Red Hat Satellite does not support signing repository metadata.

Solution Verified - Updated -

Issue

STIG compliance guidelines require that repository metadata be signed as well as the packages themselves. Currently, users can not sign the metadata of repositories hosted by Satellite.

This link details STIG compliance:

Rules In DISA STIG for Red Hat Enterprise Linux 7

(The operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of packages without verification of the repository metadata.)

Environment

Red Hat Satellite 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content