Update on tor issue on my debian
On Wednesday, June 1, 2022 7:25:44 PM CEST Keifer Bly wrote:
So upon trying all of the mentioned commands, my tor installation still encounters an error when trying to update. Attached is a photo of my sources.list.debian.templ and sources.list. When trying to update the returned error sources.list.debian.temp I would not change the template from the provider.
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
Dir '/etc/apt/sources.list.d/' is empty by default. I would delete all files there. $ sudo rm -i /etc/apt/sources.list.d/*
E: Conflicting values set for option Signed-By regarding source https://deb.torproject.org/torproject.org/ buster: /usr/share/keyrings/tor-archive-keyring.gpg !=
E: The list of sources could not be read.
You have to configure it in either the Debian buster way or the new way since Debian bullseye. Old buster way + (apt-key add) in file: /etc/apt/sources.list deb https://deb.torproject.org/torproject.org buster main New bullseye way + (tor-archive-keyring) create a file in the directory: '/etc/apt/sources.list.d/' with the name 'tor.list' with just one line: deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https:// deb.torproject.org/torproject.org buster main For Buster, you just have to delete the penultimate line: deb http://ftp.de.debian.org/debian stretch main and [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] in the last line in /etc/apt/sources.list. Other consideration: (You must upgrade buster to bullseye, your certificates may still be out of date, your tor daemon is running as root!?, etc.) nusenu gave tips on relay migration a few days ago. - stop tor, save tor config and the entire datadir Reinstall bullseye from the provider customer menu - then copy over tor config and datadir, set the right permissions and let the relay run again. Tomorrow is a workshop from Torproject -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
Well, after deleting those files, etc, here is the terminal output when running apt-get update. root@vps-3e661acc:/home/debian# root@vps-3e661acc:/home/debian# apt-get update Hit:1 http://security.debian.org buster/updates InRelease Hit:2 http://deb.debian.org/debian buster InRelease Hit:3 http://deb.debian.org/debian buster-backports InRelease Ign:4 https://deb.torproject.org/torproject.org buster InRelease Ign:5 https://deb.torproject.org/torproject.org buster Release Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages Err:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443] Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US Reading package lists... Done E: Failed to fetch https://deb.torproject.org/torproject.org/dists/buster/main/binary-amd64/Pac... Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443] So, that appears to have fixed the updating from a respiratory issue. But I am wondering what is the terminal command to update the SSL certificate? Thanks. --Keifer On Fri, Jun 3, 2022 at 9:48 AM <lists@for-privacy.net> wrote:
On Wednesday, June 1, 2022 7:25:44 PM CEST Keifer Bly wrote:
So upon trying all of the mentioned commands, my tor installation still encounters an error when trying to update. Attached is a photo of my sources.list.debian.templ and sources.list. When trying to update the returned error sources.list.debian.temp I would not change the template from the provider.
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it
has
no filename extension
N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension Dir '/etc/apt/sources.list.d/' is empty by default. I would delete all files there. $ sudo rm -i /etc/apt/sources.list.d/*
E: Conflicting values set for option Signed-By regarding source https://deb.torproject.org/torproject.org/ buster: /usr/share/keyrings/tor-archive-keyring.gpg !=
E: The list of sources could not be read.
You have to configure it in either the Debian buster way or the new way since Debian bullseye.
Old buster way + (apt-key add) in file: /etc/apt/sources.list deb https://deb.torproject.org/torproject.org buster main
New bullseye way + (tor-archive-keyring) create a file in the directory: '/etc/apt/sources.list.d/' with the name 'tor.list' with just one line: deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https:// deb.torproject.org/torproject.org buster main
For Buster, you just have to delete the penultimate line: deb http://ftp.de.debian.org/debian stretch main and [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] in the last line in /etc/apt/sources.list.
Other consideration: (You must upgrade buster to bullseye, your certificates may still be out of date, your tor daemon is running as root!?, etc.) nusenu gave tips on relay migration a few days ago. - stop tor, save tor config and the entire datadir Reinstall bullseye from the provider customer menu - then copy over tor config and datadir, set the right permissions and let the relay run again.
Tomorrow is a workshop from Torproject
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Nevermind, I got it. Now there are two other things I wanted to ask about, is there a way I can set tor to automatically update over time? Also, my bridge at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D... says it's blocked in Russia. Is there a way to set a bridge to get a new IP address automatically every once in a while so it will have a new, unblocked IP address? I think this would be a good idea. --Keifer On Wed, Jun 1, 2022 at 10:25 AM Keifer Bly <keifer.bly@gmail.com> wrote:
Hi all,
So upon trying all of the mentioned commands, my tor installation still encounters an error when trying to update. Attached is a photo of my sources.list.debian.templ and sources.list. When trying to update the returned error
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
E: Conflicting values set for option Signed-By regarding source https://deb.torproject.org/torproject.org/ buster: /usr/share/keyrings/tor-archive-keyring.gpg !=
E: The list of sources could not be read.
I am wondering, is there simply a tool for configuring the sources.list and all other Debian os needed files for tor updates? Thank you.
--Keifer
Hey, yes: https://wiki.debian.org/UnattendedUpgrades Greetings On 03/06/2022 22:51, Keifer Bly wrote:
Nevermind, I got it.
Now there are two other things I wanted to ask about, is there a way I can set tor to automatically update over time? Also, my bridge at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D... <https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB> says it's blocked in Russia. Is there a way to set a bridge to get a new IP address automatically every once in a while so it will have a new, unblocked IP address? I think this would be a good idea. --Keifer
On Wed, Jun 1, 2022 at 10:25 AM Keifer Bly <keifer.bly@gmail.com <mailto:keifer.bly@gmail.com>> wrote:
__ __
Hi all,
__ __
So upon trying all of the mentioned commands, my tor installation still encounters an error when trying to update. Attached is a photo of my sources.list.debian.templ and sources.list. When trying to update the returned error
__ __
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
E: Conflicting values set for option Signed-By regarding source https://deb.torproject.org/torproject.org/ <https://deb.torproject.org/torproject.org/> buster: /usr/share/keyrings/tor-archive-keyring.gpg !=
E: The list of sources could not be read.
__ __
I am wondering, is there simply a tool for configuring the sources.list and all other Debian os needed files for tor updates? Thank you.
__ __
__ __
--Keifer____
__ __
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Friday, June 3, 2022 10:51:07 PM CEST Keifer Bly wrote:
Nevermind, I got it.
Now there are two other things I wanted to ask about, is there a way I can set tor to automatically update over time? Also, my bridge at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D 4C8C91923AB says it's blocked in Russia. Yes, that's how it should be. ;-) Meskio did this especially so that your bridge would not be found by the Russian government.
Is there a way to set a bridge to get a new IP address automatically every once in a while so it will have a new, unblocked IP address? I think this would be a good idea. New IP's are available from the provider or entire blocks from the RIR.
-- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
Keifer Bly:
Hi all,
So upon trying all of the mentioned commands, my tor installation still encounters an error when trying to update. Attached is a photo of my sources.list.debian.templ and sources.list. When trying to update the returned error
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension
E: Conflicting values set for option Signed-By regarding source https://deb.torproject.org/torproject.org/ buster: /usr/share/keyrings/tor-archive-keyring.gpg !=
E: The list of sources could not be read.
I am wondering, is there simply a tool for configuring the sources.list Yes, extrepo. It is recommended by your os.
apt install extrepo -y && extrepo enable torproject
and all other Debian os needed files for tor updates? Thank you.
--Keifer
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (4)
-
Jonas Friedli -
Keifer Bly -
lists@for-privacy.net -
Sebastian Elisa Pfeifer