On 5/3/22 07:31, Keifer Bly wrote:
Err:15 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Maybe renew the key ?
Certificate verification failed: The certificate is NOT trusted. The
certificate chain uses expired certificate. Could not handshake: Error
in the certificate verification. [IP: 95.216.163.36 443]
Maybe renew the key ?
The repo uses a LetsEncrypt certificate.
Odds are, the OP's system's trust store is quite old and so still has the old root in place - LE's intermediate has multiple signatures and one of the roots expired last year.
Running
sudo apt-get -y install ca-certificates
Should bring it up to date (assuming there's a relatively modern openssl in use - I think 1.0 will throw an error either way because it still tries to follow both forks in the chain and borks when it sees the expired cert).
Just did this, and it says its up to date. Thanks. --Keifer
On Tue, May 3, 2022 at 1:17 AM ben ben@bentasker.co.uk wrote:
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Maybe renew the key ?
The repo uses a LetsEncrypt certificate.
Odds are, the OP's system's trust store is quite old and so still has the old root in place - LE's intermediate has multiple signatures and one of the roots expired last year.
Running
sudo apt-get -y install ca-certificatesShould bring it up to date (assuming there's a relatively modern openssl in use - I think 1.0 will throw an error either way because it still tries to follow both forks in the chain and borks when it sees the expired cert).
-- Ben Tasker https://www.bentasker.co.uk
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
What is the command for doing that? Thanks. --Keifer
On Tue, May 3, 2022 at 12:00 AM Toralf Förster toralf.foerster@gmx.de wrote:
On 5/3/22 07:31, Keifer Bly wrote:
Err:15 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Maybe renew the key ?
-- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Seems like your machine doesn't recognize the certificate for https://deb.torproject.org, which is a separate issue from eg. the GPG key not matching which would make it untrusted.
Seems something in the certificate chain from Let's Encrypt has expired, because the cert itself is still valid.
On Tuesday, May 3, 2022 7:31:46 AM CEST Keifer Bly wrote:
So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log
In addition to the outdated certificates, you get Tor for Ubuntu and not Debian:
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 http://deb.debian.org/debian buster InRelease
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
Ign:5 http://ftp.de.debian.org/debian stretch InRelease
Hit:6 http://ftpde.debian.org/debian stretch Release
I would delete the outdated Debian stretch archives.
Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
Ign:8 http://deb.torproject.org/torproject.org trusty Release
Trusty? Why are you using Tor for Ubuntu? For Debian Buster you should also use the buster archive:
deb https://deb.torproject.org/torproject.org buster main
apt update ; apt install tor apt-transport-tor -y sed -i 's/https://deb.debian.org/tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/g' /etc/apt/sources.list sed -i 's/https://security.debian.org/tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/g' /etc/apt/sources.list echo "deb tor+http://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torpro... bullseye main" >> /etc/apt/sources.list.d/deb.torproject.org.list echo "deb-src tor+http://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torpro... bullseye main" >> /etc/apt/sources.list.d/deb.torproject.org.list apt update ; apt install gpg gpg-agent torsocks wget -y torsocks wget -qO- http://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torpro... gpg --import gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
## # source : http://jvgypgbnfyvfopg5msp6nwr2sl2fd6xmnguq35n7rfkw3yungjn2i4yd.onion
In particular, once you have the apt-transport-tor package installed, the following entries should work in your sources list for a Debian system:
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian buster main deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian buster-updates main deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian... buster/updates main
#deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian buster-backports main
lists@for-privacy.net:
On Tuesday, May 3, 2022 7:31:46 AM CEST Keifer Bly wrote:
So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log
In addition to the outdated certificates, you get Tor for Ubuntu and not Debian:
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 http://deb.debian.org/debian buster InRelease
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
Ign:5 http://ftp.de.debian.org/debian stretch InRelease
Hit:6 http://ftpde.debian.org/debian stretch Release
I would delete the outdated Debian stretch archives.
Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
Ign:8 http://deb.torproject.org/torproject.org trusty Release
Trusty? Why are you using Tor for Ubuntu? For Debian Buster you should also use the buster archive:
deb https://deb.torproject.org/torproject.org buster main
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:
https://support.torproject.org/apt/tor-deb-repo/
Thanks. --Keifer
On Mon, May 2, 2022 at 10:31 PM Keifer Bly keifer.bly@gmail.com wrote:
Hi all,
So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 http://deb.debian.org/debian buster InRelease
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
Ign:5 http://ftp.de.debian.org/debian stretch InRelease
Hit:6 http://ftpde.debian.org/debian stretch Release
Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
Ign:8 http://deb.torproject.org/torproject.org trusty Release
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Err:15 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Err:9 http://deb.torproject.org/torproject.org trusty/main Sources
404 Not Found [IP: 116.202.120.166 80]
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Reading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# apt-get update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://deb.debian.org/debian buster-updates InRelease
Hit:4 http://deb.debian.org/debian buster-backports InRelease
Ign:5 https://deb.torproject.org/torproject.org amd64 InRelease
Ign:6 http://ftp.de.debian.org/debian stretch InRelease
Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
Hit:8 http://ftp.de.debian.org/debian stretch Release
Ign:9 http://deb.torproject.org/torproject.org trusty Release
Err:10 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torprojectorg trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Err:11 http://deb.torproject.org/torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Reading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sourceslist.d/' as it has no filename extension
E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@vps-3e661acc:/home/debian# tor
May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc.
