Re: Fedora Copr builders updated to Fedora 38

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/14/23 11:02, Pavel Raiskup wrote:

On úterý 13. června 2023 16:57:42 CEST Neal H. Walfield wrote:

On Thu, 08 Jun 2023 21:37:09 +0200,
Ondřej Budai wrote:

RPM Sequoia's crypto policies can be configured, so you should be able to re-enable SHA-1. However, this would
be a global change, not only for EL6... See
https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/#hash-functions
...
On Thu, Jun 8, 2023 at 5:42 PM Pavel Raiskup <praiskup@xxxxxxxxxx> wrote:

  Hello maintainers!

  Copr builders have been updated to Fedora 38 today (some old builders
  might still be running F37 ATM, but when they finish the task(s) they
  work on, they will be deleted). Our testsuite is passing just fine, so
  you _should_ be fine too :-).  Please let us know if you have some
  troubles.

  There was one important change in Fedora 38 - RPM switched to the
  Sequoia crypto backend.  It refuses SHA-1 in crypto;  which basically
  disallows Mock to properly check EL6 GPG signatures.  To allow further
  builds, we switched to gpgcheck=0 for all epel-6 chroots.  If you know a
  better work-around, let me know.


I find this behavior surprising.  The default policy as set by
fedora-crypto-policies is for rpm-sequoia is to accept SHA-1 (and
DSA-1024, ...):

   https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/blob/master/policies/FEDORA38.pol#L75

What policy are you using?


The `DEFAULT:SHA1`, but it is weird - I can not reproduce the build
failure now.  Is something changing in the backgrounds?
There haven't been any related changes in the last couple of months (that I'm aware of), but it was different initially yes. 

	- Panu -

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux