8868011d4c
Enable repo GPG checks causes some CentOS systems to become unable to retrieve yum metadata. It also causes the security gate jobs to balloon out to 12 minutes (normally 3-4 mins). Closes-Bug: 1641729 Change-Id: I229b471bbd9fbe39776b9022671b03da0a659163
623 B
623 B
---id: RHEL-07-020152 status: implemented tag: packages ---
The STIG requires that repository XML files are verified during
yum runs.
Warning
This setting is disabled by default because it can cause issues with CentOS systems and prevent them from retrieving repository information. Deployers who choose to enable this setting should test it thoroughly on non-production environments before applying it to production systems.
Deployers can override this default and opt in for the change by setting the following Ansible variable:
security_enable_gpgcheck_repo: yes