drybjed
commented
7 years ago @gaudenz Sounds good to me. Can you post this PR to the DebOps monorepo so that it can be merged properly? The roles from the monorepo will be exported to separate repositories at some point, however it hasn't been implemented yet.
The stripped down version of gpgv used in the jessie installer does not support SHA512 and SHA384 as digest algorithms. Neither for singing release files nor key certifications (ie. self signatures).
This adds a new variable reprepro_installer_jessie_compatibility to disable the unsupported algorithms. This defaults to False. If you change this variables to True, you have to regenerate your archive signing key. Otherwise your key won't work as it contains unsupported self-signatures.
This is only necessary if you want to INSTALL jessie from your repository. If you just want to use it after installation, this is not needed. The installed jessie GnuPG and APT support SHA512 and SHA384.