Description of problem: With"spacewalk-channel" "redhat-rhn-proxy*" channels can be manipulated. Version-Release number of selected component (if applicable): rhn-setup-1.0.0-73.el6.noarch How reproducible: 100% Steps to Reproduce: 1. Sync the following channels to Satellite. satellite-sync -c rhel-x86_64-server-6 -c redhat-rhn-proxy-5.4-server-x86_64-6 2. Register EL6 system to Satellite. 3. On the EL6 system execute: #spacewalk-channel --list rhel-x86_64-server-6 #spacewalk-channel -L Username: xxxxx Password: redhat-rhn-proxy-5.4-server-x86_64-6 # spacewalk-channel --add -c redhat-rhn-proxy-5.4-server-x86_64-6 # spacewalk-channel --list Actual results: redhat-rhn-proxy-5.4-server-x86_64-6 rhel-x86_64-server-6 Expected results: Channel "redhat-rhn-proxy*" should be assigned to a system only if the system is a RHN-Proxy. Command "spacewalk channel -L" should not list "redhat-rhn-proxy*" channels. Additional info: Possible fix in /usr/sbin/spacewalk-channel. (See attachment) ... if args: systemExit(1, "ERROR: these arguments make no sense in this context (try --help)") if OPTIONS.channel: for chann in OPTIONS.channel: if re.match("^redhat-rhn-proxy.*$",chann): systemExit(1, "ERROR: RHN-Proxy channels can not be manipulated via spacewalk-channel tool!") ... elif OPTIONS.available_channels: channels = get_available_channels(OPTIONS.user, OPTIONS.password) channels.sort() for chann in channels: if not re.match("^redhat-rhn-proxy.*$",chann): print chann #print '\n'.join(channels)
Created attachment 597031 [details] "spacewalk-channel" should not manipulate rhn-proxy channels.
Hmm, technically we probably should make the changes in the API methods that spacewalk-channel calls, not in spacewalk-channel itself. Although that really only helps us in the event that 1) a different client tool is calling the same API methods. 2) a user who is does not have write access to the Satellite code is attempting to hack the system. I find those two situations to be unlikely, so the proposed patch is probably fine.
I believe we have to start with the API side -- if the redhat-rhn-proxy* channel subscription should not be allowed, it has to be disabled in the API first. Only then we can start polishing the "list" operation of spacewalk-channel.
API fix has been committed to spacewalk master as commit 6812a5aa43f7a6cebbf46d0057ee4d85a5ae072d 838502 - block subscription to satellite and proxy channels they need to be activated properly
Backported to SATELLITE-5.5 as commit c5fe88d106bf8457eae29be08624384ae0dc23ca 838502 - block subscription to satellite and proxy channels they need to be activated properly
What does rpm -qf /usr/sbin/spacewalk-channel return?
Moving back ON_QA for Michael. Please use stock (latest) rhn-setup on the client.
This issue is resolved with the release of RHN Satellite 5.5. As of September 20th 2012, RHN Satellite 5.5 has been generally available. Release Notes and other 5.5 documentation can be found here: https://access.redhat.com/knowledge/docs/Red_Hat_Network_Satellite/ The associated Errata for the 5.5 release are: 5.5 Satellite GA Errata - http://rhn.redhat.com/errata/RHEA-2012-1296.html 5.5 Upgrade Errata - http://rhn.redhat.com/errata/RHEA-2012-1298.html 5.5 RHN Proxy GA Errata - http://rhn.redhat.com/errata/RHEA-2012-1297.html 5.5 RHN Tools GA Errata - http://rhn.redhat.com/errata/RHEA-2012-1299.html Regards, Clifford - Engineering Manager, Satellite