Skip to content

Raspberry Pi 5 Build Failure - "SHA1 is not considered secure since 2026-02-01" #200

Description

@cufflnk

Raspberry Pi 5 builds are failing to complete with the following error:

[browser]   Get:1 http://deb.debian.org/debian trixie InRelease [140 kB]
[browser]   Get:2 http://deb.debian.org/debian trixie-updates InRelease [47.3 kB]
[browser]   Get:3 http://deb.debian.org/debian-security trixie-security InRelease [43.4 kB]
[browser]   Get:4 http://archive.raspberrypi.com/debian trixie InRelease [54.8 kB]
[browser]   Get:5 http://deb.debian.org/debian trixie/main arm64 Packages [9607 kB]
[browser]   Err:4 http://archive.raspberrypi.com/debian trixie InRelease
[browser]     Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on CF8A1AF502A2AA2D763BAE7E82B129927FA3303E is not bound:            No binding signature at time 2026-01-29T17:03:28Z   because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance   because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

I came across similar reported issues that may be related:
raspberrypi/rpi-image-gen#170
raspberrypi/rpi-image-gen#171

A temporary workaround is to change this line in browser\build\rpi\raspi.list:
deb http://archive.raspberrypi.com/debian trixie main

To this:
deb [trusted=yes] http://archive.raspberrypi.com/debian/ trixie main

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions