SCLo repositories version lock

davidep · January 9, 2019, 10:13am

The CentOS mirror infrastructure now allows to implement the version number lock for SCLo repositories.

mirrorlist.centos.org code now supports SIGs/AltArch repositories

https://lists.centos.org/pipermail/centos-devel/2018-September/016949.html

We could enhance the locked repository list

davidep · January 9, 2019, 11:19am

Tracked here

davidep · January 10, 2019, 5:15pm

The CentOS SoftwareCollections SIG repo signature is invalid:

[root@vm5 ~]# curl -s -O http://mirror.centos.org/centos/7.6.1810/sclo/x86_64/sclo/repodata/repomd.xml.asc
[root@vm5 ~]# curl -s -O http://mirror.centos.org/centos/7.6.1810/sclo/x86_64/sclo/repodata/repomd.xml
[root@vm5 ~]# gpg repomd.xml.asc
gpg: Signature made Sat 19 May 2018 02:44:12 AM CEST using RSA key ID F2EE9D55
gpg: BAD signature from "CentOS SoftwareCollections SIG (https://wiki.centos.org/SpecialInterestGroup/SCLo) <security@centos.org>"

davidep · January 11, 2019, 8:33am

SCLo repo_gpgcheck=1 is not expected to work, according to https://wiki.centos.org/Download/Verify#head-9f1820241b204d28240c4409064e9213737874ba

pike · March 21, 2019, 3:49pm

May yum-plugin-priorities could help to… achieve a less worring situation for CentOS update release vs NethServer installation integrity?