Open cmcfadden opened 6 months ago
Same here, this fails on Rocky9
i also have this issue on almalinux 9
Changing that key in tasks/setup-RedHat.yml
does indeed fix the rpm_key task, but then the next task (installing the repo RPM) fails with e.g.
Failed to validate GPG signature for nodesource-release-nodistro-1.noarch: Public key for nodesource-release-nodistro-1.noarchde3kruo1.rpm is not installed
Oddly, just running yum install https://rpm.nodesource.com/pub_16.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm
will work without any signature complaints.
Actually, it looks like their RPM signing is messed up. The RPM mentioned above has this signature
$ rpm -qip --nosignature nodesource-release-nodistro-1.noarch.rpm | grep Signature
Signature : RSA/SHA512, Wed Aug 16 20:40:47 2023, Key ID 2f59b5f99b1be0b4
But that key uses SHA1 which won't work on RHEL9 by default
$ gpg --recv-keys 2f59b5f99b1be0b4
$ gpg --armor --export 2f59b5f99b1be0b4 > node.gpg
$ sudo rpm --import node.gpg
warning: Signature not supported. Hash algorithm SHA1 not available.
error: node.gpg: key 1 import failed.
The changes merged in b525bfe seem to have broken this package on RHEL9. During the "Import Nodesource RPM Key" stage, it throws a
warning: Signature not supported. Hash algorithm SHA1 not available.
. It looks like Nodesource might be using https://rpm.nodesource.com/gpgkey/ns-operations-public.key now?