[CentOS] signing RPM packages with SHA256
Alice Wonder
alice at domblogger.netWed Jan 20 07:37:35 UTC 2016
- Previous message: [CentOS] LVM thin volumes fstrim operation not supported
- Next message: [CentOS] signing RPM packages with SHA256
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi, I noticed that RPM packages I sign use SHA1 Signature : RSA/SHA1, Fri 08 Jan 2016 10:50:58 AM PST, Key ID ad3b591d147abf59 Signatures from CentOS 7 use SHA256 Signature : RSA/SHA256, Wed 06 Jan 2016 08:54:58 AM PST, Key ID 24c6a8a7f4a80eb5 I'm trying to find where / how to use sha256 when I sign packages but I am not having much luck. Closest I have found is this : https://fedoraproject.org/wiki/RPM_file_format_changes_to_support_SHA-256 That page appears to be from 2009 and six years is a really long time, things change a lot. Is there an up to date reference somewhere on RPM package signing that I haven't stumbled upon yet? SHA1 is broken. I shouldn't be using it. CentOS 7 is all I build packages for. Thank you.
- Previous message: [CentOS] LVM thin volumes fstrim operation not supported
- Next message: [CentOS] signing RPM packages with SHA256
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list