Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Packages should be signed with SHA256 as SHA1 is considered deprecated #4944

Closed
TheWitness opened this issue Oct 7, 2022 · 2 comments
Closed
Labels
3rd Party Change Something that Cacti can't fix directly api API related issues bug Undesired behaviour packaging Packaging as in Cacti Templates resolved A fixed issue
Milestone

Comments

@TheWitness
Copy link
Member

Describe the bug

Just had a RHEL9 ticket where Cacti packages were not being installed. It turned out that Red Hat has deprecated SHA1. So, we should migrate packages to SHA256 in order to avoid confusion.

https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9

The command to enable SHA1 is as follows:

update-crypto-policies --set DEFAULT:SHA1

As a workaround.

To Reproduce

Simply install Cacti and it's packages on RHEL9

Expected behavior

Cacti should work on RHEL9 out of the box.

@TheWitness TheWitness added bug Undesired behaviour 3rd Party Change Something that Cacti can't fix directly labels Oct 7, 2022
@TheWitness TheWitness added this to the v1.2.23 milestone Oct 7, 2022
@TheWitness TheWitness added resolved A fixed issue api API related issues packaging Packaging as in Cacti Templates 3rd Party Change Something that Cacti can't fix directly and removed 3rd Party Change Something that Cacti can't fix directly labels Oct 8, 2022
@TheWitness
Copy link
Member Author

Fixed here on the import side.

2c1f773

TheWitness added a commit that referenced this issue Oct 8, 2022
@TheWitness
Copy link
Member Author

I'll be re-packaging before release. So, we can call this one done.

TheWitness added a commit that referenced this issue Oct 8, 2022
We have to check the string length as the improper use of the SHA256 generates some annoying errors.
@netniV netniV changed the title Newer Cacti Packages should be signed with SHA256 as SHA1 is being deprecated Packages should be signed with SHA256 as SHA1 is considered deprecated Dec 31, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Apr 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
3rd Party Change Something that Cacti can't fix directly api API related issues bug Undesired behaviour packaging Packaging as in Cacti Templates resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

1 participant