I'm currently patching an isolated Linux setup using a local repository. The repository server has direct access to the internet, but the other machines in the environment do not. We sync the repo once a month to update all the client systems. However, every now and then, the clients seem to pull in updated repository files that I believe are coming from the 'master' repos we sync from. These unwanted files mess up the local patching configurations we've set on the clients, forcing us to manually remove them from all instances. Is there a way to prevent this from happening? Or do I just need to write a cron job to remove these files if they appear? Also, what's the best approach to manage patching in air-gapped networks?
4 Answers
Consider updating your yum/dnf configuration to exclude those unwanted packages using the 'excludepkgs' option. If you’re running updates manually, just add that option in the command line when updating.
One solution is to create a subdirectory under `/etc/yum.repos.d` and then update the `reposdir` in `/etc/yum.conf`. Place your custom repo files in this specific subdirectory and manage it all through Ansible. Just keep in mind that this approach means standard RPMs like `epel-release` won’t work automatically anymore. You’ll have to create a dedicated `epel.repo` file pointing to your mirror, which adds a bit of initial work but is quite manageable.
What kind of repos are being added that you don't want? For example, packages like Chrome or VS Code can create their own repo files. There are methods to block those, but you'll need to dig into the specific packages to figure out how to stop them from overwriting your configs.
What Linux distribution are you using?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures