Problem
The data/known_rpm_repositories.yml file is missing the base RHEL 9 repository IDs, causing Enterprise Contract validation failures for bootc container builds that use RHEL 9 base images.
Missing Repository IDs
The following base RHEL 9 repository IDs are not present in the known repositories list:
rhel-9-appstreamrhel-9-baseosrhel-9-appstream-sourcerhel-9-baseos-source
Current State
The known_rpm_repositories.yml file currently contains:
- ✅ Architecture-specific RHEL 9 repositories (e.g.,
rhel-9-for-aarch64-appstream-debug-rpms, rhel-9-for-x86_64-appstream-eus-rpms)
- ✅ Product-specific RHEL 9 repositories (e.g.,
cnv-4.13-for-rhel-9-x86_64-rpms)
- ❌ Simple base RHEL 9 repository IDs (listed above)
Impact
Bootc container builds fail EC validation with 208+ violations when the rpm_repos.ids_known check encounters RPMs from these base RHEL 9 repositories.
This affects teams building bootc containers from RHEL 9 base images, as these repositories are standard sources for base OS packages. The RPM repository IDs reported in bootc builds use the simple format (rhel-9-appstream), not the verbose architecture-specific format (rhel-9-for-x86_64-appstream-rpms).
Current Workarounds
Teams are currently working around this by:
- Using time-bound exclusions to disable
rpm_repos.ids_known validation entirely (disables check for all RPMs - security risk)
- Using
extra_rpm_repositories to allowlist specific RHEL 9 repos in their EnterpriseContractPolicy (better, but requires duplication across teams)
Both workarounds are temporary until the base repository IDs are added to the central known list.
References
Requested Action
Please add the four base RHEL 9 repository IDs listed above to data/known_rpm_repositories.yml so that bootc builds can pass standard EC validation without team-specific workarounds.
Problem
The
data/known_rpm_repositories.ymlfile is missing the base RHEL 9 repository IDs, causing Enterprise Contract validation failures for bootc container builds that use RHEL 9 base images.Missing Repository IDs
The following base RHEL 9 repository IDs are not present in the known repositories list:
rhel-9-appstreamrhel-9-baseosrhel-9-appstream-sourcerhel-9-baseos-sourceCurrent State
The
known_rpm_repositories.ymlfile currently contains:rhel-9-for-aarch64-appstream-debug-rpms,rhel-9-for-x86_64-appstream-eus-rpms)cnv-4.13-for-rhel-9-x86_64-rpms)Impact
Bootc container builds fail EC validation with 208+ violations when the
rpm_repos.ids_knowncheck encounters RPMs from these base RHEL 9 repositories.This affects teams building bootc containers from RHEL 9 base images, as these repositories are standard sources for base OS packages. The RPM repository IDs reported in bootc builds use the simple format (
rhel-9-appstream), not the verbose architecture-specific format (rhel-9-for-x86_64-appstream-rpms).Current Workarounds
Teams are currently working around this by:
rpm_repos.ids_knownvalidation entirely (disables check for all RPMs - security risk)extra_rpm_repositoriesto allowlist specific RHEL 9 repos in their EnterpriseContractPolicy (better, but requires duplication across teams)Both workarounds are temporary until the base repository IDs are added to the central known list.
References
Requested Action
Please add the four base RHEL 9 repository IDs listed above to
data/known_rpm_repositories.ymlso that bootc builds can pass standard EC validation without team-specific workarounds.