Description of problem: After initial install of rhel57, the rhel5 product id is layed down in /etc/pki/product by anaconda. To get the system in a "compliant" state, we must subscribe to a rhel subscription. Then we can install packages from the newly provided repos. The problem is that the first call to yum install pkg is deleting the rhel5 product cert. Version-Release number of selected component (if applicable): [root@localhost yum.repos.d]# rpm -q subscription-manager subscription-manager-0.95.5.18-1.el5 How reproducible: Steps to Reproduce: I am using a stage account... [root@localhost yum.repos.d]# grep hostname /etc/rhsm/rhsm.conf # Server hostname: hostname = subscription.rhn.stage.redhat.com proxy_hostname = [root@localhost yum.repos.d]# ls /etc/pki/product/ 69.pem [root@localhost yum.repos.d]# openssl x509 -text -in /etc/pki/product/69.pem | grep -A1 1.3.6.1.4.1.2312.9.1 1.3.6.1.4.1.2312.9.1.69.1: ..Red Hat Enterprise Linux Server 1.3.6.1.4.1.2312.9.1.69.2: ..5.7 Beta 1.3.6.1.4.1.2312.9.1.69.3: ..x86_64 1.3.6.1.4.1.2312.9.1.69.4: ..rhel-5,rhel-5-server [root@localhost yum.repos.d]# subscription-manager register --username=stage_test_38 Password: aca427f6-4d59-4590-a9cd-6c259a76ad67 localhost.localdomain [root@localhost yum.repos.d]# subscription-manager list --avail +-------------------------------------------+ Available Subscriptions +-------------------------------------------+ ProductName: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests) ProductId: RH0103708 PoolId: 8a99f9812f270524012f4ac145661c0f Quantity: 98 Expires: 04/11/2012 ProductName: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests) ProductId: RH0103708 PoolId: 8a99f9812f270524012f4ac1456d1c11 Quantity: 399 Expires: 04/11/2012 ProductName: Scalable File System (8 sockets) ProductId: RH1416373 PoolId: 8a99f9812f270524012f4ac1bb801c16 Quantity: 98 Expires: 04/11/2012 [root@localhost yum.repos.d]# subscription-manager subscribe --pool=8a99f9812f270524012f4ac145661c0f [root@localhost yum.repos.d]# yum list available | grep zsh zsh.x86_64 4.2.6-5.el5 rhel-5-server-beta-rpms zsh-html.x86_64 4.2.6-5.el5 rhel-5-server-beta-rpms [root@localhost yum.repos.d]# yum install zsh Loaded plugins: product-id, security, subscription-manager Updating Red Hat repositories. rhel-5-server-beta-rpms | 951 B 00:00 rhel-5-server-rpms | 951 B 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package zsh.x86_64 0:4.2.6-5.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================ Package Arch Version Repository Size ================================================================================================================================================================ Installing: zsh x86_64 4.2.6-5.el5 rhel-5-server-beta-rpms 1.8 M Transaction Summary ================================================================================================================================================================ Install 1 Package(s) Upgrade 0 Package(s) Total download size: 1.8 M Is this ok [y/N]: y Downloading Packages: zsh-4.2.6-5.el5.x86_64.rpm | 1.8 MB 00:00 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 37017186 rhel-5-server-beta-rpms/gpgkey | 1.7 kB 00:00 Importing GPG key 0x897DA07A "Red Hat, Inc. (Beta Test Software) <rawhide>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta Is this ok [y/N]: y rhel-5-server-beta-rpms/gpgkey | 1.1 kB 00:00 Importing GPG key 0x37017186 "Red Hat, Inc. (release key) <security>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : zsh 1/1 duration: 352(ms) deleting: /etc/pki/product/69.pem Installed products updated. Installed: zsh.x86_64 0:4.2.6-5.el5 Complete! Actual results: BANG! Note the "deleting: /etc/pki/product/69.pem" that occurred during the "yum install zsh" Expected results: The core product id should not be deleted when installing packages Additional info:
This scenario is related to bug 706532 but its scenario is less restrictive and more severe.
We spoke with BK and Khusid, and for 5.7 we will disable product cert deletion as a workaround to this issue, since the version of yum in 5.7 does not provide the data needed to implement this properly.
*** Bug 706532 has been marked as a duplicate of this bug. ***
*** Bug 706265 has been marked as a duplicate of this bug. ***
patch is out for review
Fixed on RHEL5.7 branch in 8278e3d24f3dc6c595f2b035f29253e65be645aa, version 0.95.5.20
Fixed on master branch in 8ea4049422ccf7264c0f1f78b6765ea31c91330f, version 0.96.2
In my testing, if you install a package from a repo that doesn't have a product id, then the local product id is deleted. If the repo does have a product id, the local product id is preserved.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: This bugzilla details a problem that was included in the RHEL 57 Public Beta. As such, a tech note would be prudent stating that this is a known bug and will be fixed in the RHEL 57 GA. I'm not sure what advice to give the user of the RHEL57 Beta as a workaround for this bug. 1. maybe he should save a copy of anything that is put in the /etc/pki/product directory for safe keeping and then copy it back into this directory when it gets deleted (which may happen during yum transactions). 2. Any other suggestions from dev?
