Bug 803377

Looks like the code causing this is in "common/cert_utils.py"

   for e in extensions:

        if not e.match('1.3.6.1.4.1.2312.9.2.'):
            LOG.warning('Unexpected OID encountered [%s]' % '.'.join(e.part))
            continue


I *think*  the following should be valid but I'm not really sure..
1.3.6.1.4.1.2312.9.4
1.3.6.1.4.1.2312.9.5
1.3.6.1.4.1.2312.9.1

If they are valid we could just change the code to..
  
for e in extensions:

        if not e.match('1.3.6.1.4.1.2312.9.'):
            LOG.warning('Unexpected OID encountered [%s]' % '.'.join(e.part))
            continue

Created attachment 585239 [details]
patch to fix erroneous oid errors

Not sure if this is a valid fix for the bug.. will check w/ the docs and Chris

k.. according to: 
https://docspace.corp.redhat.com/docs/DOC-30244

'1.3.6.1.4.1.2312.9.2.' = RHEL products..  we were probably verifying that only RHEL was getting imported, which has changed since we import RHUI content and other content now..


1.3.6.1.4.1.2312.9.2 (Content Namespace)
  1.3.6.1.4.1.2312.9.2.<content_hash> (Red Hat Enterprise Linux (core server))
  1.3.6.1.4.1.2312.9.2.<content_hash>.1 (Yum repo type))
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.1 (Name) : Red Hat Enterprise Linux (core server)
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.2 (Label) : rhel-server
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.5 (Vendor ID): %Red_Hat_Id% or %Red_Hat_Label%
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.6 (Download URL): content/rhel-server/$releasever/$basearch
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.7 (GPG Key URL): file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.8 (Enabled): 1
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.9 (Metadata Expire Seconds): 604800
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.10 (Required Tags): TAG1,TAG2,TAG3
   #Fill in with better data
  1.3.6.1.4.1.2312.9.2.<content_hash> (Red Hat Enterprise Linux (Supplementary))
  1.3.6.1.4.1.2312.9.2.<content_hash>.1 (Yum repo type))
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.1 (Name) : Red Hat Enterprise Linux (Supplementary)
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.2 (Label) : rhel-server-6-supplementary
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.5 (Vendor ID): %Red_Hat_Id% or %Red_Hat_Label%
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.6 (Download URL): content/rhel-server-6-supplementary/$releasever/$basearch
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.7 (GPG Key URL): file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
    1.3.6.1.4.1.2312.9.2.<content_hash>.1.8 (Enabled): 1
#Different repo types (file is direct download w/ expected client type of browser, wget, ftp, etc)
  1.3.6.1.4.1.2312.9.2.<content_hash> (Red Hat Enterprise Linux (core server) - ISOs)
  1.3.6.1.4.1.2312.9.2.<content_hash>.2 (File repo type))
    1.3.6.1.4.1.2312.9.2.<content_hash>.2.1 (Name) : Red Hat Enterprise Linux (core server)
    1.3.6.1.4.1.2312.9.2.<content_hash>.2.2 (Label) : rhel-server
    1.3.6.1.4.1.2312.9.2.<content_hash>.2.5 (Vendor ID): %Red_Hat_Id% or %Red_Hat_Label%
    1.3.6.1.4.1.2312.9.2.<content_hash>.2.6 (Download URL): content/rhel-server-isos/$releasever/$basearch
    1.3.6.1.4.1.2312.9.2.<content_hash>.2.7 (GPG Key URL): gpg/rhel-server-isos/$releasever/$basearch
    1.3.6.1.4.1.2312.9.2.<content_hash>.2.8 (Enabled):  0

Questions for Chris..

1. do we want to be more/less specific about which oid's are valid for rhui?

Can we simply clean up the message or only present it once?

(In reply to comment #5)
> Can we simply clean up the message or only present it once?

I've made the change so the error is not thrown. I don't think the error was valid anyway because '1.3.6.1.4.1.2312.9.' is the base OID for RHEL products afaict.

I know we only will support a certain set of products via rhui. I was wondering if you wanted to be very particular about what RHUI would except.  It doesn't seem to me to be worth while to do much OID checking in the code itself, but what the hell do I know. :)

cloude commit 1afdf23e19a0bfb0e0e29852d6a7245463696a38

Created attachment 601235 [details]
Verifying screen log

The patch has indeed been applied in version: 2.0.68 of rh-rhui-tools (RHEL-6.3-RHUI-2.1-20120705.0-Server-x86_64-DVD1.iso). The Unexpected OID should be reported against Red Hat content no more (based on the fact the checking mechanizm is regular expression match and the string being checked is a prefix of RHEL products listed here: https://docspace.corp.redhat.com/docs/DOC-30244). See the screen log attached.

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Unexpected OID error messages were being reported against Red Hat content due to a restrictive base OID of Red Hat Enterprise Linux products.  This  update corrects the checking mechanism to match all RHEL product prefix.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1205.html