reprepro: Signature by key uses weak digest algorithm (SHA1)

apt reprepro

I'm hosting some internal repositories using reprepro.

After the upgrade of the clients to Ubuntu 16.04, apt-get update gives a warning "InRelease: Signature by key ... uses weak digest algorithm (SHA1)".

InRelease file starts like that:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So, reprepro has signed the InRelease file with a SHA1. How can I change it to SHA256 or SHA512?


You can fix this by modifying the ~/.gnupg/gpg.conf file of the user account which will be running reprepro and adding this line to the file digest-algo sha256. All signatures made with GPG by this user will use the SHA256 digest algorithm by default, thus, signatures made by reprepro will be sha256, as well.

If you want to learn more about GPG, APT, and Debian packages, I wrote a comprehensive blog post about signing and verifying Debian packages and APT repositories that may be helpful.

Related

How to edit GRUB Default Operating System? [duplicate]
Same script opened in three different ways produces three different results. Why? [duplicate]
What is the MAAS node login?
Is the identity map $id: H^2(-\pi,\pi) \to L^2(-\pi,\pi)$ Hilbert-Schmidt?
Question regarding usage of absolute value within natural log in solution of differential equation
What can be said about two groups with isomorphic derived factors?
Convexity of log det X???
Stiefel-Whitney numbers for product bundle
Equivalences and isomorphisms of short exact sequences
A card game with no decisions
Is $X^\ast$ is weak* separable equivalent to $B_{X^\ast}$ is weak* separable?
Lasso - constraint form equivalent to penalty form