Question Upgrade Almalinux 8 to 9 with Plesk installed

[ansgar]

Server operating system version

Almalinux 8.9

Plesk version and microupdate number

18.0.59

I am researching on how to upgrade my VPS with Almalinux 8 to Almalinux 9. I am using LEAPP (ELevate Quickstart Guide | AlmaLinux Wiki)

The pre-upgrade check fails with the following message: Detected RPMs with RSA/SHA1 signature
As it turns out, these RPMs are Plesk packages. Here is a snippet from the log:

 cat /var/log/leapp//leapp-report.txt
Risk Factor: high (inhibitor)
Title: Detected RPMs with RSA/SHA1 signature
Summary: Digital signatures using SHA-1 hash algorithm are no longer considered secure and are not allowed to be used on RHEL 9 systems by default. This causes issues when using DNF/RPM to handle packages with RSA/SHA1 signatures as the signature cannot be checked with the default cryptographic policy. Any such packages cannot be installed, removed, or replaced unless the signature check is disabled in dnf/rpm or SHA-1 is enabled using non-default crypto-policies. For more information see the following documents:
  - Major changes in RHEL 9: https://red.ht/rhel-9-overview-major-changes
  - Security Considerations in adopting RHEL 9: https://red.ht/rhel-9-security-considerations
 The list of problematic packages:
    - pp18.0.59-bootstrapper (DSA/SHA1, Mon 26 Feb 2024 11:08:54 PM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-libboost-locale1.80 (DSA/SHA1, Mon 05 Sep 2022 10:44:52 AM UTC, Key ID bd11a6aa914bdf7e)
    - psa-mail-driver-common (DSA/SHA1, Mon 26 Feb 2024 11:09:06 PM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-dovecot-core (DSA/SHA1, Mon 26 Feb 2024 11:09:04 PM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-config-troubleshooter (DSA/SHA1, Mon 26 Feb 2024 11:09:04 PM UTC, Key ID bd11a6aa914bdf7e)
    - psa-updates (DSA/SHA1, Thu 12 Oct 2023 08:11:21 AM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-libboost-iostreams1.80 (DSA/SHA1, Mon 05 Sep 2022 10:44:53 AM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-libboost-system1.82 (DSA/SHA1, Tue 23 May 2023 09:44:54 AM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-libpoco-1.12.4 (DSA/SHA1, Sat 06 May 2023 12:08:56 PM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-php82-pdo (DSA/SHA1, Sun 17 Mar 2024 09:42:52 AM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-php83-mysql (DSA/SHA1, Fri 15 Mar 2024 02:16:54 PM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-php82-enchant (DSA/SHA1, Sun 17 Mar 2024 09:42:56 AM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-python3-regex (DSA/SHA1, Mon 24 Apr 2023 03:59:55 PM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-php82-opcache (DSA/SHA1, Sun 17 Mar 2024 09:42:57 AM UTC, Key ID bd11a6aa914bdf7e)
    - plesk-ruby3.0.5 (DSA/SHA1, Wed 07 Feb 2024 11:55:16 AM UTC, Key ID bd11a6aa914bdf7e)
etc etc

According to release notes of Almalinux 9, packages signed with SHA1 are not supported anymore.

How do I change the Plesk packages to be signed with SHA256 or higher?

 

[Peter Debik]

A direct upgrade from Alma 8 to Alma 9 is not yet supported. You have at least four more years from now until an update becomes necessary. Plesk will very likely provide an upgrade path within the next years. If you wish to switch to Alma 9, please setup a new server and use Plesk Migrator to migrate the existing installation to the new server.

 

[ansgar]

A direct upgrade from Alma 8 to Alma 9 is not yet supported. You have at least four more years from now until an update becomes necessary. Plesk will very likely provide an upgrade path within the next years. If you wish to switch to Alma 9, please setup a new server and use Plesk Migrator to migrate the existing installation to the new server.

Thanks Peter for your response. Hopefully it will be sooner then later I like to be prepared.