For a fully functional operating system or OS, you need to receive timely updates, lists of new and old software or software that will allow you to perform client or administrative tasks.
For Windows, the process of downloading OS updates is done through repositories, and software is often downloaded through Web resources as binary files. Linux interaction is often oriented towards the use of repositories for all the processes described above. It is therefore important to consider the configuration and secure operation of these solutions.
What is a repository and how do I work with it?
A repository is a collection of objects stored on a server, which is often used to store software and other dependencies necessary for its operation. It can be implemented as an SFTP server, Web server, or it can be a database on a version control platform. It is often used as a distribution point for software, as well as a convenient form of data storage for the work of teams.
Linux often uses repositories as open download points and it is important enough to divide them into two types: trusted and untrusted repositories. The former have been approved by developers or the community, which is less likely to have software that doesn't work or to have software tabs. The second must be verified, or trusted by the developer of a given collection of objects.
To work with a Linux repository, it is often necessary to provide a URL link from where the software packages will be downloaded and a corresponding public key for digital signature.
Configure repository on Rocky Linux
We will use two main directories: /etc/yum.repos.d and /etc/pki/rpm-gpg, as these are the directories where the references to repositories and EDS keys are stored respectively. This method is a manual repository configuration and allows you to monitor existing repositories. To add a new collection, let's go to the /etc/yum.repos.d folder and create a new configuration file for Docker:
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/rhel/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/rhel/gpg
In this example, the first line is the name of the repository, as is the second and can take any value. The baseurl line should be correctly composed with the version of your RHEL distribution, and the processor architecture usually used is x86_64. If you don't know the exact data leave it as given in the example above - variables.
Enabled is responsible for using the repository when searching for packages, and gpgcheck is responsible for checking signatures. It is advisable to leave it enabled to avoid man-in-the-middle attacks.
And the second important component in the whole file is the path to the key, which is specified in URL format - a link to a local file, or a link to an existing repository object. In the variant presented above, just a link to an online resource. Let's try to update the repository and see if the software reads packages from there:
The update is happening, so the paths are set correctly and the repository is configured correctly.
All steps in the tutorial can be performed on powerful cloud servers. Serverspace provides isolated VPS / VDS servers for common and virtualize usage.
It will take some time to deploy server capacity. After that you can connect in any of the convenient ways!
How do I download the repository key?
But what if you don't trust the resource on a permanent basis and want to check the keys yourself and update them via Ansible every time? To do this, you can download the key via the command link and immediately write it to a directory with limited permissions:
This command will redirect the output from the server to the key storage file. And in order for the repository to check the provided key we will specify it in the repository configuration with the line gpgkey=file:///etc/pki/rpm-gpg/docker, having previously commented out the previous one. Now let's test the repository by installing the docker-ce package:
In the Repository field we can see the list of repositories used to find the utility, as well as its dependencies that will be used for installation.
How do I delete a repository or disable it?
If we need to disable some repositories we can either delete the configuration file with them or switch them off with the enable clause. What is done is also in the configuration file. For example, we don't need the current online collection of Docker files, so let's update its value:
This command replaced all items from =1 to =0 in the parameter that was responsible for using repositories when searching. Now let's check how it works:
As you can see the repository has been excluded from the search list and is not being used to install or update software.