Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 959590

Summary: System Currency Report not showing severity levels for security advisories
Product: [Community] Spacewalk Reporter: daniel.schindler
Component: WebUIAssignee: Tomas Lestach <tlestach>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.9CC: avi.miller, tkasparek
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-02 13:15:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 991452    
Attachments:
Description Flags
System Currency Report not showing security errata
none
Errata view showing security errata
none
Oracle Linux latest updateinfo.xml with severity tags none

Description daniel.schindler 2013-05-03 21:57:43 UTC 
Created attachment 743385 [details]
System Currency Report not showing security errata

Description of problem:
System Currency Report doesn't show security advisory errata although security errata is visible in rhn/errata/AllErrata.do. I see that severity tags for security errata in updateinfo.xml are set but I don't know if, how or where this tag is used...
I would have suspected /usr/lib/python2.6/site-packages/spacewalk/satellite_tools/reposync.py to be responsible for importing severity levels but I don't see any hint in the script.

Version-Release number of selected component (if applicable):
Spacewalk 1.9 release

How reproducible:
always

Steps to Reproduce:
1. open rhn/systems/SystemCurrency.do and see that no security errata is displayed (see attachment)
2. see that security errata is displayed under rhn/errata/AllErrata.do (see attachement)
  
Actual results:
No security errata is displayed in any level of severity at SystemCurrency.do.

Expected results:
Display all different severity level of security errata at SystemCurrency.do.

Additional info:
I'm using Spacewalk 1.9 under Oracle Linux 6.4 and have imported "Oracle Linux 6 x86_64 latest"-channel from public-yum.oracle.com. Oracle has updated there metadata for updateinfo.xml to make it compatible with Spacewalk (https://blogs.oracle.com/linux/entry/updates_to_errata_on_uln) and everything seems to be working fine except for SystemCurrency.do
Comment 1 daniel.schindler 2013-05-03 21:58:49 UTC 
Created attachment 743386 [details]
Errata view showing security errata
Comment 2 daniel.schindler 2013-05-03 22:00:38 UTC 
Created attachment 743387 [details]
Oracle Linux latest updateinfo.xml with severity tags
Comment 3 Tomas Lestach 2013-05-10 15:35:25 UTC 
Right, reposync imports the advisories in a different way than we're used to.

Prepending severity to the synopsis for security advisories ...


spacewalk.git: a06e70b8d48b4c2b2269f88d4168166bdd8b2525
Comment 4 daniel.schindler 2013-05-11 07:12:42 UTC 
Thanks Thomas :D

A very smooth solution! This way the guys from Oracle ULN won't need to adjust the synopsis tag in their metadata.

Regards,
Daniel
Comment 5 Tomas Lestach 2013-05-13 07:44:34 UTC 
Hey Daniel,

let's call this a quick fix.
The real fix would be to start using severity_id column in the rhnErrata table.
Comment 6 daniel.schindler 2013-05-13 07:57:43 UTC 
Any plans to do so in a future release? :)
Comment 7 daniel.schindler 2013-06-20 07:36:31 UTC 
Hi Tomas,

after applying the patch I receive this error for several repositories:

Sync started: Thu Jun 20 09:21:51 2013
['/usr/bin/spacewalk-repo-sync', '--channel', 'ol6_u4_base-x86_64', '--type', 'yum']
Repo URL: http://public-yum.oracle.com/repo/OracleLinux/OL6/4/base/x86_64
Packages in repo:              8396
No new packages to sync.
Repo http://public-yum.oracle.com/repo/OracleLinux/OL6/4/base/x86_64 has comps file comps.xml.
Repo http://public-yum.oracle.com/repo/OracleLinux/OL6/4/base/x86_64 has 938 errata.
ERROR: unsupported operand type(s) for +: 'NoneType' and 'str'
Sync completed.
Total time: 0:04:22

If I comment out the added lines it finishes without such error.

--daniel
Comment 8 Tomas Lestach 2013-06-25 08:33:57 UTC 
Correct,  severity may be unknown, an additional commit is required ...

spacewalk.git: 1e6218c04e64d49152dd086165e13a7233a78008
Comment 9 Tomáš Kašpárek 2013-08-02 13:15:42 UTC 
Fix for this bug is present in Spacewalk 2.0, closing this bug as CURRENTRELEASE.