<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Running Red Hat 9 64bit here.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
These are my notes, your mileage may vary on Rocky.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Given the gpg key is signed as SHA1, this is the workaround I have been testing and it at least allows zendto to be installed.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
# Show the system-wide crypto policy currently in effect</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
update-crypto-policies --show</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 16px; color: rgb(0, 0, 0);">
<span style="background-color: rgb(255, 255, 255);">DEFAULT</span></div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
# The zendto package is signed using SHA1, which is not available in the "DEFAULT" crypto-policy.</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
# The zendto package will fail to install if the SHA1 cipher is not available to verify the package authenticity.</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
# Solution: Set crypto-polices to ALLOW SHA1 as a "signing" key, so the zendto package can be installed.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
update-crypto-policies --set DEFAULT:SHA1</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
!!!! It is recommended to restart/reboot the system for the change of policies to fully take place.</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Reboot the system.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Then login as user root.</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
# Check crypto-policies and make sure it supports SHA1.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
update-crypto-policies --show</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
DEFAULT:SHA1</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 16px; color: rgb(0, 0, 0);">
<span style="background-color: rgb(255, 255, 255);"><br>
</span></div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
# Import zendto's SHA1 gpg signing key. The rpm utility has its own key management.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
rpm --import <a href="https://zend.to/files/zendto.gpg.asc" id="LPlnk816432">https://zend.to/files/zendto.gpg.asc</a></div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 16px; color: rgb(0, 0, 0);">
<span style="background-color: rgb(255, 255, 255);"># Continue the zendto installation.</span></div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Install zendto.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
You can remove the SHA1 support after the zendto key is added. But I'm not sure what impact this may have during a zendto update.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span style="font-size: 16px; background-color: rgb(255, 255, 255);">update-crypto-policies --set DEFAU</span>LT</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> ZendTo <zendto-bounces@zend.to> on behalf of Matthew Fey via ZendTo <zendto@zend.to><br>
<b>Sent:</b> Monday, February 5, 2024 9:24 AM<br>
<b>To:</b> zendto@zend.to <zendto@zend.to><br>
<b>Cc:</b> Matthew Fey <matthewf@prolific.ca><br>
<b>Subject:</b> [ZendTo] Rocky 9 SHA1 Depreciation</font>
<div> </div>
</div>
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
a:visited, span.x_MsoHyperlinkFollowed
{color:#954F72;
text-decoration:underline}
span.x_EmailStyle17
{font-family:"Calibri",sans-serif;
color:windowtext}
.x_MsoChpDefault
{}
@page WordSection1
{margin:72.0pt 72.0pt 72.0pt 72.0pt}
div.x_WordSection1
{}
-->
</style>
<div lang="EN-CA" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<table border="0" cellspacing="0" cellpadding="0" align="left" width="`"100%`"">
<tbody>
<tr>
<td style="background:#bba555; padding:5.25pt 5.5pt 5.25pt 1.5pt"></td>
<td width="`"100%`"" cellpadding="`"7px" color="`"#212121`"" style="width:100.0%; background:#7fe5f0; padding:5.25pt
3.75pt 5.25pt 11.25pt; word-wrap:break-word">
<div>
<p><span style="font-size:11pt; font-family:Arial,sans-serif; color:#212121"><b>CAUTION:</b> This email came from an EXTERNAL address. Use caution when clicking links or opening attachments.
</span></p>
</div>
</td>
</tr>
</tbody>
</table>
<div>
<div class="x_WordSection1">
<p class="x_MsoNormal">When trying to run the installer on Rocky 9, installing the ZendTo package fails because the rpm is signed with SHA1, which is no longer supported by default in RHEL9 and equivalent.</p>
<p class="x_MsoNormal">Because of that, all further steps fail as the package and configuration files are never installed. I suspect this is the issue that Scott was having back in November when trying to do the same.
</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">I could force the install to go through with the –nogpgcheck option, but I’d really rather avoid it.</p>
<p class="x_MsoNormal">Any chance of having the package updated soon with a SHA256 or SHA512 signature to take care of this going forward?</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">Thanks,</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"><b><span style="color:#262626">Matthew Fey, CCNA </span></b><span lang="EN-US" style="font-size:10.0pt; color:#595959">|</span><b><span lang="EN-US" style="color:black">
</span></b><b><span lang="EN-US" style="font-size:10.5pt; color:#595959">Network System Administrator </span></b><span style=""></span></p>
<p class="x_MsoNormal"><span style="color:#404040">Direct 204 697 6983 </span></p>
</div>
</div>
</div>
</body>
</html>