Hi all. Recent releases (el10 in particular) started to complain about
a SHA-1 algorithm in use for our release key
(https://download.ceph.com/keys/release.asc). I have re-signed the
portion of the key that was using the obsolete algorithm and the new key
is available at the same location.
You can tell the new key because it's 1660 bytes, and it has no
"Version:" string in the text. Also, it will cleanly import into el10
rpm, whereas the original does not.
This will fix el10 rpm's failure to verify the signature on .rpm files:
error: Verifying a signature using certificate
08B73419AC32B4E966C1A330E84AC2C0460F3994 (Ceph.com (release key)
<[email protected]>):
1. Certificate E84AC2C0460F3994 invalid: policy violation
because: No binding signature at time 2025-10-03T17:18:24Z
If you experience such errors, download the new key from
https://tracker.ceph.com/issues/74861 and use rpm --import to store it
in rpm's keyring.
Details are in https://tracker.ceph.com/issues/74861. Feel free to
email with questions.
tl;dr: update your release.asc Ceph package-signing key.
_______________________________________________
ceph-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]