From 936be9c26ffc155235cc0c450065be237a9c86e2 Mon Sep 17 00:00:00 2001
From: Teja Swaroop Pothala <tejaswaroop.pothala@kasmweb.com>
Date: Tue, 11 Nov 2025 22:36:19 +0000
Subject: [PATCH] KASM-7938 exclude SHA1 crypto policy update for older distros

---
 .../sublime_text/install_sublime_text.sh      | 36 ++++++++++---------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/src/oracle/install/sublime_text/install_sublime_text.sh b/src/oracle/install/sublime_text/install_sublime_text.sh
index 48f6926..b721865 100644
--- a/src/oracle/install/sublime_text/install_sublime_text.sh
+++ b/src/oracle/install/sublime_text/install_sublime_text.sh
@@ -6,25 +6,27 @@ if [ "$(arch)" == "aarch64" ] ; then
   exit 0
 fi
 
-# Temporarily enable SHA1 in crypto policies to allow importing Sublime's GPG key (can remove this when the gpg key is updated with SHA256 or stronger digest)
-# Start of SHA1 policy workaround
-SHA1_POLICY_ORIGINAL=""
-SHA1_POLICY_ENABLED=0
-if command -v update-crypto-policies >/dev/null 2>&1; then
-  SHA1_POLICY_ORIGINAL=$(update-crypto-policies --show | tr -d '\n')
-  if [[ -n "${SHA1_POLICY_ORIGINAL}" && "${SHA1_POLICY_ORIGINAL}" != *":SHA1"* ]]; then
-    update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}:SHA1"
-    SHA1_POLICY_ENABLED=1
+if [[ "${DISTRO}" == @(rhel9|almalinux9|oracle9|rockylinux9) ]]; then
+  # Temporarily enable SHA1 in crypto policies to allow importing Sublime's GPG key (can remove this when the gpg key is updated with SHA256 or stronger digest)
+  # Start of SHA1 policy workaround
+  SHA1_POLICY_ORIGINAL=""
+  SHA1_POLICY_ENABLED=0
+  if command -v update-crypto-policies >/dev/null 2>&1; then
+    SHA1_POLICY_ORIGINAL=$(update-crypto-policies --show | tr -d '\n')
+    if [[ -n "${SHA1_POLICY_ORIGINAL}" && "${SHA1_POLICY_ORIGINAL}" != *":SHA1"* ]]; then
+      update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}:SHA1"
+      SHA1_POLICY_ENABLED=1
+    fi
   fi
-fi
 
-cleanup_sha1_policy() {
-  if [[ ${SHA1_POLICY_ENABLED} -eq 1 ]]; then
-    update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}"
-  fi
-}
-trap cleanup_sha1_policy EXIT
-# End of SHA1 policy workaround
+  cleanup_sha1_policy() {
+    if [[ ${SHA1_POLICY_ENABLED} -eq 1 ]]; then
+      update-crypto-policies --set "${SHA1_POLICY_ORIGINAL}"
+    fi
+  }
+  trap cleanup_sha1_policy EXIT
+  # End of SHA1 policy workaround
+fi
 
 rpm -v --import https://download.sublimetext.com/sublimehq-rpm-pub.gpg