Key uses weak digest algorithm [duplicate]

google-chrome apt updates

I'am getting this kind of message while updating my ubuntu 16.04 LTS:

W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 3B068FB4789ABE4AEFA3BB491397BC53640DB551 uses weak digest algorithm (SHA1)

Can anyone help me?


Solution 1:

Please note that we intend to shut off SHA1 completely on January 1, 2017.

Google Chrome's repositories is half-broken since March 18th 2016. So it is issuing the warning. The problem with the Google source is on Google's end so apt-get is just reporting the issue as a warning. This issue does not stop you from upgrading packages.

You can find the list of all broken and half broken repositories here.

You need to follow sudo apt-get update with sudo apt-get upgrade to see if any package upgrades are available.

Solution 2:

It's just a silly misunderstanding, caused by the hasty recognition of the development team of apt maintainers about SHA1 algorithm as obsolete. The problem is that it is directly embedded in the source code of APT, but if you're willing to spend an extra 1-2 hours on the self-assembly of the package, I can tell you how to solve this nuisance. So:

sudo aptitude install git --with-recommends

mkdir build && cd build
git clone https://anonscm.debian.org/git/apt/apt.git --recursive && cd apt && git pull && ls
gedit methods/gpgv.cc

(Other cloning URLs can be found at http://anonscm.debian.org/cgit/apt/apt.git/.)

And correct this section of code as present below:

static constexpr Digest Digests[] = {
   {Digest::State::Untrusted, "Invalid digest"},
   {Digest::State::Untrusted, "MD5"},
   {Digest::State::Trusted, "Reserved digest"},
   {Digest::State::Trusted, "Reserved digest"},
   {Digest::State::Trusted, "Reserved digest"},
   {Digest::State::Trusted, "Reserved digest"},
   {Digest::State::Trusted, "SHA1"},
   {Digest::State::Trusted, "RIPE-MD/160"},
   {Digest::State::Trusted, "SHA256"},
   {Digest::State::Trusted, "SHA384"},
   {Digest::State::Trusted, "SHA512"},
   {Digest::State::Trusted, "SHA224"},
};

Then:

dpkg-buildpackage -b -uc -us -nc -rfakeroot
cd .. && rm -vf *dbg* *doc* *dev* && sudo dpkg -i *.deb
sudo apt update

Related

Skype 4.2 in Ubuntu 13.04 won't open in nVidia Optimus Laptops
Getting older packages from ppa
How to open UDF Volume
How to change the caret of the Gnome Terminal?
Volume Hot Key not working in Lubuntu
Two Wifi Icons in Panel
Remove VLC player from sound menu in Unity bar
How to list broken packages in console
NVIDIA 440.64 32-bit libraries package breaks 64-bit driver package
How can I run a command and copy its output?
How to make nautilus the default file manager in LXDE
Wifi Frequently Disconnecting (timeout)