Distributing Packages Through the Oracle Linux Yum Server

Instead of using the installation media, you can access the Oracle Linux yum server to install Oracle Linux packages, including bug fixes, security fixes, and enhancements. Oracle logically organizes software packages on the yum server into different repositories based on package purpose, support status, or dependencies.

Available Oracle Linux Yum Servers

Two Oracle Linux yum sources for package distribution are available:

Public Yum Server

The primary Oracle Linux yum server is publicly available at https://yum.oracle.com/ where you can obtain software packages for free.

The repositories in the public yum server are replicates of a subset of ULN channels. Channels that contain software, such as Ksplice, that are only licensed for use by Oracle Linux Support customers are unavailable in the server. For more information, see Available Yum Repositories.

Oracle Cloud Infrastructure Yum Servers

Unlike the publicly available yum server, Oracle replicates all ULN channels to the Oracle Cloud Infrastructure (OCI) yum servers. Thus, compute instances have access to software directly without requiring ULN registration. Access to specific ULN content depends on the support contract that you have for an OCI account.

The ol10_oci_included, ol9_oci_included and ol8_oci_included yum repositories are available in the OCI yum servers, in addition to all ULN channel content. The packages in these repositories must only be used on compute instances in OCI. The repositories are mirrored to all regional yum servers within OCI, but aren't mirrored to the publicly accessible Oracle Linux yum server.

To enable access to restricted content through the regional yum servers, ensure that you have installed the appropriate release-el8, release-el9, or release-el10 packages and have enabled the repositories to which you require access.

Available Yum Repositories

A yum repository is a directory of packages that's typically available on a web server or an ISO image. The directory also includes metadata in a repodata subdirectory. The metadata is updated each time a package changes within the repository directory.

You can configure any client system to use a yum repository by creating a yum repository configuration entry. To install software from the repository, you use either the yum or dnf command to install software from the repository.

In Oracle Linux, yum repository names map to equivalent ULN channel names, but exclude the platform architecture. For example, the ULN channel ol10_x86_64_baseos_latest is ol10_baseos_latest on the Oracle Linux yum server. Yum repository names don't include the platform architecture because the URL to the repository already identifies the architecture. Therefore, when accessing the yum server, the system is automatically connected to the appropriate architecture's repositories.

Core OS repositories are the minimum required repositories for an Oracle Linux system to function. These repositories are enabled immediately after installation and must remain enabled through the life cycle of an Oracle Linux system.

• Oracle Linux 10
• Oracle Linux 9
• Oracle Linux 8

On Oracle Linux 10, the core repositories are:

• ol10_baseos_latest
• ol10_appstream

For a complete list of available repositories on the Oracle Linux yum server, go to https://yum.oracle.com/oracle-linux-10.html.

On Oracle Linux 9, the core repositories are:

• ol9_baseos_latest
• ol9_appstream

For a complete list of available repositories on the Oracle Linux yum server, go to https://yum.oracle.com/oracle-linux-9.html.

On Oracle Linux 8, the core repositories are:

• ol8_baseos_latest
• ol8_appstream

For a complete list of available repositories on the Oracle Linux yum server, go to https://yum.oracle.com/oracle-linux-8.html.

Securing the Distribution of Oracle Linux Packages

Oracle Linux yum servers are configured to use HTTPS so that all communications are validated, verified, and encrypted during package download.

Oracle Linux packages are signed by using Gnu Privacy Guard (GnuPG or GPG) key pairs. You can check package veracity by using the public keys that we provide to authenticate that the packages come from Oracle and that they haven't been altered since they were signed.

The system's repository files for Oracle Linux packages are normally set up with GPG parameters so that GPG verification is completed automatically as part of the download process. For example, the following entry in /etc/yum.repos.d/oracle-linux-ol9.repo is configured to automatically use the appropriate GPG key to verify the package during download:

[ol9_baseos_latest]
name=Oracle Linux 9 BaseOS Latest ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL9/baseos/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
...

Where:

• gpgkey: specifies the full path of the key that's provided by the repository maintainer.

• gpgcheck=1: the default 1 setting indicates that package installation automatically uses the GPG key to verify the packages to be installed are trusted packages. Always ensure that gpgcheck=1 is the persistent setting.

The public keys that Oracle generates for Oracle Linux packages are available on the Oracle Linux yum server and are included when the packages are installed on the system. The public GPG key is installed automatically when you install the oraclelinux-release package.

Note:

Developer Preview packages might be signed using a dedicated development GPG key. The development GPG key isn't installed on Oracle Linux systems by default, so you might need to install the key and manually verify such packages.

For more information, and download links for other Oracle Linux release keys and checksum files, see https://linux.oracle.com/security/gpg/