factose.blogg.se

12 Juli 2023 - 17:05
Redhat packages
Allmänt
Redhat packages









redhat packages

(In reply to Cédric Jeanneret from comment #6) Unless we need to re-key the whole thing, but in this case, we're facing some major issues. So afaik, we'd "just" need to ship updated pub key using sha256 algorithm instead, and we should be fine. This is more than probably because the public keys shipped on the system are still using the SHA-1 digest. We may do this from within a container (provided you're running it with proper privileges), or some virtual machine - as long as it's up-to-date. *from an up-to-date CentOS Stream 9*: podman pull /ubi9:latest Podman run -rm -ti centos/centos:stream9 bash # start a container interactivelyĭnf install -y git # or any other packageįor the container signature verification: Podman pull centos/centos:stream9 # ensure latest image Reproducers are easy, and can be self-contained: container signature verification (the ones provided by our Red Hat registry, for instance the ubi9 image) package signature verification (it's a GPG key, really) Note that the same issue seems to happen when checking the container image signature from a centos-9 host, we reported here:įrom what I could see, GPG is used (maybe just a lib affected by the SHA-1 deprecation) for, at least: Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224Ĭompression: Uncompressed, ZIP, ZLIB, BZIP2 Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSAĬipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, There is NO WARRANTY, to the extent permitted by law. This is free software: you are free to change and redistribute it. Gpg: Note: signatures using the SHA1 algorithm are rejected Gpg: keyblock resource '/root/.gnupg/pubring.kbx': No such file or directory

redhat packages redhat packages

It seems to be linked to gpg, since it seems to reject the SHA1 ]# gpg -dry-run -import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial 1 root root 1683 Feb 21 15:30 /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficialĪnd it goes the same for all the packages to install. The GPG keys listed for the "CentOS Stream 9 - BaseOS" repository are already installed but they are not correct for this package.Ĭheck that the correct key URLs are configured for this repository. Starting today, it's impossible to install any package in said image:











Redhat packages
0 kommentar(er)
Om Mig: