tfoote
commented
7 years ago @nuclearsandwich I ran into this on the r2b2 test farm. It would be great to build this into the deployment. I believe that it's manually fixed on our production farm.
Closed tfoote closed 6 years ago
tfoote
commented
7 years ago @nuclearsandwich I ran into this on the r2b2 test farm. It would be great to build this into the deployment. I believe that it's manually fixed on our production farm.
nuclearsandwich
commented
7 years ago This is now part of the xenialize branch changes. These are the only two lines in the gpg.conf. If we want to add more we can.
nuclearsandwich
commented
6 years ago Resolved now that Xenial is the default.
SHA1 is deprecated in signing apt repos, but it's the default gpg signature and cert digest algorithm for gnupg.
The underlying problem is: https://wiki.debian.org/Teams/Apt/Sha1Removal With blog post explainations here: https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/ and clarification here: https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/
Adding this to the gpg.conf on the repository machine avoids this problem
resolves this issue: Also discussed here: https://github.com/ros/rosdistro/issues/10787 http://discourse.ros.org/t/deployment-approaches-for-new-gpg-key/224/2