May 03 05:20:21.469 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 03 05:20:21.469 [notice] Read configuration file "/etc/tor/torrc".
May 03 05:20:21.470 [notice] Based on detected system memory, MaxMemInQueues is set to 1462 MB. You can override this by setting MaxMemInQueues by hand.
May 03 05:20:21.472 [notice] Opening Control listener on 127.0.0.1:9051
May 03 05:20:21.472 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051
May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001
May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001
May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001
May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on [::]:9001
May 03 05:20:21.472 [notice] Opening Directory listener on 0.0.0.0:9030
May 03 05:20:21.472 [notice] Opened Directory listener connection (ready) on 0.0.0.0:9030
root@vps-3e661acc:/home/debian# sudo apt update && sudo apt install -y --only-upgrade tor
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://deb.debian.org/debian buster-updates InRelease
Hit:4 http://deb.debian.org/debian buster-backports InRelease
Ign:5 http://ftp.de.debian.org/debian stretch InRelease
Hit:6 http://ftp.de.debian.org/debian stretch Release
Ign:7 https://deb.torproject.org/torproject.org amd64 InRelease
Ign:8 http://deb.torproject.org/torproject.org trusty InRelease
Ign:9 http://deb.torproject.org/torproject.org trusty Release
Err:10 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://debtorproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://debtorproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Err:11 http://deb.torproject.org/torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Reading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
This happens despite tor being listed as trsuted in my sources file:
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
###
# See http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html
# for how to upgrade to newer versions of the distribution.
deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb [trusted=yes] http://deb.debian.org/debian buster-updates main
deb-src [trusted=yes] http://deb.debian.org/debian buster-updates main
## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
deb http://ftp.de.debian.org/debian stretch main
deb [trusted=yes] http://deb.torproject.org/torproject.org trusty main
deb-src [trusted=yes] http://deb.torproject.org/torproject.org trusty main
So, for some reason Debian is seeing tor as untrusted despite that it has been listed as trusted. Tor is being run as root so its not a restricted user error. I am wondering why this might be happening? Thanks.
--Keifer
On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
I am not sure how to get rid of the trusty / ubuntu packages?
You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/ sources.list or you have created the file /etc/apt/sources.list.d/tor.list?
I simply followed the instructions here: https://support.torproject.org/apt/tor-deb-repo/
You are running oldstable 'buster', this guide has been updated for stable 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not yet required in buster, but it doesn't hurt. The new 'deb.torproject.org-keyring' package renews both keyrings in: /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
¹Apt-key will last be available in Debian 11 and Ubuntu 22.04. Since bullseye, 'apt-key add' has been deprecated and is no longer available in bookworm. Only 'apt-key del' then still works.
¹https://manpages.debian.org/testing/apt/apt-key.8.en.html
Background info: https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace... or $websearch: Why apt-key is deprecated?
Ok. I have tried different things. And the same is still happening:
sources.list file:
## Note, this file is written by cloud-init on first boot of an instance ## modifications made here will not survive a re-bundle. ## if you wish to make changes you can: ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg ## or do the same in user-data ## b.) add sources in /etc/apt/sources.list.d ## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl ###
# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html # for how to upgrade to newer versions of the distribution. deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main
deb [trusted=yes] http://deb.torproject.org/torproject.org buster main deb http://deb.torproject.org/torproject.org buster main
deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main
## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main deb http://ftp.de.debian.org/debian stretch main
tor.list file:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main
Please, what should the sources.list and tor.list files look like? I am sorry to ask. Thanks.
--Keifer
On Wed, May 4, 2022 at 4:34 AM lists@for-privacy.net wrote:
On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
I am not sure how to get rid of the trusty / ubuntu packages?
You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/ sources.list or you have created the file /etc/apt/sources.list.d/tor.list?
I simply followed the instructions here: https://support.torproject.org/apt/tor-deb-repo/
You are running oldstable 'buster', this guide has been updated for stable 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not yet required in buster, but it doesn't hurt. The new 'deb.torproject.org-keyring' package renews both keyrings in: /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
¹Apt-key will last be available in Debian 11 and Ubuntu 22.04. Since bullseye, 'apt-key add' has been deprecated and is no longer available in bookworm. Only 'apt-key del' then still works.
