Description of problem: When the OSPP security policy is applied to a RHEL 8 system during installation, that system will be unable to install the katello-ca-consumer package from Satellite 6.5. This prevents the system from registering as a content host to Satellite 6.5 Version-Release number of selected component (if applicable): RHEL 8 Satellite 6.5 How reproducible: 100% reproducible Steps to Reproduce: 1. Begin a RHEL 8 installation. 2. From the Installation Summary window, click Security Policy. 3. Toggle the Apply security policy switch on. 4. Select the OSPP profile. 5. Complete the RHEL 8 installation. 6. On the resultant system, attempt to install the katello-ca-consumer package from a Satellite 6.5 instance: # rpm -Uvh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm Actual results: Installation fails with the following error: Retrieving http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] package katello-ca-consumer-satellite.example.com-1.0-1.noarch does not verify: no digest Expected results: katello-ca-consumer package is successfully installed. Additional info: A similar error occurs when attempting to install the package with `yum -y --nogpgcheck install http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm`
For anyone needing a workaround to this issue, you can ignore the digests on the RPM command as follows: rpm -Uvh --nodigest --nofiledigest http://sat.example.com/pub/katello-ca-consumer-latest.noarch.rpm
*** Bug 1718320 has been marked as a duplicate of this bug. ***
kcs article: https://access.redhat.com/solutions/4273982
Since the RHEL 7 bug https://bugzilla.redhat.com/show_bug.cgi?id=1728031 was closed as WONT_FIX, this bug needs to be as well. Or moved to Satellite 7.0 (or whatever release is going to run on RHEL 8)
Based on the fact that this is still WONT_FIX for RHEL, there isn't anything Satellite can do to fix this as long as Satellite is running on RHEL 7. There are two workaround, one mentioned in the KCS: https://access.redhat.com/solutions/4273982 Its also possible to re-build the rpm on a RHEL 8 system using the srpm that should be available on the satellite in /var/www/html/pub/. Closing as WONT_FIX, as there is nothing we can do until we run on RHEL 8 or beyond
This will be resolved once we can deploy Satellite on RHEL8 in 7.0
Verified on Satellite 7.0.0, snap 7, running on RHEL 8. Steps to Test: 1. Start a RHEL installation from the RHEL 8.4 binary DVD ISO. 2. Click "Software Selection" and select "Server." 3. Click "Security Policy" and select "Protection Profile for General Purpose Operating Systems." 4. Configure LVMs in accordance with the changes required by the security policy profile. 5. Complete the RHEL 8 installation. 6. After the installation completes, attempt to install the katello-ca-consumer package from a Satellite 7.0 instance running on RHEL 7: # rpm -Uvh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm 7. Repeat the previous step with a Satellite 7.0 instance running on RHEL 8. 8. Attempt to register the system to Satellite using `subscription-manager register`. Actual Results: The `katello-ca-consumer` package fails to install from Satellite 7.0 running on RHEL 7. The package is successfully installed from Satellite 7.0 running on RHEL 8, and the system can successfully register to the Satellite. Expected Results: The `katello-ca-consumer` package fails to install from Satellite 7.0 running on RHEL 7. The package is successfully installed from Satellite 7.0 running on RHEL 8, and the system can successfully register to the Satellite.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5498