-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] - not able to install/upgrade packages after enabling repo_gpgcheck #336
Comments
Confirmed. Looking at this now.
|
The AL2023 repos currently don't have metadata signing enabled. The packages themselves are signed, and communicating with the repos is done via Let's keep this issue open so we can track when we enable this functionality. |
is there any updates on this? This issue fails CIS & NIST controls. |
Bump. We too would like to know if there's been any update on this? We're having to exclude a section of our CIS hardening that enables repo_gpgcheck, which isn't ideal. |
To quote the CIS Amazon Linux 2023 Benchmark v1.0:
Currently, that includes the AL2023 repositories that do not support it. The CIS Benchmark for AL2023 does take care to indicate that it should only be set for repositories that support it. |
Best workaround to fix this , use below command to disable gpg_check |
Describe the bug
Not able to install/upgrade packages after enabling repo_gpgcheck
To Reproduce
Run below commands to enable repo_gpgcheck and try to install any package.
Observed the 403 error due to failed gpg check on the repodata
The text was updated successfully, but these errors were encountered: