Open hakong opened 5 months ago
does this look similar in your setup:
%> rpm -Kv libthruk-3.00-0.rhel9.x86_64.rpm
libthruk-3.00-0.rhel9.x86_64.rpm:
Header V4 RSA/SHA512 Signature, key ID a57b9ed7: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
MD5 digest: OK
%> sha256sum libthruk-3.00-0.rhel9.x86_64.rpm
bb3686848010ee2a86a9d858db053a658290fe86fe6996e50dddab5944a7cd07 libthruk-3.00-0.rhel9.x86_64.rpm
Looks like there is a sha512 signature.
i don't have any rhel9 available, it works fine on rocky 9 and alma 9. Is this a redhat thing?
Interesting. Just tested on a standalone system using the repo directly and that worked fine. In the original example the repository is mirrored using Foreman/Satellite and a client of that is trying to install thruk, and failing.
I switched over to the OpenSuse Build Service repo and that worked fine using Foreman/Satellite.
ConSol labs repo: works OpenSuse Build Service: works
ConSol labs repo: fails OpenSuse Build Service works
I'll test this more at work next week.
Describe the bug SHA-1 has been disabled by default in RHEL 9 due to insecurity, see: https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
Thruk Version n/a
To Reproduce Steps to reproduce the behavior:
Expected behavior Packages should install.
Actual behavior Packages are not installed.
Screenshots
Desktop (please complete the following information): n/a
Additional context Add any other context about the problem here.