Skip to content

[build] Sign debs with sha512#8002

Merged
jbudz merged 1 commit intoelastic:masterfrom
jbudz:issues/7992
Aug 22, 2016
Merged

[build] Sign debs with sha512#8002
jbudz merged 1 commit intoelastic:masterfrom
jbudz:issues/7992

Conversation

@jbudz
Copy link
Copy Markdown
Contributor

@jbudz jbudz commented Aug 15, 2016

Debian/ubuntu will be disabling support for release files signed with sha1 in the future, and currently a warning is shown. This makes sure the release file is signed using sha512. Closes #7992.

See https://wiki.debian.org/Teams/Apt/Sha1Removal

@jbudz
Copy link
Copy Markdown
Contributor Author

jbudz commented Aug 18, 2016

jenkins, test this

@epixa
Copy link
Copy Markdown
Contributor

epixa commented Aug 20, 2016

LGTM

@thomasneirynck thomasneirynck self-assigned this Aug 22, 2016
@thomasneirynck
Copy link
Copy Markdown
Contributor

thomasneirynck commented Aug 22, 2016

LGTM

@thomasneirynck thomasneirynck removed their assignment Aug 22, 2016
@jbudz jbudz merged commit a254b7e into elastic:master Aug 22, 2016
elastic-jasper added a commit that referenced this pull request Aug 22, 2016
@elastic-jasper
Backport PR #8002
d921b15 
---------

**Commit 1:**
[build] Sign debs with sha512

* Original sha: 71b3f58
* Authored by Jonathan Budzenski <jon@jbudz.me> on 2016-08-15T14:34:53Z
elastic-jasper added a commit that referenced this pull request Aug 22, 2016
@elastic-jasper
Backport PR #8002
cd938e1 
---------

**Commit 1:**
[build] Sign debs with sha512

* Original sha: 71b3f58
* Authored by Jonathan Budzenski <jon@jbudz.me> on 2016-08-15T14:34:53Z
This was referenced Aug 22, 2016
Merged
Merged
jbudz added a commit that referenced this pull request Aug 22, 2016
@jbudz
Merge pull request #8045 from elastic/jasper/backport/8002/4.5
73d7dc6 
[backport] PR #8002 to 4.5
jbudz added a commit that referenced this pull request Aug 22, 2016
@jbudz
Merge pull request #8046 from elastic/jasper/backport/8002/4.x
c019020 
[backport] PR #8002 to 4.x
@cwhsu1984
Copy link
Copy Markdown

cwhsu1984 commented Nov 1, 2016

Hi,

my os is ubuntu 16.04
Is this issue fixed?

W: http://packages.elastic.co/kibana/4.5/debian/dists/stable/Release.gpg: Signature by key 46095ACC8548582C1A2699A9D27D666CD88E42B4 uses weak digest algorithm (SHA1)
W: GPG error: http://ppa.launchpad.net/webupd8team/java/ubuntu xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C2518248EEA14886
W: The repository 'http://ppa.launchpad.net/webupd8team/java/ubuntu xenial InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

@epixa
Copy link
Copy Markdown
Contributor

epixa commented Nov 1, 2016

@cwhsu1984 This issue is fixed in 5.0.0 GA, but you need to remove the 5.x-prerelease repo and replace it with the 5.x repo in order to get GA instead of RC1.

Delete or empty /etc/apt/sources.list.d/kibana.list, then follow the instructions on https://www.elastic.co/guide/en/kibana/current/deb.html#deb-repo

airow pushed a commit to airow/kibana that referenced this pull request Feb 16, 2017
@jbudz
Merge pull request elastic#8002 from jbudz/issues/7992
d8e1457 
[build] Sign debs with sha512

Former-commit-id: a254b7e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

review v4.6.0 v5.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jbudz @epixa @thomasneirynck @cwhsu1984