From 70d39f90d442118849172bd56659a659d5f1fa2b Mon Sep 17 00:00:00 2001 From: Teja Swaroop Pothala Date: Mon, 10 Nov 2025 20:00:48 +0000 Subject: [PATCH 1/2] KASM-7938 fix sublime text installation --- .../sublime_text/install_sublime_text.sh | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/oracle/install/sublime_text/install_sublime_text.sh b/src/oracle/install/sublime_text/install_sublime_text.sh index 897e562..48f6926 100644 --- a/src/oracle/install/sublime_text/install_sublime_text.sh +++ b/src/oracle/install/sublime_text/install_sublime_text.sh @@ -6,16 +6,40 @@ if [ "$(arch)" == "aarch64" ] ; then exit 0 fi +# Temporarily enable SHA1 in crypto policies to allow importing Sublime's GPG key (can remove this when the gpg key is updated with SHA256 or stronger digest) +# Start of SHA1 policy workaround +SHA1_POLICY_ORIGINAL="" +SHA1_POLICY_ENABLED=0 +if command -v update-crypto-policies >/dev/null 2>&1; then + SHA1_POLICY_ORIGINAL=$(update-crypto-policies --show | tr -d '\n') + if [[ -n "${SHA1_POLICY_ORIGINAL}" && "${SHA1_POLICY_ORIGINAL}" != *":SHA1"* ]]; then + update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}:SHA1" + SHA1_POLICY_ENABLED=1 + fi +fi + +cleanup_sha1_policy() { + if [[ ${SHA1_POLICY_ENABLED} -eq 1 ]]; then + update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}" + fi +} +trap cleanup_sha1_policy EXIT +# End of SHA1 policy workaround + rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg if [[ "${DISTRO}" == @(oracle8|rockylinux9|rockylinux8|oracle9|rhel9|almalinux9|almalinux8|fedora39|fedora40) ]]; then dnf config-manager --add-repo https://download.sublimetext.com/rpm/stable/$(arch)/sublime-text.repo + # Remove the gpgkey line from repo file since we manually imported the key + sed -i '/^gpgkey=/d' /etc/yum.repos.d/sublime-text.repo dnf install -y sublime-text if [ -z ${SKIP_CLEAN+x} ]; then dnf clean all fi else yum-config-manager --add-repo https://download.sublimetext.com/rpm/stable/$(arch)/sublime-text.repo + # Remove the gpgkey line from repo file since we manually imported the key + sed -i '/^gpgkey=/d' /etc/yum.repos.d/sublime-text.repo yum install -y sublime-text if [ -z ${SKIP_CLEAN+x} ]; then yum clean all From 9e86d4670cc69c5e07d501ff3d1d699b56af53b9 Mon Sep 17 00:00:00 2001 From: Teja Swaroop Pothala Date: Tue, 11 Nov 2025 22:36:19 +0000 Subject: [PATCH 2/2] KASM-7938 exclude SHA1 crypto policy update for older distros --- .../sublime_text/install_sublime_text.sh | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/src/oracle/install/sublime_text/install_sublime_text.sh b/src/oracle/install/sublime_text/install_sublime_text.sh index 48f6926..b721865 100644 --- a/src/oracle/install/sublime_text/install_sublime_text.sh +++ b/src/oracle/install/sublime_text/install_sublime_text.sh @@ -6,25 +6,27 @@ if [ "$(arch)" == "aarch64" ] ; then exit 0 fi -# Temporarily enable SHA1 in crypto policies to allow importing Sublime's GPG key (can remove this when the gpg key is updated with SHA256 or stronger digest) -# Start of SHA1 policy workaround -SHA1_POLICY_ORIGINAL="" -SHA1_POLICY_ENABLED=0 -if command -v update-crypto-policies >/dev/null 2>&1; then - SHA1_POLICY_ORIGINAL=$(update-crypto-policies --show | tr -d '\n') - if [[ -n "${SHA1_POLICY_ORIGINAL}" && "${SHA1_POLICY_ORIGINAL}" != *":SHA1"* ]]; then - update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}:SHA1" - SHA1_POLICY_ENABLED=1 +if [[ "${DISTRO}" == @(rhel9|almalinux9|oracle9|rockylinux9) ]]; then + # Temporarily enable SHA1 in crypto policies to allow importing Sublime's GPG key (can remove this when the gpg key is updated with SHA256 or stronger digest) + # Start of SHA1 policy workaround + SHA1_POLICY_ORIGINAL="" + SHA1_POLICY_ENABLED=0 + if command -v update-crypto-policies >/dev/null 2>&1; then + SHA1_POLICY_ORIGINAL=$(update-crypto-policies --show | tr -d '\n') + if [[ -n "${SHA1_POLICY_ORIGINAL}" && "${SHA1_POLICY_ORIGINAL}" != *":SHA1"* ]]; then + update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}:SHA1" + SHA1_POLICY_ENABLED=1 + fi fi -fi -cleanup_sha1_policy() { - if [[ ${SHA1_POLICY_ENABLED} -eq 1 ]]; then - update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}" - fi -} -trap cleanup_sha1_policy EXIT -# End of SHA1 policy workaround + cleanup_sha1_policy() { + if [[ ${SHA1_POLICY_ENABLED} -eq 1 ]]; then + update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}" + fi + } + trap cleanup_sha1_policy EXIT + # End of SHA1 policy workaround +fi rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg