Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-114837

RPM displays multiple "warning: Signature not supported. Hash algorithm SHA1 not available." without printing which package is faulty

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.6
    • rpm
    • None
    • No
    • Moderate
    • rhel-swm
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      A customer upgraded from RHEL7 to RHEL8, then RHEL8 to RHEL9.
      After upgrading to RHEL9, he gets warnings when using dnf or rpm commands:

      # rpm -qa
      warning: Signature not supported. Hash algorithm SHA1 not available.
      warning: Signature not supported. Hash algorithm SHA1 not available.
      warning: Signature not supported. Hash algorithm SHA1 not available.
      warning: Signature not supported. Hash algorithm SHA1 not available.
      [...]
      

      Because of the lack of package name that has an issue, it's complicated to troubleshoot.
      I had to request the RPMDB to dig into this through running in GDB with breakpoints.

      In the end it appears there were some oldish "fake" gpg-pubkey packages that were culprit.

      What is the impact of this issue to you?

      Complicated to troubleshoot.

      Please provide the package NVR for which the bug is seen:

      rpm-libs-4.16.1.3-37.el9.x86_64

      How reproducible is this bug?:

      Always with customer RPMDB

              packaging-team-maint packaging-team-maint
              rhn-support-rmetrich Renaud Métrich
              packaging-team-maint packaging-team-maint
              Software Management QE Software Management QE
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: