I would like to request that RPMs from virtualmin be SHA256 signed instead of SHA1 for increased security and compatibility with fapolicyd.
Changing signing algorithm can be tricky. Does the RPM/yum version found in CentOS 7 support SHA256 without modification?
I am running CentOS 8 and it does. I’m not sure about 7
If you can find out and give me a link to something about it (docs or commit log or whatever), I’ll add it to my todo list for Virtualmin 7 repos. I can’t change anything about signing for the vm6 repos, but vm7 branches soon (and it will be possible to switch which repos you use).
I will try to find something publicly posted.
I know that there are RHEL6 RPMs that are SHA256
It seems SHA256 support was added to rpm version 4.6.0.
This would be during RHEL6. (RHEL6.10 has version 4.8.0)
Is this sufficient for you to migrate to SHA256?
Yep. I’ll plan to do it for Virtualmin 7 repos.
Thanks for digging this up!