These releases are already GA. For 9.6 and 10.0, we test them in a
scheduled GA pipeline, which runs the CI tests on GA runners, which
don't have RH VPN access. Previously, some tests in the GA pipeline
would fail, because they would use rpmrepo snapshots of nightly composes
for these releases, which are behind RH VPN. Change the test repo
definitions to use CDN repositories instead, which should fix the GA
pipeline.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Don't upgrade centos-9-stream repos in the Schutzfile, the newer ones
are broken. Considering CI is broken on main right now, that takes
priority, fixing centos-9 can be done in a followup.
The RPM GPG release key used by Red Hat to sign its content used to be
signed using SHA-1. SHA-1 is no longer accepted on RHEL-10 / c10s and as
a result, such key can't be imported during image build. The RH GPG
release key has been resigned using SHA256 some time ago. Let's use this
version of the key for all RHEL repositories.
The key is taken from:
https://access.redhat.com/security/team/key
Specifically:
https://access.redhat.com/security/data/fd431d51.txt
The second key (auxiliary key 3) was not changed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
