Bug 840979 - Unprotected repos are actually protected
Summary: Unprotected repos are actually protected
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA
Version: 2.1
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: ---
: ---
Assignee: Pavlina Bartikova
QA Contact: mkovacik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-17 18:28 UTC by James Slagle
Modified: 2012-08-24 13:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
Clone Of:
Environment:
Last Closed: 2012-08-24 11:55:29 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
screen log from verification (9.49 KB, text/plain)
2012-08-10 11:43 UTC, Pavlina Bartikova 		no flags Details
screen log - without client's certificates (7.94 KB, text/plain)
2012-08-10 13:03 UTC, Pavlina Bartikova 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2012:1205 0 normal SHIPPED_LIVE RHUI 2.1 Enhancement Update 2012-08-24 15:52:31 UTC

Description James Slagle 2012-07-17 18:28:46 UTC 
If you have an unprotected custom repo that contains a package whose name matches the name of a protected custom repo, requests for that package will be protected by the certificates of the protected repo.

Example:

foo is a protected repo
bar is a unprotected repo that contains a package called foo

requests for package foo from bar are denied.

The name does not have to match exactly.  If the protected repo was called foo and the package was called foobar, the bug would still apply.
Comment 1 James Slagle 2012-07-17 19:02:48 UTC 
pulp rhui branch commit ee4ae4536d79d09d2107d1a114a94419d14fb6bd
Comment 2 James Slagle 2012-08-09 12:26:46 UTC 
Probably the easiest way to test this is to create a protected repo with the 
same name (and entitlement path) as the name of a rpm you already 
have...."kernel" for example.

Then upload an rpm named kernel (grab one from fedora if need be) to an 
*unprotected* repositoriy and verify a client can download the package without
using an entitlement certificate from the unprotected repository.
Comment 3 Pavlina Bartikova 2012-08-10 11:43:21 UTC 
Created attachment 603484 [details]
screen log from verification
Comment 4 Pavlina Bartikova 2012-08-10 11:44:41 UTC 
Confirmed. Screen log is in attachment.

Moving bug to VERIFIED.
Comment 5 Pavlina Bartikova 2012-08-10 13:03:08 UTC 
Created attachment 603521 [details]
screen log - without client's certificates

This is a screen log, where client doesn't have certificates for protected repositories. Package "custom_repo_1" which has the same name as protected repository is available.
Comment 6 Shikha 2012-08-16 09:35:40 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
Comment 8 errata-xmlrpc 2012-08-24 11:55:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1205.html
Note You need to log in before you can comment on or make changes to this bug.