/chrome/community?hl=en
/chrome/community?hl=en
4/24/16
Original Poster
Michael D. (DE)

Ubuntu 16.04-APT displays warning because Google Repository is still using SHA-1

APT for Debian / Ubuntu is now displaying a warning if a PPA / Repository is still using the deprecated SHA-1. It seems that the the google repository is still using SHA-1

#sudo apt-get update
...
W: http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg: Signature by key 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991 uses weak digest algorithm (SHA1)

@Google-Security Team
When you are treating SHA-1 certificates as unsecure in your browser, you may want to change your own SHA-1 signature key for your linux deb packets.
Community content may not be verified or up-to-date. Learn more.
Recommended Answer
Was this answer helpful?
How can we improve it?
All Replies (40)
JVApen
4/24/16
JVApen
Hi Michael,

The issue is already known and can you can follow its progress by starring the related bug:  crbug.com/596074
You are the first Ubuntu user which indicates this issue, so I guess 16.04 also contains the version with the warning. (Previously only Debian users)

JVApen
Jürgen Schnake
4/27/16
Jürgen Schnake
Just to not let Michael be the only one to report it: Yes, indeed Ubuntu 16.04 reports this regularly. Would be nice if you guys could fix it :-) Thanks in advance!
Achim Behrens
4/28/16
Achim Behrens
i already filed a bug about that in march while testing 16.04. Google told me to change the keys with the next release of chrome for the chrome (and google music manager) repo. which they didnt. 

Ahmad Darwiche
4/28/16
Ahmad Darwiche
Hi,

I'd like to join Michael & Jurgen, I've the same warning too, I tried to remove Chrome & install it again, but same problem.

Thanks
Rakshith Ravi
4/28/16
Rakshith Ravi
I can confirm the warning in my 16.04 system too
34 MORE
JVApen
6/17/16
JVApen
Hi all,

it looks like crbug.com/596074 is fixed and the encryption has been upgraded.

However some local caching is giving new warnings: Failed to fetch http://dl.google.com/linux/earth/deb/dists/stable/main/binary-amd64/Packages  Hash Sum mismatch

These can be fixed by running following commands (you can replace aptitude by apt-get if you like) on Debian, Ubuntu and derivatives. I don't have instructions for RedHat-based distros.
  • sudo rm -rf /var/lib/apt/lists/*
  • sudo aptitude clean
  • sudo aptitude update
  • sudo aptitude upgrade
(Tnx to PeterJB for sharing)

JVApen
 
This question is locked and replying has been disabled. Still have questions? Ask the Help Community.

Badges

Some community members might have badges that indicate their identity or level of participation in a community.

 
Expert - Google Employee — Googler guides and community managers
 
Expert - Community Specialist — Google partners who share their expertise
 
Expert - Gold — Trusted members who are knowledgeable and active contributors
 
Expert - Platinum — Seasoned members who contribute beyond providing help through mentoring, creating content, and more
 
Expert - Alumni — Past members who are no longer active, but were previously recognized for their helpfulness
 
Expert - Silver — New members who are developing their product knowledge
Community content may not be verified or up-to-date. Learn more.

Levels

Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:

  • Post an answer.
  • Having your answer selected as the best answer.
  • Having your post rated as helpful.
  • Vote up a post.
  • Correctly mark a topic or post as abuse.

Having a post marked and removed as abuse will slow a user's advance in levels.

View profile in forum?

To view this member's profile, you need to leave the current Help page.

Report abuse in forum?

This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.

Reply in forum?

This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.