Skip to content

Add Oracle Linux 9

Michal Nowak requested to merge mnowak/add-oracle-linux-9 into main

RHEL9 (and by extension Oracle Linux 9) does not support SHA-1 for "cryptographic purposes" in it's default security policy. Fedora is to follow suit in around Fedora 39.

Currently the following tests fail:

[==========] Running 1 test(s).
[ RUN      ] isc_rsa_verify
0x20009 != 0
[   LINE   ] --- rsa_test.c:171: error: Failure!../../tests/ line 36: 14312 Aborted                 (core dumped) "${TEST_PROGRAM}"

As a workaround we can enable SHA-1 in our Oracle Linux 9 image by update-crypto-policies --set DEFAULT:SHA1.

As it stands the workaround is currently no help for dnssec:check that NOTIFY is sent at the end of NSEC3 chain generation:

I:dnssec:sleeping ....
I:dnssec:sleeping ....
I:dnssec:nsec3 chain generation not complete

Prereq: isc-projects/images!184 and !4281 (merged) (needs to be backported to v9.18 and v9.16 otherwise we can't test on OL9).

Edited by Michal Nowak

Merge request reports