8868011d4c
Enable repo GPG checks causes some CentOS systems to become unable to retrieve yum metadata. It also causes the security gate jobs to balloon out to 12 minutes (normally 3-4 mins). Closes-Bug: 1641729 Change-Id: I229b471bbd9fbe39776b9022671b03da0a659163
22 lines
623 B
ReStructuredText
22 lines
623 B
ReStructuredText
---
|
|
id: RHEL-07-020152
|
|
status: implemented
|
|
tag: packages
|
|
---
|
|
|
|
The STIG requires that repository XML files are verified during ``yum`` runs.
|
|
|
|
.. warning::
|
|
|
|
This setting is disabled by default because it can cause issues with CentOS
|
|
systems and prevent them from retrieving repository information. Deployers
|
|
who choose to enable this setting should test it thoroughly on
|
|
non-production environments before applying it to production systems.
|
|
|
|
Deployers can override this default and opt in for the change by setting the
|
|
following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_enable_gpgcheck_repo: yes
|