SHA1 Deprecation Prevents Repositrory Based Installation on Debian

[qtc-de]

Describe the bug

Hi there 👋

not sure whether this falls unto the responsibility of the repository maintainers, but installation from the apt-repository (https://packages.microsoft.com/repos/azure-cli/) fails because SHA1 signatures are used that are no longer supported since Feb 01, 2026.

It might be general a good idea to add support for debian 13, because currently there seems to be no trixie dist available in https://packages.microsoft.com/repos/azure-cli/dists/ 🤔

Related command

Follow the installation instructions on https://learn.microsoft.com/de-de/cli/azure/install-azure-cli-linux. Then run:

sudo apt install azure-cli

Errors

An error occurred during the signature verification.
...
OpenPGP signature verification failed: https://packages.microsoft.com/repos/azure-cli bookworm InRelease
...
error message is: Signing key on BC528686B50D79E339D3721CEB3E94ADBE1229CF is not bound:
No binding signature at time 2026-01-13T03:52:28Z
because: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

Issue script & Debug output

Not applicable

Expected behavior

Installation should work fine.

Environment Summary

azure-cli version should not matter here. Operating system is Debian 13. Not sure whether SHA1 deprecation was also enforced on other Debian versions.

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• GPG Signature Invalid Error when trying to Install using one command option #31396
• azure-cli package repo using old signing key #7833

Powered by issue-sentinel