STIG Mode breaks YUM

Description

Enabling SIMP's STIG Mode (disa_stig) causes the default yum.conf configuration 'repo_gpgcheck' to be enabled. This requires all enabled yum repositories that do not override this setting to cryptographically sign their metadata file, repomd.xml, producing the file repomd.xml.asc, which is not produced for any SIMP-provided repository.

Because the required signature file is missing, all yum commands will fail. The proper fix to this problem is to produce the required files.

Workarounds (pick one setting change per affected repo):

  • Edit each offending repository configuration file in /etc/yum.repos.d/ with an override:

  • Disable each offending repo by the configuration:

Acceptance Criteria

After enabling SIMP STIG Mode (disa_stig), execute yum command successfully

Labels

None

Epic Link

None

Story Points

None

Affects versions

Priority

Medium
Configure