Repo's SHA1 key import fails due to SHA1 deprecation in RHEL9 & CentOS 9

rsyslog / rsyslog-pkg-rhel-centos

Package build sources for building RHEL/CentOS packages

17 stars 27 forks source link

Repo's SHA1 key import fails due to SHA1 deprecation in RHEL9 & CentOS 9 #125

Closed aucompbiker closed 1 year ago

aucompbiker commented 1 year ago

Attempts to import the rhel-centos repo's signature key into a RHEL v9.1 system fail with the following error.

warning: Signature not supported. Hash algorithm SHA1 not available.
error: http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon: key 2 import failed.

Steps to Reproduce

Run RHEL 9 or Centos 9
Run "rpm --import http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon"

alorbach commented 1 year ago

Thanks for reporting, we actually switched to a newer key some time ago but the RPM-GPG-KEY-Adiscon file contains both PUBKEYS, the old SHA1 and the new SHA256. The error is related to the second old SHA1 key which is ok in this case.

@rgerhards I think it is save to remove the old SHA1 key from RPM-GPG-KEY-Adiscon and put it into a separated file like RPM-GPG-KEY-Adiscon.legacykey in case somebody needs it. It would eliminate this error and won't affect the signature checking of the current packages.

rgerhards commented 1 year ago

I think it is save to remove the old SHA1 key from RPM-GPG-KEY-Adiscon and put it into a separated file like RPM-GPG-KEY-Adiscon.legacykey in case somebody needs it. It would eliminate this error and won't affect the signature checking of the current packages.

Sounds good! Pls go ahead.

alorbach commented 1 year ago

Done, the issue can be considered solved then. @aucompbiker feel free to comment if you have further questions.