Hi all. Recent releases (el10 in particular) started to complain about a SHA-1 algorithm in use for our release key (https://download.ceph.com/keys/release.asc). I have re-signed the portion of the key that was using the obsolete algorithm and the new key is available at the same location.

You can tell the new key because it's 1660 bytes, and it has no "Version:" string in the text. Also, it will cleanly import into el10 rpm, whereas the original does not.

This will fix el10 rpm's failure to verify the signature on .rpm files:

error: Verifying a signature using certificate 08B73419AC32B4E966C1A330E84AC2C0460F3994 (Ceph.com (release key) <[email protected]>):
1. Certificate E84AC2C0460F3994 invalid: policy violation
because: No binding signature at time 2025-10-03T17:18:24Z

If you experience such errors, download the new key from
https://tracker.ceph.com/issues/74861 and use rpm --import to store it in rpm's keyring.

Details are in https://tracker.ceph.com/issues/74861. Feel free to email with questions.

tl;dr: update your release.asc Ceph package-signing key.
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to