From 75b8b96f8b7b6705fe52135dab32cc6c8d886db3 Mon Sep 17 00:00:00 2001 From: Petr Stodulka Date: Fri, 10 Jan 2025 15:16:05 +0100 Subject: [PATCH 47/53] IPU 9 -> 10: obsolete GPG key with SHA1 signature When upgrading to RHEL 10, we have analogical problem as we had for IPU 8 -> 9 due to GPG keys with SHA1 signatures. The SHA1 algorithm is considered unsecure since RHEL 9 and all RPMs are required to be signed by keys with SHA2 signatures. The RHEL 9 GPG (auxiliary) key is unfortunately still signed with SHA1 and RHEL 10 tooling refuse to use it for any operations. To resolve this apply the same solution as we did in the past: * obsolete original key * install the target RHEL 10 GPG keys during the upgrade jira: RHEL-71517 --- .../system_upgrade/common/files/distro/rhel/gpg-signatures.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json index 8a5471a8..3cc67f82 100644 --- a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json +++ b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json @@ -14,6 +14,6 @@ "gpg-pubkey-db42a60e-37ea5438" ], "9": ["gpg-pubkey-d4082792-5b32db75"], - "10": [] + "10": ["gpg-pubkey-fd431d51-4ae0493b"] } } -- 2.47.1