Red Hat Satellite does not support signing repository metadata.

Solution Verified - Updated -

Issue

STIG compliance guidelines require that repository metadata be signed as well as the packages themselves. Currently, users can not sign the metadata of repositories hosted by Satellite.

This link details STIG compliance:

Rules In DISA STIG for Red Hat Enterprise Linux 7

(The operating system must prevent the installation of software, patches, service packs, device drivers, or operating system components of packages without verification of the repository metadata.)

Environment

Red Hat Satellite 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In