1178920 – Applicability Generation does not take into account repository packages, only errata packages

Bug 1178920 - Applicability Generation does not take into account repository packages, only errata packages

Summary: Applicability Generation does not take into account repository packages, only...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Pulp
Classification:	Retired
Component:	rpm-support
Sub Component:
Version:	2.5
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	---
Target Release:	2.5.2
Assignee:	Chris Duryee
QA Contact:	pulp-qe-list
Docs Contact:
URL:
Whiteboard:
Depends On:	1171280
Blocks:	1171282
TreeView+	depends on / blocked

Reported:	2015-01-05 16:28 UTC by Randy Barlow
Modified:	2015-02-05 21:47 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1171280
Environment:
Last Closed:	2015-02-05 21:47:05 UTC
Embargoed:

Attachments	(Terms of Use)

Description Randy Barlow 2015-01-05 16:28:34 UTC

+++ This bug was initially created as a clone of Bug #1171280 +++

Description of problem:

Related to https://bugzilla.redhat.com/show_bug.cgi?id=1171278

But if an errata is in multiple repositories, applicability generation calculates whether the errata is applicable based on all the packages in the errata, not based on whether the packages are actually in the repository that the system is bound to.


Version-Release number of selected component (if applicable):
2.4.1

How reproducible:
Always

Steps to Reproduce:
1. Sync RHEL 5
2. Sync RHEL 6
3. Bind a rhel 5 and a rhel 6 system to their respective repos
4. Generate, fetch, and note applicability
5. Update both systems fully
6. Generate, fetch and note applicability again

Actual results:
On either step 4 or 6, the appliability will be wrong.  You may see errata not show up that should show up, or you may see errata show up as applicable when they are not.


Additional info:
The description is a bit vague, because it is complicated by https://bugzilla.redhat.com/show_bug.cgi?id=1171278

The solution to that bz may solve this issue by itself, or it may not.

--- Additional comment from Chris Duryee on 2014-12-12 16:35:09 EST ---

Here is how I repro'd, from a fresh 2.4.4 beta install:

* sync rhel 6
* sync rhel 7
* bind a consumer to rhel 6
* generate applicability using "test_applicability_generation.py" playpen script (you'll need to modify it to specify your consumer id)
* make a POST call to /pulp/api/v2/consumers/content/applicability/ with the following json:

{
 "criteria": {
  "filters": {"id": {"$in": ["<your_consumer_id>"]}}
 },
 "content_types": ["erratum"]
}


At this point, the RHEL6 system will have IDs for both RHEL6 and RHEL7 errata listed.

--- Additional comment from Chris Duryee on 2014-12-15 16:24:12 EST ---

https://github.com/pulp/pulp_rpm/pull/611

--- Additional comment from Randy Barlow on 2014-12-22 10:52:47 EST ---

Fixed in 2.4.4-0.3.beta.

Comment 1 Randy Barlow 2015-01-05 16:29:05 UTC

Fixed in 2.5.2-0.1.rc.

Comment 2 Preethi Thomas 2015-01-06 22:00:13 UTC

verified
[root@ibm-x3250m4-02 ~]# rpm -qa pulp-server
pulp-server-2.5.2-0.1.rc.el6.noarch
[root@ibm-x3250m4-02 ~]# 

with rhel6 & 7 repos synced and rhel6 repo bound to a consumer

root@ibm-x3250m4-02 ~]# ./test_applicability_generation.py 
Consumer Applicability Generation APIs Demo
Press enter to continue...

------------------------------------------------------------------------

Demo with consumer_criteria
'/pulp/api/v2/consumers/actions/content/regenerate_applicability/'

consumer_criteria -
{'filters': {'id': {'$in': ['ginger']}}, 'sort': [['id', 'ascending']]}

Request Body
{
  "consumer_criteria": {
    "sort": [
      [
        "id", 
        "ascending"
      ]
    ], 
    "filters": {
      "id": {
        "$in": [
          "ginger"
        ]
      }
    }
  }
}
Response Body
{
  "spawned_tasks": [
    {
      "_href": "/pulp/api/v2/tasks/2431d076-b741-4fad-a27e-5b187ddbfeb5/", 
      "task_id": "2431d076-b741-4fad-a27e-5b187ddbfeb5"
    }
  ], 
  "result": null, 
  "error": null
}
Press enter to continue...

