Obsoleting insecure SHA-1 hashes

[eMCeee89]

Hello Rancher team,

Packages built for RHEL 8 are signed with RSA/SHA1 hash that is getting obsolete. For instance, RHEL 9 has SHA-1 within disallowed system-wide cryptographic policies (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9-beta/html-single/considerations_in_adopting_rhel_9/index). It would be great to update the signing procedure to use a newer and more secure SHA-256 or similar.
I am attaching a result from DNF when trying to install RKE2 packages while having more secure (and default in RHEL 9) crypto-policy settings configured:
`

24-Mar-2022 15:58:48	Unknown Error occurred: Transaction test error:
24-Mar-2022 15:58:48	package rke2-selinux-0.9-1.el8.noarch does not verify: Header V4 RSA/SHA1 Signature, key ID e257814a: BAD
24-Mar-2022 15:58:48	package rke2-common-1.22.7~rke2r1-0.el8.x86_64 does not verify: Header V4 RSA/SHA1 Signature, key ID e257814a: BAD
24-Mar-2022 15:58:48	package rke2-server-1.22.7~rke2r1-0.el8.x86_64 does not verify: Header V4 RSA/SHA1 Signature, key ID e257814a: BAD
`

Thank you.