Description of problem: Errata in custom channel synced from same repo in 2 different organizations lists packages from other organization Version-Release number of selected component (if applicable): spacewalk-java-2.3.8-96.el6sat.noarch satellite-schema-5.7.0.27-1.el6sat.noarch spacewalk-backend-2.3.3-23.el6sat.noarch How reproducible: always Steps to Reproduce: 1. Create channel A and repo http://dl.fedoraproject.org/pub/epel/6Server/x86_64/ (with filter set to "+freealut*" to make sync faster) 2. Create channel B and sync if from repo with same url&filter but in different organization now 3. Check errata in the synced channel Actual results: Errata (in channel management -> errata -> list) contains 8 instead of 4 packages. These 4 additional leads to "Permission error". Expected results: These links should not be there at all Additional info: Is it OK that in org 1 we have channel A, in org 2 we have channel B, it org 1 we have some packages and in org 2 we have different packages, but errata is same in both org 1 and 2.
Forgot to mention that above reproducer works both with and without trust among org 1 and 2 defined.
Adding Michal as he was debugging with me.
Related to bug 1444072.
Fixed in upstream spacewalk git by commit 1c5300c6882e6063513397817f12a63e86ebbd3b 1444047 - remove links between errata and files from different orgs commit 356d7ccf20684d6afada2646193cd160eab9e14e 1444047 - look only for errata from the same org
Fixed in SATELLITE-5.8 by commit 7a3ae6ac39f20a3499fcc3f594bf4bcd26b9cd50 1444047, 1444519 - reference spacewalk upgrade scripts commit 51a5f7f3ed358446fb60c2d1a460036b7025aa2a 1444047 - remove links between errata and files from different orgs commit fb66462718339e899722ef792e6e2c8f356bf654 1444047 - look only for errata from the same org
NULL org issue fixed in spacewalk commit d833fe9ab614799e25d6f358afa0c9ed99d12e4f 1444047 - fix errata lookup for NULL org
NULL org issue backported to SATELLITE-5.8 commit a16ab9bee8b240ddbaa7544e303b99348be2e99f 1444047 - fix errata lookup for NULL org
Making it clear that this BZ tracks the the 5.8 fix for this issue - see BZ#1451088 for the 5.7 backport
Tested on: satellite-schema-5.8.0.31-1.el6sat spacewalk-schema-2.5.1-48.el6sat spacewalk-backend-2.5.3-137.el6sat Used the reproducer from the initial report, including the package filter. Create a new channel with custom repo, sync the channel, create a new org, a new channel and identical repo, sync the other channel. Look at the synced errata for channels in both orgs, there is all errata (4095 items). Filter out the freealut one (FEDORA-EPEL-2011-0073). Check the package list for the erratum. There are 4 packages, two for x86_64, two for i686). So far so good. There is no duplicity. There is still a problem when checking the package details. There is a property "Available Architectures" listing the arch of displayed package, and a link in form of a button, pointing to other available archs for the given package. There should be one button pointing to x86_64 version of the package (in case you are currently looking at i686 version). There are two buttons instead - one of them points to correct package, the other one ends with Permission Error page. The pid of the erroneous one belongs to the package in the other org. There is following error in the catalina.out log: 2017-05-30 09:39:54,187 [TP-Processor9] ERROR com.redhat.rhn.common.errors.PermissionExceptionHandler - Permission Error com.redhat.rhn.common.security.PermissionException: Invalid pid at com.redhat.rhn.frontend.action.rhnpackage.PackageDetailsAction.execute(PackageDetailsAction.java:71) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at com.redhat.rhn.frontend.struts.RhnRequestProcessor.process(RhnRequestProcessor.java:105) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.AuthFilter.doFilter(AuthFilter.java:127) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:129) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:77) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.LocalizedEnvironmentFilter.doFilter(LocalizedEnvironmentFilter.java:67) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.EnvironmentFilter.doFilter(EnvironmentFilter.java:101) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SessionFilter.doFilter(SessionFilter.java:57) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.redhat.rhn.frontend.servlets.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:97) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:299) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:785)
Available Architectures fixed in upstream spacewalk git by commit 77a66a889c56308250f0969264d144045308d691 1444047 - display alternative archs only from the same org
Available Architectures fix backported to SATELLITE-5.8 as commit 72b73ff1b3fc9c7076223718017d5d6cbfe37edd 1444047 - display alternative archs only from the same org
Verified on: spacewalk-schema-2.5.1-49.el6sat.noarch spacewalk-backend-2.5.3-138.el6sat.noarch spacewalk-java-2.5.14-89.el6sat.noarch satellite-schema-5.8.0.31-1.el6sat.noarch Same steps as in comment #14. List of alternative archs in the package details contains only one button this time, and it points to the correct package. No permissions problems. VERIFIED