[RFC] Making things easier when working with custom products & Simple Content Access (SCA)

This is because of the way the ‘Restrict to OS’ feature works. Candlepin compares the “required tags” of the entitlement certificate in /etc/pki/entitlement

rct cat-cert 1795965736968636904.pem

...
Content:
	Type: yum
	Name: Red Hat Satellite Client 6 for RHEL 8 x86_64 (RPMs)
	Label: satellite-client-6-for-rhel-8-x86_64-rpms
	Vendor: Red Hat
	URL: /Default_Organization/Library/content/dist/layered/rhel8/x86_64/sat-client/6/os
	GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
	Enabled: False
	Expires: 1
	Required Tags: rhel-8-x86_64
	Arches: x86_64

with the “provided tags” of the product certificate in /etc/pki/product or /etc/pki/product-default:

rct cat-cert 479.pem

...
Product:
	ID: 479
	Name: Red Hat Enterprise Linux for x86_64
	Version: 8.7
	Arch: x86_64
	Tags: rhel-8,rhel-8-x86_64
	Brand Type: 
	Brand Name: 

In this case, the entitlement certificate “requires” the tag rhel-8-x86_64. Since the product certificate “provides” all of the “required tags” (in this case, just the one), the Red Hat Satellite Client 6 for RHEL 8 x86_64 (RPMs) repository is available.

Note that I say “available” here as opposed to “enabled.” If the required tags were not provided, the repo would simply not be listed at all under subscription-manager repos.

Since CentOS and other non-RHEL Enterprise Linux distros do not include a product certificate, none of the required tags will ever be provided. This is why the feature only works with RHEL currently.

I’m not sure exactly what it would take to make this feature work with other OSes. I plan to ask the Candlepin team about it.

3 Likes