SCLo repositories version lock


(Davide Principi) #1

The CentOS mirror infrastructure now allows to implement the version number lock for SCLo repositories.

mirrorlist.centos.org code now supports SIGs/AltArch repositories

https://lists.centos.org/pipermail/centos-devel/2018-September/016949.html

We could enhance the locked repository list :thinking:


Ultimate ns7 software updates origin policy
Lock to "current release" enabled by default from 7.5
(Davide Principi) #2

Tracked here


(Davide Principi) #3

The CentOS SoftwareCollections SIG repo signature is invalid:

[root@vm5 ~]# curl -s -O http://mirror.centos.org/centos/7.6.1810/sclo/x86_64/sclo/repodata/repomd.xml.asc
[root@vm5 ~]# curl -s -O http://mirror.centos.org/centos/7.6.1810/sclo/x86_64/sclo/repodata/repomd.xml
[root@vm5 ~]# gpg repomd.xml.asc
gpg: Signature made Sat 19 May 2018 02:44:12 AM CEST using RSA key ID F2EE9D55
gpg: BAD signature from "CentOS SoftwareCollections SIG (https://wiki.centos.org/SpecialInterestGroup/SCLo) <security@centos.org>"

(Davide Principi) #4

SCLo repo_gpgcheck=1 is not expected to work, according to https://wiki.centos.org/Download/Verify#head-9f1820241b204d28240c4409064e9213737874ba


(Michael Kicks) #5

May yum-plugin-priorities could help to… achieve a less worring situation for CentOS update release vs NethServer installation integrity?