Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-01 22:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

CI: Use FEDORA40 crypto policy in Fedora 41

Browse source 
Fedora 41 distrusts SHA-1 signatures by default. Switching to this policy is
Fedora's recommended way of re-enabling support for at least the next several
releases.

A few references:

https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
https://fedoraproject.org/wiki/SHA1SignaturesGuidance
https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9
This commit is contained in:
Johanna Amann 2024-11-13 16:51:51 +00:00 committed by Christian Kreibich
parent 6c7f2e62f2
commit 09d6be7f68
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ci/fedora-41/Dockerfile
View file

@ -28,6 +28,11 @@ RUN dnf -y install \
swig \
which \
zlib-devel \
crypto-policies-scripts \
&& dnf clean all && rm -rf /var/cache/dnf
RUN pip3 install websockets junit2html
# Required to allow validation of certificates with SHA1 signatures
# See: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
RUN update-crypto-policies --set FEDORA40