Cannot Create Errata Filter for "unspecified" Type

Problem:
I cannot create an errata filter for the “unspecified” errata type.
Expected outcome:
I should be able to create an errata filter for any type of errata that can show up in Foreman.
Foreman and Proxy versions:
Foreman 3.11.1
Foreman and Proxy plugin versions:
foreman-tasks 9.1.1
foreman_bootdisk 21.2.3
foreman_discovery 24.0.1
foreman_remote_execution 13.1.0
katello 4.13.1
Distribution and version:
AlmaLinux 9.4
Other relevant data:

As you all are already aware, the version of yggdrasil distributed from the Foreman client repository has the same name as another package from the EPEL repository (this issue is mentioned here: Fun with yggdrasil packages). Consequently, Foreman falsely believes EPEL’s version of yggdrasil is an update to Foreman’s version and creates an errata that, when applied to a host, updates yggdrasil to the newer version. The problem with this is that the remote execution pull client depends on the yggdrasil version found in Foreman’s client repository and will not work with EPEL’s version.

To prevent the pull client from breaking when yggdrasil automatically “updates” I created a package filter on one of my content views that excludes EPEL’s version of yggdrasil. That stopped the package from updating, but the errata stating that the package needs to be updated still exists. Normally I would be happy to just ignore the errata message, but it’s impacting my ability to quickly scan the list of hosts to find ones that have an issue because they all have applicable errata that cannot be installed.

This is where I thought that creating an errata filter would be helpful. If I could exclude that errata from my content views, then I could finally get that wonderful green check mark next to all my hosts. Unfortunately, it’s impossible to create an errata filter for this particular errata because its type is “unspecified”.

I’ve tried to create an errata filter both through the web UI and the CLI and there isn’t any capability to create a filter with type “unspecified”. I don’t want to stop using the pull client because not all my hosts are directly reachable from the Foreman server via SSH. Deleting the yggdrasil package from the EPEL repository only temporarily fixes the issue as the package comes back the next time the repository is synced and content views are published.

Does anyone have any ideas for what I can do? It doesn’t seem like I should have to perpetually deal with applicable errata that I never want to install.

What specific errata is this? Can you perhaps exclude it by errata ID?

Unfortunately Katello only recognizes security/bugfix/enhancement, and has validations that prevent any other type.

I believe the errata is automatically generated by Foreman. Running hammer erratum list on a specific host allows me to see the ID and Errata ID:

-----|-----------------------------|-------------|-----------------------|------------|-----------
ID   | ERRATA ID                   | TYPE        | TITLE                 | ISSUED     | UPDATED   
-----|-----------------------------|-------------|-----------------------|------------|-----------
2623 | FEDORA-EPEL-2023-f108a20ffe | unspecified | yggdrasil-0.3.2-2.el9 | 2023-07-24 | 2023-08-02
-----|-----------------------------|-------------|-----------------------|------------|-----------

I created a content view filter with

hammer content-view filter create \
--content-view "Default AL9.4" \
--description "Exclude yggdrasil errata" \
--name "yggdrasil_errata" \
--organization "ORG" \
--type "erratum"

and created a filter rule with

hammer content-view filter rule create \
--content-view "Default AL9.4" \
--content-view-filter="yggdrasil_errata" \
--organization "ORG" \
--errata-id 2623

but it doesn’t appear to have filtered out the errata. I published and promoted “Default AL9.4” and all the hosts using the katello pull client still show the errata as applicable.

Another thing to note: The filter rule I added does not appear in the web UI but it does appear when I look for it with hammer.

Filter ID:    7
Name:         yggdrasil_errata
Type:         erratum
Inclusion:    false
Description:  Exclude yggdrasil errata
Repositories: 

Rules:        
 1) Id:        2
    Errata ID: 2623
    Created:   2024/08/05 10:41:36
    Updated:   2024/08/05 10:41:36

Is there something I’m doing wrong?

If properly filtered, the errata would be applicable but not installable.

You can confirm what packages and errata are in a content view version in the web UI, on the content view details page > Versions tab > then click your newly published version.

So even with a properly configured errata filter, I cannot filter out applicable errata?
Is there no way to completely remove undesirable errata from hosts?

Filtering out the errata should prevent the host from being able to install the packages or the errata. That’s what I mean by applicable but not installable.

If you want the erratum not to be applicable either, I believe you’d have to either remove the host’s access to that repository completely, by removing it entirely from the content view and republishing. You may also be able to achieve it by overriding that repository to disabled. But either way, the host would lose access to that repository.

Ok, thanks for your help!
I mistakenly believed that filtering out an errata would make it both uninstallable and not applicable.
I guess there’s no way to achieve what I want short of removing/disabling the EPEL repository or uninstalling the pull client on all the hosts.