Bug 649467 - rhsm doesn't convert expiration dates from UTC to local time
Summary: rhsm doesn't convert expiration dates from UTC to local time
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: beta
: ---
Assignee: Justin Harris
QA Contact: wes hayutin
URL:
Whiteboard:
Depends On:
Blocks: Entitlement-Beta
TreeView+ depends on / blocked
 
Reported: 2010-11-03 19:06 UTC by Jeff Weiss
Modified: 2014-11-09 22:51 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
0.92.6-1
Last Closed: 2010-12-13 20:49:25 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Jeff Weiss 2010-11-03 19:06:28 UTC
Description of problem:

In the paste below, note that the cert's expiration is ..2010-11-03T18:46:57Z. According to the output of "date" command, that time has already passed.  But then if I list my subscriptions, it is not expired.  If I list all available pools, though, I can see the server has already removed it.  Pools and the certs from the pool should expire at the same time regardless of the timezone of the subscribers.


[root@jweiss-rhel6-1 product]# openssl x509 -text -in /etc/pki/entitlement/product/721288809874570182.pem 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:02:88:59:dd:09:bb:c6
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=jweiss.usersys.redhat.com, C=US, L=Raleigh
        Validity
            Not Before: Nov  3 18:44:34 2010 GMT
            Not After : Nov  3 23:59:59 2010 GMT
        Subject: CN=8a8b67382c12f420012c130e047000f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a1:50:59:08:a4:68:b0:32:4c:14:e6:12:14:75:
                    17:7f:30:f8:ca:7e:36:af:b1:d4:6f:79:2b:36:7f:
                    93:0c:c0:3e:69:62:a8:a7:54:ec:a2:0b:c6:b8:da:
                    fc:98:b9:39:3f:d5:37:95:7d:91:35:73:12:3e:90:
                    6f:1e:a5:89:63:92:0f:59:5e:bb:0d:d4:53:ba:87:
                    ef:26:48:93:ac:3e:90:1f:06:d8:27:d4:84:25:60:
                    a3:8e:af:15:67:b4:51:0d:bb:fd:d6:ab:ac:a1:b0:
                    32:08:a2:74:3b:d9:f8:fa:b0:4c:e1:77:7b:27:19:
                    72:55:bc:54:63:1b:61:b3:6b:aa:d0:5a:81:d3:f4:
                    af:f7:a1:42:4a:60:a8:6c:8d:59:02:7c:13:e8:45:
                    dc:31:d5:46:91:d9:d8:f2:04:a2:ed:33:59:f7:8d:
                    01:cf:92:7f:53:2e:b6:d7:8c:a2:31:d9:60:29:76:
                    51:5f:78:b9:ae:63:d8:4f:a2:1b:4b:a8:68:3d:bf:
                    9f:0a:f3:ec:c5:f9:c0:82:ed:fd:d2:29:07:79:5e:
                    e3:ba:19:42:e3:5a:89:a8:b2:4f:77:51:97:fd:fe:
                    95:90:40:4f:5d:2b:8c:87:3c:5b:cf:0a:f8:54:a3:
                    6d:5f:14:21:42:57:9c:65:d6:09:14:da:8a:d3:00:
                    cf:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Netscape Cert Type: 
                SSL Client, S/MIME
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment, Data Encipherment
            X509v3 Authority Key Identifier: 
                keyid:9B:C3:C6:21:87:54:3F:28:5C:96:5A:7B:43:26:A9:56:56:DA:00:6C
                DirName:/CN=jweiss.usersys.redhat.com/C=US/L=Raleigh
                serial:AD:53:15:BD:F0:BE:82:87

