Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1178920

Summary:	Applicability Generation does not take into account repository packages, only errata packages
Product:	[Retired] Pulp	Reporter:	Randy Barlow <rbarlow>
Component:	rpm-support	Assignee:	Chris Duryee <cduryee>
Status:	CLOSED CURRENTRELEASE	QA Contact:	pulp-qe-list
Severity:	high	Docs Contact:
Priority:	urgent
Version:	2.5	CC:	cduryee, jsherril, pthomas, rbarlow, skarmark
Target Milestone:	---	Keywords:	Triaged
Target Release:	2.5.2
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:	1171280	Environment:
Last Closed:	2015-02-05 21:47:05 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1171280
Bug Blocks:	1171282

Description Randy Barlow 2015-01-05 16:28:34 UTC

+++ This bug was initially created as a clone of Bug #1171280 +++

Description of problem:

Related to https://bugzilla.redhat.com/show_bug.cgi?id=1171278

But if an errata is in multiple repositories, applicability generation calculates whether the errata is applicable based on all the packages in the errata, not based on whether the packages are actually in the repository that the system is bound to.


Version-Release number of selected component (if applicable):
2.4.1

How reproducible:
Always

Steps to Reproduce:
1. Sync RHEL 5
2. Sync RHEL 6
3. Bind a rhel 5 and a rhel 6 system to their respective repos
4. Generate, fetch, and note applicability
5. Update both systems fully
6. Generate, fetch and note applicability again

Actual results:
On either step 4 or 6, the appliability will be wrong.  You may see errata not show up that should show up, or you may see errata show up as applicable when they are not.


Additional info:
The description is a bit vague, because it is complicated by https://bugzilla.redhat.com/show_bug.cgi?id=1171278

The solution to that bz may solve this issue by itself, or it may not.

--- Additional comment from Chris Duryee on 2014-12-12 16:35:09 EST ---

Here is how I repro'd, from a fresh 2.4.4 beta install:

* sync rhel 6
* sync rhel 7
* bind a consumer to rhel 6
* generate applicability using "test_applicability_generation.py" playpen script (you'll need to modify it to specify your consumer id)
* make a POST call to /pulp/api/v2/consumers/content/applicability/ with the following json:

{
 "criteria": {
  "filters": {"id": {"$in": ["<your_consumer_id>"]}}
 },
 "content_types": ["erratum"]
}


At this point, the RHEL6 system will have IDs for both RHEL6 and RHEL7 errata listed.

--- Additional comment from Chris Duryee on 2014-12-15 16:24:12 EST ---

https://github.com/pulp/pulp_rpm/pull/611

--- Additional comment from Randy Barlow on 2014-12-22 10:52:47 EST ---

Fixed in 2.4.4-0.3.beta.

Comment 1 Randy Barlow 2015-01-05 16:29:05 UTC

Fixed in 2.5.2-0.1.rc.

Comment 2 Preethi Thomas 2015-01-06 22:00:13 UTC

verified
[root@ibm-x3250m4-02 ~]# rpm -qa pulp-server
pulp-server-2.5.2-0.1.rc.el6.noarch
[root@ibm-x3250m4-02 ~]# 

with rhel6 & 7 repos synced and rhel6 repo bound to a consumer

root@ibm-x3250m4-02 ~]# ./test_applicability_generation.py 
Consumer Applicability Generation APIs Demo
Press enter to continue...

------------------------------------------------------------------------

Demo with consumer_criteria
'/pulp/api/v2/consumers/actions/content/regenerate_applicability/'

consumer_criteria -
{'filters': {'id': {'$in': ['ginger']}}, 'sort': [['id', 'ascending']]}

Request Body
{
  "consumer_criteria": {
    "sort": [
      [
        "id", 
        "ascending"
      ]
    ], 
    "filters": {
      "id": {
        "$in": [
          "ginger"
        ]
      }
    }
  }
}
Response Body
{
  "spawned_tasks": [
    {
      "_href": "/pulp/api/v2/tasks/2431d076-b741-4fad-a27e-5b187ddbfeb5/", 
      "task_id": "2431d076-b741-4fad-a27e-5b187ddbfeb5"
    }
  ], 
  "result": null, 
  "error": null
}
Press enter to continue...

