Repo key cannot be imported on RHEL-9 #89487
Labels
>bug
:Core/Infra/Settings
Settings infrastructure and APIs
Team:Core/Infra
Meta label for core/infra team
Elasticsearch Version
any
Installed Plugins
No response
Java Version
any
OS Version
RHEL-9
Problem Description
RHEL-9 disabled the usage of the long-deprecate SHA-1 for signatures.
The ES repo key dates form 2013 (when SHA-1 was already deprecated) and it used SHA-1. This means that the ES repo cannot be added to RHEL-9, unless its security settings are changed, which conflicts with security certification requirements.
You need to generate a new key that will use a modern-day algorithm like SHA-256 and re-sign your packages.
Current key info - look for "digest algo 2", this denotes SHA-1; once you switch to SHA-256, it will say something like "digest algo 8":
Steps to Reproduce
Try to import the key into a RHEL-9 system. Result is:
Logs (if relevant)
No response
The text was updated successfully, but these errors were encountered: