The RPM GPG release key used by Red Hat to sign its content used to be
signed using SHA-1. SHA-1 is no longer accepted on RHEL-10 / c10s and as
a result, such key can't be imported during image build. The RH GPG
release key has been resigned using SHA256 some time ago. Let's use this
version of the key for all RHEL repositories.
The key is taken from:
https://access.redhat.com/security/team/key
Specifically:
https://access.redhat.com/security/data/fd431d51.txt
The second key (auxiliary key 3) was not changed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Update RHEL 8.9 and 9.3 repo definitions to use the CDN repos, since
these are already GA.
Add SAP repositories to all RHEL repo configs, to be able to build the
SAP image for testing purposes.
Fix minor issues found in repos (e.g. 8.8 RT repo pointing to 8.7,
etc.).
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
- repositories/: add google-compute-engine and google-cloud-sdk repos to
package repositories.
- test/data/repositories/: add rt, rhui, and rhui-azure to test
repositories.
- test-case-generators/: update unversioned rhel-8 repos to point to
RHEL 8.7 snapshots.
Add a plain `rhel-8` alias as the default distribution name and version
for the `rhel8` package. The `rhel-86` distro is still available via
the NewRHEL86() constructor. These two distributions are identical.
Repositories
------------
The rhel-8 repositories (repositories/rhel-8.json) are now set to the
CDN repositories with no minor version:
https://cdn.redhat.com/content/dist/rhel8/8/...
The rhel-8 test repositories (test/data/repositories/rhel-8.json) were
already set to the plain `8` repositories. The Google repos have been
added.
The test case generator repositories used for `rhel-8` are the rpmrepo
snapshots as for rhel-86.
Follow-up to 60db6ad06f
The SHA-1 key is no longer supported in RHEL 9.0. This isn't a problem
for RHEL 8.x in general, but it prevents cross building RHEL 8.x images
on RHEL 9.0, since the host (RHEL 9.0) rpm and openssl cannot import the
older keys and we fail to bootstrap the build root for the new image if
the source repositories use SHA-1 keys.
Related rhbz#2058497 (Comment 18).
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
Two new test cases added to format-request-map and test cases are
generated.
1. kernel-rt for RHEL images:
Requires new package repositories for RHEL 8.3 and 8.4.
Creates an OSTree commit with the `kernel-rt` as a customization.
2. kernel-debug for Fedora images:
kernel-rt isn't included in the official fedora repositories. Using
kernel-debug at least tests the feature with the fedora-iot-commit type.
The test package should be self-contained and contain all the configuration
necessary for a known-good test run (minus secrets). This moves repo
overrides from the test orchestration into the test package.
We want all the external sources (including boot isos and repositories) to
be pinned by their content hash, and never use anything that is not strictly
defined. This moves us in the right direction, but we still have some tests
to update to use these shipped repos rather than official mirrors.
One remaining challenge is that we must make sure all our test runners have
access to the RHEL snapshots, which is not currently the case for the runners
in EC2, but a solution is in the works.
Signed-off-by: Tom Gundersen <teg@jklm.no>
2020-10-23 11:33:04 +02:00
Renamed from schutzbot/repositories/rhel-8.json (Browse further)
