Fixing yum repos on CentOS 6 now it’s EOL

Voiced by Amazon Polly

First of all, if you can, you really should upgrade, to either CentOS Stream if a rolling release works for you, or Alpine or Rocky Linux if you want the same sort of release cadence as CentOS historically had, and before anyone points out that there’s no direct upgrade path, I know, and that makes upgrading basically a reprovision exercise, but still in the longer term, you’ll be better off. This is a small note I found regarding the current CentOS 6 status:

CentOS 6 is *dead* and *shouldn't* be used anywhere at *all*

Also, if you’re considering the last non-rolling release of CentOS, CentOS 8, keep in mind that CentOS 8 has had the rug pulled from under it in terms of lifecycle and should have been supported until the end of 2029, but that was brought forward to the end of 2021, and so is also end of life.

For the purposes of what follows though, I’m assuming that you can’t upgrade easily for some reason and that’s why you’re here, stuck in the same hole I was.

So, you’ll see an error similar to the below when you run the usual yum update commands:

Setting up Upgrade Process
YumRepo Error: All mirror URLUniform Resource Identifiers are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorlist.txt
Error: Cannot retrieve repository metadata (repomd.xml) for repository: base. Please verify its path and try again

The fix here is fairly simple and it’s to use the CentOS vault repos, which are snapshots of older release trees.

So to fix the base repo, just copy the following into /etc/yum.repos.d/CentOS-Base.repo

[C6.10-base]
name=CentOS-6.10 - Base
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never

[C6.10-updates]
name=CentOS-6.10 - Updates
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never

[C6.10-extras]
name=CentOS-6.10 - Extras
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=1
metadata_expire=never

[C6.10-contrib]
name=CentOS-6.10 - Contrib
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/contrib/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=never

[C6.10-centosplus]
name=CentOS-6.10 - CentOSPlus
baseurl=http://linuxsoft.cern.ch/centos-vault/6.10/centosplus/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
enabled=0
metadata_expire=never

Then to fix the epel repo, this is the vault config to go into /etc/yum.repos.d/epel.repo

[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://mirror.math.princeton.edu/pub/fedora-archive/epel/6/$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
baseurl=http://mirror.math.princeton.edu/pub/fedora-archive/epel/6/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1

If you prefer you can just curl the files down that contain the above config and overwrite the existing old configs:

curl https://www.mark-gilbert.co.uk/wp-content/uploads/2021/08/CentOS-Base.repo --output /etc/yum.repos.d/CentOS-Base.repo
curl https://www.mark-gilbert.co.uk/wp-content/uploads/2021/08/epel.repo --output /etc/yum.repos.d/epel.repo

Update – Dec 2021 – Someone posted in the comments to say they couldn’t download the configs using the commands I included in the article, and I realise this is due to the various https settings I employ on the website and older CentOS installs not being compatible with what I enforce, so I’ve added the same commands but pulling from AWS S3 below to get around this.

AWS S3 hosted versions of the same files and the relevant commands are below:

curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/CentOS-Base.repo –output /etc/yum.repos.d/CentOS-Base.repo
curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/epel.repo –output /etc/yum.repos.d/epel.repo

Update – Feb 2022 – I’ve had to amend the details here again as more and more http mirrors are moving to redirect to https, meaning that on a server with extremely old software packages, you won’t be able to connect as you’ll be pushed to https. Unfortunately this is just to happen more and more, and you really, really should migrate to something more modern, that’s still supported.

Update – April 2022 – I’ve updated the epel mirrors to use the Princeton University servers in the US, as someone in the comments pointed out that the epel mirrors were also not working now.

21 thoughts on “Fixing yum repos on CentOS 6 now it’s EOL”

  1. When i run:
    sudo curl https://www.mark-gilbert.co.uk/wp-content/uploads/2021/08/CentOS-Base.repo –output /etc/yum.repos.d/CentOS-Base.repo

    I get:
    curl: (35) SSL connect error

    Overwriting with the files manually does not work. Same error:

    sudo yum update
    Loaded plugins: fastestmirror, security
    Setting up Update Process
    Loading mirror speeds from cached hostfile
    http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: [Errno 14] problem making ssl connection
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: C6.10-base. Please verify its path and try again

    1. Ah, I’m guessing what’s happened here is when I ran these I dumped the files out on another box and copied them in, then modified the commands to dump them straight to the right folders when I came to write this post, and I forgot that on CentOS 6 the more modern SSL config on my website would prevent SSL connections.

      Try these two slightly modified locations, I’ve uploaded the same files to an AWS S3 bucket.
      curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/CentOS-Base.repo –output /etc/yum.repos.d/CentOS-Base.repo
      curl http://mark-gilbert-co-uk.s3-website-eu-west-1.amazonaws.com/epel.repo –output /etc/yum.repos.d/epel.repo

      If they work ok for the curl commands I’ll update the post.

