forked from rpms/leapp-repository
37 lines
1.4 KiB
Diff
37 lines
1.4 KiB
Diff
From 75b8b96f8b7b6705fe52135dab32cc6c8d886db3 Mon Sep 17 00:00:00 2001
|
|
From: Petr Stodulka <pstodulk@redhat.com>
|
|
Date: Fri, 10 Jan 2025 15:16:05 +0100
|
|
Subject: [PATCH 47/53] IPU 9 -> 10: obsolete GPG key with SHA1 signature
|
|
|
|
When upgrading to RHEL 10, we have analogical problem as we had for
|
|
IPU 8 -> 9 due to GPG keys with SHA1 signatures. The SHA1 algorithm
|
|
is considered unsecure since RHEL 9 and all RPMs are required to be
|
|
signed by keys with SHA2 signatures. The RHEL 9 GPG (auxiliary) key
|
|
is unfortunately still signed with SHA1 and RHEL 10 tooling refuse
|
|
to use it for any operations.
|
|
|
|
To resolve this apply the same solution as we did in the past:
|
|
* obsolete original key
|
|
* install the target RHEL 10 GPG keys during the upgrade
|
|
|
|
jira: RHEL-71517
|
|
---
|
|
.../system_upgrade/common/files/distro/rhel/gpg-signatures.json | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
|
|
index 8a5471a8..3cc67f82 100644
|
|
--- a/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
|
|
+++ b/repos/system_upgrade/common/files/distro/rhel/gpg-signatures.json
|
|
@@ -14,6 +14,6 @@
|
|
"gpg-pubkey-db42a60e-37ea5438"
|
|
],
|
|
"9": ["gpg-pubkey-d4082792-5b32db75"],
|
|
- "10": []
|
|
+ "10": ["gpg-pubkey-fd431d51-4ae0493b"]
|
|
}
|
|
}
|
|
--
|
|
2.47.1
|
|
|