result -
(202,
 {u'error': None,
  u'result': None,
  u'spawned_tasks': [{u'_href': u'/pulp/api/v2/tasks/2431d076-b741-4fad-a27e-5b187ddbfeb5/',
                      u'task_id': u'2431d076-b741-4fad-a27e-5b187ddbfeb5'}]})

Demo with repo_criteria
'/pulp/api/v2/repositories/actions/content/regenerate_applicability/'
epo_criteria -
{'filters': {'id': {'$in': ['rhel6', 'rhel7']}}, 'sort': [['id', 'ascending']]}

Request Body
{
  "repo_criteria": {
    "sort": [
      [
        "id", 
        "ascending"
      ]
    ], 
    "filters": {
      "id": {
        "$in": [
          "rhel6", 
          "rhel7"
        ]
      }
    }
  }
}
Response Body
{
  "spawned_tasks": [
    {
      "_href": "/pulp/api/v2/tasks/eaa1b335-dd8c-442c-be85-05616f887228/", 
      "task_id": "eaa1b335-dd8c-442c-be85-05616f887228"
    }
  ], 
  "result": null, 
  "error": null
}
Press enter to continue...

result -
(202,
 {u'error': None,
  u'result': None,
  u'spawned_tasks': [{u'_href': u'/pulp/api/v2/tasks/eaa1b335-dd8c-442c-be85-05616f887228/',
                      u'task_id': u'eaa1b335-dd8c-442c-be85-05616f887228'}]})

[root@ibm-x3250m4-02 ~]# 
[root@ibm-x3250m4-02 ~]# 
[root@ibm-x3250m4-02 ~]# 
[root@ibm-x3250m4-02 ~]# curl -k -X POST -d @./post-data.json "https://admin:admin@localhost/pulp/api/v2/consumers/content/applicability/" | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
112  1259  104  1259    0    88  10057    702 --:--:-- --:--:-- --:--:-- 16041
[
    {
        "applicability": {
            "erratum": [
                "de13d390-c00a-45fa-9c72-1f0d315110d9", 
                "3e88365c-a7fb-40fe-b73b-962a428c42a0", 
                "fba96d59-be5c-4716-a2df-606e0f2b6b52", 
                "0d106e51-49fe-45a9-adfb-492e56b1fb84", 
                "1cf37718-d406-4e4a-bc0d-d691002e3f47", 
                "51582df0-b304-4bdd-a723-ebffd6c236cf", 
                "613ae147-99c4-4596-a761-070a7f2b672f", 
                "fbcdc1d5-94da-4055-87cb-036e1c0428fe", 
                "a35ba1b5-dfc4-43cc-8faa-1d076ac53dc2", 
                "08598756-b17f-4814-9e16-acb5d9ea4f12", 
                "102f77b4-77ad-447b-bdbe-f13da47a05e7", 
                "ca3bcccd-297e-4c7a-9f52-63f585df23ec", 
                "0ed4dc4b-28ef-4ccb-a6d7-c14bc380494b", 
                "49d5c96f-405e-4d9e-b9e6-ba6cfcdf20eb", 
                "0d8614bd-5a4a-42eb-983a-c5c7f2fc2088", 
                "690c17d3-5c5f-41db-a9b2-4b355763e24f", 
                "26ed0a73-17ee-4bd2-b801-49336a7f5b80", 
                "fd95a2d8-545b-4b41-9737-56646d66de45", 
                "aa24137a-8857-492f-97fb-e51343d465e1", 
                "9fa5410d-afbe-48f6-b2c6-dbeffe8147e4", 
                "7b34d0ba-ec2f-4f5b-b4f0-63219c914a38", 
                "f2b39c81-0362-43c3-ad20-ab44bd46b74a", 
                "b922179c-97e6-4fd2-99aa-1016519d343b", 
                "c3c759f1-1aa4-4181-920c-923dcd61df48", 
                "ae7455bb-456d-479c-b224-e4ae23afb9df", 
                "156ab65a-0134-4254-8414-9b56f14a6b47", 
                "349a0681-51c4-49ab-9f99-c2b102c2b403", 
                "0770b01b-ffe1-4e60-b48d-1d7e8d8847c4", 
                "78154b3c-71dd-4f60-bad8-7b9a046568fd", 
                "ca07c198-ec94-4105-a1fb-c727ce7388ae"
            ]
        }, 
        "consumers": [
            "ginger"
        ]
    }
]
[root@ibm-x3250m4-02 ~]# pulp-admin rpm repo content errata --repo-id rhel7 --erratum-id RHSA-2014:1976
+----------------------------------------------------------------------+
                        Erratum: RHSA-2014:1976
+----------------------------------------------------------------------+

