Something I ran into recently was the issue of signed keys and packages that needed to be installed on a server. In this case it was ‘rspamd’ that needed an update and was complaining about SHA-1 not being available. You can work around this error.

This is discouraged. Even a signature from a years old RPM could be hacked recently by an attacker. If you really know what you are doing, there’s a possibility to use dnf –nogpgcheck option.

Alternatively you can also switch to the legacy crypto policy:

update-crypto-policies --set LEGACY

Or explicitly allow the SHA-1:

update-crypto-policies --set DEFAULT:SHA1

But please don’t forget to switch back, e.g.:

update-crypto-policies --set DEFAULT