¹https://manpages.debian.org/testing/apt/apt-key.8.en.html
Background info:
https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace... or $websearch: Why apt-key is deprecated?
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am slightly confused, thank you. --Keifer
On Wed, May 4, 2022 at 5:29 PM Keifer Bly keifer.bly@gmail.com wrote:
Ok. I have tried different things. And the same is still happening:
sources.list file:
## Note, this file is written by cloud-init on first boot of an instance ## modifications made here will not survive a re-bundle. ## if you wish to make changes you can: ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg ## or do the same in user-data ## b.) add sources in /etc/apt/sources.list.d ## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl ###
# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html # for how to upgrade to newer versions of the distribution. deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main
deb [trusted=yes] http://deb.torproject.org/torproject.org buster main deb http://deb.torproject.org/torproject.org buster main
deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main
## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main deb http://ftp.de.debian.org/debian stretch main
tor.list file:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main
Please, what should the sources.list and tor.list files look like? I am sorry to ask. Thanks.
--Keifer
On Wed, May 4, 2022 at 4:34 AM lists@for-privacy.net wrote:
On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
I am not sure how to get rid of the trusty / ubuntu packages?
You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/ sources.list or you have created the file /etc/apt/sources.list.d/tor.list?
I simply followed the instructions here: https://support.torproject.org/apt/tor-deb-repo/
You are running oldstable 'buster', this guide has been updated for stable 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not yet required in buster, but it doesn't hurt. The new 'deb.torproject.org-keyring' package renews both keyrings in: /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
¹Apt-key will last be available in Debian 11 and Ubuntu 22.04. Since bullseye, 'apt-key add' has been deprecated and is no longer available in bookworm. Only 'apt-key del' then still works.
¹https://manpages.debian.org/testing/apt/apt-key.8.en.html
Background info:
https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace... or $websearch: Why apt-key is deprecated?
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thursday, May 5, 2022 2:29:30 AM CEST Keifer Bly wrote:
Ok. I have tried different things. And the same is still happening:
sources.list file:
## Note, this file is written by cloud-init on first boot of an instance ## modifications made here will not survive a re-bundle. ## if you wish to make changes you can:
## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
OK, you must look in '/etc/apt/sources.list' and in '/etc/cloud/templates/sources.list.debian.tmpl' and delete or comment out the below mentioned 4 lines:
# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html # for how to upgrade to newer versions of the distribution.
Ignore the upgrade notice and i386. You can use buster until the end of 2022 and I'm pretty sure google cloud is amd64.
deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main
You can|must delete these 3 lines...
deb [trusted=yes] http://deb.torproject.org/torproject.org buster main deb http://deb.torproject.org/torproject.org buster main deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main
## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main
... and this old one from debian stretch:
deb http://ftp.de.debian.org/debian stretch main
tor.list file:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main
Please, what should the sources.list and tor.list files look like? I am sorry to ask. Thanks.
In '/etc/apt/sources.list.d/tor.list' just this one line:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https:// deb.torproject.org/torproject.org buster main
Generally 'deb-src' are the package sources if you want to compile packages yourself. You don't need that. Not for Tor and not for Debian either. But it doesn't matter if you leave them, it occupies a few MB more in /var/cache/apt/ archives/
Your sources.list file entry looks incorrect. I would definitely not recommend using trust=yes for a repo like tor, as it bypasses apt's security checks.
