diff --git a/.tekton/scanner-build.yaml b/.tekton/scanner-build.yaml index 9f94ffa56..bb1425e73 100644 --- a/.tekton/scanner-build.yaml +++ b/.tekton/scanner-build.yaml @@ -56,7 +56,7 @@ spec: - name: extra-labels value: # X.Y in the cpe label must be adjusted for every version stream. - - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" + - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el9" workspaces: - name: git-auth diff --git a/.tekton/scanner-db-build.yaml b/.tekton/scanner-db-build.yaml index c386ed7df..cf4441de6 100644 --- a/.tekton/scanner-db-build.yaml +++ b/.tekton/scanner-db-build.yaml @@ -53,7 +53,7 @@ spec: - name: extra-labels value: # X.Y in the cpe label must be adjusted for every version stream. - - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" + - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el9" workspaces: - name: git-auth diff --git a/.tekton/scanner-db-slim-build.yaml b/.tekton/scanner-db-slim-build.yaml index 0d1d09c04..4a87edcc2 100644 --- a/.tekton/scanner-db-slim-build.yaml +++ b/.tekton/scanner-db-slim-build.yaml @@ -53,7 +53,7 @@ spec: - name: extra-labels value: # X.Y in the cpe label must be adjusted for every version stream. - - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" + - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el9" workspaces: - name: git-auth diff --git a/.tekton/scanner-slim-build.yaml b/.tekton/scanner-slim-build.yaml index 1a063bccc..3c7c2b1e1 100644 --- a/.tekton/scanner-slim-build.yaml +++ b/.tekton/scanner-slim-build.yaml @@ -56,7 +56,7 @@ spec: - name: extra-labels value: # X.Y in the cpe label must be adjusted for every version stream. - - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el8" + - "cpe=cpe:/a:redhat:advanced_cluster_security:X.Y::el9" workspaces: - name: git-auth diff --git a/image/db/rhel/Dockerfile b/image/db/rhel/Dockerfile index 6e6439705..bffbfc43f 100644 --- a/image/db/rhel/Dockerfile +++ b/image/db/rhel/Dockerfile @@ -1,9 +1,9 @@ ARG RPMS_REGISTRY=registry.access.redhat.com -ARG RPMS_BASE_IMAGE=ubi8 +ARG RPMS_BASE_IMAGE=ubi9 ARG RPMS_BASE_TAG=latest ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi8-minimal +ARG BASE_IMAGE=ubi9-minimal ARG BASE_TAG=latest FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS extracted_bundle diff --git a/image/db/rhel/Dockerfile.slim b/image/db/rhel/Dockerfile.slim index 8352a1add..8e3bb7d34 100644 --- a/image/db/rhel/Dockerfile.slim +++ b/image/db/rhel/Dockerfile.slim @@ -1,9 +1,9 @@ ARG RPMS_REGISTRY=registry.access.redhat.com -ARG RPMS_BASE_IMAGE=ubi8 +ARG RPMS_BASE_IMAGE=ubi9 ARG RPMS_BASE_TAG=latest ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi8-minimal +ARG BASE_IMAGE=ubi9-minimal ARG BASE_TAG=latest FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS extracted_bundle diff --git a/image/db/rhel/konflux.Dockerfile b/image/db/rhel/konflux.Dockerfile index 9a3e0fc76..3ef9ebf5b 100644 --- a/image/db/rhel/konflux.Dockerfile +++ b/image/db/rhel/konflux.Dockerfile @@ -1,4 +1,4 @@ -FROM registry.redhat.io/rhel8/postgresql-15:latest@sha256:9790ea7c445759dcf7a81061948b355aab849f72b2a74f098d3c946dcaeed830 AS scanner-db-common +FROM