reprepro still generates SHA1 sum
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
reprepro (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
A while ago I filed a question, but there was no reasonable response, so I file this bug!
https:/
I have a package mirror built with reprepro in which I deliver self-built packages to our customers systems. After testing with Ubunut Xenial apt-get update is complaining about SHA1 Hash in "InRelease" file on the mirror.
I did some troubleshooting, including generating a new gpg key with "--digest-algo SHA512" and doing a reprepro export xenial
InRelease file was upgraded but it's still a SHA1 hash.
First tested this with the standard version of trusty (4.13.1-1build1). After having no luck with my troubleshooting gpg I upgraded to the Xenial version of reprepro (4.17.0-1) but this doesn't help either.
To be more precise: This is not about the SHA-Sum of the files listed in the "InRelease" file. This is about the PGP signature of the whole InRelease file (2nd line of the file looks like this: "Hash: SHA1")
Due to Xenial complaining about this, reprepro should be patched to take care of this hash!
Changed in reprepro (Ubuntu): | |
status: | Confirmed → Invalid |
Status changed to 'Confirmed' because the bug affects multiple users.