Bug 1451088 - [5.7] errata in custom channel synced from same repo in 2 different organizations lists packages from other organization
Summary: [5.7] errata in custom channel synced from same repo in 2 different organizat...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI
Version: 570
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Grant Gainey
QA Contact: Patrik Segedy
URL:
Whiteboard:
Depends On: 1444047
Blocks: sat5-errata
TreeView+ depends on / blocked
 
Reported: 2017-05-15 18:21 UTC by Grant Gainey
Modified: 2021-03-11 15:13 UTC (History)
7 users (show)

Fixed In Version: spacewalk-java-2.3.8-160-sat, spacewalk-backend-2.3.3-50-sat,spacewalk-schema-2.3.2-31-sat,satellite-schema-5.7.0.29-1-sat
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1444047
Environment:
Last Closed: 2017-07-19 14:50:36 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1771 0 normal SHIPPED_LIVE Red Hat Satellite 5.7 bug fix update 2017-07-19 18:50:09 UTC

Description Grant Gainey 2017-05-15 18:21:09 UTC 
+++ This bug was initially created as a clone of Bug #1444047 +++

Description of problem:
Errata in custom channel synced from same repo in 2 different organizations lists packages from other organization


Version-Release number of selected component (if applicable):
spacewalk-java-2.3.8-96.el6sat.noarch
satellite-schema-5.7.0.27-1.el6sat.noarch
spacewalk-backend-2.3.3-23.el6sat.noarch


How reproducible:
always


Steps to Reproduce:
1. Create channel A and repo http://dl.fedoraproject.org/pub/epel/6Server/x86_64/ (with filter set to "+freealut*" to make sync faster)
2. Create channel B and sync if from repo with same url&filter but in different organization now
3. Check errata in the synced channel


Actual results:
Errata (in channel management -> errata -> list) contains 8 instead of 4 packages. These 4 additional leads to "Permission error".


Expected results:
These links should not be there at all


Additional info:
Is it OK that in org 1 we have channel A, in org 2 we have channel B, it org 1 we have some packages and in org 2 we have different packages, but errata is same in both org 1 and 2.

--- Additional comment from Jan Hutař on 2017-04-20 09:29:12 EDT ---

mmraka had concern if this is a security issue - if you can remove packages in org 2 and add different ones and clients in org 1 would consume these, but looks like you can not - I have been able to remove only packages from org 2 from the errata when logged in org 2.

--- Additional comment from Jan Hutař on 2017-04-20 09:29:57 EDT ---

Forgot to mention that above reproducer works both with and without trust among org 1 and 2 defined.

--- Additional comment from Jan Hutař on 2017-04-20 09:30:38 EDT ---

Adding Michal as he was debugging with me.

--- Additional comment from Jan Hutař on 2017-04-20 09:53:23 EDT ---

Related to bug 1444072.

--- Additional comment from Tomas Lestach on 2017-04-20 11:41:12 EDT ---

Let's try to address this bug within Sat5.8.
I suppose this is not a regression, so we may safely address this also post GA.

--- Additional comment from Michael Mráka on 2017-05-02 04:23:14 EDT ---

Fixed in upstream spacewalk git by
commit 1c5300c6882e6063513397817f12a63e86ebbd3b
    1444047 - remove links between errata and files from different orgs
commit 356d7ccf20684d6afada2646193cd160eab9e14e
    1444047 - look only for errata from the same org

--- Additional comment from Michal Dekan on 2017-05-02 09:43:32 EDT ---

Hello Michael,

Is there any workaround I can provided to the customer?
He is using satellite-schema-5.7.0.27-1.el6sat.noarch

Regards
--Michal


--- Additional comment from Michael Mráka on 2017-05-03 10:23:51 EDT ---

NULL org issue fixed in spacewalk
commit d833fe9ab614799e25d6f358afa0c9ed99d12e4f
    1444047 - fix errata lookup for NULL org

--- Additional comment from Michael Mráka on 2017-05-03 10:40:30 EDT ---

Hi Michal,

Unfortunately not. Unless we will fix schema and backend in 5.7 the problem will occur again with any subsequent errata sync.

If customer is pressing for the fix in 5.7 use your escalation process to raise bug priority.

Michael
Comment 1 Grant Gainey 2017-05-15 18:21:52 UTC 
backporting 5.8 fix to 5.7
Comment 4 Patrik Segedy 2017-06-23 14:38:58 UTC 
Tested with:
spacewalk-schema-2.3.2-32.el6sat.noarch
spacewalk-backend-2.3.3-51.el6sat.noarch
satellite-schema-5.7.0.31-1.el6sat.noarch

spacewalk-java-2.3.8-159.el6sat.noarch

1. Create channel A and repo http://dl.fedoraproject.org/pub/epel/6Server/x86_64/ (with filter set to "+freealut*" to make sync faster)
2. Create channel B and sync if from repo with same url&filter but in different organization now
3. There are 4 packages in erratum, none of them leads to Permission error
4. But there is the same problem as in the bug 1444047, comment 14

When you open details of package, there is "Available Architectures:" field, which contains two buttons pointing to other architectures of the package instead of one button. One button points to correct package, the other throws Permission error
Comment 7 Patrik Segedy 2017-06-26 13:45:03 UTC 
Tested with:
spacewalk-schema-2.3.2-32.el6sat.noarch
spacewalk-backend-2.3.3-51.el6sat.noarch
satellite-schema-5.7.0.31-1.el6sat.noarch
spacewalk-java-2.3.8-160.el6sat.noarch

Verified using same steps as in comment 4. Now there is only one button pointing to correct other architecture.

VERIFIED
Comment 9 errata-xmlrpc 2017-07-19 14:50:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1771
Note You need to log in before you can comment on or make changes to this bug.