Fedora EPEL 8 mirror pinning
Even though Fedora EPEL repository's configuration points to an HTTPS location, the default location of mirrors.fedoraproject.org
is a redirect service that redirects to a close-by but non-deterministic mirror.
This guide aims to help in pinning down the repository location to a known FQDN, so it can be set in the allowlists, without affecting the performance of downloads.
Virtual Machine
AWS User Data / GCP Startup Script
#!/bin/bash -ex
sed --in-place=.orig --regexp-extended 's%#baseurl=https://download.example/pub/epel/%baseurl=https://mirrors.edge.kernel.org/fedora-epel/%g' /etc/yum.repos.d/epel*.repo
sed --in-place --regexp-extended 's%^metalink=%#metalink=%g' /etc/yum.repos.d/epel*.repo
The command simply replaces Fedora's default mirror redirector with a known, reliable CDN, making a backup file (with extension .orig) in the process.
Container
Dockerfile
FROM almalinux:8
RUN dnf install --assumeyes epel-release && \
sed --in-place=.orig --regexp-extended 's%#baseurl=https://download.example/pub/epel/%baseurl=https://mirrors.edge.kernel.org/fedora-epel/%g' /etc/yum.repos.d/epel*.repo && \
sed --in-place --regexp-extended 's%^metalink=%#metalink=%g' /etc/yum.repos.d/epel*.repo && \
dnf clean expire-cache
Allowlist
FQDNs
mirrors.edge.kernel.org
DiscrimiNAT Annotation
discriminat:tls:mirrors.edge.kernel.org
Alternative Mirrors
Although mirrors.edge.kernel.org
is a CDN with geo-located caches, you may want to pick a specific https
mirror from Fedora's official mirrors list.