registry.redhat.io/rhel9/postgresql-15:latest AS scanner-db-common ARG SCANNER_TAG RUN if [[ "$SCANNER_TAG" == "" ]]; then >&2 echo "error: required SCANNER_TAG arg is unset"; exit 6; fi @@ -57,7 +57,7 @@ FROM scanner-db-common AS scanner-db-slim LABEL \ com.redhat.component="rhacs-scanner-db-slim-container" \ io.k8s.display-name="scanner-db-slim" \ - name="advanced-cluster-security/rhacs-scanner-db-slim-rhel8" + name="advanced-cluster-security/rhacs-scanner-db-slim-rhel9" ENV ROX_SLIM_MODE="true" @@ -67,7 +67,7 @@ FROM scanner-db-common AS scanner-db LABEL \ com.redhat.component="rhacs-scanner-db-container" \ io.k8s.display-name="scanner-db" \ - name="advanced-cluster-security/rhacs-scanner-db-rhel8" + name="advanced-cluster-security/rhacs-scanner-db-rhel9" COPY --chown=0:0 .konflux/scanner-data/blob-pg-definitions.sql.gz \ /docker-entrypoint-initdb.d/definitions.sql.gz diff --git a/image/db/rhel/scripts/download.sh b/image/db/rhel/scripts/download.sh index 065310e08..f64470109 100755 --- a/image/db/rhel/scripts/download.sh +++ b/image/db/rhel/scripts/download.sh @@ -4,7 +4,7 @@ set -euo pipefail # If this is updated, be sure to update PG_MAJOR in the Dockerfile and the signature file. postgres_major=15 -pg_rhel_major=8 +pg_rhel_major=9 arch="$(uname -m)" dnf_list_args=() diff --git a/image/scanner/rhel/Dockerfile b/image/scanner/rhel/Dockerfile index 2b3cb90f5..320771aae 100644 --- a/image/scanner/rhel/Dockerfile +++ b/image/scanner/rhel/Dockerfile @@ -1,12 +1,27 @@ ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi8-minimal +ARG BASE_IMAGE=ubi9-minimal ARG BASE_TAG=latest FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS extracted_bundle COPY bundle.tar.gz / WORKDIR /bundle -RUN microdnf install -y tar gzip && tar -zxf /bundle.tar.gz +RUN microdnf install -y tar gzip && \ + echo "=== UBI9 DIAGNOSTIC: tar version ===" && \ + tar --version && \ + echo "=== UBI9 DIAGNOSTIC: filesystem type ===" && \ + df -T /bundle && \ + echo "=== UBI9 DIAGNOSTIC: extracting bundle ===" && \ + tar -zxvf /bundle.tar.gz 2>&1 | tee /tmp/tar-extract.log | tail -50 && \ + echo "=== UBI9 DIAGNOSTIC: tar exit code: $? ===" && \ + echo "=== UBI9 DIAGNOSTIC: checking THIRD_PARTY_NOTICES ===" && \ + ls -la /bundle/ | grep -i third || echo "THIRD_PARTY_NOTICES not found at top level" && \ + find /bundle -name "*THIRD_PARTY*" -type d -ls 2>&1 | head -20 || echo "No THIRD_PARTY dirs found" && \ + echo "=== UBI9 DIAGNOSTIC: testing problematic directory name ===" && \ + mkdir -p /tmp/test-dir/cloud.google.com-go-errorreporting && echo "Test dir created successfully" || echo "Test dir creation FAILED" && \ + echo "=== UBI9 DIAGNOSTIC: bundle contents summary ===" && \ + ls -la /bundle/ && \ + echo "=== END UBI9 DIAGNOSTICS ===" FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS base diff --git a/image/scanner/rhel/Dockerfile.slim b/image/scanner/rhel/Dockerfile.slim index ee992eb92..cb7bb2fa3 100644 --- a/image/scanner/rhel/Dockerfile.slim +++ b/image/scanner/rhel/Dockerfile.slim @@ -1,12 +1,27 @@ ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi8-minimal +ARG BASE_IMAGE=ubi9-minimal ARG BASE_TAG=latest FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS extracted_bundle COPY bundle.tar.gz / WORKDIR /bundle -RUN microdnf install -y tar gzip && tar -zxf /bundle.tar.gz +RUN microdnf install -y tar gzip && \ + echo "=== UBI9 DIAGNOSTIC (SLIM): tar version ===" && \ + tar --version && \ + echo "=== UBI9 DIAGNOSTIC (SLIM): filesystem type ===" && \ + df -T /bundle && \ + echo "=== UBI9 DIAGNOSTIC (SLIM): extracting bundle ===" && \ + tar -zxvf /bundle.tar.gz 2>&1 | tee /tmp/tar-extract.log | tail -50 && \ + echo "=== UBI9 DIAGNOSTIC (SLIM): tar exit code: $? ===" && \ + echo "=== UBI9 DIAGNOSTIC (SLIM): checking THIRD_PARTY_NOTICES ===" && \ + ls -la /bundle/ | grep -i third || echo "THIRD_PARTY_NOTICES not found at top level" && \ + find /bundle -name "*THIRD_PARTY*" -type d -ls 2>&1 | head -20 || echo "No THIRD_PARTY dirs found" && \ + echo "=== UBI9 DIAGNOSTIC (SLIM): testing problematic directory name ===" && \ + mkdir -p /tmp/test-dir/cloud.google.com-go-errorreporting && echo "Test dir created successfully" || echo "Test dir creation FAILED" && \ + echo "=== UBI9 DIAGNOSTIC (SLIM): bundle contents summary ===" && \ + ls -la /bundle/ && \ + echo "=== END UBI9 DIAGNOSTICS (SLIM) ===" FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS base diff --git a/image/scanner/rhel/konflux.Dockerfile b/image/scanner/rhel/konflux.Dockerfile index 2c4dfe739..04ddba220 100644 --- a/image/scanner/rhel/konflux.Dockerfile +++ b/image/scanner/rhel/konflux.Dockerfile @@ -1,5 +1,5 @@ # Compiling scanner binaries and staging repo2cpe and genesis manifests -FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_1.24@sha256:176e92de4ef14982b4309ff81465595efb2f02369e726a36270d96a96a9e7f4c AS builder +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_1.24 AS builder ARG SCANNER_TAG RUN if [[ "$SCANNER_TAG" == "" ]]; then >&2 echo "error: required SCANNER_TAG arg is unset"; exit 6; fi @@ -28,7 +28,7 @@ COPY .konflux/scanner-data/blob-genesis_manifests.json image/scanner/dump/genesi # Common base for scanner slim and full -FROM registry.access.redhat.com/ubi8-minimal:latest@sha256:fba1e7fb1f50cd7b021c8379f207fb744b00ff55c7f539f15b40709a38cb4cde AS scanner-common +FROM registry.access.redhat.com/ubi9-minimal:latest AS scanner-common ARG SCANNER_TAG @@ -59,7 +59,7 @@ COPY --chown=65534:65534 --from=builder /src/image/scanner/dump/genesis_manifest COPY LICENSE /licenses/LICENSE -RUN microdnf install xz && \ +RUN microdnf install -y xz && \ microdnf clean all && \ # (Optional) Remove line below to keep package management utilities # We don't uninstall rpm because scanner uses it to get packages installed in scanned images. @@ -85,7 +85,7 @@ FROM scanner-common AS scanner-slim LABEL \ com.redhat.component="rhacs-scanner-slim-container" \ io.k8s.display-name="scanner-slim" \ - name="advanced-cluster-security/rhacs-scanner-slim-rhel8" + name="advanced-cluster-security/rhacs-scanner-slim-rhel9" ENV ROX_SLIM_MODE="true" @@ -96,7 +96,7 @@ FROM scanner-common AS scanner LABEL \ com.redhat.component="rhacs-scanner-container" \ io.k8s.display-name="scanner" \ - name="advanced-cluster-security/rhacs-scanner-rhel8" + name="advanced-cluster-security/rhacs-scanner-rhel9" ENV NVD_DEFINITIONS_DIR="/nvd_definitions" ENV K8S_DEFINITIONS_DIR="/k8s_definitions" diff --git a/image/scanner/scripts/import-additional-cas b/image/scanner/scripts/import-additional-cas index e89f28a71..09c6eea21 100755 --- a/image/scanner/scripts/import-additional-cas +++ b/image/scanner/scripts/import-additional-cas @@ -8,7 +8,8 @@ set -euo pipefail copy_existing () { src=$1 if [ -d "$src" ] && [ "$(ls -A -I "..