You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems to be related to apt dropping support for SHA1 keys. The same
is supposed to happen with Debian as of January 1st 2017. To my
understanding the fix should be rather straight forward:
The repository owner needs to pass --digest-algo SHA512 or --digest-algo
SHA256 (or another SHA2 algorithm) to gpg when signing the file.
Repositories with DSA keys need to be migrated to RSA first.
Migrating from DSA to RSA is best done by signing the repository with
two keys (old and new one) and shipping the new one to the users. A
relatively safe way to ship the key would be to embed it in the package.
Some months after those changes, it is OK to drop the old key from the
repository and the users machines (if shipped with a package).
The text was updated successfully, but these errors were encountered:
After updating the server we have the agent running on to Ubuntu 16.04
we get the following error:
W: https://apt.buildkite.com/buildkite-agent/dists/stable/Release.gpg:
Signature by key 32A37959C2FA5C3C99EFBC32A79206696452D198 uses weak
digest algorithm (SHA1)
It seems to be related to apt dropping support for SHA1 keys. The same
is supposed to happen with Debian as of January 1st 2017. To my
understanding the fix should be rather straight forward:
https://wiki.debian.org/Teams/Apt/Sha1Removal
boiling down to
The repository owner needs to pass --digest-algo SHA512 or --digest-algo
SHA256 (or another SHA2 algorithm) to gpg when signing the file.
Repositories with DSA keys need to be migrated to RSA first.
Migrating from DSA to RSA is best done by signing the repository with
two keys (old and new one) and shipping the new one to the users. A
relatively safe way to ship the key would be to embed it in the package.
Some months after those changes, it is OK to drop the old key from the
repository and the users machines (if shipped with a package).
The text was updated successfully, but these errors were encountered: