Bug 2417289

Summary: Include debuginfod url in epel-release?
Product: [Fedora] Fedora EPEL Reporter: Pat Riehecky <riehecky>
Component: epel-releaseAssignee: Kevin Fenzi <kevin>
Status: ASSIGNED --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel10CC: carl, fche, kevin, maxwell, smooge, tdawson
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pat Riehecky 2025-11-26 16:13:12 UTC 
Description of problem:

Since debuginfod is up and working, would it make sense for epel-release to drop some sort of `fedora-epel.urls` or something in /etc/debuginfod/ so these artifacts can be fetched automatically?

Version-Release number of selected component (if applicable):epel-10


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Pat Riehecky 2025-11-26 21:36:07 UTC 
Probably also need to drop the IMA key in /etc/keys/ima in DER format too....
Comment 2 Kevin Fenzi 2026-01-03 20:33:38 UTC 
Adding fche here for comment on the debuginfod idea.

On the IMA thing... I am not sure how useful it would be. We do not have the epel key trusted/setup in the RHEL kernel, and I doubt that that would be something they would want to do. I suppose it could be helpful for debuginfod verification...
Comment 3 Frank Ch. Eigler 2026-01-03 20:52:17 UTC 
The fedora debuginfod servers could certainly start indexing epel rpms (adjusting the -I regexp to include the .el* file name glob, not just .fc*), and if so, absolutely, including their URL in a new .url file in centos-release would make sense.  Ditto re.  /etc/keys/ima: the debuginfod clients can verify file integrity apart from any kernel-side enforcement support presence.
Comment 4 Frank Ch. Eigler 2026-01-03 20:55:13 UTC 
We're using ~33% of VM storage at the moment.  Does someone have a ready estimate of how much EPEL RPM content exists (let's say .el9 upward?), in comparison to Fedora (we index .fc35 onward)?