Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add support for setting gpg.conf settings #130

Closed
tfoote opened this issue May 23, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@tfoote
Copy link
Member

commented May 23, 2016

SHA1 is deprecated in signing apt repos, but it's the default gpg signature and cert digest algorithm for gnupg.

The underlying problem is: https://wiki.debian.org/Teams/Apt/Sha1Removal
With blog post explainations here: https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/ and clarification here: https://juliank.wordpress.com/2016/03/15/clarifications-and-updates-on-apt-sha1/

Adding this to the gpg.conf on the repository machine avoids this problem

cert-digest-algo SHA256
digest-algo SHA256

resolves this issue: Also discussed here: ros/rosdistro#10787 http://discourse.ros.org/t/deployment-approaches-for-new-gpg-key/224/2

@tfoote

This comment has been minimized.

Copy link
Member Author

commented Jun 26, 2017

@nuclearsandwich I ran into this on the r2b2 test farm. It would be great to build this into the deployment. I believe that it's manually fixed on our production farm.

@nuclearsandwich nuclearsandwich self-assigned this Jun 26, 2017

@nuclearsandwich

This comment has been minimized.

Copy link
Contributor

commented Aug 31, 2017

This is now part of the xenialize branch changes. These are the only two lines in the gpg.conf. If we want to add more we can.

@nuclearsandwich

This comment has been minimized.

Copy link
Contributor

commented Oct 20, 2017

Resolved now that Xenial is the default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.