Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Any current pre-built rpm packages.
Describe the issue:
The rpm packages are signed with SHA-1, which is considered to be insecure and already not available by default on RHEL9 systems (like CentOS 9). This issue occurred while writing a puppet module for opensearch (GitHub - voxpupuli/puppet-opensearch: Puppet module to manage opensearch) and using the current repository.
Please switch to SHA-256 or SHA-512.
See also: Enhancing RHEL Security: Understanding SHA-1 deprecation on RHEL 9
Configuration:
%
Relevant Logs or Screenshots:
Error: Execution of '/usr/bin/dnf -d 0 -e 1 -y install opensearch' returned 1: Importing GPG key 0x9310D3FC:
Userid : "OpenSearch project <opensearch@amazon.com>"
Fingerprint: C5B7 4989 65EF D1C2 924B A9D5 39D3 1987 9310 D3FC
From : https://artifacts.opensearch.org/publickeys/opensearch.pgp
Importing GPG key 0x9310D3FC:
Userid : "OpenSearch project <opensearch@amazon.com>"
Fingerprint: C5B7 4989 65EF D1C2 924B A9D5 39D3 1987 9310 D3FC
From : https://artifacts.opensearch.org/publickeys/opensearch.pgp
warning: Signature not supported. Hash algorithm SHA1 not available.
Key import failed (code 2). Failing package is: opensearch-2.6.0-1.x86_64
GPG Keys are configured as: https://artifacts.opensearch.org/publickeys/opensearch.pgp
Error: GPG check FAILED