V Tue, May 31, 2022 at 08:07:57AM +0200, Alexander Sosedkin napsal(a):
On Mon, May 30, 2022 at 10:34 PM Garry T. Williams
<gtwilliams(a)gmail.com> wrote:
> On Friday, April 29, 2022 5:49:05 PM EDT Ben Cotton wrote:
> > Cryptographic policies will be tightened in Fedora 38-39,
> > SHA-1 signatures will no longer be trusted by default.
> > Fedora 37 specifically doesn't come with any change of defaults,
> > and this Fedora Change is an advance warning filed for extra visibility.
> > Test your setup with FUTURE today and file bugs so you won't get bit
> > by Fedora 38-39.
> >
> After looking in
> /usr/share/crypto-policies/policies/modules, I tried again with:
>
> $ sudo update-crypto-policies --set FUTURE:SHA1
> Setting system policy to FUTURE:SHA1
>
> But that didn't get me back. I got the same error doing dnf upgrade.
>
> I had to do:
>
> $ sudo update-crypto-policies --set DEFAULT
>
> to get back to dnf working again.
>
> > file bug reports against the affected components if not filed already.
>
> I really don't know what "component" to use filing a bug.
Yeah, that seems like a case when
the service administrator is the one to be notified.
Reported to <
https://pagure.io/fedora-infrastructure/issue/10737>. The real
cause is not SHA-1. It's a 2048-bit RSA key of an intermediate certificate.
-- Petr