Mailinglist Archive: opensuse-buildservice (86 mails)

< Previous Next >
[opensuse-buildservice] Ubuntu 16.04 package and repo signing
We use a local OBS installation to build packages for Ubuntu 16.04 (and
other Linux distros).

Since 16.04 we get the following Warning when installing the build packages:

Signature by key F19CBD3B9524C7AF90E8F82B50ADCD040606728A uses weak
digest algorithm (SHA1)

WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

egroupware-epl egroupware-epl-timesheet egroupware-epl-mail
egroupware-epl-core egroupware-epl-vendor egroupware-epl-infolog
egroupware-epl-registration egroupware-epl-stylite
egroupware-epl-projectmanager egroupware-epl-resources egroupware-epl-esync
egroupware-epl-bookmarks egroupware-epl-tracker
egroupware-epl-news-admin egroupware-epl-notifications
egroupware-epl-filemanager egroupware-epl-importexport

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No":

It seems to be caused by Ubuntu 16.04 and also next Debian version
deprecated sha1 Hashes in package and repo signatures.

Is there any solution for that in OBS yet? also lists Open Build
Service repos.


Ralf Becker
Director Software Development

Stylite AG

Isaac-Fulda-Allee 9 | Tel. +49 6131 32702-0
D-55124 Mainz | Fax. +49 6131 32702-70

Email: rb@xxxxxxxxxx |

Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller
Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer

VAT DE214280951 | Registered HRB 46224 Mainz Germany

< Previous Next >
List Navigation
Follow Ups