result -
(202,
 {u'error': None,
  u'result': None,
  u'spawned_tasks': [{u'_href': u'/pulp/api/v2/tasks/2431d076-b741-4fad-a27e-5b187ddbfeb5/',
                      u'task_id': u'2431d076-b741-4fad-a27e-5b187ddbfeb5'}]})

Demo with repo_criteria
'/pulp/api/v2/repositories/actions/content/regenerate_applicability/'
epo_criteria -
{'filters': {'id': {'$in': ['rhel6', 'rhel7']}}, 'sort': [['id', 'ascending']]}

Request Body
{
  "repo_criteria": {
    "sort": [
      [
        "id", 
        "ascending"
      ]
    ], 
    "filters": {
      "id": {
        "$in": [
          "rhel6", 
          "rhel7"
        ]
      }
    }
  }
}
Response Body
{
  "spawned_tasks": [
    {
      "_href": "/pulp/api/v2/tasks/eaa1b335-dd8c-442c-be85-05616f887228/", 
      "task_id": "eaa1b335-dd8c-442c-be85-05616f887228"
    }
  ], 
  "result": null, 
  "error": null
}
Press enter to continue...

result -
(202,
 {u'error': None,
  u'result': None,
  u'spawned_tasks': [{u'_href': u'/pulp/api/v2/tasks/eaa1b335-dd8c-442c-be85-05616f887228/',
                      u'task_id': u'eaa1b335-dd8c-442c-be85-05616f887228'}]})

[root@ibm-x3250m4-02 ~]# 
[root@ibm-x3250m4-02 ~]# 
[root@ibm-x3250m4-02 ~]# 
[root@ibm-x3250m4-02 ~]# curl -k -X POST -d @./post-data.json "https://admin:admin@localhost/pulp/api/v2/consumers/content/applicability/" | python -mjson.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
112  1259  104  1259    0    88  10057    702 --:--:-- --:--:-- --:--:-- 16041
[
    {
        "applicability": {
            "erratum": [
                "de13d390-c00a-45fa-9c72-1f0d315110d9", 
                "3e88365c-a7fb-40fe-b73b-962a428c42a0", 
                "fba96d59-be5c-4716-a2df-606e0f2b6b52", 
                "0d106e51-49fe-45a9-adfb-492e56b1fb84", 
                "1cf37718-d406-4e4a-bc0d-d691002e3f47", 
                "51582df0-b304-4bdd-a723-ebffd6c236cf", 
                "613ae147-99c4-4596-a761-070a7f2b672f", 
                "fbcdc1d5-94da-4055-87cb-036e1c0428fe", 
                "a35ba1b5-dfc4-43cc-8faa-1d076ac53dc2", 
                "08598756-b17f-4814-9e16-acb5d9ea4f12", 
                "102f77b4-77ad-447b-bdbe-f13da47a05e7", 
                "ca3bcccd-297e-4c7a-9f52-63f585df23ec", 
                "0ed4dc4b-28ef-4ccb-a6d7-c14bc380494b", 
                "49d5c96f-405e-4d9e-b9e6-ba6cfcdf20eb", 
                "0d8614bd-5a4a-42eb-983a-c5c7f2fc2088", 
                "690c17d3-5c5f-41db-a9b2-4b355763e24f", 
                "26ed0a73-17ee-4bd2-b801-49336a7f5b80", 
                "fd95a2d8-545b-4b41-9737-56646d66de45", 
                "aa24137a-8857-492f-97fb-e51343d465e1", 
                "9fa5410d-afbe-48f6-b2c6-dbeffe8147e4", 
                "7b34d0ba-ec2f-4f5b-b4f0-63219c914a38", 
                "f2b39c81-0362-43c3-ad20-ab44bd46b74a", 
                "b922179c-97e6-4fd2-99aa-1016519d343b", 
                "c3c759f1-1aa4-4181-920c-923dcd61df48", 
                "ae7455bb-456d-479c-b224-e4ae23afb9df", 
                "156ab65a-0134-4254-8414-9b56f14a6b47", 
                "349a0681-51c4-49ab-9f99-c2b102c2b403", 
                "0770b01b-ffe1-4e60-b48d-1d7e8d8847c4", 
                "78154b3c-71dd-4f60-bad8-7b9a046568fd", 
                "ca07c198-ec94-4105-a1fb-c727ce7388ae"
            ]
        }, 
        "consumers": [
            "ginger"
        ]
    }
]
[root@ibm-x3250m4-02 ~]# pulp-admin rpm repo content errata --repo-id rhel7 --erratum-id RHSA-2014:1976
+----------------------------------------------------------------------+
                        Erratum: RHSA-2014:1976
+----------------------------------------------------------------------+

