How to smartly manage Scientific Linux repositories

Updated: September 3, 2011

If you read my Scientific Linux 6.1 Carbon review a few weeks back, you will learn the following, somewhat disturbing fact - by enabling additional repositories, you might render your system inoperable by application version conflicts. So you face a big problem. On one hand, you need the extra stuff. On the other, there's the risk of Armageddon spoiling your desktop experience. So what do you do?

Well, you come here and read this article, which teaches you how to avoid the classic mistakes, keep your system in a minty condition and still get all the cool stuff you need from the extra repositories. Sounds good, no? So please read on.

Proceed slowly, my friend!

This is step number one to using additional repositories. If you visit the Scientific Linux forums, you will learn there's a handful of extra software sources waiting for you. As an eager user, you might be tempted to enable them all. But no.

Here's the recipe to testing new repositories:

Now that we have the sane and safe rules in places, let's learn how to enable the repositories, including automated and manual changes.

How to enable extra repositories

There are several ways to do this. The simplest and safest is using the Add/Remove Software utility, hereby known as the automatic approach. Open it. In the left pane, expand the SL Addons section, YUM Repositories. There will be four repositories available, RPMforge, EPEL, ElRepo and ATRPMS.

Extra repos

Select any one and click Apply. After the utility refreshes, go to System, Software Sources and examine the available channels. Please note the Testing versus ordinary channels. Moreover, avoid selecting more than one extra repository at this time. In fact, you can install all four available extras, but then deselect any three for the duration of your testing.

Enabled repos

My recommendation is to begin with RPMforge, then ATRPMS, then EPEL. Moreover, my testing shows the three coexist and cooperate well together, but that does not excuse you from thorough testing of your own.

A less convenient way of enabling repositories is manually. Under /etc/yum.repos.d, you can create the repository configuration files, suffixed with repo. Let's take a look at what some of these sources look like, including some screenshots and code. This is not a blind copy & paste, so mind the little details please!

RPMforge

RPMforge

### Name: RPMforge RPM Repository for RHEL 6 - dag
### URL: http://rpmforge.net/
[rpmforge]
name = RHEL $releasever - RPMforge.net - dag
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

[rpmforge-extras]
name = RHEL $releasever - RPMforge.net - extras
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/extras
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge-extras
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-extras
enabled = 1
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

[rpmforge-testing]
name = RHEL $releasever - RPMforge.net - testing
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/testing
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge-testing
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge-testing
enabled = 0
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

ATRPMS

ATRPMS

[atrpms]
name=Red Hat Enterprise Linux 6 - $basearch - ATrpms
failovermethod=priority
baseurl=http://dl.atrpms.net/el6-$basearch/atrpms/stable
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms

[atrpms-debuginfo]
name=Red Hat Enterprise Linux 6 - $basearch - ATrpms - Debug
failovermethod=priority
baseurl=http://dl.atrpms.net/debug/el6-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms

[atrpms-source]
name=Red Hat Enterprise Linux 6 - $basearch - ATrpms - Source
failovermethod=priority
baseurl=http://dl.atrpms.net/src/el6-$basearch/atrpms/stable
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-atrpms

EPEL

EPEL

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

Repository keys

However, you CANNOT yet use the configuration files without importing the repository keys. So to manually configure repositories, you will need a URL pointing to the GPG keys or import them in a different manner, like wget, import and alike. Worry not, exact instructions coming just below.

Therefore, create the configuration files, then import the keys, then use yum. The key import is done using the appropriately named rpm --import command.

rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms

rpm --import http://keys.gnupg.net:11371/pks/lookup?search=0x217521F6&op=get

Notice: The EPEL key is stored under the Fedora Project GPG keys page.

More information on these repositories and how they can be configured and installed, including importing keys and/or setting them up using RPM package management is available in this Scientific Linux forum thread. And these links are also useful:

http://wiki.centos.org/AdditionalResources/Repositories/RPMForge

http://atrpms.net/documentation/install/

http://fedoraproject.org/wiki/EPEL

If you choose to use URLs rather than locally stored keys, the first time a new repository is used, you will be asked to confirm importing the repository key. So you can do all that as a convenience rather than hacking the command line to death if you're not comfortable with the task.

Furthermore, pay attention ...

In all cases, pay attention to gpgcheck and enabled fields. You want both set to 1, meaning the repositories will be enabled and checks performed for the key. Moreover, if necessary, pay attention to the CPU architecture, i386 versus x86_64. There's also the protect field, but we will discuss that in a jiffy.

Some additional repositories

Another source of interest might be the PUIAS repository. This source contains programs you won't find in some of the others, but beware conflicts. These might come to bear after you have installed a dozen applications with a hundred dependencies, and you don't want to start fixing by removing programs one by one. PUIAS looks like something this:

PUIAS

[PUIAS_6_addons_2]
name=PUIAS addons Base $releasever - $basearch - 2
#mirrorlist=http://www.puias.princeton.edu/data/puias/$releasever/$basearch/os/Addons/mirrorlist
baseurl=http://www.math.ias.edu/data/puias/$releasever/$basearch/os/Addons
gpgcheck=1
gpgkey=http://www.math.ias.edu/data/puias/6/i386/os/RPM-GPG-KEY-puias

Replace the architecture string if necessary. Notice the key is taken directly from the website, but it will be imported the first time you're asked to confirm the use of the repository. Alternatively, you can use rpm --import, then replace the gpgkey directive with the path to /etc/pki/rpm-gpg/<PUIAS key>.

Conflicts!

Suddenly, when running the update manager, you may see this:

Repo conflict

I got this mixing ATRPMS and PUIAS, failing on some ugly [sic] plugins. So now what? Well, first, as a workaround, you can always disable the repository channels to get your software management underway, but this also means that effectively some programs already installed will not receive updates. And there's another way.

Repository priorities & protection

You can avoid some of the conflicts by setting priorities to your repositories so that packages are sourced in a certain order, or you can protect some of the sources, so their content cannot be destroyed by a conflicting package update from another.

The two packages required are yum-protectbase and yum-priorities. Install them:

yum install yum-protectbase yum-priorities

After these are installed, in any repository configuration file, you can add the priority= directive or protect= directive to make the appropriate change. Again, this requires testing and tweaking.

Here's a nice article explaining how to protect repositories from mangling your software base with applications from conflicting sources. And here's a nice article explaining how to prioritize your repositories.

Conclusion

There you go, a somewhat geeky and definitely not trivial recipe to happy Linuxing with Scientific. It pains me that repository conflicts can exist and come to bear in such a trivial manner, but this is something that distro developers need to sort. The best solution would be to make the official repositories as rich as possible, so they include everything. Then, there will be no need for dangerous tweaking.

On the bright side, you learned about smart software management, how to digest problems one bite at a time, enabling repositories in an automated manner and manually, importing GPG keys, protecting your repositories, prioritizing updates, and more. Hopefully, this was a valuable lesson. Have fun, children of the Internets!

P.S. This article is also applicable for RHEL, CentOS and Fedora users!

Cheers.

You may also like: