From 5e3cc81fb46fb5d5b6b4eff489e3b35acedca2b6 Mon Sep 17 00:00:00 2001
From: "H. Vetinari" <h.vetinari@gmx.com>
Date: Tue, 12 Nov 2024 10:31:16 +1100
Subject: [PATCH] re-enable SHA1 on alma9

also use rpm key from alma server; in-container file (currently?) runs into
```
+ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux: import read failed(2).
```
---
 scripts/fix_rpm | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/fix_rpm b/scripts/fix_rpm
index 05fa36e..0c44bf8 100755
--- a/scripts/fix_rpm
+++ b/scripts/fix_rpm
@@ -16,8 +16,13 @@ if [[ "${DISTRO_NAME}${DISTRO_VER}" == "centos7" ]]; then
   fi
 elif [ "${DISTRO_NAME}${DISTRO_VER}" = "ubi8" ]; then
   rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
-elif [ "${DISTRO_NAME}" = "almalinux" ]; then
+elif [ "${DISTRO_NAME}${DISTRO_VER}" = "almalinux8" ]; then
   rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
+elif [ "${DISTRO_NAME}${DISTRO_VER}" = "almalinux9" ]; then
+  # alma9 removed SHA1 availability by default, but it's still needed for the
+  # RPM key; re-enable it. Details: https://access.redhat.com/articles/3666211
+  update-crypto-policies --set LEGACY
+  rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
 fi
 
 rm -rf "/tmp/rpm-repos"