Live CD repository error

Latest response

I have the following line in the kickstart file:

repo --name=rhel-8-for-x86_64-baseos-rpms --baseurl=http://cdn.redhat.com/content/dist/rhel8/$releasever/x86_64/baseos/os

livecd-creator returns:

repo: downloading from remote: rhel-8-for-x86_64-baseos-rpms
error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain] (https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml).
error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain] (https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml).
error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain] (https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml).
error: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain] (https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml).
rhel-8-for-x86_64-baseos-rpms 0.0 B/s | 0 B 00:01
Errors during downloading metadata for repository 'rhel-8-for-x86_64-baseos-rpms':
- Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml [SSL certificate problem: self signed certificate in certificate chain]
Error creating Live CD : Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Any ideas how to solve this?

Thanks!

Responses

I don't know how to fix the certificate error, but I should note that in this case, it may be better to create a local package repository for use with livecd-creator.

The live RHN repositories are subject to change at any time, so even with the same input, livecd-creator can produce different output from one run to another. Creating a local repository will aid in configuration management of:

  1. Package set (RPM files)
  2. comps.xml
  3. modules.yaml

Depending on where the local repository resides, this approach also has the potential to significantly reduce network traffic.

I solved the first problem by adding --noverifyssl to the "repo" line in the kickstart file. Unfortunately, the repository is still inaccessible from livecd-creator:

Errors during downloading metadata for repository 'rhel-8-for-x86_64-baseos-rpms': - Status code: 403 for https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/repodata/repomd.xml (IP: 173.222.212.251)

This is cause by subscription requirements. Only dnf can connect to these repos through dnf-plugin-subscription-manager. Livecd-creator uses curl to retrieve the metadata, so it is denied access. What is the way around this?

On your suggestion to create a local repo. It is not clear to me what exactly you mean by that. A DVD image mounted somewhere? This would not do because I need all the updates.

Yes, the full DVD is a good example of a local repository. Although the DVD does not contain updates, running livecd-creator against it validates the overall approach, if successful.

As for updated packages, they can be downloaded from RHN. Once livecd-creator is working with the DVD, download updated packages to a dedicated directory, then run the following command in that directory.

$ createrepo .

This yields an additional repository which can then be passed to livecd-creator.

(I typically use a subdirectory named Packages for the RPM files. Running createrepo then produces a repodata directory alongside it.)

Thank you for the advice. This method works very well indeed. The only correction is that "createrepo" is depreciated in RH8; downloads are managed entirely using "reposync".

Good to hear it's working!

I actually hadn't looked at reposync in a while, because it would download entire repositories when I was only looking for a subset. This was a big issue with Fedora, when I needed only several hundred megabytes of RPMs to rebuild their LiveCDs, but the full repository was multiple gigabytes in size.

Taking another look at at reposync, though, reveals that it now handles modules in RHEL 8. This is a good thing, because modules have certainly complicated what used to be simple calls to repoquery.