            X509v3 Subject Key Identifier: 
                0B:80:3A:14:73:C8:CC:65:9B:D9:56:F5:51:C4:47:D7:C7:F8:6B:B7
            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            1.3.6.1.4.1.2312.9.1.37060.1: 
                ..RHEL for Physical Servers SVC
            1.3.6.1.4.1.2312.9.2.1.1: 
                ..yum
            1.3.6.1.4.1.2312.9.2.1.1.1: 
                ..always-enabled-content
            1.3.6.1.4.1.2312.9.2.1.1.2: 
                ..always-enabled-content
            1.3.6.1.4.1.2312.9.2.1.1.5: 
                ..test-vendor
            1.3.6.1.4.1.2312.9.2.1.1.6: 
                ../foo/path/always
            1.3.6.1.4.1.2312.9.2.1.1.7: 
                ../foo/path/always/gpg
            1.3.6.1.4.1.2312.9.2.1.1.4: 
                ..0
            1.3.6.1.4.1.2312.9.2.1.1.3: 
                ..0
            1.3.6.1.4.1.2312.9.2.1.1.8: 
                ..1
            1.3.6.1.4.1.2312.9.2.0.1: 
                ..yum
            1.3.6.1.4.1.2312.9.2.0.1.1: 
                ..never-enabled-content
            1.3.6.1.4.1.2312.9.2.0.1.2: 
                ..never-enabled-content
            1.3.6.1.4.1.2312.9.2.0.1.5: 
                ..test-vendor
            1.3.6.1.4.1.2312.9.2.0.1.6: 
                ../foo/path/never
            1.3.6.1.4.1.2312.9.2.0.1.7: 
                ../foo/path/never/gpg
            1.3.6.1.4.1.2312.9.2.0.1.4: 
                ..0
            1.3.6.1.4.1.2312.9.2.0.1.3: 
                ..0
            1.3.6.1.4.1.2312.9.2.0.1.8: 
                ..0
            1.3.6.1.4.1.2312.9.2.1111.1: 
                ..yum
            1.3.6.1.4.1.2312.9.2.1111.1.1: 
                ..content
            1.3.6.1.4.1.2312.9.2.1111.1.2: 
content-label   .
            1.3.6.1.4.1.2312.9.2.1111.1.5: 
                ..test-vendor
            1.3.6.1.4.1.2312.9.2.1111.1.6: 
                ../foo/path
            1.3.6.1.4.1.2312.9.2.1111.1.7: 
                ../foo/path/gpg/
            1.3.6.1.4.1.2312.9.2.1111.1.4: 
                ..0
            1.3.6.1.4.1.2312.9.2.1111.1.3: 
                ..0
            1.3.6.1.4.1.2312.9.2.1111.1.8: 
                ..1
            1.3.6.1.4.1.2312.9.4.1: 
                ..MKT-simple-rhel-server-mkt
            1.3.6.1.4.1.2312.9.4.2: 
                . 8a8b67382c12f420012c1302760200e8
            1.3.6.1.4.1.2312.9.4.5: 
                ..5
            1.3.6.1.4.1.2312.9.4.6: 
                ..2010-09-04T00:00:00Z
            1.3.6.1.4.1.2312.9.4.7: 
                ..2010-11-03T18:46:57Z
            1.3.6.1.4.1.2312.9.4.14: 
                ..0
            1.3.6.1.4.1.2312.9.4.12: 
                ..887673
            1.3.6.1.4.1.2312.9.4.13: 
                ..1
            1.3.6.1.4.1.2312.9.5.1: 
                .$ff7a7ed0-aea2-4bb2-873b-0d46c8b4b8c0
    Signature Algorithm: sha1WithRSAEncryption
        01:e8:a4:55:b3:70:4f:23:81:3a:ec:53:2f:56:c4:9a:dc:ee:
        f2:f7:a9:55:03:d1:67:99:12:02:17:d9:a4:ed:0e:17:d2:55:
        c3:9a:9b:0f:4b:df:f6:79:22:10:b8:6e:10:37:41:ec:b4:94:
        54:9f:e7:d6:ec:30:b0:5c:56:0b:45:0c:9d:ca:d0:f1:3f:dc:
        2e:4a:16:74:b8:ea:1a:69:47:94:fe:f9:e6:2c:5a:3e:06:ff:
        14:02:a7:54:86:67:3f:28:c6:d3:ea:1e:6b:ee:4c:c4:9a:7a:
        39:d4:36:00:2d:1c:6d:59:45:58:1c:9a:27:6c:5a:bc:18:63:
        d1:6a
-----BEGIN CERTIFICATE-----
MIIHvTCCByagAwIBAgIICgKIWd0Ju8YwDQYJKoZIhvcNAQEFBQAwQzEiMCAGA1UE
AwwZandlaXNzLnVzZXJzeXMucmVkaGF0LmNvbTELMAkGA1UEBhMCVVMxEDAOBgNV
BAcMB1JhbGVpZ2gwHhcNMTAxMTAzMTg0NDM0WhcNMTAxMTAzMjM1OTU5WjArMSkw
JwYDVQQDDCA4YThiNjczODJjMTJmNDIwMDEyYzEzMGUwNDcwMDBmMzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKFQWQikaLAyTBTmEhR1F38w+Mp+Nq+x
1G95KzZ/kwzAPmliqKdU7KILxrja/Ji5OT/VN5V9kTVzEj6Qbx6liWOSD1leuw3U
U7qH7yZIk6w+kB8G2CfUhCVgo46vFWe0UQ27/darrKGwMgiidDvZ+PqwTOF3eycZ
clW8VGMbYbNrqtBagdP0r/ehQkpgqGyNWQJ8E+hF3DHVRpHZ2PIEou0zWfeNAc+S
f1MutteMojHZYCl2UV94ua5j2E+iG0uoaD2/nwrz7MX5wILt/dIpB3le47oZQuNa
iaiyT3dRl/3+lZBAT10rjIc8W88K+FSjbV8UIUJXnGXWCRTaitMAz6kCAwEAAaOC
BUwwggVIMBEGCWCGSAGG+EIBAQQEAwIFoDALBgNVHQ8EBAMCBLAwcwYDVR0jBGww
aoAUm8PGIYdUPyhcllp7QyapVlbaAGyhR6RFMEMxIjAgBgNVBAMMGWp3ZWlzcy51
c2Vyc3lzLnJlZGhhdC5jb20xCzAJBgNVBAYTAlVTMRAwDgYDVQQHDAdSYWxlaWdo
ggkArVMVvfC+gocwHQYDVR0OBBYEFAuAOhRzyMxlm9lW9VHER9fH+Gu3MBMGA1Ud
JQQMMAoGCCsGAQUFBwMCMDAGDSsGAQQBkggJAYKhRAEEHwwdUkhFTCBmb3IgUGh5
c2ljYWwgU2VydmVycyBTVkMwFAYLKwYBBAGSCAkCAQEEBQwDeXVtMCgGDCsGAQQB
kggJAgEBAQQYDBZhbHdheXMtZW5hYmxlZC1jb250ZW50MCgGDCsGAQQBkggJAgEB
AgQYDBZhbHdheXMtZW5hYmxlZC1jb250ZW50MB0GDCsGAQQBkggJAgEBBQQNDAt0
ZXN0LXZlbmRvcjAiBgwrBgEEAZIICQIBAQYEEgwQL2Zvby9wYXRoL2Fsd2F5czAm
BgwrBgEEAZIICQIBAQcEFgwUL2Zvby9wYXRoL2Fsd2F5cy9ncGcwEwYMKwYBBAGS
CAkCAQEEBAMMATAwEwYMKwYBBAGSCAkCAQEDBAMMATAwEwYMKwYBBAGSCAkCAQEI
BAMMATEwFAYLKwYBBAGSCAkCAAEEBQwDeXVtMCcGDCsGAQQBkggJAgABAQQXDBVu
ZXZlci1lbmFibGVkLWNvbnRlbnQwJwYMKwYBBAGSCAkCAAECBBcMFW5ldmVyLWVu
YWJsZWQtY29udGVudDAdBgwrBgEEAZIICQIAAQUEDQwLdGVzdC12ZW5kb3IwIQYM
KwYBBAGSCAkCAAEGBBEMDy9mb28vcGF0aC9uZXZlcjAlBgwrBgEEAZIICQIAAQcE
FQwTL2Zvby9wYXRoL25ldmVyL2dwZzATBgwrBgEEAZIICQIAAQQEAwwBMDATBgwr
BgEEAZIICQIAAQMEAwwBMDATBgwrBgEEAZIICQIAAQgEAwwBMDAVBgwrBgEEAZII
CQKIVwEEBQwDeXVtMBoGDSsGAQQBkggJAohXAQEECQwHY29udGVudDAgBg0rBgEE
AZIICQKIVwECBA8MDWNvbnRlbnQtbGFiZWwwHgYNKwYBBAGSCAkCiFcBBQQNDAt0
