I first upgraded apt, libapt-pkg6.0t64 to 2.8.3.
Validation for RSA1024 remaining weak: root@noble:~# gpg --quick-gen-key [email protected] rsa1024 gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/86F909B8AA125825E11A72DE25BB51DD6ADA3043.rev' public and secret key created and signed. Note that this key cannot be used for encryption. You may want to use the command "--edit-key" to generate a subkey for this purpose. pub rsa1024 2025-04-25 [SC] [expires: 2028-04-24] 86F909B8AA125825E11A72DE25BB51DD6ADA3043 uid [email protected] root@noble:~# gpg --export > /etc/apt/trusted.gpg.d/test-key.gpg root@noble:~# apt download apt root@noble:~# apt-ftparchive packages . > Packages root@noble:~# apt-ftparchive release . > Release root@noble:~# gpg --clearsign < Release > InRelease root@noble:~# apt update Get:1 file:/root ./ InRelease [1178 B] Get:1 file:/root ./ InRelease [1178 B] Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Get:3 file:/root ./ Packages [1908 B] Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease Hit:5 http://archive.ubuntu.com/ubuntu noble InRelease Hit:6 http://archive.ubuntu.com/ubuntu noble-updates InRelease Hit:7 http://archive.ubuntu.com/ubuntu noble-backports InRelease Hit:8 http://archive.ubuntu.com/ubuntu noble-proposed InRelease Reading package lists... Done Building dependency tree... Done Reading state information... Done 11 packages can be upgraded. Run 'apt list --upgradable' to see them. N: Download is performed unsandboxed as root as file '/root/./InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) W: file:/root/./InRelease: Signature by key 86F909B8AA125825E11A72DE25BB51DD6ADA3043 uses weak algorithm (rsa1024) -> Warning is there. For NIST-P256 becoming "OK" I start with the old version assert the warning is there, and then upgrade and see the warning is gone. root@noble:~# rm -r .gnupg root@noble:~# gpg --quick-gen-key [email protected] nistp256 [...] root@noble:~# gpg --clearsign < Release > InRelease root@noble:~# gpg --export > /etc/apt/trusted.gpg.d/test-key.gpg root@noble:~# apt update Get:1 file:/root ./ InRelease [1093 B] Get:1 file:/root ./ InRelease [1093 B] Hit:2 http://archive.ubuntu.com/ubuntu noble InRelease Hit:3 http://security.ubuntu.com/ubuntu xenial-security InRelease Hit:4 http://archive.ubuntu.com/ubuntu noble-updates InRelease Hit:5 http://security.ubuntu.com/ubuntu noble-security InRelease Hit:6 http://archive.ubuntu.com/ubuntu noble-backports InRelease Hit:7 http://archive.ubuntu.com/ubuntu noble-proposed InRelease Reading package lists... Done Building dependency tree... Done Reading state information... Done 12 packages can be upgraded. Run 'apt list --upgradable' to see them. N: Download is performed unsandboxed as root as file '/root/./InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) W: file:/root/./InRelease: Signature by key D93578FC4117B29A26244AF8D0CD6995D6A102A4 uses weak algorithm (nistp256) root@noble:~# apt install apt/noble Selected version '2.8.3' (localhost, Ubuntu:24.04/noble-proposed [amd64]) for 'apt' Selected version '2.8.3' (Ubuntu:24.04/noble-proposed [amd64]) for 'libapt-pkg6.0t64' because of 'apt' root@noble:~# apt update Get:1 file:/root ./ InRelease [1093 B] Get:1 file:/root ./ InRelease [1093 B] Hit:2 http://security.ubuntu.com/ubuntu xenial-security InRelease Hit:3 http://security.ubuntu.com/ubuntu noble-security InRelease Hit:4 http://archive.ubuntu.com/ubuntu noble InRelease Hit:5 http://archive.ubuntu.com/ubuntu noble-updates InRelease Hit:6 http://archive.ubuntu.com/ubuntu noble-backports InRelease Hit:7 http://archive.ubuntu.com/ubuntu noble-proposed InRelease Reading package lists... Done Building dependency tree... Done Reading state information... Done 11 packages can be upgraded. Run 'apt list --upgradable' to see them. N: Download is performed unsandboxed as root as file '/root/./InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) ** Tags removed: verification-needed verification-needed-noble ** Tags added: verification-done verification-done-noble -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073126 Title: More nuanced public key algorithm revocation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2073126/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
