From 10ee8d33e431de17f954e634a17e163928079bbf Mon Sep 17 00:00:00 2001
From: veilor <veilor@localhost>
Date: Thu, 30 Apr 2026 10:45:58 +0100
Subject: [PATCH] =?UTF-8?q?ks:=20updates=20repo=20cost=3D500=20vs=20base?=
 =?UTF-8?q?=20default=201000=20=E2=80=94=20force=20latest=20selinux-policy?=
 =?UTF-8?q?=20+=20pcre2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 kickstart/veilor-os.ks | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kickstart/veilor-os.ks b/kickstart/veilor-os.ks
index f8437d8..e05fe32 100644
--- a/kickstart/veilor-os.ks
+++ b/kickstart/veilor-os.ks
@@ -9,8 +9,9 @@
 # file_contexts.bin, which fails chroot %triggerin against host's
 # libselinux (built against pcre2 10.46). 43.7 in updates is rebuilt.
 url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
-repo --name=updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --install
-repo --name=updates-testing --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-testing-f43&arch=x86_64" --cost=1500
+# Updates cost=500 < base cost=1000 → dnf prefers updates (lower = higher priority).
+# Pulls selinux-policy 43.7 + pcre2 10.47 (matched pair, no regex mismatch).
+repo --name=updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64" --install --cost=500
 
 # ── Locale / keyboard / time (template — adjust per build) ──
 keyboard --xlayouts='us'
@@ -62,6 +63,7 @@ grub2-efi-x64
 shim-x64
 efibootmgr
 
+
 # core hardening tools
 fail2ban
 fail2ban-firewalld