Id:                RHSA-2014:1976
Title:             Important: rpm security update
Summary:           Updated rpm packages that fix two security issues are now available for Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description:
  The RPM Package Manager (RPM) is a powerful command line driven
  packagemanagement system capable of installing, uninstalling, verifying,
  querying,and updating software packages. Each software package consists of
  anarchive of files along with information about the package such as
  itsversion, description, and other information.

  It was found that RPM wrote file contents to the target installationdirectory
  under a temporary name, and verified its cryptographic signatureonly after the
  temporary file has been written completely. Under certainconditions, the
  system interprets the unverified temporary file contentsand extracts commands
  from it. This could allow an attacker to modifysigned RPM files in such a way
  that they would execute code chosen by theattacker during package
  installation. (CVE-2013-6435)

  It was found that RPM could encounter an integer overflow, leading to
  astack-based buffer overflow, while parsing a crafted CPIO header in
  thepayload section of an RPM file. This could allow an attacker to
  modifysigned RPM files in such a way that they would execute code chosen by
  theattacker during package installation. (CVE-2014-8118)

  These issues were discovered by Florian Weimer of Red Hat Product Security.

  All rpm users are advised to upgrade to these updated packages, whichcontain
  backported patches to correct these issues. All runningapplications linked
  against the RPM library must be restarted for thisupdate to take effect.

Severity:          Important
Type:              security
Issued:            2014-12-09 00:00:00
Updated:           2014-12-09 00:00:00
Version:           1
Release:           
Status:            final
Reboot Suggested:  No

Updated Packages:
  rpm-devel-0:4.11.1-18.el7_0.x86_64
  rpm-python-0:4.11.1-18.el7_0.x86_64
  rpm-libs-0:4.11.1-18.el7_0.i686
  rpm-libs-0:4.11.1-18.el7_0.x86_64
  rpm-sign-0:4.11.1-18.el7_0.x86_64
  rpm-build-0:4.11.1-18.el7_0.x86_64
  rpm-devel-0:4.11.1-18.el7_0.i686
  rpm-build-libs-0:4.11.1-18.el7_0.x86_64
  rpm-0:4.11.1-18.el7_0.x86_64
  rpm-build-libs-0:4.11.1-18.el7_0.i686

References:
  ID:   None
  Type: self
  Link: https://rhn.redhat.com/errata/RHSA-2014-1976.html

  ID:   1039811
  Type: bugzilla
  Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1039811

  ID:   1168715
  Type: bugzilla
  Link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1168715

  ID:   CVE-2013-6435
  Type: cve
  Link: https://www.redhat.com/security/data/cve/CVE-2013-6435.html

  ID:   CVE-2014-8118
  Type: cve
  Link: https://www.redhat.com/security/data/cve/CVE-2014-8118.html

  ID:   None
  Type: other
  Link: https://access.redhat.com/security/updates/classification/#important



[root@ibm-x3250m4-02 ~]# mongo
MongoDB shell version: 2.4.12
connecting to: test
> use pulp_database
switched to db pulp_database
> db.units_erratum.findOne({"id": "RHSA-2014:1976"}, {"id":1})
{ "_id" : "8b75f059-09d0-46a4-ba96-47f2e6c37f19", "id" : "RHSA-2014:1976" }
> 
>

Comment 3 Randy Barlow 2015-02-05 21:47:05 UTC

Pulp 2.5.2 has been released.