[opensuse-buildservice] CentOS-7 repository
JFYI, the CentOS-7 repository got changed upstream. I did turn the repository therefore into a download-on-demand repository. Things like Qt5 exists now. However, I have not found a way how to validated the repository information. The rpmmd meta data is not signed with GPG, neither exists an authorative https server delivering the data. So these packages are not validated atm :/ It would be great if anyone has a hint for me how I can validate the repository meta data. thanks adrian -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Fri, Feb 17, 2017 at 4:14 AM, Adrian Schröter <adrian@suse.de> wrote:
JFYI, the CentOS-7 repository got changed upstream.
I did turn the repository therefore into a download-on-demand repository. Things like Qt5 exists now.
However, I have not found a way how to validated the repository information. The rpmmd meta data is not signed with GPG, neither exists an authorative https server delivering the data.
So these packages are not validated atm :/
It would be great if anyone has a hint for me how I can validate the repository meta data.
thanks adrian
Actually, the metadata is signed with GPG. For example: The OS repodata: http://mirror.centos.org/centos-7/7/os/x86_64/repodata/ The updates repodata: http://mirror.centos.org/centos-7/7/updates/x86_64/repodata/ The GPG key: http://mirror.centos.org/centos-7/7/os/x86_64/RPM-GPG-KEY-CentOS-7 By the way, it'd be really cool if we could have CentOS 7.0, 7.1, 7.2, 7.3... sub targets like we do for SLE. The old versions are available in the CentOS Vault: http://vault.centos.org/ CentOS 7.0: http://vault.centos.org/7.0.1406/os/x86_64/ and http://vault.centos.org/7.0.1406/updates/x86_64/ CentOS 7.1: http://vault.centos.org/7.1.1503/os/x86_64/ and http://vault.centos.org/7.1.1503/updates/x86_64/ CentOS 7.2: http://vault.centos.org/7.2.1511/os/x86_64/ and http://vault.centos.org/7.2.1511/updates/x86_64/ CentOS 7.3 is currently at: http://mirror.centos.org/centos-7/7.3.1611/os/x86_64/ and http://mirror.centos.org/centos-7/7.3.1611/updates/x86_64/ CentOS 7 for i686 (called i386), armv7hl (called armhfp), ppc64, ppc64le, and aarch64 are available at: http://mirror.centos.org/altarch/7/ As for an authoritative server with https, I do not know of one. They're still using the old, pre-MirrorManager setup that Fedora used to have in The Old Days(TM). Someone needs to help them get up to using metalinks and stuff (with MirrorManager or MirrorBrain...). -- 真実はいつも一つ!/ Always, there's only one truth! -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Freitag, 17. Februar 2017, 05:35:23 CET wrote Neal Gompa:
On Fri, Feb 17, 2017 at 4:14 AM, Adrian Schröter <adrian@suse.de> wrote:
JFYI, the CentOS-7 repository got changed upstream.
I did turn the repository therefore into a download-on-demand repository. Things like Qt5 exists now.
However, I have not found a way how to validated the repository information. The rpmmd meta data is not signed with GPG, neither exists an authorative https server delivering the data.
So these packages are not validated atm :/
It would be great if anyone has a hint for me how I can validate the repository meta data.
thanks adrian
Actually, the metadata is signed with GPG.
For example:
The OS repodata: http://mirror.centos.org/centos-7/7/os/x86_64/repodata/ The updates repodata: http://mirror.centos.org/centos-7/7/updates/x86_64/repodata/
right, there is one ... added the validation key now. -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Freitag, 17. Februar 2017, 13:24:17 CET wrote Adrian Schröter:
On Freitag, 17. Februar 2017, 05:35:23 CET wrote Neal Gompa:
On Fri, Feb 17, 2017 at 4:14 AM, Adrian Schröter <adrian@suse.de> wrote:
JFYI, the CentOS-7 repository got changed upstream.
I did turn the repository therefore into a download-on-demand repository. Things like Qt5 exists now.
However, I have not found a way how to validated the repository information. The rpmmd meta data is not signed with GPG, neither exists an authorative https server delivering the data.
So these packages are not validated atm :/
It would be great if anyone has a hint for me how I can validate the repository meta data.
thanks adrian
Actually, the metadata is signed with GPG.
For example:
The OS repodata: http://mirror.centos.org/centos-7/7/os/x86_64/repodata/ The updates repodata: http://mirror.centos.org/centos-7/7/updates/x86_64/repodata/
right, there is one ... added the validation key now.
And thanks a lot! -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (2)
-
Adrian Schröter -
Neal Gompa