1 of 1 people found this helpful
Hello Steven Wyns,
The security patch related information can be accessed from the erratas. Currently available RHEL 7 repository sync options do not have a provision for sync'ing up erratas from RedHat side. We are working with RedHat to get a closure on that soon, but unless that is supported it would not be possible to support security patches for RHEL7. Offline patching is an alternative available until then.
Can you give some more info on offline patching. We were thinking to create a RHEL repo with the security advisories ( with reposync) and try to use that as an offline patch location for the catalog.
We're unsure if this will work but maybe you guys have beter or other experiences. I was planning to test it this week but did not have the time yet.
Additionally the online docs say:
Download the identity key certificate file (client-key.pem) and entitlement certificate file (client-cert.pem) for your subscription and copy it to a temporary location on the depot.
But give no detailed instructions. I have looked over the rhel site and it mentions none of this. How do we download these files?
in order to get certificates you will need to go through process of attaching subscription via subscription-manager on repository, i.e.
subscription-manager register --username <username> --password <password>
#find subscription POOL_ID for RHEL Server in there
[root@ ~]# subscription-manager list --available | less
[root@ ~]# subscription-manager attach --pool=<POOL_ID>
Successfully attached a subscription for: Red Hat Enterprise Linux Developer Support, Professional
#Get certificate location
from there pull location for
sslcacert = redhat-uep.pem
sslclientkey = entitlement-key>-key.pem
sslclientcert = entitlement-cert>.pem
Dont forget to download reposync on repository you will need to install yum-utils to get it. After this you should be pretty much set.
These instructions for finding the pem files work. I have successfully downloaded a RHEL7 catalog online.