According to the instructions you linked https://support.torproject.org/apt/tor-deb-repo/, your source for the tor packages should be listed in /etc/apt/sources.list.d/tor.list as something like:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main
The instructions tell you how to import the repo key as well:
# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
/dev/null
On 5/3/22 13:10, Keifer Bly wrote:
I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:
https://support.torproject.org/apt/tor-deb-repo/
Thanks. --Keifer
On Mon, May 2, 2022 at 10:31 PM Keifer Bly keifer.bly@gmail.com wrote:
Hi all, So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log Get:1 http://security.debian.org buster/updates InRelease [65.4 kB] Hit:2 http://deb.debian.org/debian buster InRelease Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB] Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB] Ign:5 http://ftp.de.debian.org/debian stretch InRelease Hit:6 http://ftpde.debian.org/debian stretch Release Ign:7 http://deb.torproject.org/torproject.org trusty InRelease Ign:8 http://deb.torproject.org/torproject.org trusty Release Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Err:15 https://deb.torproject.org/torproject.org amd64 Release Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443] Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Err:9 http://deb.torproject.org/torproject.org trusty/main Sources 404 Not Found [IP: 116.202.120.166 80] Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Reading package lists... Done N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list root@vps-3e661acc:/home/debian# apt-get update Hit:1 http://security.debian.org buster/updates InRelease Hit:2 http://deb.debian.org/debian buster InRelease Hit:3 http://deb.debian.org/debian buster-updates InRelease Hit:4 http://deb.debian.org/debian buster-backports InRelease Ign:5 https://deb.torproject.org/torproject.org amd64 InRelease Ign:6 http://ftp.de.debian.org/debian stretch InRelease Ign:7 http://deb.torproject.org/torproject.org trusty InRelease Hit:8 http://ftp.de.debian.org/debian stretch Release Ign:9 http://deb.torproject.org/torproject.org trusty Release Err:10 https://deb.torproject.org/torproject.org amd64 Release Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443] Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:13 http://deb.torproject.org/torprojectorg trusty/main all Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64 Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en Err:11 http://deb.torproject.org/torproject.org trusty/main Sources 404 Not Found [IP: 95.216.163.36 80] Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en Reading package lists... Done N: Ignoring file 'DEADJOE' in directory '/etc/apt/sourceslist.d/' as it has no filename extension E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. root@vps-3e661acc:/home/debian# tor May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc. May 03 05:20:21.469 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning May 03 05:20:21.469 [notice] Read configuration file "/etc/tor/torrc". May 03 05:20:21.470 [notice] Based on detected system memory, MaxMemInQueues is set to 1462 MB. You can override this by setting MaxMemInQueues by hand. May 03 05:20:21.472 [notice] Opening Control listener on 127.0.0.1:9051 <http://127.0.0.1:9051> May 03 05:20:21.472 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051 <http://127.0.0.1:9051> May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001 <http://0.0.0.0:9001> May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001 <http://0.0.0.0:9001> May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001 May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on [::]:9001 May 03 05:20:21.472 [notice] Opening Directory listener on 0.0.0.0:9030 <http://0.0.0.0:9030> May 03 05:20:21.472 [notice] Opened Directory listener connection (ready) on 0.0.0.0:9030 <http://0.0.0.0:9030> root@vps-3e661acc:/home/debian# sudo apt update && sudo apt install -y --only-upgrade tor Hit:1 http://security.debian.org buster/updates InRelease Hit:2 http://deb.debian.org/debian buster InRelease Hit:3 http://deb.debian.org/debian buster-updates InRelease Hit:4 http://deb.debian.org/debian buster-backports InRelease Ign:5 http://ftp.de.debian.org/debian stretch InRelease Hit:6 http://ftp.de.debian.org/debian stretch Release Ign:7 https://deb.torproject.org/torproject.org amd64 InRelease Ign:8 http://deb.torproject.org/torproject.org trusty InRelease Ign:9 http://deb.torproject.org/torproject.org trusty Release Err:10 https://deb.torproject.org/torproject.org amd64 Release Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443] Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:13 http://debtorproject.org/torproject.org trusty/main amd64 Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:11 http://debtorproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Err:11 http://deb.torproject.org/torproject.org trusty/main Sources 404 Not Found [IP: 95.216.163.36 80] Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US Reading package lists... Done N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. This happens despite tor being listed as trsuted in my sources file: ## Note, this file is written by cloud-init on first boot of an instance ## modifications made here will not survive a re-bundle. ## if you wish to make changes you can: ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg ## or do the same in user-data ## b.) add sources in /etc/apt/sources.list.d ## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl ### # See http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html # for how to upgrade to newer versions of the distribution. deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main ## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main deb [trusted=yes] http://deb.debian.org/debian buster-updates main deb-src [trusted=yes] http://deb.debian.org/debian buster-updates main ## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main deb http://ftp.de.debian.org/debian stretch main deb [trusted=yes] http://deb.torproject.org/torproject.org trusty main deb-src [trusted=yes] http://deb.torproject.org/torproject.org trusty main So, for some reason Debian is seeing tor as untrusted despite that it has been listed as trusted. Tor is being run as root so its not a restricted user error. I am wondering why this might be happening? Thanks. --Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thank you. But running wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Simply displays a message "no valid openpgp data found". My sources file looks like this now.deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main
deb http://deb.torproject.org/torproject.org buster main deb http://deb.torproject.org/torproject.org buster main
deb-src http://deb.torproject.org/torproject.org buster main
## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main deb http://ftp.de.debian.org/debian stretch main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main
Thank you.
--Keifer
On Wed, May 4, 2022 at 7:27 PM tor admin via tor-relays < tor-relays@lists.torproject.org> wrote:
Your sources.list file entry looks incorrect. I would definitely not recommend using trust=yes for a repo like tor, as it bypasses apt's security checks.
