23

My sudo apt update output has warnings like the following:

W: https://ppa.launchpadcontent.net/apandada1/blanket/ubuntu/dists/noble/InRelease: Signature by key 95ACDEBD8BFF99ABE0F26A49A507B2BBA7803E3B uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/apandada1/foliate/ubuntu/dists/noble/InRelease: Signature by key 95ACDEBD8BFF99ABE0F26A49A507B2BBA7803E3B uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/apandada1/marker/ubuntu/dists/noble/InRelease: Signature by key 95ACDEBD8BFF99ABE0F26A49A507B2BBA7803E3B uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/apandada1/numbat/ubuntu/dists/noble/InRelease: Signature by key 95ACDEBD8BFF99ABE0F26A49A507B2BBA7803E3B uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/apandada1/xournalpp-stable/ubuntu/dists/noble/InRelease: Signature by key 95ACDEBD8BFF99ABE0F26A49A507B2BBA7803E3B uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/libreoffice/ppa/ubuntu/dists/noble/InRelease: Signature by key 36E81C9267FD1383FCC4490983FBA1751378B444 uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/mati75/gimp30/ubuntu/dists/noble/InRelease: Signature by key 3D7CDBD93E20A76CCB0B732792E8759D76F09DD6 uses weak algorithm (rsa1024)
W: https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/dists/noble/InRelease: Signature by key 0AB215679C571D1C8325275B9BDB3D89CE49EC21 uses weak algorithm (rsa1024)

Some of these are my own PPAs (apandada1), and I want to increase their security. How can I do that? Do I have to generate a new GPG key and sign packages with that key?

Recently I have been using Launchpad's recipes to generate PPA packages and don't manually build (and then upload) them anymore. In that case, how to fix this issue of keys using weak algorithm?

The key is not even listed among my PGP keys. It is somehow generated by Launchpad to sign packages generated by Launchpad recipes.

Archisman Panigrahi
  • 38,814

1 Answers1

28

Update:

All the PPAs have been re-signed with the new keys. The users need to manually remove the PPA and add them again.

  1. sudo add-apt-repository --remove ppa:whatever/ppa
  2. sudo add-apt-repository ppa:whatever/ppa

There is nothing the PPA owners can/need to do about it.

For a history of the problem, continue reading the rest of the answer.

The launchpad developers are in the process of reassigning the keys. Package maintainers are requested to be patient and wait.

Quoting from Ubuntu discourse,

PPAs are currently in the process of being upgraded to a 4096-bit RSA key and we expect that upgrade to be complete by release time. No action is needed (or possible) from PPA owners.

If you are currently using 24.04 before it is released, you will need to refresh the PPA signing keys when the warning becomes an error. We plan to provide easy functionality in add-apt-repository to do so, such that you do not need to remove and re-add the PPAs.

Archisman Panigrahi
  • 38,814