CentOS 5.11 on-line repositories post-EOL - unsupported (caveat emptor)

[InitOrNot]

Ok, so I see the CentOS 5 subforums here are closed to new posts/comments.

I had this problem: I inherited a client who had an old CentOS 5.11 server, now virtualized to escape dying hardware, who was running a custom application where the software vendor had disappeared in a puff of smoke. There was a need to reinstall a CentOS package in that server, but yum was not working, not even when pointing it to the "vault" repos, because now those "vault" repos are only accessible with httpS plus TLS 1.2 - but CentOS 5.11 does not support TLS 1.2.

I've found a freely-accessible, working HTTP mirror for CentOS 5.11 Base repos, hosted on a Japanese company. It is safe to use, because CentOS packages are GPG-signed and their GPG-signature validates fine.

So, to help anyone who may have a similar need, this the content of the "/etc/yum.repos.d/CentOS-Base.repo" file which allows to reinstall CentOS 5.11 packages in old systems still running:

Code: Select all

[base]
name=CentOS-$releasever - Base
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
## baseurl=http://vault.centos.org/5.11/os/x86_64/
# baseurl=http://vault.centos.org/$releasever/os/$basearch/
## baseurl=http://vault.centos.org/5.11/os/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#released updates 
[updates]
name=CentOS-$releasever - Updates
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
# baseurl=http://vault.centos.org/$releasever/updates/$basearch/
## baseurl=http://vault.centos.org/5.11/updates/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
# baseurl=http://vault.centos.org/$releasever/extras/$basearch/
## baseurl=http://vault.centos.org/5.11/extras/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
# baseurl=http://vault.centos.org/$releasever/centosplus/$basearch/
## baseurl=http://vault.centos.org/5.11/centosplus/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
# baseurl=http://vault.centos.org/$releasever/contrib/$basearch/
## baseurl=http://vault.centos.org/5.11/contrib/$basearch/
baseurl=http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

That being said, you should migrate off CentOS 5.11 as soon as possible, because it is EOL and it's not getting any new security patches.

[jlehtone]

If 5.11 is too die hard, then it should at least be isolated from the big bad internet. When one does that, one can also make a local copy of the vault contents (of interest). We do know that the files will not change any more (so copy once is enough) and local copy you share/can access by protocols that you do choose.