Chapter 18. System and Subscription Management

New payload_gpgcheck option added to yum

With this update, the new configuration option payload_gpgcheck has been added to the yum utility. This option enables a GNU Privacy Guard (GPG) signature check on the payload sections of packages, thus enhancing the security and integrity when installing packages. Previously, when gpgcheck option was enabled, yum only performed a GPG signature check on headers. Consequently, if the payload data were tampered with or corrupted, RPM unpacking error occurred, and the package was left in a partly installed state. This might have put the operating system into an inconsistent and vulnerable state.
You can use the new payload_gpgcheck option in conjunction with the gpgcheck or localpkg_gpgcheck options to prevent this problem. As a result, when payload_gpgcheck is enabled, yum performs a GPG signature check on the payload and aborts the transaction if it is not verified. Using payload_gpgcheck is equivalent to manually running rpm -K on downloaded packages. (BZ#1343690)

A no-proxy configuration is available for virt-who

With this update, the virt-who service can be set to ignore proxy network settings. This enables virt-who to work properly on environments that use a proxy connection with one-way communication.
To set up this functionality, add the NO_PROXY environment variable to the /etc/sysconfig/virt-who file. Alternatively, you can add the no_proxy variable to the [server] section of the /etc/rhsm/rhsm.conf file.
Note that the NO_PROXY setting does not work when synchronizing the hypervisor using Red Hat Satellite 5. (BZ#1299643)

virt-who respects independent interval settings

With this update, the virt-who command reports each interval on all sources that have updates. In addition, if virt-who is configured to send updates to more than one destination, for example to an Red Hat Satellite instance and the Red Hat Subscription Management (RHSM), the interval for each is maintained separately. This means that all updates can be sent to each configured destination, regardless of the state of communication with other destinations. (BZ#1436811)

Password options added to virt-who-password

With this update, the -p and --password options have been added to the virt-who-password utility. This enables the utility to be used in scripts. (BZ#1426058)

Regular expressions and wildcards can be used in some virt-who configuration parameters

With this update, regular expressions and wildcards can be used in the filter_hosts and exclude_hosts configuration parameters. This enables users of virt-who to maintain a list of hosts to report on with much more ease.
By using regular expressions and wildcards to specify which hosts to report on or exclude, the hosts list can be much more concise. (BZ#1405967)

virt-who configuration files are easier to manage

The virt-who service now only uses configuration files in the /etc/virt-who.d/ directory that end with the .conf extension. This enables easier management of virt-who configuration files, for example for testing or backup purposes. (BZ#1369107)