Fedora EPEL 8 mirror pinning

Even though Fedora EPEL repository's configuration points to an HTTPS location, the default location of mirrors.fedoraproject.org is a redirect service that redirects to a close-by but non-deterministic mirror.

This guide aims to help in pinning down the repository location to a known FQDN, so it can be set in the allowlists, without affecting the performance of downloads.

Virtual Machine

AWS User Data / GCP Startup Script

#!/bin/bash -ex
sed --in-place=.orig --regexp-extended 's%#baseurl=https://download.example/pub/epel/%baseurl=https://mirrors.edge.kernel.org/fedora-epel/%g' /etc/yum.repos.d/epel*.repo
sed --in-place --regexp-extended 's%^metalink=%#metalink=%g' /etc/yum.repos.d/epel*.repo

The command simply replaces Fedora's default mirror redirector with a known, reliable CDN, making a backup file (with extension .orig) in the process.

Container

Dockerfile

FROM almalinux:8

RUN dnf install --assumeyes epel-release && \
    sed --in-place=.orig --regexp-extended 's%#baseurl=https://download.example/pub/epel/%baseurl=https://mirrors.edge.kernel.org/fedora-epel/%g' /etc/yum.repos.d/epel*.repo && \
    sed --in-place --regexp-extended 's%^metalink=%#metalink=%g' /etc/yum.repos.d/epel*.repo && \
    dnf clean expire-cache

Allowlist

FQDNs

mirrors.edge.kernel.org

DiscrimiNAT Annotation

discriminat:tls:mirrors.edge.kernel.org

Alternative Mirrors

Although mirrors.edge.kernel.org is a CDN with geo-located caches, you may want to pick a specific https mirror from Fedora's official mirrors list.

Virtual Machine​

AWS User Data / GCP Startup Script​

Container​

Dockerfile​

Allowlist​

FQDNs​

DiscrimiNAT Annotation​

Alternative Mirrors​