I would like to request that RPMs from virtualmin be SHA256 signed instead of SHA1 for increased security and compatibility with fapolicyd.
Changing signing algorithm can be tricky. Does the RPM/yum version found in CentOS 7 support SHA256 without modification?
I am running CentOS 8 and it does. I’m not sure about 7
If you can find out and give me a link to something about it (docs or commit log or whatever), I’ll add it to my todo list for Virtualmin 7 repos. I can’t change anything about signing for the vm6 repos, but vm7 branches soon (and it will be possible to switch which repos you use).
I will try to find something publicly posted.
I know that there are RHEL6 RPMs that are SHA256
ie. ftp-0.17-54.el6.x86_64.rpm
It seems SHA256 support was added to rpm version 4.6.0.
https://rpm.org/wiki/Releases/4.6.0
This would be during RHEL6. (RHEL6.10 has version 4.8.0)
Is this sufficient for you to migrate to SHA256?
Yep. I’ll plan to do it for Virtualmin 7 repos.
Thanks for digging this up!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.