497059 – rhn_package_manager won't upload signed packages

Bug 497059 - rhn_package_manager won't upload signed packages

Summary: rhn_package_manager won't upload signed packages

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite Proxy 5
Classification:	Red Hat
Component:	Server
Sub Component:
Version:	530
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Tomas Lestach
QA Contact:	Jan Pazdziora
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	456999
TreeView+	depends on / blocked

Reported:	2009-04-22 08:15 UTC by Miroslav Suchý
Modified:	2009-09-10 14:38 UTC (History)
CC List:	5 users (show)
Fixed In Version:	sat530
Doc Type:	Bug Fix
Doc Text:
Clone Of:	496838
Environment:
Last Closed:	2009-09-10 14:38:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Miroslav Suchý 2009-04-22 08:15:33 UTC

+++ This bug was initially created as a clone of Bug #496838 +++

Signed a package with rpm --resign. Verfied as below:

# rpm --checksig hpadu-8.26-1.noarch.rpm 
hpadu-8.26-1.noarch.rpm: (sha1) dsa sha1 md5 gpg OK

Create custom channel in Spacewalk and try to use rhn_package_manager from the Proxy to add package (tried with several different packages):

# rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm 
Red Hat Network username: admin
Red Hat Network password: 
Connecting to https://FQDN/XP
Uploading hpadu-8.26-1.noarch.rpm
Upload error: ERROR: hpadu-8.26-1.noarch.rpm: unsigned rpm (use --nosig to force)

Using --nosig works fine:

# rhn_package_manager -v --channel="rhel-x86_64-server-custom-5" hpadu-8.26-1.noarch.rpm --nosig
Red Hat Network username: admin
Red Hat Network password: 
Connecting to https://FQDN/XP
Uploading hpadu-8.26-1.noarch.rpm
Uploading batch:
		hpadu-8.26-1.noarch.rpm
Uploaded: hpadu-8.26-1.noarch.rpm
Copying hpadu-8.26-1.noarch.rpm to /var/spool/rhn-proxy/rhn/hpadu/8.26-1/i386/hpadu-8.26-1.i386.rpm

Tried to dig into why myself but it's beyond me :/

--- Additional comment from msuchy on 2009-04-22 03:48:48 EDT ---

We did not parse the signature in our code.
The header object is created in /usr/share/rhn/common/rhn_rpm.py on line 267:
 hdr, is_source = rpm.headerFromPackage(file_desc)
So it seems that rpm-python did not correctly parse the rpm header. 

Hmm strange on RHEL4 I get even traceback:
# rpm --checksig 4Suite-1.0-3.i386.rpm
4Suite-1.0-3.i386.rpm: (sha1) dsa sha1 md5 gpg OK
# rhn_package_manager -v --channel="foo" 4Suite-1.0-3.i386.rpm
Red Hat Network username: admin
Red Hat Network password:
Connecting to http://xen30.englab.brq.redhat.com/XP
Uploading 4Suite-1.0-3.i386.rpm
Traceback (most recent call last):
  File "/usr/bin/rhn_package_manager", line 28, in ?
    rhn_package_manager.main()
  File "/usr/share/rhn/PackageManager/rhn_package_manager.py", line 125, in main
    upload.uploadHeaders()
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 343, in uploadHeaders
    verbose=self.options.verbose, nosig=self.options.nosig)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 469, in _processBatch
    nosig=nosig)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 424, in _processFile
    h = get_header(None, f.fileno(), source)
  File "/usr/share/rhn/PackageManager/uploadLib.py", line 619, in get_header
    h = rhn_rpm.get_package_header(filename=file, fd=fildes)
  File "/usr/share/rhn/common/rhn_rpm.py", line 274, in get_package_header
    hdr, offset = rpm.readHeaderFromFD(file_desc)
AttributeError: 'module' object has no attribute 'readHeaderFromFD'

Comment 2 Tomas Lestach 2009-06-03 13:22:19 UTC

Not reproducible, passing to ON_QA to verify.
More information in BZ#496838.

Comment 4 Jan Pazdziora 2009-07-01 15:15:55 UTC

Using rhn_package_manager with signed package

# rpm --checksig mutt-1.4.2.2-3.el5.i386.rpm 
mutt-1.4.2.2-3.el5.i386.rpm: (sha1) dsa sha1 md5 gpg OK

run OK:

# rhn_package_manager -v --channel test-1 mutt-1.4.2.2-3.el5.i386.rpm 
Red Hat Network username: admin
Red Hat Network password: 
Connecting to https://vmware139.englab.brq.redhat.com/XP
Uploading mutt-1.4.2.2-3.el5.i386.rpm
Uploading batch:
		mutt-1.4.2.2-3.el5.i386.rpm
Uploaded: mutt-1.4.2.2-3.el5.i386.rpm
Copying mutt-1.4.2.2-3.el5.i386.rpm to /var/spool/rhn-proxy/rhn/mutt/5:1.4.2.2-3.el5/i386/mutt-1.4.2.2-3.el5.i386.rpm

The file landed in /var/spool/rhn-proxy/rhn on the Proxy while the Satellite WebUI (correctly) says Download: Missing File.

This is for Proxy:

# rpm -qa | grep proxy
rhn-proxy-branding-5.3.0.24-1.el5sat
spacewalk-proxy-redirect-0.5.7-7.el5sat
spacewalk-proxy-monitoring-0.4.4-3.el5sat
spacewalk-proxy-installer-0.5.25-13.el5sat
spacewalk-proxy-docs-0.4.1-2.el5sat
spacewalk-proxy-common-0.5.7-7.el5sat
spacewalk-proxy-package-manager-0.5.7-7.el5sat
spacewalk-proxy-selinux-0.5.2-6.el5sat
spacewalk-proxy-broker-0.5.7-7.el5sat
spacewalk-proxy-management-0.5.7-7.el5sat

Marking as VERIFIED.

Comment 5 Preethi Thomas 2009-08-03 15:22:05 UTC

[root@rlx-3-24 ~]# rhn_package_manager -v --channel=pt-custom-channel mutt-1.4.2.2-3.0.2.el5.i386.rpm 
Red Hat Network username: pt-org1
Red Hat Network password: 
Connecting to https://sun-x4200-01.rhts.bos.redhat.com/XP
Uploading mutt-1.4.2.2-3.0.2.el5.i386.rpm
Uploading batch:
                mutt-1.4.2.2-3.0.2.el5.i386.rpm
Uploaded: mutt-1.4.2.2-3.0.2.el5.i386.rpm
Copying mutt-1.4.2.2-3.0.2.el5.i386.rpm to /var/spool/rhn-proxy/rhn/mutt/5:1.4.2.2-3.0.2.el5/i386/mutt-1.4.2.2-3.0.2.el5.i386.rpm

Comment 6 Brandon Perkins 2009-09-10 14:38:24 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1433.html

Note You need to log in before you can comment on or make changes to this bug.