[
https://issues.apache.org/jira/browse/CASSANDRA-18986?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brandon Williams updated CASSANDRA-18986:
-----------------------------------------
Description:
Due to the presence of SHA1 keys they have to be explicitly allowed before C*
can be installed on RHEL 9-based systems:
{quote}
Importing GPG key 0xF2833C93:
Userid : "Eric Evans <[email protected]>"
Fingerprint: CEC8 6BB4 A0BA 9D0F 9039 7CAE F835 8FA2 F283 3C93
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x8D77295D:
Userid : "Eric Evans <[email protected]>"
Fingerprint: C496 5EE9 E301 5D19 2CCC F2B6 F758 CE31 8D77 295D
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x2B5C1B00:
Userid : "Sylvain Lebresne (pcmanus) <[email protected]>"
Fingerprint: 5AED 1BF3 78E9 A19D ADE1 BCB3 4BD7 36A8 2B5C 1B00
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
warning: Signature not supported. Hash algorithm SHA1 not available.
Key import failed (code 2). Failing package is: cassandra-4.0.11-1.noarch
GPG Keys are configured as: https://downloads.apache.org/cassandra/KEYS
The downloaded packages were saved in cache until the next successful
transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED
{quote}
This can be worked around by allowing SHA1:
{quote}
update-crypto-policies --set DEFAULT:SHA1
{quote}
https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
was:
Due to the presence of SHA1 keys they have to be explicitly allowed before C*
can be installed on RHEL 9-based systems:
{quote}
Importing GPG key 0xF2833C93:
Userid : "Eric Evans <[email protected]>"
Fingerprint: CEC8 6BB4 A0BA 9D0F 9039 7CAE F835 8FA2 F283 3C93
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x8D77295D:
Userid : "Eric Evans <[email protected]>"
Fingerprint: C496 5EE9 E301 5D19 2CCC F2B6 F758 CE31 8D77 295D
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x2B5C1B00:
Userid : "Sylvain Lebresne (pcmanus) <[email protected]>"
Fingerprint: 5AED 1BF3 78E9 A19D ADE1 BCB3 4BD7 36A8 2B5C 1B00
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
warning: Signature not supported. Hash algorithm SHA1 not available.
Key import failed (code 2). Failing package is: cassandra-4.0.11-1.noarch
GPG Keys are configured as: https://downloads.apache.org/cassandra/KEYS
The downloaded packages were saved in cache until the next successful
transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED
{quote}
This can be worked around by allowing SHA1:
{quote}
update-crypto-policies --set DEFAULT:SHA1
{quote}
> SHA1 keys prevent installation on RHEL 9
> ----------------------------------------
>
> Key: CASSANDRA-18986
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18986
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 5.0.x, 5.x
>
>
> Due to the presence of SHA1 keys they have to be explicitly allowed before C*
> can be installed on RHEL 9-based systems:
> {quote}
> Importing GPG key 0xF2833C93:
> Userid : "Eric Evans <[email protected]>"
> Fingerprint: CEC8 6BB4 A0BA 9D0F 9039 7CAE F835 8FA2 F283 3C93
> From : https://downloads.apache.org/cassandra/KEYS
> Is this ok [y/N]: y
> Key imported successfully
> Importing GPG key 0x8D77295D:
> Userid : "Eric Evans <[email protected]>"
> Fingerprint: C496 5EE9 E301 5D19 2CCC F2B6 F758 CE31 8D77 295D
> From : https://downloads.apache.org/cassandra/KEYS
> Is this ok [y/N]: y
> Key imported successfully
> Importing GPG key 0x2B5C1B00:
> Userid : "Sylvain Lebresne (pcmanus) <[email protected]>"
> Fingerprint: 5AED 1BF3 78E9 A19D ADE1 BCB3 4BD7 36A8 2B5C 1B00
> From : https://downloads.apache.org/cassandra/KEYS
> Is this ok [y/N]: y
> warning: Signature not supported. Hash algorithm SHA1 not available.
> Key import failed (code 2). Failing package is: cassandra-4.0.11-1.noarch
> GPG Keys are configured as: https://downloads.apache.org/cassandra/KEYS
> The downloaded packages were saved in cache until the next successful
> transaction.
> You can remove cached packages by executing 'yum clean packages'.
> Error: GPG check FAILED
> {quote}
> This can be worked around by allowing SHA1:
> {quote}
> update-crypto-policies --set DEFAULT:SHA1
> {quote}
> https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
