Description of problem: capsule-certs-generate modifies a file foreman-proxy-certs.yaml under /usr/share making rpm verify fail. Before: ~~~ ~# ls -l /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml -rw-r--r--. 1 root root 912 Sep 6 20:22 /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml :~# rpm -V foreman-installer-katello S.5....T. c /etc/foreman-installer/scenarios.d/foreman-proxy-content.yaml S.5....T. c /etc/foreman-installer/scenarios.d/katello.yaml ~~~ Create certs for a dummy capsule ~~~ ~# CAPSULE="dummy.example.com"; capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar" Preparing installation Done Success! To finish the installation, follow these steps: If you do not have the Capsule registered to the Satellite instance, then please do the following: 1. yum -y localinstall http://example.satellite.com/pub/katello-ca-consumer-latest.noarch.rpm 2. subscription-manager register --org "Default_Organization" Once this is completed run the steps below to start the Capsule installation: 1. Ensure that the satellite-capsule package is installed on the system. 2. Copy the following file /root/dummy.example.com-certs.tar to the system dummy.example.com at the following location /root/dummy.example.com-certs.tar scp /root/dummy.example.com-certs.tar root.com:/root/dummy.example.com-certs.tar 3. Run the following commands on the Capsule (possibly with the customized parameters, see satellite-installer --scenario capsule --help and documentation for more info on setting up additional services): satellite-installer \ --scenario capsule \ --certs-tar-file "/root/dummy.example.com-certs.tar"\ --foreman-proxy-register-in-foreman "true"\ --foreman-proxy-foreman-base-url "https://example.satellite.com"\ --foreman-proxy-trusted-hosts "example.satellite.com"\ --foreman-proxy-trusted-hosts "dummy.example.com"\ --foreman-proxy-oauth-consumer-key "fWVNkiLBSUbjwWHfXZRSEmAuYDMQUhp5"\ --foreman-proxy-oauth-consumer-secret "U925QwN4taN8EBKvBvaMu7MhyDuPs2b4" ~~~ After rpm validate is failing, the file scenarios.d/foreman-proxy-certs.yaml in /usr/share is modifed and also written with 600 instead of the rpm defoined 644 ~~~ :~# rpm -V foreman-installer-katello S.5....T. c /etc/foreman-installer/scenarios.d/foreman-proxy-content.yaml S.5....T. c /etc/foreman-installer/scenarios.d/katello.yaml SM5....T. /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml ~# ls -l /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml -rw-------. 1 root root 998 Nov 25 11:20 /usr/share/foreman-installer/katello-certs/scenarios.d/foreman-proxy-certs.yaml ~~~ Version-Release number of selected component (if applicable): 6.11 Actual results: File is modified and permissions are changed. Expected results: File should not be modified and permission should remain intact. Additional info:
Could we get a diff of before and after?
The attached case provides the before and after
Minimal development reproducer: git clone https://github.com/theforeman/foreman-installer cd foreman-installer bundle install bundle exec rake build bundle exec ./bin/foreman-proxy-certs-generate --help Now you'll see katello_certs/config/foreman-proxy-certs.yaml has been modified.