Use SHA256 to sign packages instead of default SHA1

[brandond]

Related to:

• Installation on CentOS Stream 9 aborts due to failed GPG check k3s#5588

[vwbusguy]

I tested this out by building and running the centos8 container here and then installed the rpm with dnf in a centos:stream9 container and didn't get any complaints about the signature.

For good measure, I also installed it in a centos:stream8 container for good measure and also didn't have any problem:

I could be wrong, but I don't believe you need to force v3 signatures on EL8/9 as they both ship with yum4 out of box (yum 4 is a symlink to dnf 3) and the old DSA keys aren't supported anyway as of EL8. That said, I believe this PR is likely to work as-is.

# ls -l `which yum`
lrwxrwxrwx. 1 root root 5 Mar 24 09:08 /usr/bin/yum -> dnf-3

[brandond]

I could be wrong, but I don't believe you need to force v3 signatures on EL8/9 as they both ship with yum4 out of box

The problem is not the yum version that it ships with, the problem is that the rpm macros on EL8 still don't use the correct signing algs by default. So you have to override the macros to get the signatures that the same distro wants to use when installing packages.