*" "$src")" ]; then - cp -v -L "$src"/* /etc/pki/ca-trust/source/anchors + cp --verbose --dereference --update \ + "$src"/* /etc/pki/ca-trust/source/anchors else echo "No certificates found in $src" fi @@ -19,4 +20,13 @@ copy_existing /usr/local/share/ca-certificates # Copy the custom trusted CA bundles injected by the Openshift Network Operator. copy_existing /etc/pki/injected-ca-trust -update-ca-trust extract +# update-ca-trust runs `chmod u-w "$DEST/pem/directory-hash"` at the end. Add +# it back before running update-ca-trust again. Currently only relevant for +# sensor since its init-container and main service both run this script. +if [ -d "/etc/pki/ca-trust/extracted/pem/directory-hash" ]; then + chmod u+w /etc/pki/ca-trust/extracted/pem/directory-hash +fi + +# Though /etc/pki/ca-trust/extracted is the default output, update-ca-trust +# will create the necessary directories if the `--output` flag is used. +update-ca-trust extract --output /etc/pki/ca-trust/extracted diff --git a/image/scanner/scripts/restore-all-dir-contents b/image/scanner/scripts/restore-all-dir-contents index 360168578..b9e661a77 100755 --- a/image/scanner/scripts/restore-all-dir-contents +++ b/image/scanner/scripts/restore-all-dir-contents @@ -4,4 +4,4 @@ set -euo pipefail [ -d /.init-dirs ] || exit 0 -cp -rfP /.init-dirs/* / +cp --recursive --no-dereference --no-clobber /.init-dirs/* / diff --git a/image/scanner/scripts/trust-root-ca b/image/scanner/scripts/trust-root-ca index 78eb99cd1..4c6217ecf 100755 --- a/image/scanner/scripts/trust-root-ca +++ b/image/scanner/scripts/trust-root-ca @@ -5,5 +5,14 @@ set -euo pipefail CA_PATH="/run/secrets/stackrox.io/certs/ca.pem" # For RHEL -cp "${CA_PATH}" /etc/pki/ca-trust/source/anchors/root-ca.pem -update-ca-trust +cp --update "${CA_PATH}" /etc/pki/ca-trust/source/anchors/root-ca.pem + +# update-ca-trust runs `chmod u-w "$DEST/pem/directory-hash"` at the end. Add +# it back before running update-ca-trust again. +if [ -d "/etc/pki/ca-trust/extracted/pem/directory-hash" ]; then + chmod u+w /etc/pki/ca-trust/extracted/pem/directory-hash +fi + +# Though /etc/pki/ca-trust/extracted is the default output, update-ca-trust +# will create the necessary directories if the `--output` flag is used. +update-ca-trust extract --output /etc/pki/ca-trust/extracted diff --git a/image/vulnerabilities/Dockerfile b/image/vulnerabilities/Dockerfile index 6a80b3529..2fd60c4bd 100644 --- a/image/vulnerabilities/Dockerfile +++ b/image/vulnerabilities/Dockerfile @@ -1,5 +1,5 @@ ARG BASE_REGISTRY=registry.access.redhat.com -ARG BASE_IMAGE=ubi8-minimal +ARG BASE_IMAGE=ubi9-minimal ARG BASE_TAG=latest FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} diff --git a/rpms.lock.yaml b/rpms.lock.yaml