Bug 771385 - Pirut handles incorrectly some exceptions (raised from rhn-client-tools - eg. SSLCertificateVerifyFailedError)
Pirut handles incorrectly some exceptions (raised from rhn-client-tools - eg....
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pirut (Show other bugs)
5.8
x86_64 Linux
unspecified Severity high
: rc
: ---
Assigned To: James Antill
BaseOS QE Security Team
:
: 952993 1023098 (view as bug list)
Depends On: 681132
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-03 10:17 EST by Jiří Mikulka
Modified: 2014-10-06 09:46 EDT (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 681132
Environment:
Last Closed: 2013-12-10 15:24:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jiří Mikulka 2012-01-03 10:17:42 EST
+++ This bug was initially created as a clone of Bug #681132 +++

Description of problem:
Add/Remove software (using pirut) crashes on Startup when rhn-client-tools failed to verify the SSL certificate (eg. the given cert is not valid).

As James Antill adviced in #681132, now up2dateErrors.SSLCertificateVerifyFailedError inherits from RepoError, which should be correctly handled by pirut (should show some window with readable error message). But when this expection is raised, no fancy error message is shown. 

Version-Release number of selected component (if applicable):
RHEL Server 5.8
pirut-1.3.28-19.el5
rhn-client-tools-0.4.20-76.el5 (the latest version at the moment)

How reproducible:
always when SSL cert is not valid and that exception is raised

Steps to Reproduce:
1. register to Satellite
2. change SSLcert in /etc/sysconfig/rhn/up2date to some existing and (for another different Satellite) valid cert
3. run `yum check-update` - readable message is shown
4. run `pirut` - 'Exception Occured' window with traceback is shown + traceback in terminal (when run from terminal)

From the Satellite devel/qa point of view this issue is fixed in rhn-client-tools, but the other part of problem remains in pirut.


--- Additional comment from james.antill@redhat.com on 2011-03-01 09:08:39 EST ---

  File "/usr/share/rhn/up2date_client/up2dateAuth.py", line 186, in login
    li = server.up2date.login(systemId)
  File "/usr/share/rhn/up2date_client/rhnserver.py", line 64, in __call__
    raise up2dateErrors.SSLCertificateVerifyFailedError()
SSLCertificateVerifyFailedError: The SSL certificate failed verification.

--- Additional comment from msuchy@redhat.com on 2011-03-01 10:26:23 EST ---

Well, the cause of this is that you have bad SSL certificate to access to rhn.redhat.com or you RHN Satellite. There is nothing we can do that about that. Reporter should use correct certificate.
I will ignore this part.

What we can fix is that Traceback. And it should be part of GUI/CLI tool using this plugin to catch this exception and provid nice error message - or in case of pirut - to provide nice error window. Presumable with some Cancel/Try Again.

James, do you agree, that pirut should catch this exception? If yes, can you take this BZ back. Otherwise I'm going to close it as there is nothing I can fix in plugin.

--- Additional comment from james.antill@redhat.com on 2011-03-01 12:21:16 EST ---

Changing the GUI significantly at this point is ... unlikely.

In general we don't want to be catching 666 random exceptions within the core, so we'd "expect" that the rhn plugin would catch the exception and rethrow as RepoError/NoMoreMirrorsRepoError/RepoMDError or even PluginYumExit (I'm not sure what pirut does with the later though).


--- Additional comment from mmraka@redhat.com on 2011-10-06 07:25:50 EDT ---

Backported change from spacewalk master as
------------------------------------------------------------------------
r207195 | mmraka | 2011-10-06 13:24:17 +0200 (Thu, 06 Oct 2011) | 5 lines

681132 - inherit SSLCertificateVerifyFailedError from RepoError

backported from 3ef12a289c1f1341144caf2af1d2595cd1500a66
691188 - inherit SSLCertificateVerifyFailedError from RepoError

------------------------------------------------------------------------

--- Additional comment from errata-xmlrpc@redhat.com on 2011-12-20 10:37:42 EST ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHBA-2011:12150-03
http://errata.devel.redhat.com/errata/show/12150

--- Additional comment from errata-xmlrpc@redhat.com on 2011-12-20 10:37:44 EST ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHBA-2011:12150-03
http://errata.devel.redhat.com/errata/show/12150
Comment 1 RHEL Product and Program Management 2013-05-01 03:20:41 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 2 James Antill 2013-12-10 15:24:41 EST
 Given pirut has been dead since RHEL-6, and this should be a very rare problem. Going to close this now, as we are very late in RHEL-5.
Comment 3 James Antill 2013-12-10 15:26:33 EST
*** Bug 1023098 has been marked as a duplicate of this bug. ***
Comment 4 James Antill 2013-12-10 15:26:54 EST
*** Bug 952993 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.