CentOS 7: vault.centos.org now has HSTS enabled, but default repo config uses http

[thaJeztah]

Ran into this a couple of times in our Jenkins. It's not entirely clear to me why it's failing, other than it seems to be happening more often on aarch64 than on amd64, so may be related to machine configuration, or architecture.

When building from a docker build using a centos:7 image;

7: Pulling from library/centos
Digest: sha256:c73f515d06b0fa07bb18d8202035e739a494ce760aa73129f60f4bf2bd22b407
Status: Image is up to date for centos:7
docker.io/library/centos:7

...

#23 22.99 http://vault.centos.org/centos/7/os/Source/repodata/repomd.xml: [Errno 14] HTTPS Error 301 - Moved Permanently
#23 22.99 Trying other mirror.
#23 22.99 failure: repodata/repomd.xml from base-source: [Errno 256] No more mirrors to try.
#23 22.99 http://vault.centos.org/centos/7/os/Source/repodata/repomd.xml: [Errno 14] HTTPS Error 301 - Moved Permanently
#23 ERROR: executor failed running [/bin/sh -c . /root/.rpm-helpers; install_build_deps SPECS/containerd.spec]: exit code: 1

Checking what the URL redirects to, it looks like vault.centos.org now has HSTS enabled;

curl -I http://vault.centos.org/centos/7/os/Source/repodata/repomd.xml
HTTP/1.1 301 Moved Permanently
Date: Tue, 15 Feb 2022 09:24:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Location: https://vault.centos.org/centos/7/os/Source/repodata/repomd.xml
Content-Type: text/html; charset=iso-8859-1

Per discussion on docker-library/official-images#11831, it looks like the centos 7 images haven't been rebuilt for some time, so possibly this would be included as part of the next rebuild (alternatively, perhaps it could be fixed up in the Dockerfile in the meantime)

[thaJeztah]

/cc @bstinsonmhk @tianon @yosifkit