RHCSA Rapid Track
Systems often have access to many Red Hat repositories. The dnf repolist all command lists all available repositories and their statuses:
[user@host ~]$ dnf repolist all
repo id repo name status
rhel-9.0-for-x86_64-appstream-rpms RHEL 9.0 AppStream enabled
rhel-9.0-for-x86_64-baseos-rpms RHEL 9.0 BaseOS enabledNote
Red Hat subscriptions grant access to specific repositories. In the past, administrators needed to attach subscriptions on a per-system basis. Simple Content Access (SCA) simplifies how systems access repositories. With SCA, systems can access any repository from any subscription that you buy, without attaching a subscription. You can enable SCA on the Red Hat Customer Portal within → , or on your Red Hat Satellite server.
The dnf config-manager command can enable and disable repositories. For example, the following command enables the rhel-9-server-debug-rpms repository:
[user@host ~]$ dnf config-manager --enable rhel-9-server-debug-rpmsNon-Red Hat sources provide software through third-party repositories. For example, Adobe provides some of its software for Linux through DNF repositories. In a Red Hat classroom, the content.example.com server hosts DNF repositories. The dnf command can access repositories from a website, an FTP server, or the local file system.
You can add a third-party repository in one of two ways. You can either create a .repo file in the /etc/yum.repos.d/ directory, or you can add a [repository] section to the /etc/dnf/dnf.conf file. Red Hat recommends using .repo files, and reserving the dnf.conf file for additional repository configurations. The dnf command searches both locations by default; however, the .repo files take precedence. A .repo file contains the URL of the repository, a name, whether to use GPG to verify the package signatures, and if so for the latter, the URL to point to the trusted GPG key.
The dnf config-manager command can also add repositories to the machine. The following command creates a .repo file by using an existing repository's URL.
[user@host ~]$ dnf config-manager \
--add-repo="https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/"
Adding repo from: https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/The corresponding .repo file is visible in the /etc/yum.repos.d/ directory:
[user@host ~]$cd /etc/yum.repos.d[user@host yum.repos.d]$cat \ dl.fedoraproject.org_pub_epel_9_Everything_x86_64_.repo[dl.fedoraproject.org_pub_epel_9_Everything_x86_64_] name=created by dnf config-manager from https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/ baseurl=https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/ enabled=1
The rpm command uses GPG keys to sign packages, and imports public keys to verify the integrity and authenticity of packages. The dnf command uses repository configuration files to provide the GPG public key locations, and imports the keys to verify the packages. Keys are stored in various locations on the remote repository site, such as http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9. Administrators should download the key to a local file rather than for the dnf command to retrieve the key from an external source. For example, the following .repo file uses the gpgkey parameter to reference a local key:
[EPEL] name=EPEL 9 baseurl=https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/ enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
Some repositories provide a configuration file and a GPG public key as part of an RPM package to simplify their installation. You can import the GPG public key by using the rpm --import command. The dnf install command can download and install these RPM packages.
For example, the following command imports the RPM-GPG-KEY-EPEL-9 (EPEL) GPG public key and installs the RHEL9 Extra Packages for Enterprise Linux (EPEL) repository RPM:
[user@host ~]$rpm --import \ https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9[user@host ~]$dnf install \ https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
Warning
Import the RPM GPG key before installing signed packages, to ensure that packages come from a trusted source. If the RPM GPG key is not imported, then the dnf command fails to install signed packages.
The dnf command --nogpgcheck option ignores missing GPG keys, but might result in installing compromised or forged packages.
The .repo files often list multiple repository references in a single file. Each repository reference begins with a single-word name in square brackets.
[user@host ~]$ cat /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux $releasever - $basearch
#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
...output omitted...
[epel-source]
name=Extra Packages for Enterprise Linux $releasever - $basearch - Source
#baseurl=https://download.example/pub/epel/$releasever/Everything/source/tree/
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever
gpgcheck=1To define a repository, but not to search it by default, insert the enabled=0 parameter. Although the dnf config-manager command persistently enables and disables repositories, the dnf command --enablerepo= and PATTERN--disablerepo= options enable and disable repositories temporarily while the command runs.PATTERN
References
dnf(8), dnf.conf(5), and dnf-config-manager(8) man pages
For more information, refer to the Managing Software with the DNF Tool chapter in the Red Hat Enterprise Linux 9 product documentation at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/managing_software_with_the_dnf_tool