Ubuntu 24.04: PPA: "Signature by key 98703123E0F52B2BE16D586EF13930B14BB9F05F uses weak algorithm (rsa1024)"

Question

Ubuntu 24.04: PPA: "Signature by key 98703123E0F52B2BE16D586EF13930B14BB9F05F uses weak algorithm (rsa1024)"

sanderjo opened this issue 3 months ago · comments

Sander commented 3 months ago

SABnzbd version

ppa

Operating system

Ubuntu 24.04

Using Docker image

None

Description

On a fresh install of Ubuntu 24.04 on an Intel i7, I get

W: https://ppa.launchpadcontent.net/jcfp/ppa/ubuntu/dists/noble/InRelease: Signature by key 98703123E0F52B2BE16D586EF13930B14BB9F05F uses weak algorithm (rsa1024)

I already removed & re-added the jcfp PPA, but no solution.

@jcfp Tips?

(base) sander@macbuntu:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
(base) sander@macbuntu:~$
(base) sander@macbuntu:~$ sudo apt update
Hit:1 http://nl.archive.ubuntu.com/ubuntu noble InRelease
Hit:2 http://nl.archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu noble-security InRelease
Hit:4 http://nl.archive.ubuntu.com/ubuntu noble-backports InRelease
Hit:5 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:6 https://ppa.launchpadcontent.net/jcfp/ppa/ubuntu noble InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://ppa.launchpadcontent.net/jcfp/ppa/ubuntu/dists/noble/InRelease: Signature by key 98703123E0F52B2BE16D586EF13930B14BB9F05F uses weak algorithm (rsa1024)
(base) sander@macbuntu:~$

jcfp · Answer 1 · Tue Apr 30 2024 21:47:04 GMT+0800 (China Standard Time)

The key used for signing the repo content on the PPA isn't under my control.

This is for Canonical to fix; the issue is on their radar and a fix apparently in the works, see:
https://discourse.ubuntu.com/t/new-requirements-for-apt-repository-signing-in-24-04/42854
https://answers.launchpad.net/launchpad/+question/809194

Sander · Answer 2 · Tue Apr 30 2024 22:11:11 GMT+0800 (China Standard Time)

Clear. Thanks!

Based on https://ubuntuhandbook.org/index.php/2024/04/workaround-apt-warning-signature-key-uses-weak-algorithm/#:~:text=Or%2C%20just%20leave%20it%20blank%20so%20all%20the%20key%20algorithm%20trusted%20by%20GnuPG%20should%20be%20allowed%2C%20so%20it%20will%20be%3A , I created this file:

$ cat /etc/apt/apt.conf.d/99weakkey-warning
APT::Key::Assert-Pubkey-Algo "";

and the Warnings are gone.

Note to self: remove in a few months time

dominix · Answer 3 · Sat Jun 01 2024 17:47:16 GMT+0800 (China Standard Time)

to remove the warnings, but just to one that's needed (not all, just in case)

$ cat /etc/apt/apt.conf.d/99weakkey-warning
APT::Key::Assert-Pubkey-Algo ">=rsa1024";

Ivan Rosa · Answer 4 · Fri Jun 07 2024 10:19:04 GMT+0800 (China Standard Time)

the above worked for me 👆🏿