[Pulp-list] A repository download policy set to background means?

2016-05-10 Thread Lutchy Horace (Mailing List) 
Hello,

To avoid flooding the mailing list with multiple E-Mails, I'll
be collapsing a few questions into one E-Mail.

1. I had assumed a completed sync task meant it pulled remote packages
onto the pulp server. The documentation isn't quite clear on this
subject because this does not seem to be the case?

2. Going through bug reports in regards to download policies, the
picture is clearer regarding immediate and on_demand policies but quite
vague about what background policy do?

3. Do you really need to download content units onto the pulp server?
3.a. If not, how does this work? Does consumers contact the
origin servers directly?
3.b. If yes, what is difference of scheduling a sync task and
not a "download" task?

Regards

-- 
Lutchy Horace
Owner/Operator/Administrator [http://www.lhprojects.net]
Owner/Operator/Administrator [http://www.bombshellz.net]
Owner/Operator/Administrator [http://www.animehouse.club]
About Me [http://about.me/lhprojects]
USA

___
Pulp-list mailing list
Pulp-list@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-list

[Pulp-list] Pulp 2.8.3 Release Candidate - Security & Bug fixes

2016-05-10 Thread Sean Myers 
The release candidate for Pulp 2.8.3 is now available.

Pulp has been updated, along with the Puppet (pulp_puppet) and RPM (pulp_rpm) 
plugins.

This release also includes candidatess for OSTree plugin (pulp_ostree) version
1.1.1, the Docker plugin (pulp_docker) version 2.0.1, and the Python plugin
(pulp_python) version 1.1.1.

The release is available in the pulp beta repository for 2.8:
https://repos.fedorapeople.org/repos/pulp/pulp/beta/2.8/

Migrations will need to be run for this release. See the Upgrade Instructions
below for more details.


Security Issues Addressed
=

CVE-2016-3111 (Low Impact):
pulp.spec generates its RSA keys for message signing insecurely
https://pulp.plan.io/issues/1837

CVE-2016-3112 (Moderate Impact):
Pulp consumer private keys are world-readable
https://pulp.plan.io/issues/1834

CVE-2016-3107 (Moderate Impact):
Node certificate containing private key stored in world-readable file
https://pulp.plan.io/issues/1833

CVE-2016-3108 (Moderate Impact):
Insecure temporary file used when generating certificate for Pulp Nodes
https://pulp.plan.io/issues/1830

CVE-2016-3106 (Low Impact):
Insecure creation of temporary directory when generating new CA key
https://pulp.plan.io/issues/1827

Additionally, CVE-2013-7450 was announced during this release cycle, even 
though it was fixed in Pulp 2.3.0. Users who have upgraded from Pulp < 2.3.0 
may still be vulnerable, action may be required (see below).
https://bugzilla.redhat.com/show_bug.cgi?id=1003326

See the upgrade instructions below for more information on addressing these
vulnerabilities.


Known Issues


Changes to the squid package in fedora 22 are causing selinux denials to 
prevent squid
from starting on systems using pulp's lazy download features. At this time, all 
other
platforms appear to be working normally: only fedora 22 is affected.

This issue is being tracked in our tracker. Links to upstream issues and 
workarounds
can be found there:

https://pulp.plan.io/issues/1904


Issues Addressed


  Docker Support
1818Add migration - content units to standard storage path.
  Nectar
1820Fix checking for config.proxy_username
  OSTree Support
1106relative_path should be checked for url collision
  Pulp
1576content type mongo id searches not working
1764SELinux denial on Celery attempting to read resolv.conf
1771requests or urllib3 can't read a file which causes Nectar to 
fail mysteriously
1801Pulp celery_beat and resource_manager are running, but logs say 
they are not running
1802Pulp 2.8 client no longer supports sha1 RPM checksum type
1809python 2.6 incompatibility during set_importer
1747Import upload task has unexpected/missing information on error
1784regression: "pulp-admin rpm repo search" with filters does not 
work as expected
1834CVE-2016-3112: Pulp consumer private keys are world-readable
1837CVE-2016-3111: pulp.spec generates its RSA keys for message 
signing insecurely
1791After upgrading from 2.7.1 to pulp 2.8.0 getting 403 error's on 
all my Pulp repo's.
1794A Pulp unit test is failing to find a certificate to be valid
1824iso repo publish fails for file in subdirectories
1827CVE-2016-3106: Insecure creation of temporary directory when 
generating new CA key
1830CVE-2016-3108: Insecure temporary file used when generating 
certificate for Pulp Nodes
1833CVE-2016-3107: Node certificate containing private key stored 
in world-readable file
1601Migrate /var/lib/pulp/content to new 2.8 storage paths.
1815Create a common 2.8 storage path migration to be used by plugins
  Puppet Support
1780PLP: Update failed (The dotted field 
'thomasmckay-rsync-0.4.1-thomasmckay'
1817Add migration - content units to standard storage path.
  Python Support
1855Upload broken
1819Add migration - content units to standard storage path.
  RPM Support
1869Resynchronizing rhel repos seems to be failing after upgrade
1768Unable to sync RHEL 5 repositories with a distribution
1792recursive and depsolving unit copy results in 
PulpExecutionException
1843Pulp publishes invalid PULP_DISTRIBUTION.xml metadata
1778Switching a repository to immediate from on_demand doesn't 
download its packages
1828pulp doesn't sync reference title correctly from errata
1835export fails when units are not downloaded
1782None in generated XML for 
unit with no 'reboot_suggested'
1808exporting a sufficiently large repo with 'on_demand' policy 
results in BSON error
1812Comps.xml upload succeeds but units are not associated to the 
repo.
1813Handle duplicate key error in comps.xml upload