CentOS 5.11 on-line repositories post-EOL - unsupported (caveat emptor)

Comments, suggestions, compliments, etc
Post Reply
User avatar
InitOrNot
Posts: 122
Joined: 2015/06/10 18:26:51

CentOS 5.11 on-line repositories post-EOL - unsupported (caveat emptor)

Post by InitOrNot » 2023/11/26 16:23:30

Ok, so I see the CentOS 5 subforums here are closed to new posts/comments.

I had this problem: I inherited a client who had an old CentOS 5.11 server, now virtualized to escape dying hardware, who was running a custom application where the software vendor had disappeared in a puff of smoke. There was a need to reinstall a CentOS package in that server, but yum was not working, not even when pointing it to the "vault" repos, because now those "vault" repos are only accessible with httpS plus TLS 1.2 - but CentOS 5.11 does not support TLS 1.2.

I've found a freely-accessible, working HTTP mirror for CentOS 5.11 Base repos, hosted on a Japanese company. It is safe to use, because CentOS packages are GPG-signed and their GPG-signature validates fine.

So, to help anyone who may have a similar need, this the content of the "/etc/yum.repos.d/CentOS-Base.repo" file which allows to reinstall CentOS 5.11 packages in old systems still running:

Code: Select all

[base]
name=CentOS-$releasever - Base
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
## baseurl=http://vault.centos.org/5.11/os/x86_64/
# baseurl=http://vault.centos.org/$releasever/os/$basearch/
## baseurl=http://vault.centos.org/5.11/os/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#released updates 
[updates]
name=CentOS-$releasever - Updates
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
# baseurl=http://vault.centos.org/$releasever/updates/$basearch/
## baseurl=http://vault.centos.org/5.11/updates/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
# baseurl=http://vault.centos.org/$releasever/extras/$basearch/
## baseurl=http://vault.centos.org/5.11/extras/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
# baseurl=http://vault.centos.org/$releasever/centosplus/$basearch/
## baseurl=http://vault.centos.org/5.11/centosplus/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
# baseurl=http://vault.centos.org/$releasever/contrib/$basearch/
## baseurl=http://vault.centos.org/5.11/contrib/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
That being said, you should migrate off CentOS 5.11 as soon as possible, because it is EOL and it's not getting any new security patches.

User avatar
jlehtone
Posts: 4552
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CentOS 5.11 on-line repositories post-EOL - unsupported (caveat emptor)

Post by jlehtone » 2023/11/27 10:18:18

If 5.11 is too die hard, then it should at least be isolated from the big bad internet. When one does that, one can also make a local copy of the vault contents (of interest). We do know that the files will not change any more (so copy once is enough) and local copy you share/can access by protocols that you do choose.

Post Reply