ZXN0LXZlbmRvcjAcBg0rBgEEAZIICQKIVwEGBAsMCS9mb28vcGF0aDAhBg0rBgEE
AZIICQKIVwEHBBAMDi9mb28vcGF0aC9ncGcvMBQGDSsGAQQBkggJAohXAQQEAwwB
MDAUBg0rBgEEAZIICQKIVwEDBAMMATAwFAYNKwYBBAGSCAkCiFcBCAQDDAExMCoG
CisGAQQBkggJBAEEHAwaTUtULXNpbXBsZS1yaGVsLXNlcnZlci1ta3QwMAYKKwYB
BAGSCAkEAgQiDCA4YThiNjczODJjMTJmNDIwMDEyYzEzMDI3NjAyMDBlODARBgor
BgEEAZIICQQFBAMMATUwJAYKKwYBBAGSCAkEBgQWDBQyMDEwLTA5LTA0VDAwOjAw
OjAwWjAkBgorBgEEAZIICQQHBBYMFDIwMTAtMTEtMDNUMTg6NDY6NTdaMBEGCisG
AQQBkggJBA4EAwwBMDAWBgorBgEEAZIICQQMBAgMBjg4NzY3MzARBgorBgEEAZII
CQQNBAMMATEwNAYKKwYBBAGSCAkFAQQmDCRmZjdhN2VkMC1hZWEyLTRiYjItODcz
Yi0wZDQ2YzhiNGI4YzAwDQYJKoZIhvcNAQEFBQADgYEAAeikVbNwTyOBOuxTL1bE
mtzu8vepVQPRZ5kSAhfZpO0OF9JVw5qbD0vf9nkiELhuEDdB7LSUVJ/n1uwwsFxW
C0UMncrQ8T/cLkoWdLjqGmlHlP755ixaPgb/FAKnVIZnPyjG0+oea+5MxJp6OdQ2
AC0cbVlFWByaJ2xavBhj0Wo=
-----END CERTIFICATE-----
[root@jweiss-rhel6-1 product]# 
[root@jweiss-rhel6-1 product]# date
Wed Nov  3 14:59:14 EDT 2010
[root@jweiss-rhel6-1 product]# subscription-manager-cli list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+

ProductName:        	RHEL for Workstations SVC
Status:             	Not Subscribed           
Expires:            	                         
Subscription:       	                         
ContractNumber:        	                         


ProductName:        	RHEL for Physical Servers SVC
Status:             	Not Installed            
Expires:            	2010-11-03               
Subscription:       	721288809874570182       
ContractNumber:        	887673                   

[root@jweiss-rhel6-1 product]#




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Justin Harris 2010-12-13 20:08:54 UTC
I think that there is a misunderstanding of the way this work (and the misunderstanding could be completely on my end).  Running subscription-manager list is equivalent to running subscription-manager list --installed, which only reflects the current entitlement and product certificates.  It does not do any filtering based on expiration date, but does report the expiration date of entitlement certifications in the output.  When the cert cron runs, I believe that it will clean up any expired certs, but this is not an active update at the time that subscription-manager is invoked.

I think that this is currently 'NOT A BUG' but let me know if I am missing something, or if the currently implementation needs to be changed.

Comment 2 Bryan Kearney 2010-12-13 20:15:28 UTC
I can agree that running list should not mutate what is on the machine.


Note You need to log in before you can comment on or make changes to this bug.