Description of problem: You do not have way how to specify CA certificate on command line. You have to go to /etc/sysconfig/rhn/rhnpushrc to fix it. # rhnpush --username=<user> --password=<pass> --server=https://<fqdn>/APP --channel=<channel> -v --nosig --force /tmp/<package>.rpm Connecting to https://<fqdn>/APP ERROR: unhandled exception occurred: (Certificate file /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT is not accessible). Version-Release number of selected component (if applicable): rhnpush-5.5.65-1.el6sat.noarch How reproducible: always Steps to Reproduce: 1. Try to have incorrect "ca_chain" option in rhnpushrc file and use command line to to push package Actual results: I have not found a way how to do so Expected results: There might be option like --ca-cert (satellite-sync have that)
fixed in spacewalk master: ce4aedce10bfb16bc4dacf32bf9441ad55f286c5 new parameter '--ca-chain'
VERIFIED on rhnpush-5.5.65-5.el6sat REPRODUCED on rhnpush-5.5.65-1.el6sat rhnpush-5.5.42-7.el6sat ignores unknow CA. Steps to reproduce: 1. create custom channel > python >>> import xmlrpclib >>> client = xmlrpclib.Server('http://<fqdn>/rpc/api', verbose=0) >>> key = client.auth.login('admin','xxx') >>> client.channel.software.create(key,"my-channel","my-channel","my-channel","channel-x86_64","",{}) 2. prepare and push package > export SERVER="<fqdn>" > wget http://dl.fedoraproject.org/pub/epel/6/x86_64/BitchX-1.2.1-1.el6.x86_64.rpm -O /tmp/BitchX-1.2.1-1.el6.x86_64.rpm > rhnpush --username=admin --password=xxx --channel=my-channel --server=https://$SERVER/APP -v --nosig --force /tmp/BitchX-1.2.1-1.el6.x86_64.rpm rhnpush-5.5.65-5.el6sat: ERROR: unhandled exception occurred: ([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]). rhnpush-5.5.65-1.el6sat: ERROR: unhandled exception occurred: (Certificate file /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT is not accessible). rhnpush-5.5.42-7.el6sat: Uploading package /tmp/BitchX-1.2.1-1.el6.x86_64.rpm Using POST request 3. again with CA > wget http://$SERVER/pub/RHN-ORG-TRUSTED-SSL-CERT -O /tmp/RHN-ORG-TRUSTED-SSL-CERT.$SERVER > rhnpush --username=admin --password=xxx --channel=my-channel --server=https://$SERVER/APP --ca-chain=/tmp/RHN-ORG-TRUSTED-SSL-CERT.$SERVER -v --nosig --force /tmp/BitchX-1.2.1-1.el6.x86_64.rpm rhnpush-5.5.65-5.el6sat: Package BitchX-1.2.1-1.el6.x86_64.rpm Not Found on RHN Server -- Uploading Uploading package BitchX-1.2.1-1.el6.x86_64.rpm Using POST request rhnpush-5.5.65-1.el6sat and rhnpush-5.5.42-7.el6sat: Usage: rhnpush [OPTION] [<package>] rhnpush: error: no such option: --ca-chain
Satellite 5.6 has been released. This bug was tracked under the release. This bug was either VERIFIED or RELEASE_PENDING (re-verified prior shortly before release). Moving to CLOSED CURRENT_RELEASE. Text from Upgrade Erratum follows: Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1395.html