Two Oracle Linux yum sources for package distribution are available:

Public Yum Server

The primary Oracle Linux yum server is publicly available at https://yum.oracle.com/ where you can obtain software packages for free.

The repositories in the public yum server are replicates of a subset of ULN channels. Channels that contain software, such as Ksplice, that are only licensed for use by Oracle Linux Support customers are unavailable in the server. For more information, see Available Yum Repositories.

Oracle Cloud Infrastructure Yum Servers

Unlike the publicly available yum server, Oracle replicates all ULN channels to the Oracle Cloud Infrastructure yum servers. Thus, compute instances have access to software directly without requiring ULN registration. Access to specific ULN content depends on the support contract that you have for an Oracle Cloud Infrastructure account.

The ol9_oci_included and ol8_oci_included yum repositories are available in the Oracle Cloud Infrastructure yum servers, in addition to all ULN channel content. The packages in these repositories must only be used on compute instances in Oracle Cloud Infrastructure. The repositories are mirrored to all regional yum servers within the Oracle Cloud Infrastructure, but aren't mirrored to the publicly accessible Oracle Linux yum server.

To enable access to restricted content through the regional yum servers, ensure that you have installed the appropriate release-el8 packages and have enabled the repositories to which you require access.

A yum repository is a directory of packages that are typically available on a web server or an ISO image. The directory also includes metadata in a repodata subdirectory. The metadata is updated each time a package changes within the repository directory.

You can configure any client system to use a yum repository by creating a yum repository configuration entry. To install software from the repository, you use either the yum or dnf command to install software from the repository.

In Oracle Linux, yum repository names map to equivalent ULN channel names, but exclude the platform architecture. For example, the ULN channel ol9_x86_64_baseos_latest is ol9_baseos_latest on the Oracle Linux yum server. Yum repository names don't include the platform architecture because the URL to the repository already identifies the architecture. Therefore, when accessing the yum server, the system is automatically connected to the appropriate architecture's repositories.

Core OS repositories are the minimum required repositories for an Oracle Linux system to function. These repositories are enabled immediately after installation and must remain enabled through the life cycle of an Oracle Linux system.

On Oracle Linux 9 systems, the core OS repositories are ol9_baseos_latest and ol9_appstream.

On Oracle Linux 8 systems, the core OS repositories are ol8_baseos_latest and ol8_appstream.

For a complete list of available repositories on the Oracle Linux yum server, go to https://yum.oracle.com and under the Browse the Repositories section, click the link that corresponds to the system's Oracle Linux version.

For additional information, see the Oracle Linux Yum Server Frequently Asked Questions.

Oracle Linux yum servers are configured to use HTTPS so that all communications are validated, verified, and encrypted during package download.

Oracle Linux packages are signed by using Gnu Privacy Guard (GnuPG or GPG) key pairs. You can check package veracity by using the public keys that we provide to authenticate that the packages come from Oracle and that they have not been altered since they were signed.

The system's repository files for Oracle Linux packages are normally set up with GPG parameters that configure the GPG verification to be completed automatically as part of the download process. For example, the following entry in /etc/yum.repos.d/oracle-linux-ol9.repo is configured to automatically use the appropriate GPG key to verify the package during download:

[ol9_baseos_latest]
name=Oracle Linux 9 BaseOS Latest ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL9/baseos/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
...

Where:

• gpgkey: specifies the full path of the key that's provided by the repository maintainer.

• gpgcheck=1: the default 1 setting indicates that package installation automatically uses the GPG key to verify the packages to be installed are trusted packages. Always ensure that gpgcheck=1 is the persistent setting.

The public keys that Oracle generates for Oracle Linux packages are available on the Oracle Linux yum server and are included when the packages are installed on the system. The public GPG key is installed automatically when you install the oraclelinux-release package.

For more information, and download links for other Oracle Linux release keys and checksum files, see https://linux.oracle.com/security/gpg/