Dear people at Collabora,
I wanted to update my Collabora CODE-Server today from 24.04.13.3 to 25.04.2.1. When I tried to install the packages via yum I got the following error message on all collabora packages:
Warning: Signature not supported. Hash algorithm SHA1 not available.
The problem is that the new packages have only a RSA/SHA1 signatures which isn’t allowed on our systems via crypto policies. The old packages all were signatured with RSA/SHA512. I don’t understand why this change is done and I don’t want to enable unsecure SHA1 on my systems. Can you please sign the upcoming updates with SHA512 again?
rpm --nosignature -qi coolwsd
Name : coolwsd
Version : 24.04.13.3
Release : 1
Architecture: x86_64
Install Date: Mon 05 May 2025 02:09:26 PM CEST
Group : Unspecified
Size : 69388825
License : EULA
Signature : RSA/SHA512, Thu 10 Apr 2025 07:35:46 PM CEST, Key ID 0c54d189f4ba284d
Source RPM : coolwsd-24.04.13.3-1.src.rpm
Build Date : Thu 10 Apr 2025 07:24:23 PM CEST
Build Host : oracle7
Vendor : Collabora Productivity Ltd.
Summary : Collabora Online WebSocket Daemon
rpm --nosignature -qi coolwsd-25.04.2.1-1.x86_64.rpm
Name : coolwsd
Version : 25.04.2.1
Release : 1
Architecture: x86_64
Install Date: (not installed)
Group : Unspecified
Size : 70784666
License : EULA
Signature : RSA/SHA1, Thu 15 May 2025 08:58:28 AM CEST, Key ID 0c54d189f4ba284d
Source RPM : coolwsd-25.04.2.1-1.src.rpm
Build Date : Thu 15 May 2025 08:45:10 AM CEST
Build Host : oracle7
Vendor : Collabora Productivity Ltd.
Summary : Collabora Online WebSocket Daemon