Bug 990366 - rhnpush should have option to specify server's CA cert
rhnpush should have option to specify server's CA cert
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Client (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Dobes
Martin Korbel
:
Depends On:
Blocks: sat560-lowbug
  Show dependency treegraph
 
Reported: 2013-07-31 00:48 EDT by Jan Hutař
Modified: 2013-10-01 17:56 EDT (History)
3 users (show)

See Also:
Fixed In Version: rhnpush-5.5.65-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-01 17:56:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Hutař 2013-07-31 00:48:42 EDT
Description of problem:
You do not have way how to specify CA certificate on command line. You have to go to /etc/sysconfig/rhn/rhnpushrc to fix it.

# rhnpush --username=<user> --password=<pass> --server=https://<fqdn>/APP --channel=<channel> -v --nosig --force /tmp/<package>.rpm
Connecting to https://<fqdn>/APP

ERROR: unhandled exception occurred: (Certificate file /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT is not accessible).


Version-Release number of selected component (if applicable):
rhnpush-5.5.65-1.el6sat.noarch


How reproducible:
always


Steps to Reproduce:
1. Try to have incorrect "ca_chain" option in rhnpushrc file and use
   command line to to push package


Actual results:
I have not found a way how to do so


Expected results:
There might be option like --ca-cert (satellite-sync have that)
Comment 2 Jan Dobes 2013-08-01 07:19:20 EDT
fixed in spacewalk master: ce4aedce10bfb16bc4dacf32bf9441ad55f286c5

new parameter '--ca-chain'
Comment 5 Martin Korbel 2013-09-25 08:50:44 EDT
VERIFIED   on rhnpush-5.5.65-5.el6sat
REPRODUCED on rhnpush-5.5.65-1.el6sat

rhnpush-5.5.42-7.el6sat ignores unknow CA. 

Steps to reproduce:
1. create custom channel
> python
>>> import xmlrpclib
>>> client = xmlrpclib.Server('http://<fqdn>/rpc/api', verbose=0)
>>> key = client.auth.login('admin','xxx')
>>> client.channel.software.create(key,"my-channel","my-channel","my-channel","channel-x86_64","",{})

2. prepare and push package
> export SERVER="<fqdn>"
> wget http://dl.fedoraproject.org/pub/epel/6/x86_64/BitchX-1.2.1-1.el6.x86_64.rpm -O /tmp/BitchX-1.2.1-1.el6.x86_64.rpm
> rhnpush --username=admin --password=xxx --channel=my-channel --server=https://$SERVER/APP -v --nosig --force /tmp/BitchX-1.2.1-1.el6.x86_64.rpm 

rhnpush-5.5.65-5.el6sat:
ERROR: unhandled exception occurred: ([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]).

rhnpush-5.5.65-1.el6sat:
ERROR: unhandled exception occurred: (Certificate file /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT is not accessible).

rhnpush-5.5.42-7.el6sat:
Uploading package /tmp/BitchX-1.2.1-1.el6.x86_64.rpm
Using POST request


3. again with CA
> wget http://$SERVER/pub/RHN-ORG-TRUSTED-SSL-CERT -O /tmp/RHN-ORG-TRUSTED-SSL-CERT.$SERVER
> rhnpush --username=admin --password=xxx --channel=my-channel --server=https://$SERVER/APP --ca-chain=/tmp/RHN-ORG-TRUSTED-SSL-CERT.$SERVER -v --nosig --force /tmp/BitchX-1.2.1-1.el6.x86_64.rpm 

rhnpush-5.5.65-5.el6sat:
Package BitchX-1.2.1-1.el6.x86_64.rpm Not Found on RHN Server -- Uploading
Uploading package BitchX-1.2.1-1.el6.x86_64.rpm
Using POST request

rhnpush-5.5.65-1.el6sat and rhnpush-5.5.42-7.el6sat:
Usage: rhnpush [OPTION] [<package>]
rhnpush: error: no such option: --ca-chain
Comment 6 Clifford Perry 2013-10-01 17:56:27 EDT
Satellite 5.6 has been released. This bug was tracked under the release.  

This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly
before release). 

Moving to CLOSED CURRENT_RELEASE. 

Text from Upgrade Erratum follows:

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1395.html

Note You need to log in before you can comment on or make changes to this bug.