Details
Normal Description
Due to the presence of SHA1 keys they have to be explicitly allowed before C* can be installed on RHEL 9-based systems:
Importing GPG key 0xF2833C93:
Userid : "Eric Evans <eevans@sym-link.com>"
Fingerprint: CEC8 6BB4 A0BA 9D0F 9039 7CAE F835 8FA2 F283 3C93
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x8D77295D:
Userid : "Eric Evans <eevans@sym-link.com>"
Fingerprint: C496 5EE9 E301 5D19 2CCC F2B6 F758 CE31 8D77 295D
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x2B5C1B00:
Userid : "Sylvain Lebresne (pcmanus) <sylvain@datastax.com>"
Fingerprint: 5AED 1BF3 78E9 A19D ADE1 BCB3 4BD7 36A8 2B5C 1B00
From : https://downloads.apache.org/cassandra/KEYS
Is this ok [y/N]: y
warning: Signature not supported. Hash algorithm SHA1 not available.
Key import failed (code 2). Failing package is: cassandra-4.0.11-1.noarch
GPG Keys are configured as: https://downloads.apache.org/cassandra/KEYS
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED
This can be worked around by allowing SHA1:
update-crypto-policies --set DEFAULT:SHA1
https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9