From 871d35e86dbc0ae66e399bcbf3ad3fecefa7949d Mon Sep 17 00:00:00 2001
From: David Galloway <david.galloway@ibm.com>
Date: Fri, 20 Feb 2026 12:25:31 -0500
Subject: [PATCH] sign-rpms: Sign using SHA256 algo

Signed-off-by: David Galloway <david.galloway@ibm.com>
---
 scripts/sign-rpms | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/sign-rpms b/scripts/sign-rpms
index 41ba563a..9fa487e4 100755
--- a/scripts/sign-rpms
+++ b/scripts/sign-rpms
@@ -72,7 +72,8 @@ for release in "${releases[@]}"; do
                 --define "_gpg_name '$keyid'" \
                 --define '_signature gpg' \
                 --define '__gpg_check_password_cmd /bin/true' \
-                --define "__gpg_sign_cmd %{__gpg} gpg --no-tty --yes --batch --no-armor --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u "%{_gpg_name}" --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
+                --define "__gpg_sign_cmd %{__gpg} gpg --no-tty --yes --batch --no-armor --digest-algo SHA256 --passphrase '$GPG_PASSPHRASE' --no-secmem-warning -u "%{_gpg_name}" --sign --detach-sign --output %{__signature_filename} %{__plaintext_filename}" \
+
                 --resign "$rpm_path"
 
             fi
@@ -100,7 +101,8 @@ for release in "${releases[@]}"; do
           if [[ $update_repo -eq 1 ]]; then
             for repomd in `find -name repomd.xml`; do
               echo "signing repomd: $repomd"
-              gpg --batch --yes --passphrase "$GPG_PASSPHRASE" --detach-sign --armor -u $keyid $repomd
+              gpg --batch --yes --digest-algo SHA256 --passphrase "$GPG_PASSPHRASE" --detach-sign --armor -u $keyid $repomd
+
             done
           fi
 
-- 
2.47.3