Id:                RHSA-2014:1976
Title:             Important: rpm security update
Summary:           Updated rpm packages that fix two security issues are now available for Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description:
  The RPM Package Manager (RPM) is a powerful command line driven
  packagemanagement system capable of installing, uninstalling, verifying,
  querying,and updating software packages. Each software package consists of
  anarchive of files along with information about the package such as
  itsversion, description, and other information.

  It was found that RPM wrote file contents to the target installationdirectory
  under a temporary name, and verified its cryptographic signatureonly after the
  temporary file has been written completely. Under certainconditions, the
  system interprets the unverified temporary file contentsand extracts commands
  from it. This could allow an attacker to modifysigned RPM files in such a way
  that they would execute code chosen by theattacker during package
  installation. (CVE-2013-6435)

  It was found that RPM could encounter an integer overflow, leading to
  astack-based buffer overflow, while parsing a crafted CPIO header in
  thepayload section of an RPM file. This could allow an attacker to
  modifysigned RPM files in such a way that they would execute code chosen by
  theattacker during package installation. (CVE-2014-8118)

  These issues were discovered by Florian Weimer of Red Hat Product Security.

  All rpm users are advised to upgrade to these updated packages, whichcontain
  backported patches to correct these issues. All runningapplications linked
  against the RPM library must be restarted for thisupdate to take effect.

Severity:          Important
Type:              security
Issued:            2014-12-09 00:00:00
Updated:           2014-12-09 00:00:00
Version:           1
Release:           
Status:            final
Reboot Suggested:  No

Updated Packages:
  rpm-devel-0:4.11.1-18.el7_0.x86_64
  rpm-python-0:4.11.1-18.el7_0.x86_64
  rpm-libs-0:4.11.1-18.el7_0.i686
  rpm-libs-0:4.11.1-18.el7_0.x86_64
  rpm-sign-0:4.11.1-18.el7_0.x86_64
  rpm-build-0:4.11.1-18.el7_0.x86_64
  rpm-devel-0:4.11.1-18.el7_0.i686
  rpm-build-libs-0:4.11.1-18.el7_0.x86_64
  rpm-0:4.11.1-18.el7_0.x86_64
  rpm-build-libs-0:4.11.1-18.el7_0.i686

References:
  ID:   None
  Type: self
  Link: https://rhn.redhat.com/errata/RHSA-2014-1976.html

  ID:   1039811
  Type: bugzilla
  Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1039811

  ID:   1168715
  Type: bugzilla
  Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1168715

  ID:   CVE-2013-6435
  Type: cve
  Link: https://www.redhat.com/security/data/cve/CVE-2013-6435.html

  ID:   CVE-2014-8118
  Type: cve
  Link: https://www.redhat.com/security/data/cve/CVE-2014-8118.html

  ID:   None
  Type: other
  Link: https://access.redhat.com/security/updates/classification/#important



[root@ibm-x3250m4-02 ~]# mongo
MongoDB shell version: 2.4.12
connecting to: test
> use pulp_database
switched to db pulp_database
> db.units_erratum.findOne({"id": "RHSA-2014:1976"}, {"id":1})
{ "_id" : "8b75f059-09d0-46a4-ba96-47f2e6c37f19", "id" : "RHSA-2014:1976" }
> 
>

Comment 3 Randy Barlow 2015-02-05 21:47:05 UTC

Pulp 2.5.2 has been released.

Note You need to log in before you can comment on or make changes to this bug.