Bug 1578266 - "rpm -V pulp-server" reports a mismatch in a clean environment
Summary: "rpm -V pulp-server" reports a mismatch in a clean environment
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: Pulp
Version: 3.0.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: 3.1.0
: 3.1.x
Assignee: RHUI Bug List
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-15 07:12 UTC by Radek Bíba
Modified: 2019-05-28 12:05 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-28 12:05:41 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2019:1283 0 None None None 2019-05-28 12:05:51 UTC

Description Radek Bíba 2018-05-15 07:12:11 UTC
Description of problem:
Package integrity verification fails even in a vanilla Pulp installation. That doesn't look nice.

Version-Release number of selected component (if applicable):
pulp-server-2.8.3.3-4.el7ui

How reproducible:
Always, but only on RHEL 7. I guess RPM isn't so strict on RHEL 6 in this regard and ignores this mismatch there. (The mismatch does exist there, too.)

Steps to Reproduce:
1. Install pulp-server from the RHUI 3 repo on a clean machine.
2. rpm -V pulp-server

Actual results:
.M.......  g /etc/pki/pulp/rsa_pub.key

Specifically, the mode is 644 on the disk but 600 in the RPM metadata. It's a ghost file, FWIW.

Expected results:
No such output.

Additional info:
The file is packaged this way:

%defattr(640,root,apache,-)
<snip>
%ghost %{_sysconfdir}/pki/%{name}/rsa_pub.key

Resulting in: # rpm -qlv pulp-server | grep rsa_pub.key$
-rw-r-----    1 root    apache                      0 Jul  7  2016 /etc/pki/pulp/rsa_pub.key

But the following post-installation script changes the mode afterwards:

KEY_DIR="%{_sysconfdir}/pki/%{name}"
<snip>
KEY_PATH_PUB="$KEY_DIR/rsa_pub.key"
<snip>
chmod 644 $KEY_PATH_PUB

Resulting in: # ll /etc/pki/pulp/rsa_pub.key
-rw-r--r--. 1 root apache 451 May 14 03:11 /etc/pki/pulp/rsa_pub.key

And the mismatch is created.

Comment 8 errata-xmlrpc 2019-05-28 12:05:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:1283


Note You need to log in before you can comment on or make changes to this bug.