Request SHA256 Signing of RPMs

I would like to request that RPMs from virtualmin be SHA256 signed instead of SHA1 for increased security and compatibility with fapolicyd.

Changing signing algorithm can be tricky. Does the RPM/yum version found in CentOS 7 support SHA256 without modification?

I am running CentOS 8 and it does. I’m not sure about 7

If you can find out and give me a link to something about it (docs or commit log or whatever), I’ll add it to my todo list for Virtualmin 7 repos. I can’t change anything about signing for the vm6 repos, but vm7 branches soon (and it will be possible to switch which repos you use).

I will try to find something publicly posted.

I know that there are RHEL6 RPMs that are SHA256
ie. ftp-0.17-54.el6.x86_64.rpm

It seems SHA256 support was added to rpm version 4.6.0.
https://rpm.org/wiki/Releases/4.6.0

This would be during RHEL6. (RHEL6.10 has version 4.8.0)

Is this sufficient for you to migrate to SHA256?

1 Like

Yep. I’ll plan to do it for Virtualmin 7 repos.

Thanks for digging this up!

1 Like