Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 807762 - [RFE] yum product-id plugin should stop removing product certs; proposal for a BLUE installed product status
Summary: [RFE] yum product-id plugin should stop removing product certs; proposal for ...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: subscription-manager
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: beta
: 7.0
Assignee: candlepin-bugs
QA Contact: Entitlement Bugs
Depends On:
Blocks: rhsm-rhel70
TreeView+ depends on / blocked
Reported: 2012-03-28 15:59 UTC by John Sefler
Modified: 2013-11-01 20:05 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2013-11-01 20:05:12 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description John Sefler 2012-03-28 15:59:40 UTC
Description of problem:
The yum product-id plugin is supposed to behave such that:

1. On RHEL5, a productid.pem will be installed into /etc/pki/product by the yum product-id plugin when a package is yum installed from the corresponding repo, BUT the productid.pem will never be removed by the yum product-id plugin.

2. On RHEL6, a productid.pem will be installed into /etc/pki/product by the yum product-id plugin when a package is yum installed from the corresponding repo, AND the productid.pem will be removed by the yum product-id plugin ONLY when there are no more packages installed on the system that came from the entitled yum repo.

In light of bug 806457 and bug 707313 (and others) and the inconsistent behavior between RHEL5/RHEL6 and the painful consequences of having a product cert removed (especially a base product cert like RHEL!), I propose that the yum product-id plugin NEVER remove a product cert.  Instead, we should introduce another installed product state to accompany the current Red/Yellow/Green states.  Let's call this state Blue to reflect an "Inactive" status.  This state would represent a product for which the last remaining package originating from the entitled repos supporting said product has been yum erased.  Implementing this idea may be tricky because when an entitlement is removed/revoked/unsubscribed, we would not want a Blue product to turn Red.  Another implementation trick is that an entitlement that requires tags from the provided tags of an "Inactive" product cert would have to withhold access to the provided content.  A new benefit from this proposal is that the installed product status would reflect a cumulation of what has been installed on the system.  This would be more informative than the magic disappearance of an installed product.  Remember that a product cert can always be removed manually and the repercussions of the removal can be blamed on the person who did the removal, not our entitlement management system.

Comment 1 RHEL Program Management 2012-07-10 08:47:53 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 2 RHEL Program Management 2012-07-11 01:48:41 UTC
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.

Comment 3 John Sefler 2013-01-05 14:50:53 UTC
bug 859197 is another example that supports this RFE bug

Comment 4 John Sefler 2013-06-25 18:52:29 UTC
If the fix in https://bugzilla.redhat.com/show_bug.cgi?id=859197#c15 proves to be reliable, then this RFE becomes unnecessary and can be CLOSED/WONTFIX.

Comment 5 Bryan Kearney 2013-11-01 20:05:12 UTC
Closing this out per Comment 4

Note You need to log in before you can comment on or make changes to this bug.