According to the instructions you linked https://support.torproject.org/apt/tor-deb-repo/, your source for the tor packages should be listed in /etc/apt/sources.list.d/tor.list as something like:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main
The instructions tell you how to import the repo key as well:
# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
On 5/3/22 13:10, Keifer Bly wrote:
I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:
https://support.torproject.org/apt/tor-deb-repo/
Thanks. --Keifer
On Mon, May 2, 2022 at 10:31 PM Keifer Bly keifer.bly@gmail.com wrote:
Hi all,
So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 http://deb.debian.org/debian buster InRelease
Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
Ign:5 http://ftp.de.debian.org/debian stretch InRelease
Hit:6 http://ftpde.debian.org/debian stretch Release
Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
Ign:8 http://deb.torproject.org/torproject.org trusty Release
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Err:15 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Err:9 http://deb.torproject.org/torproject.org trusty/main Sources
404 Not Found [IP: 116.202.120.166 80]
Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Reading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# apt-get update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://deb.debian.org/debian buster-updates InRelease
Hit:4 http://deb.debian.org/debian buster-backports InRelease
Ign:5 https://deb.torproject.org/torproject.org amd64 InRelease
Ign:6 http://ftp.de.debian.org/debian stretch InRelease
Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
Hit:8 http://ftp.de.debian.org/debian stretch Release
Ign:9 http://deb.torproject.org/torproject.org trusty Release
Err:10 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torprojectorg trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Err:11 http://deb.torproject.org/torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en
Reading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sourceslist.d/' as it has no filename extension
E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@vps-3e661acc:/home/debian# tor
May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc.
May 03 05:20:21.469 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 03 05:20:21.469 [notice] Read configuration file "/etc/tor/torrc".
May 03 05:20:21.470 [notice] Based on detected system memory, MaxMemInQueues is set to 1462 MB. You can override this by setting MaxMemInQueues by hand.
May 03 05:20:21.472 [notice] Opening Control listener on 127.0.0.1:9051
May 03 05:20:21.472 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051
May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001
May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001
May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001
May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on [::]:9001
May 03 05:20:21.472 [notice] Opening Directory listener on 0.0.0.0:9030
May 03 05:20:21.472 [notice] Opened Directory listener connection (ready) on 0.0.0.0:9030
root@vps-3e661acc:/home/debian# sudo apt update && sudo apt install -y --only-upgrade tor
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://deb.debian.org/debian buster-updates InRelease
Hit:4 http://deb.debian.org/debian buster-backports InRelease
Ign:5 http://ftp.de.debian.org/debian stretch InRelease
Hit:6 http://ftp.de.debian.org/debian stretch Release
Ign:7 https://deb.torproject.org/torproject.org amd64 InRelease
Ign:8 http://deb.torproject.org/torproject.org trusty InRelease
Ign:9 http://deb.torproject.org/torproject.org trusty Release
Err:10 https://deb.torproject.org/torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://debtorproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://debtorproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Err:11 http://deb.torproject.org/torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en
Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US
Reading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension
E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
This happens despite tor being listed as trsuted in my sources file:
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
###
# See http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html
# for how to upgrade to newer versions of the distribution.
deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb [trusted=yes] http://deb.debian.org/debian buster-updates main
deb-src [trusted=yes] http://deb.debian.org/debian buster-updates main
## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
deb http://ftp.de.debian.org/debian stretch main
deb [trusted=yes] http://deb.torproject.org/torproject.org trusty main
deb-src [trusted=yes] http://deb.torproject.org/torproject.org trusty main
So, for some reason Debian is seeing tor as untrusted despite that it has been listed as trusted. Tor is being run as root so its not a restricted user error. I am wondering why this might be happening? Thanks.
--Keifer
tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 6DDD89.asc
gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Maybe copy paste error. It must be one line and you must be root or type 'sudo' in front of it. Maybe you can better copy from here:
3. Then add the gpg key ... https://support.torproject.org/apt/
Simply displays a message "no valid openpgp data found". My sources file
If this message appears again, install gpg: sudo apt update && apt -y install gnupg
Simply displays a message "no valid openpgp data found". My sources file
You'll see this because your system doesn't trust the cert chain.
You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)
If you run
wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88...
I suspect you'll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.
As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
# Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output "/tmp/ISRG_Root_X1.crt" "https://letsencrypt.org/certs/isrgrootx1.pem.txt"
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
# Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
Ok will try these things. Does that it's an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
--Keifer
On Thu, May 5, 2022, 8:41 AM ben ben@bentasker.co.uk wrote:
Simply displays a message "no valid openpgp data found". My sources file
You'll see this because your system doesn't trust the cert chain.
You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)
If you run
wgethttps://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 6DDD89.asc
I suspect you'll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.
