View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001686 | SkyChart | 1-Software | public | 17-03-20 18:25 | 17-03-22 11:25 |
| Reporter | grof | Assigned To | Patrick Chevalley | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.0 | ||||
| Fixed in Version | 4.0 | ||||
| Summary | 0001686: Installing SkyChart 4.0 reports uses weak digest algorithm (SHA1) | ||||
| Description | Installing SkyChart 4.0 on Ubuntu 16.04 returns W: http://www.ap-i.net/apt/dists/stable/InRelease: Signature by key 5247B5CB921337EBBEFB0A5FC56CCB02D79BF92A uses weak digest algorithm (SHA1) warning when: sudo apt-get update command is executed | ||||
| Steps To Reproduce | If I am not mistaken I have already reported very similar problem with stable PPA and the response was that this problem is going to be fixed when new 4.0 stable version will be released. But it looks like this is not fixed. | ||||
| Additional Information | This info from Ubuntu install documentation https://www.ap-i.net/skychart/en/documentation/installation_on_linux_ubuntu is also now confusing: =============== 3. Add Patrick Chevalley's signature to APT: The old key used for the current stable version: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D79BF92A The new key used for the current development and the future stable version: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA716FC2 =============== Which key is now correct? Can you please fix this SHA-1 warning and also clean step 3 from documentation. | ||||
| Tags | No tags attached. | ||||
|
|
This is a mandatory step to solve the issue without breaking the configuration of existing user of the stable release. The current package for 4.0 is signed with the old key so system having only the old key (D79BF92A) can upgrade to 4.0. The package install the new key as a part of the install process (AA716FC2). In one or two weeks, after most system are upgraded, I redo the package to remove the key installation and sign with the new key. The documentation will be updated after this last step as you currently need the old D79BF92A to install the stable version. |
|
|
Because of more error with 16.10 I change the signature today. Now only AA716FC2 signature is used and the new package skychart_4.0-3575b no more install the new key. People that not upgrade to 4.0 before today must install the new key before they can get the the new version: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA716FC2 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 17-03-20 18:25 | grof | New Issue | |
| 17-03-20 20:16 | Patrick Chevalley | Assigned To | => Patrick Chevalley |
| 17-03-20 20:16 | Patrick Chevalley | Status | new => assigned |
| 17-03-20 20:16 | Patrick Chevalley | Note Added: 0003737 | |
| 17-03-20 20:24 | Patrick Chevalley | Note Edited: 0003737 | |
| 17-03-22 11:25 | Patrick Chevalley | Status | assigned => resolved |
| 17-03-22 11:25 | Patrick Chevalley | Resolution | open => fixed |
| 17-03-22 11:25 | Patrick Chevalley | Fixed in Version | => 4.0 |
| 17-03-22 11:25 | Patrick Chevalley | Note Added: 0003741 |
