Closed djareval closed 1 year ago
I am out of the lab this week, but I'll look into this next week and issue new packages for the current releases of TurboVNC and VirtualGL, as well as modify the build system so that any future releases have SHA256 digests.
This may be related to what I am experiencing in https://github.com/TurboVNC/turbovnc/issues/354
~ Joe G.
Sorry for the delay. I have been hip-deep in libjpeg-turbo hell for the past couple of months but am finally coming up for air.
The RPMs are supposed to use SHA256 digests because of TurboVNC/buildscripts@978c14987fbcf524c8c32ae10aed387ed84f0805, but I can confirm that they don't. It seems that SHA256 digests are poorly supported in older versions of RPM, including the one we use in our official builds. I am investigating how to add them.
New TurboVNC 3.0.2 RPM packages with SHA-256 payload digests have been deployed to SourceForge (and, by extension, the YUM repository.) Do sudo yum clean metadata
and try the install again.
Works great, thanks so much for the update!
RHEL 8 systems in FIPS mode cannot by default install packages that have been built with less secure digests (MD5/SHA1).
Can future packages be built using more updated algorithms?
Here's a well-written summary of how one organization made that change.
In the meantime, (for anyone stumbling on this) the workaround is to tell rpm to ignore the digest, either by installing outside the package manager or overriding the default rpm macro.