reprepro still generates SHA1 sum
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| reprepro (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
A while ago I filed a question, but there was no reasonable response, so I file this bug!
https:/
I have a package mirror built with reprepro in which I deliver self-built packages to our customers systems. After testing with Ubunut Xenial apt-get update is complaining about SHA1 Hash in "InRelease" file on the mirror.
I did some troubleshooting, including generating a new gpg key with "--digest-algo SHA512" and doing a reprepro export xenial
InRelease file was upgraded but it's still a SHA1 hash.
First tested this with the standard version of trusty (4.13.1-1build1). After having no luck with my troubleshooting gpg I upgraded to the Xenial version of reprepro (4.17.0-1) but this doesn't help either.
To be more precise: This is not about the SHA-Sum of the files listed in the "InRelease" file. This is about the PGP signature of the whole InRelease file (2nd line of the file looks like this: "Hash: SHA1")
Due to Xenial complaining about this, reprepro should be patched to take care of this hash!
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in reprepro (Ubuntu): | |
| status: | New → Confirmed |
| Dan Kegel (obdank) wrote | #2 |
| Patrick Banholzer (patrick-banholzer) wrote | #3 |
| Changed in reprepro (Ubuntu): | |
| status: | Confirmed → Invalid |
| webworm (rudy-webworm) wrote | #4 |
Status changed to 'Confirmed' because the bug affects multiple users.