6

I have a CentOS 6 system which, for security reasons, is airgapped. It may have never been connected to the internet, and if it has, it hasn't been updated in a long time.

I want to put all the .rpm packages on a drive so that they can be installed offline without querying the internet. However, the issue I am running into on my test VM is that yum keeps hanging and trying to update from an online repository, even though the local path is specified.

Also, is there a way to easily grab a package and all dependencies for that package using yum-utils/yumdownloader? At the moment, it still misses some dependencies (e.g. when I pull the gcc-c++ rpm, it'll grab cpp and gcc but it won't pull cloog-ppl, mpfr or ppl)

I have already tried a solution like this, but I cannot assume there will already be a dependency tree, or that yum will be up to date.

On a fresh install of the docker image, the first time I try to run yum (with internet disabled), I get Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again

Community
  • 1
DeusXMachina
  • 183
  • 1
  • 1
  • 8

2 Answers2

4

If you are concerned about compatibility between installed release and latest stable, you may want to determine your centos version in /etc/redhat-release and to use packages from http://vault.centos.org/, however bear in mind that they won't contain any security updates or bug fixes.

To download packages - use official redhat instrucions: https://access.redhat.com/solutions/10154

yum install yum-plugin-downloadonly
yum install --downloadonly --downloaddir=<directory> <package>

or

yum install yum-utils
yumdownloader --resolve

You may also look at replicating yum history on vm where you want to download rpms to with techniques from this answer: https://unix.stackexchange.com/a/83115

The easiest way, and it's worked for a long time is:

yum-debug-dump => gives file.
yum-debug-restore <file-from-debug-dump>

...which works much like the get/set selections dpkg command, AIUI. Also note that if you are replaying history you can use:

yum history addon-info last saved_tx => gives file
yum load-tx <file-from-addon-info>

...instead of having to parse it yourself.

Edit:

To install all rpms from directory, cd to it and simply use rpm -ivh *.rpm if you want to install them, or rpm -Uvh *.rpm if some downloaded files are newer than already present ones, and you are okay with updating them.

Community
  • 1
Andrew
  • 226
  • 2
  • 12
  • Ok, this is useful for downloading, but do you have any insight on how to deal with an out-of-date yum which will not install from a file without checking dependencies from an internet repo? – DeusXMachina Apr 11 '17 at 23:07
  • Do you really need yum for that? You can simply install all the downloaded rpms with `rpm` – Andrew Apr 11 '17 at 23:08
  • updated answer with rpm part – Andrew Apr 11 '17 at 23:14
  • Ok, that's really weird. Yesterday, when I ran --downloadonly, it didn't pull down the dependencies. Today, on a fresh docker session, it worked fine. I think `rpm` will work for my purposes. Since the system is offline, I can't imagine them using `yum` at all. It just refuses to work right without an internet connection, or some seriously gross hacks. – DeusXMachina Apr 12 '17 at 19:19
  • Alright it seems that `rpm` is in fact the best answer. Yeah it makes `yum` db get a little grumpy, but if they are offline, they can't be using yum anyways, so it should work out. Since I can't guarantee that the cache is up to date, rpm is the safest solution. – DeusXMachina Apr 13 '17 at 16:27
  • How can I download the rpm for centos 6.x in a centos7.* system? – selfboot Jul 26 '18 at 05:18
1

edit: NOPE, nothing is every this easy. Still getting this error on a fresh stack: Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again

If I let yum access the internet for just long enough to configure itself, the following works:

First I was able to pull down all the dependency packages with calls to

yum install -y --downloadonly --downloaddir=$pkgdir <package>

and

yum reinstall -y --downloadonly --downloaddir=$pkgdir <package>

to force any already installed packages to pull their .rpm and dependencies. Then, once I had procured my tarball of packages, I put that on a fresh system.

First, I ran sed -i 's/enabled=1/enabled=0/' '/etc/yum/pluginconf.d/fastestmirror.conf' to disable the fastmirror plugin.

Then, I was able to install all the packages I needed by cd'ing into the directory with the packages, then carefully calling

yum install --disablerepo=\* packag*

in the order required by the dependencies. So that looked kinda like

yum install --disablerepo=\* epel*
yum install --disablerepo=\* ius*
yum install --disablerepo=\* libstd*
yum install --disablerepo=\* mpfr*
yum install --disablerepo=\* cpp*
yum install --disablerepo=\* libgcc*
yum install --disablerepo=\* libgomp*
yum install --disablerepo=\* libg*
yum install --disablerepo=\* ppl*
yum install --disablerepo=\* cloog*
yum install --disablerepo=\* gcc*
yum install --disablerepo=\* atlas*
yum install --disablerepo=\* python*

And voila! I was able to run python3.5 on a fully airgapped system.

DeusXMachina
  • 183
  • 1
  • 1
  • 8