| Summary: | 403 Forbidden error trying to download rpm from promotions page | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Jeff Weiss <jweiss> |
| Component: | WebUI | Assignee: | Justin Sherrill <jsherril> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Katello QA List <katello-qa-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.0.0 | CC: | dajohnso, gkhachik, jsherril, mmccune |
| Target Milestone: | Unspecified | Keywords: | Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-08-22 18:28:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Jeff Weiss
2012-02-21 15:53:34 UTC
I believe this is because your browser doesn't have the Uebercert setup. Will verify Partha, can you see if importing the UC into your browser fixes the above issue? If so can you add a bit of UI wording on package details page indicating you need the UC imported before you can download? I tried importing ubercert into browsers: Chrome: prompts for password to decrypt key (I don't think it likes pem format - default file open box only shows p12). Firefox: import appears to fail silently, I don't see the cert in FF's long list of certs, but I'm not sure what to look for - there's nothing under the org name, server name, "katello" or "red hat". Either browser, I still get 403 after trying to import the ubercert. * decrypt the cert rather Jeff, So you can't just import the cert directly you have to go through these steps: https://fedorahosted.org/katello/wiki/GuideDebugCertificates to convert to a p12 file. Also in firefox you have to switch to the "Your cerficates" tab (which is empty be default). This tab actually looks for the .pfx files and not the pem files. It sounds like you are on the authorities tab. All that being said, when i did the steps properly I was still unable to access the pages. Looking into it more. -Justin After a discussion with BK and tsanders we came up with the following conclusions: 1. You shouldn't have to import the debug cert just to download a package 2. Pulp should offer a time limited, hash-based url to download packages So until pulp adds that, we are going to get rid of the download url that does not currently work. RFE's: pulp: https://bugzilla.redhat.com/show_bug.cgi?id=798417 sysengine: https://bugzilla.redhat.com/show_bug.cgi?id=798425 There does seem to be a problem with using a browser and the debug cert and that has been filed here for pulp: https://bugzilla.redhat.com/show_bug.cgi?id=798418 Note, the uber cert failing turned out to be a problem with our configuration: https://bugzilla.redhat.com/show_bug.cgi?id=798454 disabling package download in katello master: d29fc27870f31a60051e510dd4b38b4e458c6aa3 confirm: there is no "download" link for the packages any more. @Jeff: fill free to mark bug verified if you think the issue could be considered as fixed for you :) QA Verified. |