On 6/1/22 13:43, Fabian Arrotin wrote:
On 01/06/2022 19:51, Orion Poplawski wrote:
Looks like the GPG key we use to sign our RPMs is not longer good with EL9:
# rpm --import RPM-GPG-KEY-nwra error: RPM-GPG-KEY-nwra: key 1 import failed
gpg key info:
sec rsa2048/35DDB0B86218AC2F created: 2017-08-16 expires: never usage: SC trust: ultimate validity: ultimate ssb rsa2048/6A7FBC1E9DB22E8E created: 2017-08-16 expires: never usage: E
Can someone explain what I need to do to make things compatible with EL9?
Thank you!
Just ensure that it's not using SHA1, which was deprecated, reason why the CentOS keys had to be re-signed with newer algo too
See this thread : https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html
Thanks - but I don't know how to check if it is using SHA1 or how to regenerate it with SHA512.