In Yum/DNF repositories, the repomd.xml file serves as the primary metadata index. It contains checksums to verify the integrity of other metadata files. While historically using the SHA-1 algorithm, modern package managers and security standards prefer the stronger SHA-256 algorithm to ensure metadata has not been tampered with.
Artifactory allows you to include these more secure SHA-256 checksums in your RPM local repository repomd.xml, improving both security and compatibility with modern clients.
Set Artifactory System Properties - Self-hosted: Enabling/Disabling SHA-256
Showing only SHA-256 checksums in repomd.xml is now configurable via artifactory system properties artifactory.yum.local.repomd.calculate.sha2.enabled=true
When set to false (Default): Artifactory writes only SHA-1 checksum entries in
repomd.xml. Artifactory still maintains SHA-256 checksums for packages internally, butrepomd.xmlwill not include SHA-256 entries.When set to true: Artifactory writes only SHA-256 checksum entries in
repomd.xmlfor each metadata component.
Impact on Repository Metadata and Clients
Enabling this feature adds a checksum entry with type="sha256" to the repomd.xml file for each metadata component.
Enable/Disable SHA-256 via UI
As an administrator, you can enable/disable the property.