diff --git a/ocaml/xapi/repository.ml b/ocaml/xapi/repository.ml
index 4575c46e19..305960fd56 100644
--- a/ocaml/xapi/repository.ml
+++ b/ocaml/xapi/repository.ml
@@ -176,11 +176,16 @@ let sync ~__context ~self ~token ~token_id ~username ~password =
     let local_host = "127.0.0.1" in
     let local_port = !Xapi_globs.local_yum_repo_port in
 
-    let binary_url, source_url, client_auth_config, server_auth_config =
+    let ( binary_url
+        , source_url
+        , repo_gpgcheck
+        , client_auth_config
+        , server_auth_config ) =
       match origin with
       | `remote ->
           ( Db.Repository.get_binary_url ~__context ~self
           , Some (Db.Repository.get_source_url ~__context ~self)
+          , true
           , CdnTokenAuthConf {token; token_id}
           , DefaultAuth
           )
@@ -188,7 +193,7 @@ let sync ~__context ~self ~token ~token_id ~username ~password =
           let uri =
             Uri.make ~scheme:"file" ~path:!Xapi_globs.bundle_repository_dir ()
           in
-          (Uri.to_string uri, None, NoAuth, NoAuth)
+          (Uri.to_string uri, None, true, NoAuth, NoAuth)
       | `remote_pool ->
           let uri =
             Uri.make ~scheme:"http" ~host:local_host
@@ -202,6 +207,7 @@ let sync ~__context ~self ~token ~token_id ~username ~password =
           in
           ( Uri.to_string uri
           , None
+          , false
           , PoolExtHostAuthConf {cert; remote_addr; username; password}
           , ServerAuthConf
               {cert; remote_addr; remote_port= Constants.default_ssl_port}
@@ -215,7 +221,7 @@ let sync ~__context ~self ~token ~token_id ~username ~password =
           s
     in
     let write_initial_yum_config () =
-      write_yum_config ~source_url ~binary_url ~repo_gpgcheck:true ~gpgkey_path
+      write_yum_config ~source_url ~binary_url ~repo_gpgcheck ~gpgkey_path
         ~repo_name
     in
     write_initial_yum_config () ;