ansible-role-nodejs icon indicating copy to clipboard operation
ansible-role-nodejs copied to clipboard

Published 20 hours ago verified publisher icon geerlingguy

Signature support failure on RHEL9

Open cmcfadden opened this issue 1 year ago • 4 comments

The changes merged in b525bfe seem to have broken this package on RHEL9. During the "Import Nodesource RPM Key" stage, it throws a warning: Signature not supported. Hash algorithm SHA1 not available.. It looks like Nodesource might be using https://rpm.nodesource.com/gpgkey/ns-operations-public.key now?

cmcfadden avatar Feb 22 '24 17:02 cmcfadden

Same here, this fails on Rocky9

pixelrebel avatar Mar 30 '24 00:03 pixelrebel

i also have this issue on almalinux 9

Dialgatrainer02 avatar Jul 17 '24 17:07 Dialgatrainer02

Changing that key in tasks/setup-RedHat.yml does indeed fix the rpm_key task, but then the next task (installing the repo RPM) fails with e.g.

Failed to validate GPG signature for nodesource-release-nodistro-1.noarch: Public key for nodesource-release-nodistro-1.noarchde3kruo1.rpm is not installed

Oddly, just running yum install https://rpm.nodesource.com/pub_16.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm will work without any signature complaints.

ianabc avatar Aug 02 '24 23:08 ianabc

Actually, it looks like their RPM signing is messed up. The RPM mentioned above has this signature

$ rpm -qip --nosignature nodesource-release-nodistro-1.noarch.rpm |  grep Signature
Signature   : RSA/SHA512, Wed Aug 16 20:40:47 2023, Key ID 2f59b5f99b1be0b4

But that key uses SHA1 which won't work on RHEL9 by default

$ gpg --recv-keys 2f59b5f99b1be0b4
$ gpg --armor --export  2f59b5f99b1be0b4 > node.gpg
$ sudo rpm --import node.gpg 
warning: Signature not supported. Hash algorithm SHA1 not available.
error: node.gpg: key 1 import failed.

ianabc avatar Aug 03 '24 00:08 ianabc