How can I clean that up and how can I get rid of the SHA1 warning?
For SHA1, I tried update-crypto-policies --set DEFAULT command but it didn’t change anything.
This is one my test VMs, I can roll back any time to AL8 and do other tests. Also important note: this system, including a few others were migrated from CentOS 8 to AL8.
Idea here is to have the cleanest state as possible after migration.
Thanks in advance for your help!
PS: overall was the migration pretty smooth for now
I can’t say I’ve ever seen that warning before, but I’d be inclined to do a like, rpm -qa | xargs -n1 rpm -q to see if I can get rpm to issue the warning more specifically about a particular RPM. Or figure out what --qf you have to give it to show you algorithms per package.
I have tried on my test system, except the warning itself, it didn’t show any extra info.
But I also seen that on a system that was a “fresh” AL8, the SHA1 warning didn’t show up so I guess this is legacy stuff that I brought along when migrating from CentOS.
Everything looks OK when I launch this command, but I think the upgrade process is doing the same, it updates everything that is in new repositories.
Now question for you both (or anybody else!), I’ve tried a few things that I’d like you validate:
AL8 package cleanup
I used the following commands (because those packages were not relevant to any app):
*um remove el8 dnf autoremove rpm -e --nodeps for all remainings one (I had 3 left)
This removed every legacy stuff.
GPG warning
I used these 2 commands to find and delete GPG keys rpm -q gpg-pubkey --qf ‘%{name}-%{version}-%{release} → %{summary}\n’ rpm -e gpg-pubkey-id for each key from the above command.
The only problem is: I don’t have enough knowledge to be 100% sure I’m not breaking anything with these 2 methods. But I didn’t had any error by trying to reach repositories or anything, everything was apparently working fine.
Huh, well, so I’d still be curious to know then if rpm’s issuing of that warning can be isolated to any particular rpm -q packagename.
I think the hazard of doing that rpm -e --nodeps depends on what those packages were and what was depending on them or otherwise preventing them from being uninstalled normally.
The keys I don’t think are a problem, because I’d expect if I’d removed one I do use that I’d just be prompted to install it again next time I try to install a package signed with it.