Help Center

How can I use yum? The system is giving me errors!

Under STIG guidelines, Yum on RedHat is configured to examine GPG signatures on all packages that are installed on the system.  Unfortunately, Amazon does not (and refuses to) sign any of the packages that they make available on their RedHat mirror servers.  As a result, when you try running "yum update" (or any other yum operation) on your system, you end up getting an error like this:

[ec2-user@hostname ~]$ sudo yum update -y
Loaded plugins: amazon-id, search-disabled-repos
https://rhui3.us-east-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7Server/x86_64/rh-common/os/repodat
a/repomd.xml.asc: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
...
rhel-7-server-rhui-rh-common-rpms                                                                | 2.1 kB  00:00:00     
...
failure: repodata/repomd.xml.asc from rhel-7-server-rhui-rh-common-rpms: [Errno 256] No more mirrors to try.
https://rhui3.us-east-1.aws.ce.redhat.com/pulp/repos/content/dist/rhel/rhui/server/7/7Server/x86_64/rh-common/os/repodata/repomd.xml.asc:
[Errno 14] HTTPS Error 404 - Not Found 


The workaround is, thankfully, simple.  But it's technically a violation of STIG guidelines.  So you'll have to use your own judgement to determine the risk profile of using this workaround. (The only STIG-compliant workaround is running your own RedHat Satellite service, with all of the licensing and server management issues that are involved with doing that.)

As long as you accept that Amazon's RedHat deployment infrastructure is secure enough that this is a low-risk operation (as we do), you can get around this by adding --nogpgcheck to your yum commands:

[ec2-user@ip-172-31-51-171 ~]$ sudo yum --nogpgcheck update -y
Loaded plugins: amazon-id, search-disabled-repos
rhel-7-server-rhui-rh-common-rpms                                                                | 2.1 kB  00:00:00     
rhel-7-server-rhui-rpms                                                                          | 2.0 kB  00:00:00     
rhui-client-config-server-7                                                                      | 2.1 kB  00:00:00     
(1/9): rhel-7-server-rhui-rh-common-rpms/7Server/x86_64/group                                    |  124 B  00:00:00     
(2/9): rhel-7-server-rhui-rh-common-rpms/7Server/x86_64/updateinfo                               |  33 kB  00:00:00     
(3/9): rhel-7-server-rhui-rh-common-rpms/7Server/x86_64/primary                                  |  65 kB  00:00:00     
(4/9): rhel-7-server-rhui-rpms/7Server/x86_64/group                                              | 772 kB  00:00:00     
(5/9): rhel-7-server-rhui-rpms/7Server/x86_64/updateinfo                                         | 3.5 MB  00:00:00     
(6/9): rhui-client-config-server-7/x86_64/group                                                  |  124 B  00:00:00     
(7/9): rhui-client-config-server-7/x86_64/updateinfo                                             |   92 B  00:00:00     
(8/9): rhui-client-config-server-7/x86_64/primary                                                | 1.3 kB  00:00:00     
(9/9): rhel-7-server-rhui-rpms/7Server/x86_64/primary                                            |  39 MB  00:00:01     
rhel-7-server-rhui-rh-common-rpms                                                                               239/239
rhel-7-server-rhui-rpms                                                                                     26517/26517
rhui-client-config-server-7                                                                                         3/3
No packages marked for update


Did this solve your problem?