index f210c9ecf..e343b7586 100644 --- a/rpms.lock.yaml +++ b/rpms.lock.yaml @@ -4,69 +4,69 @@ lockfileVendor: redhat arches: - arch: aarch64 packages: - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/os/Packages/x/xz-5.2.4-4.el8_6.aarch64.rpm - repoid: rhel-8-for-aarch64-baseos-rpms - size: 156276 - checksum: sha256:342a2504cb34c9a5c1d43906f534cb1f3bf1de58ac517d575cff57053d04ab00 + - url: https://cdn.redhat.com/content/dist/rhel9/9/aarch64/baseos/os/Packages/x/xz-5.2.5-8.el9_0.aarch64.rpm + repoid: rhel-9-for-aarch64-baseos-rpms + size: 235798 + checksum: sha256:26ac21be6c1e396c7bcbaa9d4786e3275e996d9d78c01f75bbbc6962e6c9bef7 name: xz - evr: 5.2.4-4.el8_6 - sourcerpm: xz-5.2.4-4.el8_6.src.rpm + evr: 5.2.5-8.el9_0 + sourcerpm: xz-5.2.5-8.el9_0.src.rpm source: - - url: https://cdn.redhat.com/content/dist/rhel8/8/aarch64/baseos/source/SRPMS/Packages/x/xz-5.2.4-4.el8_6.src.rpm - repoid: rhel-8-for-aarch64-baseos-source-rpms - size: 1077113 - checksum: sha256:7914b320eefa2db6dad68e5f01e99f8e661072a1f13acb3d19cba8c1295ae40a + - url: https://cdn.redhat.com/content/dist/rhel9/9/aarch64/baseos/source/SRPMS/Packages/x/xz-5.2.5-8.el9_0.src.rpm + repoid: rhel-9-for-aarch64-baseos-source-rpms + size: 1168293 + checksum: sha256:bce98f3a307e75a8ac28f909e29b41d64b15461fa9ddf0bf4ef3c2f6de946b46 name: xz - evr: 5.2.4-4.el8_6 + evr: 5.2.5-8.el9_0 module_metadata: [] - arch: ppc64le packages: - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/os/Packages/x/xz-5.2.4-4.el8_6.ppc64le.rpm - repoid: rhel-8-for-ppc64le-baseos-rpms - size: 162264 - checksum: sha256:80d2fc754452ae52b3b36504e5cceb5cd5435a97999351402ae7a28298592a01 + - url: https://cdn.redhat.com/content/dist/rhel9/9/ppc64le/baseos/os/Packages/x/xz-5.2.5-8.el9_0.ppc64le.rpm + repoid: rhel-9-for-ppc64le-baseos-rpms + size: 243215 + checksum: sha256:44cd014634f8a5cb83aff336500b0f2e3bec156a34e7da09e0ae6ef4b5e26467 name: xz - evr: 5.2.4-4.el8_6 - sourcerpm: xz-5.2.4-4.el8_6.src.rpm + evr: 5.2.5-8.el9_0 + sourcerpm: xz-5.2.5-8.el9_0.src.rpm source: - - url: https://cdn.redhat.com/content/dist/rhel8/8/ppc64le/baseos/source/SRPMS/Packages/x/xz-5.2.4-4.el8_6.src.rpm - repoid: rhel-8-for-ppc64le-baseos-source-rpms - size: 1077113 - checksum: sha256:7914b320eefa2db6dad68e5f01e99f8e661072a1f13acb3d19cba8c1295ae40a + - url: https://cdn.redhat.com/content/dist/rhel9/9/ppc64le/baseos/source/SRPMS/Packages/x/xz-5.2.5-8.el9_0.src.rpm + repoid: rhel-9-for-ppc64le-baseos-source-rpms + size: 1168293 + checksum: sha256:bce98f3a307e75a8ac28f909e29b41d64b15461fa9ddf0bf4ef3c2f6de946b46 name: xz - evr: 5.2.4-4.el8_6 + evr: 5.2.5-8.el9_0 module_metadata: [] - arch: s390x packages: - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/os/Packages/x/xz-5.2.4-4.el8_6.s390x.rpm - repoid: rhel-8-for-s390x-baseos-rpms - size: 155012 - checksum: sha256:7fb678077d965dd6aeb09df28ce05cba9c22e4110d4b52f1ee43986beb87a5ff + - url: https://cdn.redhat.com/content/dist/rhel9/9/s390x/baseos/os/Packages/x/xz-5.2.5-8.el9_0.s390x.rpm + repoid: rhel-9-for-s390x-baseos-rpms + size: 234632 + checksum: sha256:c06f44e6fb5a0a1fbf3c052d065b6336c3d17cedbc796260cf0c097b98326906 name: xz - evr: 5.2.4-4.el8_6 - sourcerpm: xz-5.2.4-4.el8_6.src.rpm + evr: 5.2.5-8.el9_0 + sourcerpm: xz-5.2.5-8.el9_0.src.rpm source: - - url: https://cdn.redhat.com/content/dist/rhel8/8/s390x/baseos/source/SRPMS/Packages/x/xz-5.2.4-4.el8_6.src.rpm - repoid: rhel-8-for-s390x-baseos-source-rpms - size: 1077113 - checksum: sha256:7914b320eefa2db6dad68e5f01e99f8e661072a1f13acb3d19cba8c1295ae40a + - url: https://cdn.redhat.com/content/dist/rhel9/9/s390x/baseos/source/SRPMS/Packages/x/xz-5.2.5-8.el9_0.src.rpm + repoid: rhel-9-for-s390x-baseos-source-rpms + size: 1168293 + checksum: sha256:bce98f3a307e75a8ac28f909e29b41d64b15461fa9ddf0bf4ef3c2f6de946b46 name: xz - evr: 5.2.4-4.el8_6 + evr: 5.2.5-8.el9_0 module_metadata: [] - arch: x86_64 packages: - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/Packages/x/xz-5.2.4-4.el8_6.x86_64.rpm - repoid: rhel-8-for-x86_64-baseos-rpms - size: 156884 - checksum: sha256:fa4ceb20dbf23e9408a6446fefc4b709bc85e0bc563ca423569bbe08ecee2c5e + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/Packages/x/xz-5.2.5-8.el9_0.x86_64.rpm + repoid: rhel-9-for-x86_64-baseos-rpms + size: 235693 + checksum: sha256:f16d17c26a241400586ddc3d734ce863e3f19d433881ec640a47bedf0dafd07b name: xz - evr: 5.2.4-4.el8_6 - sourcerpm: xz-5.2.4-4.el8_6.src.rpm + evr: 5.2.5-8.el9_0 + sourcerpm: xz-5.2.5-8.el9_0.src.rpm source: - - url: https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/source/SRPMS/Packages/x/xz-5.2.4-4.el8_6.src.rpm - repoid: rhel-8-for-x86_64-baseos-source-rpms - size: 1077113 - checksum: sha256:7914b320eefa2db6dad68e5f01e99f8e661072a1f13acb3d19cba8c1295ae40a + - url: https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/source/SRPMS/Packages/x/xz-5.2.5-8.el9_0.src.rpm + repoid: rhel-9-for-x86_64-baseos-source-rpms + size: 1168293 + checksum: sha256:bce98f3a307e75a8ac28f909e29b41d64b15461fa9ddf0bf4ef3c2f6de946b46 name: xz - evr: 5.2.4-4.el8_6 + evr: 5.2.5-8.el9_0 module_metadata: [] diff --git a/rpms.rhel.repo b/rpms.rhel.repo index 62d56d521..43f110283 100644 --- a/rpms.rhel.repo +++ b/rpms.rhel.repo @@ -1,6 +1,6 @@ -[rhel-8-for-$basearch-baseos-rpms] -name = Red Hat Enterprise Linux 8 for $basearch - BaseOS (RPMs) -baseurl = https://cdn.redhat.com/content/dist/rhel8/8/$basearch/baseos/os +[rhel-9-for-$basearch-baseos-rpms] +name = Red Hat Enterprise Linux 9 for $basearch - BaseOS (RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel9/9/$basearch/baseos/os enabled = 1 gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release @@ -12,9 +12,9 @@ sslverifystatus = 1 metadata_expire = 86400 enabled_metadata = 1 -[rhel-8-for-$basearch-baseos-source-rpms] -name = Red Hat Enterprise Linux 8 for $basearch - BaseOS (Source RPMs) -baseurl = https://cdn.redhat.com/content/dist/rhel8/8/$basearch/baseos/source/SRPMS +[rhel-9-for-$basearch-baseos-source-rpms] +name = Red Hat Enterprise Linux 9 for $basearch - BaseOS (Source RPMs) +baseurl = https://cdn.redhat.com/content/dist/rhel9/9/$basearch/baseos/source/SRPMS enabled = 1 gpgcheck = 1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release @@ -25,3 +25,4 @@ sslclientcert = $SSL_CLIENT_CERT sslverifystatus = 1 metadata_expire = 86400 enabled_metadata = 0 +