That thing you saw when you upgraded apt and SHA1 hashes stopped working
When you upgrade to apt 1.4, you see a message about certain hashes being disabled now. Remember what it was? If not, here it is:
apt (1.4~beta1) unstable; urgency=medium Support for GPG signatures using the SHA1 or RIPE-MD/160 hash algorithms has been disabled. Repositories using Release files signed in such a way will stop working. This change has been made due to security considerations, especially with regards to possible further breakthroughs in SHA1 breaking during the lifetime of this APT release series. It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous behaviour by setting the options APT::Hashes::SHA1::Weak "yes"; APT::Hashes::RIPE-MD/160::Weak "yes"; Note that setting these options only affects the verification of the overall repository signature. -- Julian Andres Klode <email@example.com> Fri, 25 Nov 2016 13:19:32 +0100
That’s how you get your darn repos signed with SHA1 to work again.
For future reference, this was in
Now all I have to do is go back in time and publish this so that past me wouldn’t have spent all day trying to remember what that workaround was.
My last post was about either Merits of a faucet that can’t wash itself or Potluck. Find out which.