Mailinglist Archive: opensuse-buildservice (63 mails)

< Previous Next >
[opensuse-buildservice] Key for private ubuntu repo with hash >= sha256
  • From: Shazo <shazo@xxxxxxx>
  • Date: Thu, 10 May 2018 07:10:43 +0000
  • Message-id: <CAPJs=t7byng216O=jg64JAveVdmb7VZMV1tLhnswznezKfK85A@mail.gmail.com>
Hello, need help.

Have a problem with gpg keys for my private repo.

I need one key for all ubuntu repositories and hash algo >=sha256.

When publish projects in obs-server, they are signed with a key (example
key below). The key is the algorithm rsa (algo 1) and encryption sha256
(digest algo 8).

But when publish packages, hosts with OS ubuntu 16.04, warn that the key
has a sha1 cipher:
"Signature by key 167F971DD45E6807EF611BB1A18A8926E4050125 uses weak digest
algorithm (SHA1)"

The problem is solved if I create a separate key for the project.
osc signkey --create certbot
obs_admin --republish-repository certbot Ubuntu_16.04_standard

But I need one key for all the repositories. How can I solve this?


Created key example:
gpg2 --list-packets /srv/obs/obs-default-gpg.asc
:public key packet:
version 4, algo 1, created 1525702323, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: 00AAADA57778C8B1
:user ID packet: "private OBS (key without passphrase) <defaultkey@localobs
"
:signature packet: algo 1, keyid 00AAADA57778C8B1
version 4, created 1525702323, md5len 0, sigclass 0x13
digest algo 8, begin of digest 80 f8
hashed subpkt 2 len 4 (sig created 2018-05-07)
hashed subpkt 27 len 1 (key flags: 2F)
hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 3)
hashed subpkt 21 len 4 (pref-hash-algos: 10 9 8 11)
hashed subpkt 22 len 4 (pref-zip-algos: 2 3 1 0)
hashed subpkt 30 len 1 (features: 01)
hashed subpkt 23 len 1 (key server preferences: 80)
subpkt 16 len 8 (issuer key ID 00AAADA57778C8B1)
data: [4096 bits]
:public sub key packet:
version 4, algo 1, created 1525702323, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: A18A8926E4050125
:signature packet: algo 1, keyid 00AAADA57778C8B1
version 4, created 1525702323, md5len 0, sigclass 0x18
digest algo 8, begin of digest e6 30
hashed subpkt 2 len 4 (sig created 2018-05-07)
hashed subpkt 27 len 1 (key flags: 2E)
subpkt 16 len 8 (issuer key ID 00AAADA57778C8B1)
subpkt 32 len 540 (signature: v4, class 0x19, algo 1, digest algo 8)
data: [4096 bits]

I have installed private installation obs server 2.9.2.
Options in BSConfig.pm:
our $forceprojectkeys = 1;
our $sign_project = 0;
our $sign = "/usr/bin/sign";
our $keyfile = "/srv/obs/obs-default-gpg.asc";
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages