From 03003e6b1e38c123d091d538266380d60fedcf06 Mon Sep 17 00:00:00 2001
From: Alvaro Cabanas <acabanas@newrelic.com>
Date: Wed, 18 Dec 2024 15:08:43 +0100
Subject: [PATCH] Modify the signing algorithm to sha256 for gpgsign (#1970)

---
 build/sign.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/sign.sh b/build/sign.sh
index 72a94c714..0ab29daa1 100644
--- a/build/sign.sh
+++ b/build/sign.sh
@@ -28,7 +28,7 @@ echo "%_gpg_name ${GPG_MAIL}" >> ~/.rpmmacros
 echo "%_signature gpg" >> ~/.rpmmacros
 echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros
 echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros
-echo "%__gpg_sign_cmd   %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros
+echo "%__gpg_sign_cmd   %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros
 
 echo "===> Importing GPG private key from GHA secrets..."
 printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import -