Containers-roadmap: Allow access to Amazon Linux yum repo from outside AWS
We have some internal tools that are built against several operating systems (CentOS, RedHat, for example) and we would like to have them built against Amazon Linux.
In our build process we use mock. That tool builds RPMs after creating a chroot and downloading the base RPMs and installing them on the chroot.
We I try to download the RPMs for amazon linux2, I always get forbidden:
Our internal policies demand that the source code never leave our company's internal servers. We would like to build our code internally and then deploy to the Amazon EC2 service. As of today we are using CentOS but we would like to start using Amazon Linux.
Is it possible to open the yum repos for amazon linux from the outside of aws? I wouldn't like to create a proxy inside AWS just for this... :(
nunofernandes
All 5 comments
Hi @nunofernandes, this question is better suited for the AWS Forums since this repo is specific to the containers-related services roadmap.
Access to the Amazon Linux yum repos is possible outside of EC2, for example this should work for you locally:
docker run amazonlinux:2 yum install -y binutils
clareliguori
on 11 Feb 2019
Hi, I'm on the Amazon Linux team. Want to explain what's going on for future software archaeologists.
Our repos are accessible outside of AWS, but you're hitting a consequence of a hack we made (in order to make repositories available without eventual consistency issues) when creating the repositories for AL2. I assume you're trying to use a tool like reposync, perhaps on CentOS based on your screenshot?
Our repodata contains literal ../ components, and the path of yum -> urlgrabber -> libcurl results in curl's dotdot removal, per RFC 3986. This was added in curl 7.32.0; CentOS 7 has 7.29.0.
iliana
on 11 Feb 2019
I'm using mock (https://github.com/rpm-software-management/mock/wiki) and that makes perfect sense... thanks for the info. I will check if I can override that dotdot removal in libcurl.
@clareliguori sorry for the error in creating it here
nunofernandes
on 12 Feb 2019
@nunofernandes you'll want to upgrade libcurl in your mock environment so that it can do dotdot removal, most likely.
iliana
on 12 Feb 2019
Can anyone give me the Amazon default repository?
rootmelo92118
on 27 Dec 2019
Related issues
adlemich
路
3Comments
MartinDevillers
路
3Comments
talawahtech
路
3Comments
yinshiua
路
3Comments
jeremietharaud
路
3Comments
Most helpful comment
Hi, I'm on the Amazon Linux team. Want to explain what's going on for future software archaeologists.
Our repos are accessible outside of AWS, but you're hitting a consequence of a hack we made (in order to make repositories available without eventual consistency issues) when creating the repositories for AL2. I assume you're trying to use a tool like reposync, perhaps on CentOS based on your screenshot?
Our repodata contains literal
../components, and the path of yum -> urlgrabber -> libcurl results in curl's dotdot removal, per RFC 3986. This was added in curl 7.32.0; CentOS 7 has 7.29.0.