On 6/1/22 13:43, Fabian Arrotin wrote:
> On 01/06/2022 19:51, Orion Poplawski wrote:
>> Looks like the GPG key we use to sign our RPMs is not longer good with EL9:
>>
>> # rpm --import RPM-GPG-KEY-nwra
>> error: RPM-GPG-KEY-nwra: key 1 import failed
>>
>> gpg key info:
>>
>> sec rsa2048/35DDB0B86218AC2F
>> created: 2017-08-16 expires: never usage: SC
>> trust: ultimate validity: ultimate
>> ssb rsa2048/6A7FBC1E9DB22E8E
>> created: 2017-08-16 expires: never usage: E
>>
>> Can someone explain what I need to do to make things compatible with EL9?
>>
>> Thank you!
>>
>
> Just ensure that it's not using SHA1, which was deprecated, reason why the
> CentOS keys had to be re-signed with newer algo too
>
> See this thread :
> https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html
Thanks - but I don't know how to check if it is using SHA1 or how to
regenerate it with SHA512.
--
Orion Poplawski
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@xxxxxxxx
Boulder, CO 80301 https://www.nwra.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
