Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1688489 - CV Publish filters modular rpms leaving them in a potentially broken state [NEEDINFO]
Summary: CV Publish filters modular rpms leaving them in a potentially broken state
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Views
Version: 6.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: 6.5.0
Assignee: Partha Aji
QA Contact: Omkar Khatavkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-13 20:39 UTC by Partha Aji
Modified: 2019-04-15 06:33 UTC (History)
4 users (show)

Fixed In Version: tfm-rubygem-katello-3.10.0.39-1,tfm-rubygem-katello-3.10.0.42-1
Doc Type: Known Issue
Doc Text:
Cause: The Content View publish process copies all modules irrespective of any filters. However, the RPMs belonging to these module are subject to package filtering. Consequence: A Content View publish action will copy all modules and any RPMs included by a filter, but not RPMs excluded by a filter, even if the excluded RPMs are required by a module. Workaround (if any): Check for the RPMs belonging to a module to be used in a Content View and include the modules RPMs in the Content View. Consider using Composite Content Views with modules your require in separate Content Views for ease of management. Result: A module's presence in a Content View will allow the module stream to be enabled, but some RPMs might not be present due to package filtering.
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
zhunting: needinfo? (paji)


Attachments (Terms of Use)
attaching filtering result (deleted)
2019-04-09 12:13 UTC, Omkar Khatavkar
no flags Details


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 26221 None None None 2019-03-13 20:45:17 UTC
Foreman Issue Tracker 26223 None None None 2019-03-13 20:44:47 UTC

Description Partha Aji 2019-03-13 20:39:01 UTC
Consider a content view that has repositories with modules streams .
As of Sat 6.5 the Content View publish process copies over all the modules irrespective of any filters. However the rpms belonging to these module streams (aka Modular Rpms) are subject to the regular package filtering. This causes the module streams in the resulting content view environment to be in a semi-broken (aka ursine) state.

For example: Consider a content view with a repo that has a Module Stream M, and modular rpms R1 and R2 belonging to M. Assume this repo also has a non modular rpm N. If this content view had a package filter that says "Include only rpm N". The content view publish will copy over module stream M and rpm N but will ignore R1 and R2. This could lead to a dubious CVE where the customer enables the module stream but is not able to install the rpms belonging to this.

We need to mark rpms belonging to module streams as "modular" and have them evade the filtering process and automatically copied over. We need to limit the filtering to only non modular rpms. 


Version-Release number of selected component (if applicable): 6.5 nightly

Steps to Reproduce:

1) Create a content view 
2) Add a repo with module streams
3) Create an includes filter that says "Include foo" (where is foo is a non modular rpm.)
4) Publish the content view

Expected:
All modules streams and modular rpms get copied over in addtion to what you have for the include.

Actual:
Notice that all the module streams got copied over. However only foo got copied over in terms of rpms.

Comment 4 Partha Aji 2019-03-13 20:44:46 UTC
Connecting redmine issue https://projects.theforeman.org/issues/26223 from this bug

Comment 5 Partha Aji 2019-03-13 20:45:17 UTC
Connecting redmine issue https://projects.theforeman.org/issues/26221 from this bug

Comment 6 Bryan Kearney 2019-03-29 16:01:03 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/26223 has been resolved.

Comment 9 Omkar Khatavkar 2019-04-09 10:44:50 UTC
Verified this in Satellite 6.5 with Snap 22, everything works fine. Executed all Scenarios mentioned as https://github.com/Katello/katello/pull/8014#issuecomment-477068810

Comment 10 Omkar Khatavkar 2019-04-09 12:13:43 UTC
Created attachment 1553831 [details]
attaching filtering result

Comment 11 Omkar Khatavkar 2019-04-15 06:33:48 UTC
Marking this ticket as verified, as per my above comment


Note You need to log in before you can comment on or make changes to this bug.