From 7f4f5d6965825a6e77cb8a9e074240072ed19097 Mon Sep 17 00:00:00 2001
From: Clayton Craft <clayton@craftyguy.net>
Date: Sun, 29 Sep 2024 10:26:12 -0700
Subject: [PATCH] pmb.chroot.apk_static: use sha256 sig for verification

Fixes #2456
Depends on https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/72741
---
 pmb/chroot/apk_static.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pmb/chroot/apk_static.py b/pmb/chroot/apk_static.py
index 965d72d1c..6050be53d 100644
--- a/pmb/chroot/apk_static.py
+++ b/pmb/chroot/apk_static.py
@@ -28,7 +28,7 @@ def read_signature_info(tar):
     :returns: (sigfilename, sigkey_path)
     """
     # Get signature filename and key
-    prefix = "sbin/apk.static.SIGN.RSA."
+    prefix = "sbin/apk.static.SIGN.RSA.sha256."
     sigfilename = None
     for filename in tar.getnames():
         if filename.startswith(prefix):
@@ -88,7 +88,7 @@ def verify_signature(files, sigkey_path):
             [
                 "openssl",
                 "dgst",
-                "-sha1",
+                "-sha256",
                 "-verify",
                 sigkey_path,
                 "-signature",
-- 
GitLab