As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
# Verify that this gives a cert warning curl https://deb.torproject.org/torproject.org/ curl -k --output "/tmp/ISRG_Root_X1.crt" "https://letsencrypt.org/certs/isrgrootx1.pem.txt" sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates
# Now try again curl https://deb.torproject.org/torproject.org/If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
-- Ben Tasker https://www.bentasker.co.uk
---- On Thu, 05 May 2022 13:21:22 +0100 * <lists@for-privacy.net lists@for-privacy.net>* wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc
gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg /dev/null
Maybe copy paste error. It must be one line and you must be root or type 'sudo' in front of it. Maybe you can better copy from here:
- Then add the gpg key ...
https://support.torproject.org/apt/
Simply displays a message "no valid openpgp data found". My sources file
If this message appears again, install gpg: sudo apt update && apt -y install gnupg
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am running as the root user.
--Keifer
On Sat, May 7, 2022, 10:50 AM Keifer Bly keifer.bly@gmail.com wrote:
Ok will try these things. Does that it's an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
--Keifer
On Thu, May 5, 2022, 8:41 AM ben ben@bentasker.co.uk wrote:
Simply displays a message "no valid openpgp data found". My sources file
You'll see this because your system doesn't trust the cert chain.
You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)
If you run
wgethttps://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 6DDD89.asc
I suspect you'll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.
As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
# Verify that this gives a cert warning curl https://deb.torproject.org/torproject.org/ curl -k --output "/tmp/ISRG_Root_X1.crt" "https://letsencrypt.org/certs/isrgrootx1.pem.txt" sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates
# Now try again curl https://deb.torproject.org/torproject.org/If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
-- Ben Tasker https://www.bentasker.co.uk
---- On Thu, 05 May 2022 13:21:22 +0100 * <lists@for-privacy.net lists@for-privacy.net>* wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc
gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg /dev/null
Maybe copy paste error. It must be one line and you must be root or type 'sudo' in front of it. Maybe you can better copy from here:
- Then add the gpg key ...
https://support.torproject.org/apt/
Simply displays a message "no valid openpgp data found". My sources
file
If this message appears again, install gpg: sudo apt update && apt -y install gnupg
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have done all these and it still happens. Is there perhaps a tool that will set this up? Thanks.
--Keifer
On Sat, May 7, 2022, 10:54 AM Keifer Bly keifer.bly@gmail.com wrote:
I am running as the root user.
--Keifer
On Sat, May 7, 2022, 10:50 AM Keifer Bly keifer.bly@gmail.com wrote:
Ok will try these things. Does that it's an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
--Keifer
On Thu, May 5, 2022, 8:41 AM ben ben@bentasker.co.uk wrote:
Simply displays a message "no valid openpgp data found". My sources
file
You'll see this because your system doesn't trust the cert chain.
You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)
If you run
wgethttps://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 6DDD89.asc
I suspect you'll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.
As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
# Verify that this gives a cert warning curl https://deb.torproject.org/torproject.org/ curl -k --output "/tmp/ISRG_Root_X1.crt" "https://letsencrypt.org/certs/isrgrootx1.pem.txt" sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates
# Now try again curl https://deb.torproject.org/torproject.org/If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
-- Ben Tasker https://www.bentasker.co.uk
---- On Thu, 05 May 2022 13:21:22 +0100 * <lists@for-privacy.net lists@for-privacy.net>* wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc
gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg /dev/null
Maybe copy paste error. It must be one line and you must be root or type 'sudo' in front of it. Maybe you can better copy from here:
- Then add the gpg key ...
https://support.torproject.org/apt/
Simply displays a message "no valid openpgp data found". My sources
file
If this message appears again, install gpg: sudo apt update && apt -y install gnupg
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Did the final curl complain about an expired certificate?
curl https://deb.torproject.org/torproject.org/
If so, that might indicate you've got OpenSSL 1.0, try
openssl version
If that's the case, then really you need to get that (and/or the underlying OS) updated.
In the short term, we can address this by commenting out the expired root in your trust store.
sudo -s
cp /etc/ca-certificates.conf ~/ca-certificates.conf.bkup
sed -i '/^mozilla/DST_Root_CA_X3.crt$/ s/^/!/' /etc/ca-certificates.conf
update-ca-certificates
Then try the curl again
curl https://deb.torproject.org/torproject.org/
It should no longer complain about the certificate having expired. If it now complains that the certificate isn't trusted, then the X1 cert isn't properly installed and we'll have to look at that.
On Monday, May 9, 2022 9:40:12 AM CEST ben wrote:
Hi, I think this mail should reach Keifer.
@ Keifer please post the output of: cat /etc/issue
It should be 'Debian GNU/Linux 10'
apt update && sudo apt full-upgrade would install missing packages.
Then read what Ben wrote about 'update-ca-certificates'.
---------- Forwarded Message ----------
Subject: Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory Date: Donnerstag, 5. Mai 2022, 15:09:07 CEST From: ben ben@bentasker.co.uk To: tor-relays tor-relays@lists.torproject.org CC: lists lists@for-privacy.net
Simply displays a message "no valid openpgp data found". My sources file
You'll see this because your system doesn't trust the cert chain.
You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)
If you run
wget https://deb.torproject.org/torproject.org/ A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you'll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.
As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
# Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output "/tmp/ISRG_Root_X1.crt" "https://letsencrypt.org/certs/ isrgrootx1.pem.txt"
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
# Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
This is what that returns,
Debian GNU/Linux 10 \n \l
Running the command you listed returns:
Err:1 http://ftp.debian.org/debian buster-backports InRelease Temporary failure resolving 'ftp.debian.org' Err:2 http://deb.debian.org/debian buster InRelease Temporary failure resolving 'deb.debian.org' Err:3 http://security.debian.org/debian-security buster/updates InRelease Temporary failure resolving 'security.debian.org' Err:4 http://deb.debian.org/debian buster-updates InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving 'ftp.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20 libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev 18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 10.1 MB of archives. After this operation, 2048 B of additional disk space will be used. Do you want to continue? [Y/n] y Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10 Temporary failure resolving 'deb.debian.org' Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Err:8 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Ign:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Err:11 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Temporary failure resolving 'deb.debian.org' Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7 Temporary failure resolving 'deb.debian.org' Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1 Temporary failure resolving 'deb.debian.org' Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Temporary failure resolving 'deb.debian.org' Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/syste... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libud... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnet... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhog... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libss... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? root@LAPTOP-20TFLN0V:/home/keifer# apt update && sudo apt full-upgrade Err:1 http://security.debian.org/debian-security buster/updates InRelease Temporary failure resolving 'security.debian.org' Err:2 http://ftp.debian.org/debian buster-backports InRelease Temporary failure resolving 'ftp.debian.org' Err:3 http://deb.debian.org/debian buster InRelease Temporary failure resolving 'deb.debian.org' Err:4 http://deb.debian.org/debian buster-updates InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving 'ftp.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20 libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev 18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 10.1 MB of archives. After this operation, 2048 B of additional disk space will be used. Do you want to continue? [Y/n] Y Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10 Temporary failure resolving 'deb.debian.org' Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Err:7 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Ign:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Err:10 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Ign:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7 Temporary failure resolving 'deb.debian.org' Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1 Temporary failure resolving 'deb.debian.org' Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Temporary failure resolving 'deb.debian.org' Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Temporary failure resolving 'deb.debian.org' Err:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/syste... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libud... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnet... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhog... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libss... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Thank you.
--Keifer
On Tue, May 10, 2022 at 10:22 AM lists@for-privacy.net wrote:
On Monday, May 9, 2022 9:40:12 AM CEST ben wrote:
Hi, I think this mail should reach Keifer.
@ Keifer please post the output of: cat /etc/issue
It should be 'Debian GNU/Linux 10'
apt update && sudo apt full-upgrade would install missing packages.
Then read what Ben wrote about 'update-ca-certificates'.
---------- Forwarded Message ----------
Subject: Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory Date: Donnerstag, 5. Mai 2022, 15:09:07 CEST From: ben ben@bentasker.co.uk To: tor-relays tor-relays@lists.torproject.org CC: lists lists@for-privacy.net
Simply displays a message "no valid openpgp data found". My sources file
You'll see this because your system doesn't trust the cert chain.
You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)
If you run
wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you'll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.
As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
# Verify that this gives a cert warning curl https://deb.torproject.org/torproject.org/ curl -k --output "/tmp/ISRG_Root_X1.crt" "https://letsencrypt.org/certs/ isrgrootx1.pem.txt"
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates # Now try again curl https://deb.torproject.org/torproject.org/If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
-- Ben Tasker https://www.bentasker.co.uk
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wrote:
This is what that returns,
Debian GNU/Linux 10 \n \l
OK, the version is right.
