Upgrade Authentication Services and SHA1 deprecation
说明
Systems with the SHA1 algorithm disabled per crypto-policies may exhibit issues while performing unattended installation of Authentication Services 5.x.x, specially on Rocky and AlmaLinux 9.x
Similar errors can be seen: Checking for recommended patches...Done Checking for available software... Done Checking for installed software... warning: Signature not supported. Hash algorithm SHA1 not available. error: rpmdbNextIterator: skipping h# 1170 Header V4 RSA/SHA1 Signature, key ID 4417450c: BAD Header SHA256 digest: OK Header SHA1 digest: OK warning: Signature not supported. Hash algorithm SHA1 not available. error: rpmdbNextIterator: skipping h# 1171 Header V4 RSA/SHA1 Signature, key ID 4417450c: BAD Header SHA256 digest: OK Header SHA1 digest: OK
原因
The SHA-1 algorithm is used for creating and verifying signatures. Current crypto policies consider SHA1 to be an insecure algorithm and disable it by default.
解决办法
This is expected and not a bug. Re-enable the SHA1 algorithm momentarily, install the product, and reenable the default policy.
1- # sudo update-crypto-policies --set DEFAULT:SHA1 2- proceed to install our package 3- # sudo update-crypto-policies --set DEFAULT # this will enable default security policy without SHA1