Unable to create derived image from Gateway image 11.1.1_20240806
search cancel

Unable to create derived image from Gateway image 11.1.1_20240806

book

Article ID: 375190

calendar_today

Updated On: 02-10-2025

Products

CA API Gateway

Issue/Introduction

The creation of a custom derived image from the latest gateway  11.1.1_20240806 image fails with:

Downloading metadata...
error: cannot update repo 'ubi-9-baseos-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried; Last error: Status code: 403 for https://<Broadcom internal repository >/gateway-redhat-ubi-rpm/dist/ubi9/9/x86_64/baseos/os/repodata/repomd.xml (IP:xxx.xxx.xxx.xxx)
The command '/bin/sh -c microdnf install -y findutils' returned a non-zero code: 1

Environment

API Gateway 11.1.1

Cause

Starting with this release, the image was built pointing only to the Broadcom internal repository used to create the image for security reasons.

Customers adding any extra packages to the OVA/Container bring security issues and customers themselves are liable for the legal and security aspects of it.

Resolution

If you want to build your own images, despite the security risk on top of the default gateway image, you can prepare a repo with publicly accessible URLs/resources and copy it to the target using the COPY command in the Dockerfile. After that, use a yum installation to pick up the repo details from the installed file.

The following is a sample Dockerfile file & repo files for reference:

FROM caapim/gateway:11.1.00_20240730
WORKDIR /R_setup
USER root
COPY ubi.repo /etc/yum.repos.d/ubi.repo
RUN microdnf --disablerepo=* --enablerepo=ubi-9-appstream-rpms --enablerepo=ubi-9-baseos-rpms -y install yum
CMD ["bash"]

Contents for the used repo file ubi.repo pointing to public repo for UBI

[ubi-9-baseos-rpms]
name = Red Hat Universal Base Image 9 (RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-baseos-debug-rpms]
name = Red Hat Universal Base Image 9 (Debug RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-baseos-source]
name = Red Hat Universal Base Image 9 (Source RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/baseos/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-appstream-rpms]
name = Red Hat Universal Base Image 9 (RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-appstream-debug-rpms]
name = Red Hat Universal Base Image 9 (Debug RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-appstream-source]
name = Red Hat Universal Base Image 9 (Source RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/appstream/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-codeready-builder-rpms]
name = Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/os
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-codeready-builder]
name = Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1


[ubi-9-codeready-builder-debug-rpms]
name = Red Hat Universal Base Image 9 (Debug RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-9-codeready-builder-source]
name = Red Hat Universal Base Image 9 (Source RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi9/9/$basearch/codeready-builder/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1