Project

Profile

Help

Issue #3775

Pulp - Story #3637: As a user, I can run pulp in a FIPS-enabled environment

RPM: Publishing the same content second time with repoview true throws errors

Added by ragbalak over 3 years ago. Updated over 2 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

Publishing an RPM repository with the same distributor for the second time, but with repoview flag set to true, should have created a redirect. Yet, this scenario runs only in the non-FIPS and fails in the FIPS environment .

Environment Details :
RHEL 7.5
Pulp 2.17
FIPS Enabled
SELinux : Enforcing

High Level Steps to reproduce :

1. Create an RPM repository, and add some content to it.
2. Publish the repository. Get ``/pulp/repos/{rel_url}/``, and verify that
no redirects occur.
3. Publish the repository with the ``repoview`` and ``generate_sqlite``
options set to true. Get ``/pulp/repos/{rel_url}/``, and verify that a
redirect to ``/pulp/repos/{rel_url}/repoview/index.html`` occurs.
4. Repeat step 2.

The test cases that demostrate this issue are
pulp_smash.tests.pulp2.rpm.api_v2.test_repoview

The following test was run and the output of the command is attached

 python -m pytest -s  pulp_smash/tests/pulp2/rpm/api_v2/test_repoview.py

RPMs : Installed

(pulp-fips) fips$  rpm -qa | grep -i pulp | sort
pulp-admin-client-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
pulp-deb-admin-extensions-1.8.0-0.1.alpha.201806181017git5409969.el7.noarch
pulp-deb-plugins-1.8.0-0.1.alpha.201806181017git5409969.el7.noarch
pulp-docker-admin-extensions-3.2.0-0.1.alpha.201806181003git1e0493c.el7.noarch
pulp-docker-plugins-3.2.0-0.1.alpha.201806181003git1e0493c.el7.noarch
pulp-ostree-admin-extensions-1.4.0-0.1.alpha.201806181005git1d18a59.el7.noarch
pulp-ostree-plugins-1.4.0-0.1.alpha.201806181005git1d18a59.el7.noarch
pulp-puppet-admin-extensions-2.17.0-0.1.alpha.201806181007git44a02f8.el7.noarch
pulp-puppet-plugins-2.17.0-0.1.alpha.201806181007git44a02f8.el7.noarch
pulp-puppet-tools-2.17.0-0.1.alpha.201806181007git44a02f8.el7.noarch
pulp-python-admin-extensions-2.1.0-0.1.alpha.201806181001gitfabd48c.el7.noarch
pulp-python-plugins-2.1.0-0.1.alpha.201806181001gitfabd48c.el7.noarch
pulp-rpm-admin-extensions-2.17.0-0.1.alpha.201806181009git635260e.el7.noarch
pulp-rpm-plugins-2.17.0-0.1.alpha.201806181009git635260e.el7.noarch
pulp-selinux-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
pulp-server-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
python-isodate-0.5.0-4.pulp.el7.noarch
python-pulp-bindings-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
python-pulp-client-lib-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
python-pulp-common-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
python-pulp-deb-common-1.8.0-0.1.alpha.201806181017git5409969.el7.noarch
python-pulp-docker-common-3.2.0-0.1.alpha.201806181003git1e0493c.el7.noarch
python-pulp-oid_validation-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
python-pulp-ostree-common-1.4.0-0.1.alpha.201806181005git1d18a59.el7.noarch
python-pulp-puppet-common-2.17.0-0.1.alpha.201806181007git44a02f8.el7.noarch
python-pulp-python-common-2.1.0-0.1.alpha.201806181001gitfabd48c.el7.noarch
python-pulp-repoauth-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch
python-pulp-rpm-common-2.17.0-0.1.alpha.201806181009git635260e.el7.noarch
python-pulp-streamer-2.17.0-0.1.alpha.201806181011gitd048023.el7.noarch

Comparisons

In a non-fips environment

Url in the request after publishing the repo the first time

ipdb> response.request.url
'https://localhost/pulp/repos/0b38a8c1-6cfb-4c71-ba15-1710ff6dd328/'

Url for publishing the repo the Second time with repoview flag enabled

ipdb> response.request.url
'https://localhost/pulp/repos/0b38a8c1-6cfb-4c71-ba15-1710ff6dd328/repoview/index.html'

The above test redirected the second time, to the repoview/index.html page

The Test, however, got skipped the third time the repo got published due to [issue 2349] (https://pulp.plan.io/issues/2349) in the non-fips environment.

In a fips environment

The test failed in the Fips environment, as errors were thrown the second time the repo was published with repoview flag [errors attached]

fail_log.txt (27.2 KB) fail_log.txt ragbalak, 06/19/2018 05:54 PM

History

#1 Updated by ragbalak over 3 years ago

  • Description updated (diff)

#2 Updated by ragbalak over 3 years ago

  • Parent task set to #3637

#3 Updated by dalley over 3 years ago

  • Project changed from Python Support to RPM Support

#4 Updated by daviddavis over 3 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to daviddavis

#5 Updated by daviddavis over 3 years ago

Opening up the repoview[0] code, it looks like it calls md5 in /usr/bin/repoview.

A couple problems: I don't see an upstream for repoview and it looks like it hasn't be released in 7 years (2011). Moreover, the owner seems to have abandoned it[1].

[0] https://apps.fedoraproject.org/packages/repoview
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1156505#c2

#6 Updated by daviddavis over 3 years ago

  • Status changed from ASSIGNED to CLOSED - WONTFIX

I confirmed with katello that they're not using repoview. Closing as WONTFIX.

#7 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF