Change the signature to be based on SHA256 instead of SHA1 #432

bonivi · 2023-12-09T00:53:35Z

Signed RPMs report as having bad signatures on RHEL 9 and can't be installed:
Looks like SHA1 is depreciated in RHEL 9 ( https://access.redhat.com/articles/6846411 ). Can you change the signature to be based on SHA256 instead of SHA1 ?

# rpm -i package-1-1.x86_64.rpm 
warning: Signature not supported. Hash algorithm SHA1 not available.
error: package-1-1.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID daa37c10: BAD
error: package-1-1.x86_64.rpm cannot be installed

rpm -v --checksig package-1-1.x86_64.rpm 
package-1-1.x86_64.rpm:
warning: Signature not supported. Hash algorithm SHA1 not available.
warning: Signature not supported. Hash algorithm SHA1 not available.
    Header V4 RSA/SHA1 Signature, key ID daa37c10: BAD
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 ALT digest: OK
    Payload SHA256 digest: OK
    V4 RSA/SHA1 Signature, key ID daa37c10: BAD
    MD5 digest: OK

`

The text was updated successfully, but these errors were encountered:

bonivi · 2024-02-04T13:52:18Z

Any plans to add SHA256 signatures ?

DanielThomas · 2024-02-05T03:16:42Z

This was added in Redline upstream and the latest releases of the plugin use this version:

craigwblake/redline@45494bc

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Change the signature to be based on SHA256 instead of SHA1 #432

Change the signature to be based on SHA256 instead of SHA1 #432

bonivi commented Dec 9, 2023

bonivi commented Feb 4, 2024

DanielThomas commented Feb 5, 2024

Change the signature to be based on SHA256 instead of SHA1 #432

Change the signature to be based on SHA256 instead of SHA1 #432

Comments

bonivi commented Dec 9, 2023

bonivi commented Feb 4, 2024

DanielThomas commented Feb 5, 2024