root@jsefler-onprem-5server ~]# subscription-manager list --installed
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+

ProductName:        	Red Hat Enterprise Linux Server
Status:             	Not Subscribed           
Expires:            	                         
Subscription:       	                         
ContractNumber:     	                         
AccountNumber:   


Now, let's remove the package...


[root@jsefler-onprem-5server ~]# yum remove zsh
Loaded plugins: product-id, security, subscription-manager
Updating Red Hat repositories.
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package zsh.x86_64 0:4.2.6-5.el5 set to be erased
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================================================================
 Package                        Arch                              Version                                Repository                            Size
====================================================================================================================================================
Removing:
 zsh                            x86_64                            4.2.6-5.el5                            installed                            3.6 M

Transaction Summary
====================================================================================================================================================
Remove        1 Package(s)
Reinstall     0 Package(s)
Downgrade     0 Package(s)

Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing        : zsh                                                                                                                          1/1 
duration: 321(ms)
Installed products updated.

Removed:
  zsh.x86_64 0:4.2.6-5.el5                                                                                                                          

Complete!
[root@jsefler-onprem-5server ~]# ls /etc/pki/product/
95.pem
[root@jsefler-onprem-5server ~]# subscription-manager list --installed
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+

ProductName:        	Red Hat Enterprise Linux Server
Status:             	Not Subscribed           
Expires:            	                         
Subscription:       	                         
ContractNumber:     	                         
AccountNumber:      	                         


^^^ Notice that after removing the zsh package (from the rhel57test repo) the product cert (95.pem) was not uninstalled.


[root@jsefler-onprem-5server ~]# subscription-manager facts --list | grep .entitlements_valid
system.entitlements_valid: False


^^^ And notice that we are now considered "invalid/uncompliant"



Expected results:
When all packages from a repo are removed, then the corresponding product cert should be removed.

Additional info:
Comment 1 Chris Duryee 2011-05-20 13:58:59 UTC 
I tested this some more, and the cert gets removed only if the repo is removed or disabled. For example, if you set "enabled=0" in the repo conf file, that will do it.

I'm testing now to see if this is the same behavior as 6.
Comment 2 Chris Duryee 2011-05-20 14:24:20 UTC 
rhel6 is package based, not repo based. "yum install ccs" will lay down the HA cert, and "yum remove ccs" will remove it. The docs also mention that product certs are package based.
Comment 3 Chris Duryee 2011-05-24 18:16:34 UTC 

*** This bug has been marked as a duplicate of bug 707313 ***