Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): CloudForms System Engine Version: 0.1.238-4.el6 How reproducible: Steps to Reproduce: 1. Set RH CDN url to http://download.englab.brq.redhat.com/scratch/inecas/fakerepos/cds/ 2. Upload manifest here: http://inecas.fedorapeople.org/fakerepos/cds/fake-manifest-syncable.zip 3. Sync a couple repos 4. Go to promotions page, create a changeset 5. Drill down into a product, then packages, then click a package. 6. In the right panel click the download link for the package. Actual results: Forbidden You don't have permission to access /pulp/repos/zoo/Library/content/zoo/6Server/x86_64/rpms/bear-4.1-1.noarch.rpm on this server. Expected results: Package downloaded Additional info:
I believe this is because your browser doesn't have the Uebercert setup. Will verify
Partha, can you see if importing the UC into your browser fixes the above issue? If so can you add a bit of UI wording on package details page indicating you need the UC imported before you can download?
I tried importing ubercert into browsers: Chrome: prompts for password to decrypt key (I don't think it likes pem format - default file open box only shows p12). Firefox: import appears to fail silently, I don't see the cert in FF's long list of certs, but I'm not sure what to look for - there's nothing under the org name, server name, "katello" or "red hat". Either browser, I still get 403 after trying to import the ubercert.
* decrypt the cert rather
Jeff, So you can't just import the cert directly you have to go through these steps: https://fedorahosted.org/katello/wiki/GuideDebugCertificates to convert to a p12 file. Also in firefox you have to switch to the "Your cerficates" tab (which is empty be default). This tab actually looks for the .pfx files and not the pem files. It sounds like you are on the authorities tab. All that being said, when i did the steps properly I was still unable to access the pages. Looking into it more. -Justin
After a discussion with BK and tsanders we came up with the following conclusions: 1. You shouldn't have to import the debug cert just to download a package 2. Pulp should offer a time limited, hash-based url to download packages So until pulp adds that, we are going to get rid of the download url that does not currently work. RFE's: pulp: https://bugzilla.redhat.com/show_bug.cgi?id=798417 sysengine: https://bugzilla.redhat.com/show_bug.cgi?id=798425 There does seem to be a problem with using a browser and the debug cert and that has been filed here for pulp: https://bugzilla.redhat.com/show_bug.cgi?id=798418
Note, the uber cert failing turned out to be a problem with our configuration: https://bugzilla.redhat.com/show_bug.cgi?id=798454
disabling package download in katello master: d29fc27870f31a60051e510dd4b38b4e458c6aa3
confirm: there is no "download" link for the packages any more. @Jeff: fill free to mark bug verified if you think the issue could be considered as fixed for you :)
QA Verified.