Alma custom repository doesn't have bugfix and security updates

Hello everyone!

I set up a local repository for almalinux 9 packages and it works well so far, all clients can download packages and do regular updates.

The problem is that yum update --security --bugfix comes back empty, despite copying all metadata from official repos and mirrors.

Example of configuration i’m using:

[baseos]
name= AlmaLinux baseos
baseurl=https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/
enabled=1
gpgcheck=1
countme=1
enabled_metadata=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9

reposync -g -a x86_64 -p /srv/repo_alma/ --downloadcomps --download-metadata --security --bugfix --repo baseos

createrepo -v /srv/repo_alma/baseos/ --keep-all-metadata

Doesn’t seem to find a updateinfo.xml on my local repo, are there extra steps to copy it? Another method?

Thank you in advance,

Why not simply dnf update? Why “cherry-pick” just some packages? That does not lead to anything beneficial.

Workplace policy, we don’t want to update httpd if it’s not for security/bugfix.

Understandable.

RHEL (and Alma) does receive a point update every six months. That contains fixes and new features.

Between point updates only some packages (of current point update) do get updates. These are practically always security/bugfixes by design, aren’t they?

I doubt they would satisfied with an update every six months.

I found a workaround with copying the updateinfo.xml manually from the official, but there got to be a more direct way to do that, is there?

I do use rsync to create local copies of some repos. No reposync nor createrepo. That gives me “whole copies”, presumably including updateinfo too. (I never use the --security filter.)


My point was that updates within each six months are mostly security or bugfixes, so something that your policy demands to be installed.

It is the point updates that introduce non-fixes.