Project

General

Profile

Feature #4110

expose candlepin option to ignore signature checking on manifest, to enable quick automated tests with tiny content

Added by Katello Issue Migration over 5 years ago. Updated about 1 year ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Candlepin
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

can turn on this option by adding `?force=SIGNATURE_CONFLICT` to the candlepin import URL - allow bypassing of signature check to allow non-redhat manifests for testing.

Could either add this as an option in `katello.yml` and/or installer option. Or even a UI option on the manifest import page.

Until this is added we cannot test with @iNecas fake content anymore, katello no longer accepts these manifests because they aren't signed with the Red Hat cert.

Created: weissjeffm on February 19, 2013 15:13 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/1619


Comment 1

Yeah recent Candlepin blows up our import cli smoke tests. +1

Created: lzap on March 13, 2013 14:13 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/14843225


Comment 2

Lukas Zapletal ping?

Created: omaciel on March 20, 2013 14:00 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/15177093


Comment 3

reassigning to @iNecas

Created: mccun934 on April 10, 2013 14:52 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/16179087


Comment 4

Mike McCune @iNecas I last heard this was supposed to be in the last sprint, but doesn't look like it made it. This sprint then?

Created: weissjeffm on June 11, 2013 19:30 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/19286502


Comment 5

Oh sorry the issue got totally lost in my PR folder...

Created: lzap on June 12, 2013 08:43 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/19313073


Comment 6

Does that mean it's fixed on your local repo?

Created: weissjeffm on June 13, 2013 12:21 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/19388037


Comment 7

Well my manifests were copies of @iNecas and Tomáš Strachota - I only made the version 1 of the repo and guys extended it with more features. Tomáš, do you still have the generator you wrote?

Created: lzap on June 25, 2013 16:41 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/19989780


Comment 8

Hmm this is what we have https://www.redhat.com/archives/katello-devel/2012-January/msg00037.html

I dont know where the repo generator is after git repos split. Lemme ask on the list for you - you can use it to generate what you need, there is no need to depend on us.

Created: lzap on June 25, 2013 16:54 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/19990673


Comment 9

Ok it's here but I dont see anything to create manifests here. I am sorry, I am not able to help. Not sure how to create those.

https://github.com/Katello/katello-misc/tree/master/scripts/test/repo_generation

Created: lzap on June 25, 2013 17:07 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/19991552


Comment 10

Lukas Zapletal I'm not sure what you are referring to. This issue is to turn off manifest signature checking in katello. I already have a way to generate manifests. I just (programmatically) unzip them, change the id and zip them back up.

Are you saying you need manifests with signatures that don't verify to test your change with? I can provide that if necessary.

Created: weissjeffm on June 25, 2013 17:27 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/19992772


Comment 11

Oh I apologize then. Disregard all my comments.

Created: lzap on June 26, 2013 08:26 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/20033209


Comment 12

I was able to add signature to the fake manifest and make candlepin to use the cert for the signature, so this will be no problem, I sign the fake manifests in cli-tests and distribute the ca cert in katello-system-tests rpm (it's not possible to turn off the singature verification)

We have thought yet another problem:

Subscription manifest import for provider 'Red Hat' failed
Reason: Runtime Error null at org.candlepin.sync.Importer.importConsumer:518

It seems like our fake manifests are too old, I will need to regenerate them with the latest candlepin.

Created: iNecas on July 02, 2013 10:11 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/20337374


Comment 13

@iNecas when you say 'make candlepin to use the cert for the signature', what exactly did you have to do? Did it require restarting katello? Or just candlepin? Or no restart at all, just placing the cert?

Created: weissjeffm on July 02, 2013 12:10 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/20342006


Comment 14

@weissjeffm it required putting the cert into /etc/candlepin/certs/upstream and restarting tomcat6

Created: iNecas on July 02, 2013 13:33 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/20345491


Comment 15

the script for signing fake manifests used is here

https://github.com/Katello/katello-misc/pull/12 (cert and fake private key included)

here are the signed manifests + package katello-cli-tests-fakecert, that deploys the fake cert to candlepin of tested machine:

https://github.com/Katello/katello-cli/pull/46

and here is adding the package into comps

<inecas> https://github.com/Katello/katello/pull/2574

Created: iNecas on July 02, 2013 16:23 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/20357144


Comment 16

Big warning - do not use old manifests, only use those generated after
MDP1 release which is safe. I ran into strange issues when I was turning
on repos - it totally (silently) ruins Candlepin.

LZ

On Tue, Jul 02, 2013 at 03:11:15AM -0700, Ivan Necas wrote:

I was able to add signature to the fake manifest and make candlepin to use the cert for the signature, so this will be no problem, I sign the fake manifests in cli-tests and distribute the ca cert in katello-system-tests rpm (it's not possible to turn off the singature verification)

We have thought yet another problem:

Subscription manifest import for provider 'Red Hat' failed
Reason: Runtime Error null at org.candlepin.sync.Importer.importConsumer:518

It seems like our fake manifests are too old, I will need to regenerate them with the latest candlepin.

---
Reply to this email directly or view it on GitHub:
https://github.com/Katello/katello/issues/1619#issuecomment-20337374

--
Later,

Lukas "lzap" Zapletal
irc: lzap #theforeman

Created: lzap on July 03, 2013 08:07 +00:00
Imported from https://api.github.com/repos/Katello/katello/issues/comments/20401139

History

#1 Updated by Eric Helms about 5 years ago

  • Category set to Candlepin
  • Priority changed from Normal to Low
  • Triaged set to Yes

#2 Updated by Eric Helms over 3 years ago

  • Legacy Backlogs Release (now unused) set to 114

Also available in: Atom PDF