+++ This bug was initially created as a clone of Bug #1171280 +++ Description of problem: Related to https://bugzilla.redhat.com/show_bug.cgi?id=1171278 But if an errata is in multiple repositories, applicability generation calculates whether the errata is applicable based on all the packages in the errata, not based on whether the packages are actually in the repository that the system is bound to. Version-Release number of selected component (if applicable): 2.4.1 How reproducible: Always Steps to Reproduce: 1. Sync RHEL 5 2. Sync RHEL 6 3. Bind a rhel 5 and a rhel 6 system to their respective repos 4. Generate, fetch, and note applicability 5. Update both systems fully 6. Generate, fetch and note applicability again Actual results: On either step 4 or 6, the appliability will be wrong. You may see errata not show up that should show up, or you may see errata show up as applicable when they are not. Additional info: The description is a bit vague, because it is complicated by https://bugzilla.redhat.com/show_bug.cgi?id=1171278 The solution to that bz may solve this issue by itself, or it may not. --- Additional comment from Chris Duryee on 2014-12-12 16:35:09 EST --- Here is how I repro'd, from a fresh 2.4.4 beta install: * sync rhel 6 * sync rhel 7 * bind a consumer to rhel 6 * generate applicability using "test_applicability_generation.py" playpen script (you'll need to modify it to specify your consumer id) * make a POST call to /pulp/api/v2/consumers/content/applicability/ with the following json: { "criteria": { "filters": {"id": {"$in": ["<your_consumer_id>"]}} }, "content_types": ["erratum"] } At this point, the RHEL6 system will have IDs for both RHEL6 and RHEL7 errata listed. --- Additional comment from Chris Duryee on 2014-12-15 16:24:12 EST --- https://github.com/pulp/pulp_rpm/pull/611 --- Additional comment from Randy Barlow on 2014-12-22 10:52:47 EST --- Fixed in 2.4.4-0.3.beta.
Fixed in 2.5.2-0.1.rc.
verified [root@ibm-x3250m4-02 ~]# rpm -qa pulp-server pulp-server-2.5.2-0.1.rc.el6.noarch [root@ibm-x3250m4-02 ~]# with rhel6 & 7 repos synced and rhel6 repo bound to a consumer root@ibm-x3250m4-02 ~]# ./test_applicability_generation.py Consumer Applicability Generation APIs Demo Press enter to continue... ------------------------------------------------------------------------ Demo with consumer_criteria '/pulp/api/v2/consumers/actions/content/regenerate_applicability/' consumer_criteria - {'filters': {'id': {'$in': ['ginger']}}, 'sort': [['id', 'ascending']]} Request Body { "consumer_criteria": { "sort": [ [ "id", "ascending" ] ], "filters": { "id": { "$in": [ "ginger" ] } } } } Response Body { "spawned_tasks": [ { "_href": "/pulp/api/v2/tasks/2431d076-b741-4fad-a27e-5b187ddbfeb5/", "task_id": "2431d076-b741-4fad-a27e-5b187ddbfeb5" } ], "result": null, "error": null } Press enter to continue... result - (202, {u'error': None, u'result': None, u'spawned_tasks': [{u'_href': u'/pulp/api/v2/tasks/2431d076-b741-4fad-a27e-5b187ddbfeb5/', u'task_id': u'2431d076-b741-4fad-a27e-5b187ddbfeb5'}]}) Demo with repo_criteria '/pulp/api/v2/repositories/actions/content/regenerate_applicability/' epo_criteria - {'filters': {'id': {'$in': ['rhel6', 'rhel7']}}, 'sort': [['id', 'ascending']]} Request Body { "repo_criteria": { "sort": [ [ "id", "ascending" ] ], "filters": { "id": { "$in": [ "rhel6", "rhel7" ] } } } } Response Body { "spawned_tasks": [ { "_href": "/pulp/api/v2/tasks/eaa1b335-dd8c-442c-be85-05616f887228/", "task_id": "eaa1b335-dd8c-442c-be85-05616f887228" } ], "result": null, "error": null } Press enter to continue... result - (202, {u'error': None, u'result': None, u'spawned_tasks': [{u'_href': u'/pulp/api/v2/tasks/eaa1b335-dd8c-442c-be85-05616f887228/', u'task_id': u'eaa1b335-dd8c-442c-be85-05616f887228'}]}) [root@ibm-x3250m4-02 ~]# [root@ibm-x3250m4-02 ~]# [root@ibm-x3250m4-02 ~]# [root@ibm-x3250m4-02 ~]# curl -k -X POST -d @./post-data.json "https://admin:admin@localhost/pulp/api/v2/consumers/content/applicability/" | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 112 1259 104 1259 0 88 10057 702 --:--:-- --:--:-- --:--:-- 16041 [ { "applicability": { "erratum": [ "de13d390-c00a-45fa-9c72-1f0d315110d9", "3e88365c-a7fb-40fe-b73b-962a428c42a0", "fba96d59-be5c-4716-a2df-606e0f2b6b52", "0d106e51-49fe-45a9-adfb-492e56b1fb84", "1cf37718-d406-4e4a-bc0d-d691002e3f47", "51582df0-b304-4bdd-a723-ebffd6c236cf", "613ae147-99c4-4596-a761-070a7f2b672f", "fbcdc1d5-94da-4055-87cb-036e1c0428fe", "a35ba1b5-dfc4-43cc-8faa-1d076ac53dc2", "08598756-b17f-4814-9e16-acb5d9ea4f12", "102f77b4-77ad-447b-bdbe-f13da47a05e7", "ca3bcccd-297e-4c7a-9f52-63f585df23ec", "0ed4dc4b-28ef-4ccb-a6d7-c14bc380494b", "49d5c96f-405e-4d9e-b9e6-ba6cfcdf20eb", "0d8614bd-5a4a-42eb-983a-c5c7f2fc2088", "690c17d3-5c5f-41db-a9b2-4b355763e24f", "26ed0a73-17ee-4bd2-b801-49336a7f5b80", "fd95a2d8-545b-4b41-9737-56646d66de45", "aa24137a-8857-492f-97fb-e51343d465e1", "9fa5410d-afbe-48f6-b2c6-dbeffe8147e4", "7b34d0ba-ec2f-4f5b-b4f0-63219c914a38", "f2b39c81-0362-43c3-ad20-ab44bd46b74a", "b922179c-97e6-4fd2-99aa-1016519d343b", "c3c759f1-1aa4-4181-920c-923dcd61df48", "ae7455bb-456d-479c-b224-e4ae23afb9df", "156ab65a-0134-4254-8414-9b56f14a6b47", "349a0681-51c4-49ab-9f99-c2b102c2b403", "0770b01b-ffe1-4e60-b48d-1d7e8d8847c4", "78154b3c-71dd-4f60-bad8-7b9a046568fd", "ca07c198-ec94-4105-a1fb-c727ce7388ae" ] }, "consumers": [ "ginger" ] } ] [root@ibm-x3250m4-02 ~]# pulp-admin rpm repo content errata --repo-id rhel7 --erratum-id RHSA-2014:1976 +----------------------------------------------------------------------+ Erratum: RHSA-2014:1976 +----------------------------------------------------------------------+ Id: RHSA-2014:1976 Title: Important: rpm security update Summary: Updated rpm packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description: The RPM Package Manager (RPM) is a powerful command line driven packagemanagement system capable of installing, uninstalling, verifying, querying,and updating software packages. Each software package consists of anarchive of files along with information about the package such as itsversion, description, and other information. It was found that RPM wrote file contents to the target installationdirectory under a temporary name, and verified its cryptographic signatureonly after the temporary file has been written completely. Under certainconditions, the system interprets the unverified temporary file contentsand extracts commands from it. This could allow an attacker to modifysigned RPM files in such a way that they would execute code chosen by theattacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to astack-based buffer overflow, while parsing a crafted CPIO header in thepayload section of an RPM file. This could allow an attacker to modifysigned RPM files in such a way that they would execute code chosen by theattacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. All runningapplications linked against the RPM library must be restarted for thisupdate to take effect. Severity: Important Type: security Issued: 2014-12-09 00:00:00 Updated: 2014-12-09 00:00:00 Version: 1 Release: Status: final Reboot Suggested: No Updated Packages: rpm-devel-0:4.11.1-18.el7_0.x86_64 rpm-python-0:4.11.1-18.el7_0.x86_64 rpm-libs-0:4.11.1-18.el7_0.i686 rpm-libs-0:4.11.1-18.el7_0.x86_64 rpm-sign-0:4.11.1-18.el7_0.x86_64 rpm-build-0:4.11.1-18.el7_0.x86_64 rpm-devel-0:4.11.1-18.el7_0.i686 rpm-build-libs-0:4.11.1-18.el7_0.x86_64 rpm-0:4.11.1-18.el7_0.x86_64 rpm-build-libs-0:4.11.1-18.el7_0.i686 References: ID: None Type: self Link: https://rhn.redhat.com/errata/RHSA-2014-1976.html ID: 1039811 Type: bugzilla Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1039811 ID: 1168715 Type: bugzilla Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1168715 ID: CVE-2013-6435 Type: cve Link: https://www.redhat.com/security/data/cve/CVE-2013-6435.html ID: CVE-2014-8118 Type: cve Link: https://www.redhat.com/security/data/cve/CVE-2014-8118.html ID: None Type: other Link: https://access.redhat.com/security/updates/classification/#important [root@ibm-x3250m4-02 ~]# mongo MongoDB shell version: 2.4.12 connecting to: test > use pulp_database switched to db pulp_database > db.units_erratum.findOne({"id": "RHSA-2014:1976"}, {"id":1}) { "_id" : "8b75f059-09d0-46a4-ba96-47f2e6c37f19", "id" : "RHSA-2014:1976" } > >
Pulp 2.5.2 has been released.