Closed
Description
Problem description
The Endpoint channel.software.updateRepoSsl resets the repository property hasSignedMetadata. This is likely unintended behavior, and somewhat undermines checks regarding the authenticity of the respective upstream repository - if channels, repos, etc are managed via the API.
Steps to reproduce
- Run a current uyuni instance (2024-12)
- Create an admin account
- Run the following python script
import xmlrpc.client as xmlrpclib
UYUNI_URL = 'https://<instance>/rpc/api'
UYUNI_USER = '<myuser>'
UYUNI_PASSWORD = '<myuserpassword>'
CLEANUP = True
def main():
# Login
client = xmlrpclib.Server(UYUNI_URL)
sessionKey = client.auth.login(UYUNI_USER,UYUNI_PASSWORD)
# create test ssl key
client.kickstart.keys.create(sessionKey,
"hasSignedMetadata_testcert",
"SSL",
"dummy content")
# create test repo with signed=true
# Parameters
# string sessionKey
# string label - repository label
# string type - repository type (only YUM is supported)
# string url - repository url
# string sslCaCert - SSL CA cert description, or an empty string
# string sslCliCert - SSL Client cert description, or an empty string
# string sslCliKey - SSL Client key description, or an empty string
# boolean hasSignedMetadata - true if the repository has signed metadata, false otherwise
client.channel.software.createRepo(sessionKey,
"hasSignedMetadata_test",
"yum",
"https://example.com",
"",
"",
"",
True)
print("Initial Repository Properties")
print(client.channel.software.getRepoDetails(sessionKey,"hasSignedMetadata_test"))
# update ssl (only one cert
client.channel.software.updateRepoSsl(sessionKey,
"hasSignedMetadata_test",
"hasSignedMetadata_testcert",
"",
"")
print("Repository Properties after updating SSL")
print(client.channel.software.getRepoDetails(sessionKey,"hasSignedMetadata_test"))
print("The property hasSignedMetadata has changed unexpectedly")
if CLEANUP:
client.channel.software.removeRepo(sessionKey,"hasSignedMetadata_test")
client.kickstart.keys.delete(sessionKey,"hasSignedMetadata_testcert")
client.auth.logout(sessionKey)
if __name__ == "__main__":
main()output:
Initial Repository Properties
{'sourceUrl': 'https://example.com', 'id': 514, 'label': 'hasSignedMetadata_test', 'type': 'yum', 'hasSignedMetadata': True, 'sslContentSources': []}
Repository Properties after updating SSL
{'sourceUrl': 'https://example.com', 'id': 514, 'label': 'hasSignedMetadata_test', 'type': 'yum', 'hasSignedMetadata': False, 'sslContentSources': [{'sslKeyDesc': '', 'sslCaDesc': 'hasSignedMetadata_testcert', 'sslCertDesc': ''}]}- inspect the changed
hasSignedMetadataproperty
Uyuni version
Information for package Uyuni-Server-release:
---------------------------------------------
Repository : @System
Name : Uyuni-Server-release
Version : 2024.12-241000.225.1.uyuni5
Arch : x86_64
Vendor : obs://build.opensuse.org/systemsmanagement:Uyuni
Support Level : unknown
Installed Size : 1.4 KiB
Installed : Yes (automatically)
Status : up-to-date
Source package : Uyuni-Server-release-2024.12-241000.225.1.uyuni5.src
Upstream URL : https://www.uyuni-project.org/
Summary : Uyuni Server
Description :
Uyuni lets you efficiently manage physical, virtual,
and cloud-based Linux systems. It provides automated and cost-effective
configuration and software management, asset management, and system
provisioning.Uyuni proxy version (if used)
uyuni-tools version used to deploy/manage the server or proxy (if relevant)
Useful logs
Additional information
No response