Recently, I utilized the yum-config-manager program, which is part of the yum-utils package, to add an additional repository into a CentOS box (of course this works with RedHat, too).
The process involves installing yum-utils and adding a repository using the yum-config-manager command. Subsequently, a file is dynamically generated in the /etc/yum.repos.d/ directory with specific content according to the command options one uses.
# install the yum-config-manager
yum -y install yum-utils
# add the official ansible repository
yum-config-manager --add-repo=https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
Typically, the content of the generated repository file takes the form of a structured INI file, resembling something akin to the following:
[releases.ansible.com_ansible_rpm_release_epel-7-x86_64_]
name=added from: https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
baseurl=https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/
enabled=1
While the process of adding a repository is straightforward, configuring additional settings, such as setting the GPG key for added security, requires a more nuanced approach.
According to the yum manual page, the —setopt option is recommended for “setting arbitrary config and repo options.” For more detailed information, one can refer to the yum-config-manager manual page, which provides additional insights into the configuration process (do this by running man yum-config-manager).
Set any config option in yum config or repo files. For options
in the global config just use: --setopt=option=value for repo
options use: --setopt=repoid.option=value. The latter form
accepts wildcards in repoid that will be expanded to the
selected sections. If repoid contains no wildcard, it will
automatically be selected; this is useful if you are
addressing a disabled repo, in which case you don't have to
additionally pass it as an argument.
To illustrate, in order to set the GPG key for a specific repository previously created, the following command is used:
yum-config-manager --save --setopt=releases.ansible.com_ansible_rpm_release_epel-7-x86_64_.gpgkey=https://releases.ansible.com/keys/RPM-GPG-KEY-ansible-release.pub
This command instructs yum-config-manager to set the GPG key for the specified repository by providing the URL to the GPG key file. This additional layer of configuration enhances the security of the package management system by ensuring the authenticity and integrity of the packages retrieved from the repository.
In summary, while adding repositories is a fundamental step, configuring advanced options like GPG keys through the yum-config-manager tool allows users to tailor their package management system to meet specific security and functionality requirements. Understanding these nuances ensures a more robust and customized system configuration.