Hi. Has anyone installed and ran Broadcom LSA 008.003.012.000 successfully under Rocky Linux 9.2? I am familiar with the installation steps. I can install and run LSA under Rocky Linux 8.8 and Ubuntu 20.04 LTS.
But it doesn’t work under 9.2. The installation log has this error
error: pubKey.asc: key 1 import failed
Thank you in advance for any help.
It appears you’ll need to change your crypto policy to legacy. According to Installing LSA for Rocky Linux 9 | ServeTheHome Forums the key is signed with SHA1.
(update-crypto-policies --set LEGACY)
Edit: that’s unnecessarily broad of a change. As @jlehtone suggested below: update-crypto-policies --set DEFAULT:SHA1. Explicitly edited to ensure anyone stumbling on this post doesn’t follow my bad advice lol.
In principle, for SHA1, one could stay at “default+sha1”:
update-crypto-policies --set DEFAULT:SHA1
It might be possible to define a custom subpolicy that is more limited than the pre-defined SHA1 subpolicy (but still enough for the LSA). That, however, does not follow KISS.
The rhel-system-roles package makes Ansible playbook possible:
- hosts: all
roles:
role: rhel-system-roles.crypto_policies
vars:
crypto_policies_policy: "DEFAULT:SHA1"
Is that “more complicated” than just calling the update-crypto-policies? Yes, a bit, but then one has that detail of config in one additional place (in addition to .bash_history, good notes, and verbal communication from former colleagues).
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.