Key uses weak digest algorithm [duplicate]
I'am getting this kind of message while updating my ubuntu 16.04 LTS:
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak digest algorithm (SHA1)
Can anyone help me?
Solution 1:
Please note that we intend to shut off SHA1 completely on January 1, 2017.
Google Chrome's repositories is half-broken since March 18th 2016. So it is issuing the warning. The problem with the Google source is on Google's end so apt-get is just reporting the issue as a warning. This issue does not stop you from upgrading packages.
You can find the list of all broken and half broken repositories here.
You need to follow sudo apt-get update
with sudo apt-get upgrade
to see if any package upgrades are available.
Solution 2:
It's just a silly misunderstanding, caused by the hasty recognition of the development team of apt maintainers about SHA1 algorithm as obsolete. The problem is that it is directly embedded in the source code of APT, but if you're willing to spend an extra 1-2 hours on the self-assembly of the package, I can tell you how to solve this nuisance. So:
sudo aptitude install git --with-recommends
mkdir build && cd build
git clone https://anonscm.debian.org/git/apt/apt.git --recursive && cd apt && git pull && ls
gedit methods/gpgv.cc
(Other cloning URLs can be found at http://anonscm.debian.org/cgit/apt/apt.git/.)
And correct this section of code as present below:
static constexpr Digest Digests[] = {
{Digest::State::Untrusted, "Invalid digest"},
{Digest::State::Untrusted, "MD5"},
{Digest::State::Trusted, "Reserved digest"},
{Digest::State::Trusted, "Reserved digest"},
{Digest::State::Trusted, "Reserved digest"},
{Digest::State::Trusted, "Reserved digest"},
{Digest::State::Trusted, "SHA1"},
{Digest::State::Trusted, "RIPE-MD/160"},
{Digest::State::Trusted, "SHA256"},
{Digest::State::Trusted, "SHA384"},
{Digest::State::Trusted, "SHA512"},
{Digest::State::Trusted, "SHA224"},
};
Then:
dpkg-buildpackage -b -uc -us -nc -rfakeroot
cd .. && rm -vf *dbg* *doc* *dev* && sudo dpkg -i *.deb
sudo apt update