Mailinglist Archive: opensuse-buildservice (86 mails)

< Previous Next >
Re: [opensuse-buildservice] Ubuntu 16.04 package and repo signing
On Mittwoch, 1. Juni 2016, 14:00:01 CEST wrote Ralf Becker:
We use a local OBS installation to build packages for Ubuntu 16.04 (and
other Linux distros).

Since 16.04 we get the following Warning when installing the build packages:

Signature by key F19CBD3B9524C7AF90E8F82B50ADCD040606728A uses weak
digest algorithm (SHA1)

WARNING: untrusted versions of the following packages will be installed!

Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.

egroupware-epl egroupware-epl-timesheet egroupware-epl-mail
egroupware-epl-core egroupware-epl-vendor egroupware-epl-infolog
egroupware-epl-registration egroupware-epl-stylite
egroupware-epl-projectmanager egroupware-epl-resources egroupware-epl-esync
egroupware-epl-bookmarks egroupware-epl-tracker
egroupware-epl-news-admin egroupware-epl-notifications
egroupware-epl-filemanager egroupware-epl-importexport

Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No":

It seems to be caused by Ubuntu 16.04 and also next Debian version
deprecated sha1 Hashes in package and repo signatures.

Is there any solution for that in OBS yet?

OBS 2.7 is signing apt repos also with sha256


Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation