Bug 840979 - Unprotected repos are actually protected
Unprotected repos are actually protected
Status: CLOSED ERRATA
Product: Red Hat Update Infrastructure for Cloud Providers
Classification: Red Hat
Component: RHUA (Show other bugs)
2.1
Unspecified Unspecified
high Severity unspecified
: ---
: ---
Assigned To: Pavlina Bartikova
mkovacik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-17 14:28 EDT by James Slagle
Modified: 2012-08-24 09:28 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-24 07:55:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
screen log from verification (9.49 KB, text/plain)
2012-08-10 07:43 EDT, Pavlina Bartikova
no flags Details
screen log - without client's certificates (7.94 KB, text/plain)
2012-08-10 09:03 EDT, Pavlina Bartikova
no flags Details

  None (edit)
Description James Slagle 2012-07-17 14:28:46 EDT
If you have an unprotected custom repo that contains a package whose name matches the name of a protected custom repo, requests for that package will be protected by the certificates of the protected repo.

Example:

foo is a protected repo
bar is a unprotected repo that contains a package called foo

requests for package foo from bar are denied.

The name does not have to match exactly.  If the protected repo was called foo and the package was called foobar, the bug would still apply.
Comment 1 James Slagle 2012-07-17 15:02:48 EDT
pulp rhui branch commit ee4ae4536d79d09d2107d1a114a94419d14fb6bd
Comment 2 James Slagle 2012-08-09 08:26:46 EDT
Probably the easiest way to test this is to create a protected repo with the 
same name (and entitlement path) as the name of a rpm you already 
have...."kernel" for example.

Then upload an rpm named kernel (grab one from fedora if need be) to an 
*unprotected* repositoriy and verify a client can download the package without
using an entitlement certificate from the unprotected repository.
Comment 3 Pavlina Bartikova 2012-08-10 07:43:21 EDT
Created attachment 603484 [details]
screen log from verification
Comment 4 Pavlina Bartikova 2012-08-10 07:44:41 EDT
Confirmed. Screen log is in attachment.

Moving bug to VERIFIED.
Comment 5 Pavlina Bartikova 2012-08-10 09:03:08 EDT
Created attachment 603521 [details]
screen log - without client's certificates

This is a screen log, where client doesn't have certificates for protected repositories. Package "custom_repo_1" which has the same name as protected repository is available.
Comment 6 Shikha 2012-08-16 05:35:40 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
Comment 8 errata-xmlrpc 2012-08-24 07:55:29 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2012-1205.html

Note You need to log in before you can comment on or make changes to this bug.