On 6/1/22 13:43, Fabian Arrotin wrote: > On 01/06/2022 19:51, Orion Poplawski wrote: >> Looks like the GPG key we use to sign our RPMs is not longer good with EL9: >> >> # rpm --import RPM-GPG-KEY-nwra >> error: RPM-GPG-KEY-nwra: key 1 import failed >> >> gpg key info: >> >> sec rsa2048/35DDB0B86218AC2F >> created: 2017-08-16 expires: never usage: SC >> trust: ultimate validity: ultimate >> ssb rsa2048/6A7FBC1E9DB22E8E >> created: 2017-08-16 expires: never usage: E >> >> Can someone explain what I need to do to make things compatible with EL9? >> >> Thank you! >> > > Just ensure that it's not using SHA1, which was deprecated, reason why the > CentOS keys had to be re-signed with newer algo too > > See this thread : > https://lists.centos.org/pipermail/centos-devel/2022-March/120263.html Thanks - but I don't know how to check if it is using SHA1 or how to regenerate it with SHA512. -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 https://www.nwra.com/