    1. Yeah, I’d guess in doing that from the afflicted CentOS box, the version of curl on there wouldn’t be able to establish a connection to the web server behind my site, I do get fairly strict with ciphers and certainly anything less than TLS 1.2 will fail, and I should have realised that older version of CentOS might not be able to connect. The S3 location should work though as it’s not https, or just download the file on another machine and copy and paste the contents using vi or whatever other test editor.

  2. I am getting the below error on doing “yum upgrade” after even updating the CentOS-Base.repo file

    Loaded plugins: fastestmirror, security
    Loading mirror speeds from cached hostfile
    http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml: (28, ‘connect() timed out!’)
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: C6.10-base. Please verify its path and try again

    Any help would be appreciated, thanks

    1. The mirror I originally posted that previously did support http is now only redirecting to https by the looks of it. I’ve updated the repo files and details in the post to reflect one of the few mirrors that still support http.

      You can see here the redirect for the vault site:

      curl -IL http://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml
      HTTP/1.1 301 Moved Permanently
      Date: Fri, 18 Feb 2022 20:01:25 GMT
      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
      X-Xss-Protection: 1; mode=block
      X-Content-Type-Options: nosniff
      Referrer-Policy: same-origin
      X-Frame-Options: SAMEORIGIN
      Location: https://vault.centos.org/6.10/os/x86_64/repodata/repomd.xml
      Content-Type: text/html; charset=iso-8859-1

      HTTP/1.1 200 OK
      Date: Fri, 18 Feb 2022 20:01:31 GMT
      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
      Strict-Transport-Security: max-age=31536000
      X-Xss-Protection: 1; mode=block
      X-Content-Type-Options: nosniff
      Referrer-Policy: same-origin
      X-Frame-Options: SAMEORIGIN
      Last-Modified: Fri, 29 Jun 2018 15:37:44 GMT
      ETag: "ea5-56fc9a1032200"
      Accept-Ranges: bytes
      Content-Length: 3749
      Content-Type: text/xml

  3. 21 March 2022 Had issue with Cento 6.6 and SSL
    updated files as per above . the .old the epel repo as that was giving ssl connectivity errors.

    i then updated
    1) yum clean all
    2) yum update yum
    3) yum update curl
    4) yum update openssl
    5) yum update nss

    The rename epel back to epel.repo
    and the yum update . all good

    1. That was very useful to me, disabling epel and postgres repositories before upgrading yum openssl and nss put me in the condition to make yum work again and then installed the new repos for postgres.
      Thank you again.
      Francesco

  4. Saved me a ton of work.
    Thanks for putting this out there and someone cross posted this on centos forum as well.

  5. Very useful to me too. Updating OpenVPN to 2.4 release.
    I would like to point out a mistake in the epel URL:
    baseurl=http://mirror.math.princeton.edu/pub/fedora-archive/epel/6/x86_64/$basearch

    Need to remove the “x86_64/” text.
    Thank you

  6. After looking for in google, i found your article…
    Really you help me, i can install tcpdump and sngrep (for this before install, you should import the key from irontec and after yum install sngrep)..

    Thanks a lot of…

    sorry for my english…from MX thnks again!

  7. I spend a whole day searching for an answer but no success.

    Did and “redid” this tutorial but still getting:

    YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
    Eg. Invalid release/repo/arch combination/
    removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/centos-sclo-rh/mirrorlist.txt
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: centos-sclo-rh. Please verify its path and try again

    I’m using Centos 6.10 and I’m trying to install fail2ban

    1. What version of CentOS is this running, and is this still an Internet facing production server?

  8. — EDIT —
    After a lot of changes in those .repo files as I looked for the internet for solutions, now I get a new error that I don’t know how to solve 🙁

    Setting up Install Process
    base | 3.7 kB 00:00
    base/primary_db | 4.7 MB 00:02
    epel | 4.7 kB 00:00
    epel/primary_db | 6.1 MB 00:04
    extras | 3.4 kB 00:00
    extras/primary_db | 29 kB 00:00
    updates | 3.4 kB 00:00
    updates/primary_db | 12 MB 00:05
    http://mirror.globo.com/centos/6/updates/x86_64/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 – “Couldn’t resolve host ‘mirror.globo.com'”
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: upgrade. Please verify its path and try again

  9. Hi! Do you have a similar solution for 5.5? We have some really old stuff running in our infrastructure and I am simply looking to buy some time to replace them with modern (not EOL).. Unfortunately, lots of coding required to do that. So thanks for the help!

Leave a Reply to Kushagra Cancel Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.