Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 840979

Summary: Unprotected repos are actually protected
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: James Slagle <jslagle>
Component: RHUAAssignee: Pavlina Bartikova <pbartiko>
Status: CLOSED ERRATA QA Contact: mkovacik
Severity: unspecified Docs Contact:
Priority: high    
Version: 2.1CC: mkovacik, snansi, tsanders, whayutin
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-24 11:55:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
screen log from verification
none
screen log - without client's certificates none

Description James Slagle 2012-07-17 18:28:46 UTC 
If you have an unprotected custom repo that contains a package whose name matches the name of a protected custom repo, requests for that package will be protected by the certificates of the protected repo.

Example:

foo is a protected repo
bar is a unprotected repo that contains a package called foo

requests for package foo from bar are denied.

The name does not have to match exactly.  If the protected repo was called foo and the package was called foobar, the bug would still apply.
Comment 1 James Slagle 2012-07-17 19:02:48 UTC 
pulp rhui branch commit ee4ae4536d79d09d2107d1a114a94419d14fb6bd
Comment 2 James Slagle 2012-08-09 12:26:46 UTC 
Probably the easiest way to test this is to create a protected repo with the 
same name (and entitlement path) as the name of a rpm you already 
have...."kernel" for example.

Then upload an rpm named kernel (grab one from fedora if need be) to an 
*unprotected* repositoriy and verify a client can download the package without
using an entitlement certificate from the unprotected repository.
Comment 3 Pavlina Bartikova 2012-08-10 11:43:21 UTC 
Created attachment 603484 [details]
screen log from verification
Comment 4 Pavlina Bartikova 2012-08-10 11:44:41 UTC 
Confirmed. Screen log is in attachment.

Moving bug to VERIFIED.
Comment 5 Pavlina Bartikova 2012-08-10 13:03:08 UTC 
Created attachment 603521 [details]
screen log - without client's certificates

This is a screen log, where client doesn't have certificates for protected repositories. Package "custom_repo_1" which has the same name as protected repository is available.
Comment 6 Shikha 2012-08-16 09:35:40 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
Comment 8 errata-xmlrpc 2012-08-24 11:55:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1205.html