Skip to content
Snippets Groups Projects
Verified Commit 2c2bfa33 authored by Alex Iribarren's avatar Alex Iribarren
Browse files

Set legacy crypto policy for old SHA1 keys

parent 4f47f8a1
No related branches found
No related tags found
1 merge request!230Set legacy crypto policy for old SHA1 keys
Pipeline #4862178 passed
Stage: prepare
    Stage: build
      Stage: deploy_test
        Stage: deploy
          Stage: cleanup
            Hide whitespace changes
            Inline Side-by-side
            Showing
            with 4 additions and 2 deletions
            reposync/Dockerfile
            + 4
            2
            View file @ 2c2bfa33
            FROM gitlab-registry.cern.ch/linuxsupport/alma9-base:latest
            RUN yum install -y yum-utils bc diffutils python3-requests \
            RUN yum install -y yum-utils bc diffutils python3-requests crypto-policies-scripts \
            && yum clean all
            RUN rm -rf /etc/yum.repos.d/*
            COPY gpgkeys/ /etc/pki/rpm-gpg/
            RUN find /etc/pki/rpm-gpg/ -type f -exec rpm --import {} \;
            # We still have plenty of gpg keys with SHA1 signatures, so we need the LEGACY crypto policy
            RUN update-crypto-policies --set LEGACY \
            && find /etc/pki/rpm-gpg/ -type f -exec rpm --import {} \;
            COPY *.sh /root/
            COPY *.py /root/
            COPY prod.repos.d/ /root/prod.repos.d/
            ......
            0% or .
            You are about to add 0 people to the discussion. Proceed with caution.
            Finish editing this message first!
            Please register or to comment