Repository Architecture
Rocky Linux from CIQ delivers packages through a layered repository architecture. The repositories available to your system depend on your product tier (RLC Pro or RLC+).
All RLC repositories are hosted on CIQ's US-based infrastructure and accessed through authenticated connections via the Depot CLI.
depot enable for your product. A freshly deployed RLC image will only show the ciq-depot-client repository until you enable your product.Repository Tiers
CIQ Repositories
These repositories contain packages built and signed by CIQ (GPG key: rpm-gpg-key-ciq):
| Repository | Description | RLC+ | RLC Pro |
|---|---|---|---|
| rlc-9-core | CIQ core packages including the CIQ-built kernel, release packages, and foundational enhancements | ||
| rlc-9-pro | CIQ enterprise enhancements and priority bug fixes | ||
| rlc-9-supplemental | Additional CIQ-provided packages such as the Depot CLI, supporting utilities, and dependencies not present in upstream Rocky |
Rocky Linux Repositories
These repositories contain upstream Rocky Linux packages (GPG key: RPM-GPG-KEY-Rocky-9):
| Repository | Description | Default |
|---|---|---|
| rocky-9-baseos | Core OS packages | Enabled |
| rocky-9-appstream | Application stream packages | Enabled |
| rocky-9-extras | Additional community packages | Enabled |
| rocky-9-crb | CodeReady Builder (development headers/libraries) | Disabled |
| rocky-9-highavailability | High Availability cluster packages | Disabled |
| rocky-9-resilientstorage | Resilient Storage (GFS2, Gluster) | Disabled |
| rocky-9-nfv | Network Function Virtualization | Disabled |
| rocky-9-rt | Real-Time kernel and packages | Disabled |
| rocky-9-sap | SAP applications support | Disabled |
| rocky-9-saphana | SAP HANA support | Disabled |
| rocky-9-plus | Rocky Plus SIG packages | Disabled |
| rocky-9-devel | Development packages | Disabled |
Each repository is also available in source and debug variants (disabled by default).
Repository Priority
CIQ repositories are configured with higher priority than Rocky Linux repositories, ensuring CIQ-enhanced packages take precedence:
| Repository | Priority |
|---|---|
| rlc-9-pro | 45 (highest) |
| rlc-9-core | 50 |
| Rocky repos | 99 (default) |
This means when CIQ provides an enhanced version of a package (e.g., the CIQ kernel or a priority bug fix), it will be preferred over the upstream Rocky version during dnf update.
Enabling Additional Repositories
Repositories that are disabled by default can be enabled as needed:
# Enable CRB repository (for development headers)
sudo dnf config-manager --set-enabled rocky-9-crb.x86_64
# Enable High Availability repository
sudo dnf config-manager --set-enabled rocky-9-highavailability.x86_64
Or enable temporarily for a single transaction:
sudo dnf install --enablerepo=rocky-9-crb.x86_64 <package-name>
Viewing Repository Configuration
List all configured repositories:
# Show enabled repositories
sudo dnf repolist
# Show all repositories (including disabled)
sudo dnf repolist all
GPG Keys
RLC uses two GPG signing keys:
| Key | URL | Used By |
|---|---|---|
| CIQ | https://ciq.com/keys/rpm-gpg-key-ciq | rlc-9-core, rlc-9-pro, rlc-9-supplemental |
| Rocky Linux 9 | https://download.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9 | All rocky-9-* repositories |
Both keys are pre-installed on RLC systems. Package signature verification (gpgcheck) is enabled on all repositories.
Repository Access
Repository access is managed through the Depot CLI. Repositories require authentication - packages cannot be accessed without a valid subscription.
# Verify Depot status
sudo depot list
# Log in if needed
sudo depot login -u [USER STRING] -t [USER TOKEN]
Content Management (Satellite, Foreman, Rsync)
For organizations managing large fleets with tools like Red Hat Satellite, Foreman, or Spacewalk, RLC repositories can be mirrored using reposync or rsync. See the Depot reposync and rsync guides for details (coming soon).
Rocky Linux 8
RLC 8 follows the same repository architecture with rlc-8-* and rocky-8-* repository naming. Rocky Linux 8 repositories use the RPM-GPG-KEY-Rocky-8 signing key.