Running the command you listed returns:
Err:1 http://ftp.debian.org/debian buster-backports InRelease Temporary failure resolving 'ftp.debian.org' Err:2 http://deb.debian.org/debian buster InRelease Temporary failure resolving 'deb.debian.org' Err:3 http://security.debian.org/debian-security buster/updates InRelease Temporary failure resolving 'security.debian.org' Err:4 http://deb.debian.org/debian buster-updates InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving 'ftp.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20 libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev
Some important packages should be upgraded but the DNS resolution does not work. :-( Can you post the output of the following commands? You don't necessarily have to be 'root' for this, as a normal user is sufficient:
ping -c 4 8.8.8.8
ping -c 4 deb.debian.org
cat /etc/resolv.conf
ls -al /etc/resolv.conf
systemctl status systemd-resolved
systemctl status ntp
curl https://deb.torproject.org/torproject.org/
Here is the return after running those commands, in the order you typed them:
root@vps-3e661acc:/home/debian# ping -c 4 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=3.48 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=1.44 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=1.48 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=110 time=1.48 ms
--- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 8ms rtt min/avg/max/mdev = 1.435/1.969/3.480/0.873 ms root@vps-3e661acc:/home/debian# ping -c 4 deb.debian.org PING debian.map.fastlydns.net (151.101.18.132) 56(84) bytes of data. 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=1 ttl=51 time=0.775 ms 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=2 ttl=51 time=0.778 ms 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=3 ttl=51 time=0.836 ms 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=4 ttl=51 time=0.804 ms
--- debian.map.fastlydns.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 30ms rtt min/avg/max/mdev = 0.775/0.798/0.836/0.031 ms root@vps-3e661acc:/home/debian# cat /etc/resolv.conf domain openstacklocal search openstacklocal nameserver 213.186.33.99 root@vps-3e661acc:/home/debian# ls -al /etc/resolv.conf -rw-r--r-- 1 root root 69 May 12 18:18 /etc/resolv.conf root@vps-3e661acc:/home/debian# systemctl status systemd-resolved ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled) Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d └─resolvconf.conf Active: inactive (dead) Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configurat...
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients root@vps-3e661acc:/home/debian# systemctl status ntp ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago Docs: man:ntpd(8) Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 443 (ntpd) Tasks: 2 (limit: 2318) Memory: 1.9M CGroup: /system.slice/ntp.service └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112
May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. ...skipping... ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago Docs: man:ntpd(8) Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 443 (ntpd) Tasks: 2 (limit: 2318) Memory: 1.9M CGroup: /system.slice/ntp.service └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112
May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ lines 1-13/13 (END)...skipping... ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago Docs: man:ntpd(8) Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 443 (ntpd) Tasks: 2 (limit: 2318) Memory: 1.9M CGroup: /system.slice/ntp.service └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112
May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501 days ago Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. ~ ~ ~ ~ root@vps-3e661acc:/home/debian# curl https://deb.torproject.org/torproject.org/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /torproject.org</title> </head> <body> <h1>Index of /torproject.org</h1> <pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D">Name</a> <a href="?C=M;O=A">Last modified</a> <a href="?C=S;O=A">Size</a> <a href="?C=D;O=A">Description</a><hr><img src="/icons/back.gif" alt="[PARENTDIR]"> <a href="/">Parent Directory</a> - <img src="/icons/unknown.gif" alt="[ ]"> <a href="A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc">A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc</a> 2022-04-27 17:32 37K <img src="/icons/folder.gif" alt="[DIR]"> <a href="dists/">dists/</a> 2021-11-20 19:48 - <img src="/icons/folder.gif" alt="[DIR]"> <a href="pool/">pool/</a> 2009-05-30 21:43 - <img src="/icons/folder.gif" alt="[DIR]"> <a href="project/">project/</a> 2009-09-16 11:56 - <hr></pre> <address>Apache Server at deb.torproject.org Port 443</address> </body></html> root@vps-3e661acc:/ho
Thanks very much.
--Keifer
On Wed, May 11, 2022 at 4:19 AM lists@for-privacy.net wrote:
On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wrote:
This is what that returns,
Debian GNU/Linux 10 \n \l
OK, the version is right.
Running the command you listed returns:
Err:1 http://ftp.debian.org/debian buster-backports InRelease Temporary failure resolving 'ftp.debian.org' Err:2 http://deb.debian.org/debian buster InRelease Temporary failure resolving 'deb.debian.org' Err:3 http://security.debian.org/debian-security buster/updates
InRelease
Temporary failure resolving 'security.debian.org' Err:4 http://deb.debian.org/debian buster-updates InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch
http://security.debian.org/debian-security/dists/buster/updates/InRelease
Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving 'ftp.debian.org' W: Some index files failed to download. They have been ignored, or old
ones
used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20 libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev
Some important packages should be upgraded but the DNS resolution does not work. :-( Can you post the output of the following commands? You don't necessarily have to be 'root' for this, as a normal user is sufficient:
ping -c 4 8.8.8.8
ping -c 4 deb.debian.org
cat /etc/resolv.conf
ls -al /etc/resolv.conf
systemctl status systemd-resolved
systemctl status ntp
curl https://deb.torproject.org/torproject.org/
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Saturday, May 7, 2022 6:50:43 PM CEST Keifer Bly wrote:
Ok will try these things. Does that it's an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
No, there are a lot (actually too many) Tor relays at OVH. https://nusenu.github.io/OrNetStats/#autonomous-systems-by-cw-fraction
tor-relays@lists.torproject.org
-
ben -
Jonas Friedli -
Keifer Bly -
lists@for-privacy.net -
Peter Ludikovsky -
tor admin -
Toralf Förster