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -2,4 +2,6 @@ I'm not sure what advice to give the user of the RHEL57 Beta as a workaround for this bug. 1. maybe he should save a copy of anything that is put in the /etc/pki/product directory for safe keeping and then copy it back into this directory when it gets deleted (which may happen during yum transactions). -2. Any other suggestions from dev?+2. Any other suggestions from dev? + +jsefler 5/24/2011
Verifying Version.... [root@bug707313 tmp]# rpm -q subscription-manager subscription-manager-0.95.5.19-1.git.2.2a89d48.el5 [root@bug707313 tmp]# sed -i s/subscription.rhn.redhat.com/subscription.rhn.stage.redhat.com/g /etc/rhsm/rhsm.conf [root@bug707313 tmp]# grep hostname /etc/rhsm/rhsm.conf # Server hostname: hostname = subscription.rhn.stage.redhat.com proxy_hostname = [root@bug707313 tmp]# ls /etc/pki/product/ 69.pem [root@bug707313 tmp]# openssl x509 -text -in /etc/pki/product/69.pem | grep -A1 1.3.6.1.4.1.2312.9.1 1.3.6.1.4.1.2312.9.1.69.1: ..Red Hat Enterprise Linux Server 1.3.6.1.4.1.2312.9.1.69.2: ..5.7 Beta 1.3.6.1.4.1.2312.9.1.69.3: ..x86_64 1.3.6.1.4.1.2312.9.1.69.4: ..rhel-5,rhel-5-server [root@bug707313 tmp]# cat /var/lib/rhsm/productid.js { "69": "anaconda-base-201105180904.x86_64" }[root@bug707313 tmp]# [root@bug707313 tmp]# subscription-manager register --username=stage_test_38 Password: e7668eb1-4c8e-48f0-b6ef-701b6f539f0d bug707313.usersys.redhat.com [root@bug707313 tmp]# subscription-manager list --avail +-------------------------------------------+ Available Subscriptions +-------------------------------------------+ ProductName: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests) ProductId: RH0103708 PoolId: 8a99f9812f270524012f4ac145661c0f Quantity: 97 Expires: 04/11/2012 ProductName: Red Hat Enterprise Linux Server, Premium (8 sockets) (Up to 4 guests) ProductId: RH0103708 PoolId: 8a99f9812f270524012f4ac1456d1c11 Quantity: 399 Expires: 04/11/2012 ProductName: Scalable File System (8 sockets) ProductId: RH1416373 PoolId: 8a99f9812f270524012f4ac1bb801c16 Quantity: 99 Expires: 04/11/2012 [root@bug707313 tmp]# subscription-manager subscribe --pool=8a99f9812f270524012f4ac145661c0f [root@bug707313 tmp]# yum list available | grep zsh zsh.x86_64 4.2.6-5.el5 rhel-5-server-beta-rpms zsh-html.x86_64 4.2.6-5.el5 rhel-5-server-beta-rpms [root@bug707313 tmp]# yum install zsh Loaded plugins: product-id, security, subscription-manager Updating Red Hat repositories. rhel-5-server-beta-rpms | 1.2 kB 00:00 rhel-5-server-rpms | 951 B 00:00 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package zsh.x86_64 0:4.2.6-5.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================== Installing: zsh x86_64 4.2.6-5.el5 rhel-5-server-beta-rpms 1.8 M Transaction Summary ================================================================================================================================== Install 1 Package(s) Upgrade 0 Package(s) Total download size: 1.8 M Is this ok [y/N]: y Downloading Packages: zsh-4.2.6-5.el5.x86_64.rpm | 1.8 MB 00:00 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 37017186 rhel-5-server-beta-rpms/gpgkey | 1.7 kB 00:00 Importing GPG key 0x897DA07A "Red Hat, Inc. (Beta Test Software) <rawhide>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta Is this ok [y/N]: y rhel-5-server-beta-rpms/gpgkey | 1.1 kB 00:00 Importing GPG key 0x37017186 "Red Hat, Inc. (release key) <security>" from /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Is this ok [y/N]: y Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : zsh 1/1 rhel-5-server-beta-rpms/productid | 1.7 kB 00:00 duration: 861(ms) Installed products updated. Installed: zsh.x86_64 0:4.2.6-5.el5 Complete! [root@bug707313 tmp]# ls /etc/pki/product/ 69.pem [root@bug707313 tmp]# cat /var/lib/rhsm/productid.js { "69": "anaconda-base-201105180904.x86_64" }[root@bug707313 tmp]# ^^^ VERIFIED! Note that the productid (69.pem) did NOT get deleted during the yum install of a package from the subscribed repo. [root@bug707313 tmp]# yum remove zsh Loaded plugins: product-id, security, subscription-manager Updating Red Hat repositories. Setting up Remove Process Resolving Dependencies --> Running transaction check ---> Package zsh.x86_64 0:4.2.6-5.el5 set to be erased --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================== Removing: zsh x86_64 4.2.6-5.el5 installed 3.6 M Transaction Summary ================================================================================================================================== Remove 1 Package(s) Reinstall 0 Package(s) Downgrade 0 Package(s) Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Erasing : zsh 1/1 rhel-5-server-beta-rpms | 1.2 kB 00:00 rhel-5-server-rpms | 951 B 00:00 duration: 815(ms) Installed products updated. Removed: zsh.x86_64 0:4.2.6-5.el5 Complete! [root@bug707313 tmp]# ls /etc/pki/product/ 69.pem [root@bug707313 tmp]# ^^^ Also verified that the product id pem file (69.pem) did not get deleted after the removal of the package.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-1078.html