Red Hat Bugzilla – Bug 840979
Unprotected repos are actually protected
Last modified: 2012-08-24 09:28:13 EDT
If you have an unprotected custom repo that contains a package whose name matches the name of a protected custom repo, requests for that package will be protected by the certificates of the protected repo.
foo is a protected repo
bar is a unprotected repo that contains a package called foo
requests for package foo from bar are denied.
The name does not have to match exactly. If the protected repo was called foo and the package was called foobar, the bug would still apply.
pulp rhui branch commit ee4ae4536d79d09d2107d1a114a94419d14fb6bd
Probably the easiest way to test this is to create a protected repo with the
same name (and entitlement path) as the name of a rpm you already
have...."kernel" for example.
Then upload an rpm named kernel (grab one from fedora if need be) to an
*unprotected* repositoriy and verify a client can download the package without
using an entitlement certificate from the unprotected repository.
Created attachment 603484 [details]
screen log from verification
Confirmed. Screen log is in attachment.
Moving bug to VERIFIED.
Created attachment 603521 [details]
screen log - without client's certificates
This is a screen log, where client doesn't have certificates for protected repositories. Package "custom_repo_1" which has the same name as protected repository is available.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
In Red Hat Update Infrastructure 2.1, if a user has an unprotected custom repo that contains a package whose name string matches with the name of a protected custom repo, requests for that package are also protected.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.