RPM package signature
507 views
Skip to first unread message
Xavier Humbert
Oct 2, 2023, 9:41:52 AM10/2/23
to rundeck-discuss
Hi,
Seems the the RPM package is incorrectly signed :
In RHEL7/8 :
> $ rpm -K rundeck-4.17.0.20230925-1.noarch.rpm
> rundeck-4.17.0.20230925-1.noarch.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK
> (MISSING KEYS: (MD5) PGP#e5d5a125)
In RHEL 9
> $ rpm -K rundeck-4.17.0.20230925-1.noarch.rpm
> rundeck-4.17.0.20230925-1.noarch.rpm:warning: Signature not supported.
> Hash algorithm SHA1 not available.
> warning: Signature not supported. Hash algorithm SHA1 not available.
> digests SIGNATURES NOT OK
Since SHA1 is no more available on RHEL9, one simply cannot install
Rundeck on this OS :
> # dnf install --enablerepo=pagerduty_rundeck rundeck
> [...]
> warning: Signature not supported. Hash algorithm SHA1 not available.
> warning: Signature not supported. Hash algorithm SHA1 not available.
> Problem opening package rundeck-4.17.0.20230925-1.noarch.rpm
> Error: GPG check FAILED
Would you consider fixing the signature in SHA256 please ?
Regards
Xavier
--
Xavier Humbert
CRT Supervision et Exploitation de Niveau 1
Direction des Services d'Information du Grand Est
Rectorat de Nancy-Metz
Ministère de l'Éducation Nationale et de la Jeunesse
03 83 86 27 39
Seems the the RPM package is incorrectly signed :
In RHEL7/8 :
> $ rpm -K rundeck-4.17.0.20230925-1.noarch.rpm
> rundeck-4.17.0.20230925-1.noarch.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK
> (MISSING KEYS: (MD5) PGP#e5d5a125)
In RHEL 9
> $ rpm -K rundeck-4.17.0.20230925-1.noarch.rpm
> rundeck-4.17.0.20230925-1.noarch.rpm:warning: Signature not supported.
> Hash algorithm SHA1 not available.
> warning: Signature not supported. Hash algorithm SHA1 not available.
> digests SIGNATURES NOT OK
Since SHA1 is no more available on RHEL9, one simply cannot install
Rundeck on this OS :
> # dnf install --enablerepo=pagerduty_rundeck rundeck
> [...]
> warning: Signature not supported. Hash algorithm SHA1 not available.
> warning: Signature not supported. Hash algorithm SHA1 not available.
> Problem opening package rundeck-4.17.0.20230925-1.noarch.rpm
> Error: GPG check FAILED
Would you consider fixing the signature in SHA256 please ?
Regards
Xavier
--
Xavier Humbert
CRT Supervision et Exploitation de Niveau 1
Direction des Services d'Information du Grand Est
Rectorat de Nancy-Metz
Ministère de l'Éducation Nationale et de la Jeunesse
03 83 86 27 39
Xavier Humbert
Oct 2, 2023, 10:02:49 AM10/2/23
to rundeck...@googlegroups.com
I've found where resides the problem
:
--digest-algo=sha1
Xavier
Le 10/2/23 15:41, 'Xavier Humbert' via
rundeck-discuss a écrit :
Seems the the RPM package is incorrectly signed :
-- Xavier Humbert CRT Supervision et Exploitation de Niveau 1 Direction des Services d'Information du Grand Est Rectorat de Nancy-Metz Ministère de l'Éducation Nationale et de la Jeunesse 03 83 86 27 39
rac...@rundeck.com
Oct 4, 2023, 8:39:56 AM10/4/23
to rundeck-discuss
Reply all
Reply to author
Forward
0 new messages