[opensuse-buildservice] Ubuntu 16.04 package and repo signing
We use a local OBS installation to build packages for Ubuntu 16.04 (and other Linux distros). Since 16.04 we get the following Warning when installing the build packages: W: http://staging.stylite.de/repos/stylite-epl-trunk/xUbuntu_16.04/./Release.gp...: Signature by key F19CBD3B9524C7AF90E8F82B50ADCD040606728A uses weak digest algorithm (SHA1) WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do. egroupware-epl egroupware-epl-timesheet egroupware-epl-mail egroupware-epl-core egroupware-epl-vendor egroupware-epl-infolog egroupware-epl-registration egroupware-epl-stylite egroupware-epl-projectmanager egroupware-epl-resources egroupware-epl-esync egroupware-epl-bookmarks egroupware-epl-tracker egroupware-epl-news-admin egroupware-epl-notifications egroupware-epl-filemanager egroupware-epl-importexport egroupware-epl-calendar Do you want to ignore this warning and proceed anyway? To continue, enter "Yes"; to abort, enter "No": It seems to be caused by Ubuntu 16.04 and also next Debian version deprecated sha1 Hashes in package and repo signatures. Is there any solution for that in OBS yet? https://wiki.debian.org/Teams/Apt/Sha1Removal also lists Open Build Service repos. Ralf -- Ralf Becker Director Software Development Stylite AG Isaac-Fulda-Allee 9 | Tel. +49 6131 32702-0 D-55124 Mainz | Fax. +49 6131 32702-70 Email: rb@stylite.de www.stylite.de | www.egroupware.org Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer VAT DE214280951 | Registered HRB 46224 Mainz Germany
On Mittwoch, 1. Juni 2016, 14:00:01 CEST wrote Ralf Becker:
We use a local OBS installation to build packages for Ubuntu 16.04 (and other Linux distros).
Since 16.04 we get the following Warning when installing the build packages:
W: http://staging.stylite.de/repos/stylite-epl-trunk/xUbuntu_16.04/./Release.gp...: Signature by key F19CBD3B9524C7AF90E8F82B50ADCD040606728A uses weak digest algorithm (SHA1)
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system's security. You should only proceed with the installation if you are certain that this is what you want to do.
egroupware-epl egroupware-epl-timesheet egroupware-epl-mail egroupware-epl-core egroupware-epl-vendor egroupware-epl-infolog egroupware-epl-registration egroupware-epl-stylite egroupware-epl-projectmanager egroupware-epl-resources egroupware-epl-esync egroupware-epl-bookmarks egroupware-epl-tracker egroupware-epl-news-admin egroupware-epl-notifications egroupware-epl-filemanager egroupware-epl-importexport egroupware-epl-calendar
Do you want to ignore this warning and proceed anyway? To continue, enter "Yes"; to abort, enter "No":
It seems to be caused by Ubuntu 16.04 and also next Debian version deprecated sha1 Hashes in package and repo signatures.
Is there any solution for that in OBS yet?
OBS 2.7 is signing apt repos also with sha256 -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (2)
-
Adrian Schröter -
Ralf Becker