...

Certificate verification failed: The certificate is NOT trusted. The

...

certificate chain uses expired certificate.  Could not handshake: Error

...

in the certificate verification. [IP: 95.216.163.36 443]

...

Maybe renew the key ?

The repo uses a LetsEncrypt certificate. Odds are, the OP's system's trust store is quite old and so still has the old root in place - LE's intermediate has multiple signatures and one of the roots expired last year. Running     sudo apt-get -y install ca-certificates Should bring it up to date (assuming there's a relatively modern openssl in use - I think 1.0 will throw an error either way because it still tries to follow both forks in the chain and borks when it sees the expired cert). -- Ben Tasker https://www.bentasker.co.uk

What is the command for doing that? Thanks. --Keifer On Tue, May 3, 2022 at 12:00 AM Toralf Förster <toralf.foerster@gmx.de> wrote:

On 5/3/22 07:31, Keifer Bly wrote:

...

Err:15 https://deb.torproject.org/torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]

Maybe renew the key ?

-- Toralf _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Ok. I have tried different things. And the same is still happening: sources.list file: ## Note, this file is written by cloud-init on first boot of an instance ## modifications made here will not survive a re-bundle. ## if you wish to make changes you can: ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg ## or do the same in user-data ## b.) add sources in /etc/apt/sources.list.d ## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl ### # See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html # for how to upgrade to newer versions of the distribution. deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main ## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main deb [trusted=yes] http://deb.torproject.org/torproject.org buster main deb http://deb.torproject.org/torproject.org buster main deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main ## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main deb http://ftp.de.debian.org/debian stretch main tor.list file: deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main Please, what should the sources.list and tor.list files look like? I am sorry to ask. Thanks. --Keifer On Wed, May 4, 2022 at 4:34 AM <lists@for-privacy.net> wrote:

On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:

...

I am not sure how to get rid of the trusty / ubuntu packages?

You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/ sources.list or you have created the file /etc/apt/sources.list.d/tor.list?

...

I simply followed the instructions here: https://support.torproject.org/apt/tor-deb-repo/

You are running oldstable 'buster', this guide has been updated for stable 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not yet required in buster, but it doesn't hurt. The new 'deb.torproject.org-keyring' package renews both keyrings in: /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/

¹Apt-key will last be available in Debian 11 and Ubuntu 22.04. Since bullseye, 'apt-key add' has been deprecated and is no longer available in bookworm. Only 'apt-key del' then still works.

¹https://manpages.debian.org/testing/apt/apt-key.8.en.html

Background info:

https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace... or $websearch: Why apt-key is deprecated?

-- ╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On Thursday, May 5, 2022 2:29:30 AM CEST Keifer Bly wrote:

Ok. I have tried different things. And the same is still happening:

sources.list file:

## Note, this file is written by cloud-init on first boot of an instance ## modifications made here will not survive a re-bundle. ## if you wish to make changes you can:

## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl

OK, you must look in '/etc/apt/sources.list' and in '/etc/cloud/templates/sources.list.debian.tmpl' and delete or comment out the below mentioned 4 lines:

# See http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html # for how to upgrade to newer versions of the distribution.

Ignore the upgrade notice and i386. You can use buster until the end of 2022 and I'm pretty sure google cloud is amd64.

deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main

## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main

You can|must delete these 3 lines...

deb [trusted=yes] http://deb.torproject.org/torproject.org buster main deb http://deb.torproject.org/torproject.org buster main deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main

## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main ... and this old one from debian stretch: deb http://ftp.de.debian.org/debian stretch main

tor.list file:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org amd64 main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-<buster> main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org tor-nightly-main-buster main

Please, what should the sources.list and tor.list files look like? I am sorry to ask. Thanks.

In '/etc/apt/sources.list.d/tor.list' just this one line: deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https:// deb.torproject.org/torproject.org buster main Generally 'deb-src' are the package sources if you want to compile packages yourself. You don't need that. Not for Tor and not for Debian either. But it doesn't matter if you leave them, it occupies a few MB more in /var/cache/apt/ archives/ -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

Thank you. But running wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null Simply displays a message "no valid openpgp data found". My sources file looks like this now.deb http://deb.debian.org/debian buster main deb-src http://deb.debian.org/debian buster main ## Major bug fix updates produced after the final release of the ## distribution. deb http://security.debian.org/ buster/updates main deb-src http://security.debian.org/ buster/updates main deb http://deb.torproject.org/torproject.org buster main deb http://deb.torproject.org/torproject.org buster main deb-src http://deb.torproject.org/torproject.org buster main ## Uncomment the following two lines to add software from the 'backports' ## repository. ## ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. deb http://deb.debian.org/debian buster-backports main deb-src http://deb.debian.org/debian buster-backports main deb http://ftp.de.debian.org/debian stretch main deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main Thank you. --Keifer On Wed, May 4, 2022 at 7:27 PM tor admin via tor-relays < tor-relays@lists.torproject.org> wrote:

Your sources.list file entry looks incorrect. I would definitely not recommend using trust=yes for a repo like tor, as it bypasses apt's security checks.

According to the instructions you linked <https://support.torproject.org/apt/tor-deb-repo/>, your source for the tor packages should be listed in /etc/apt/sources.list.d/tor.list as something like:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org buster main

The instructions tell you how to import the repo key as well:

# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

On 5/3/22 13:10, Keifer Bly wrote:

I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:

https://support.torproject.org/apt/tor-deb-repo/

Thanks. --Keifer

On Mon, May 2, 2022 at 10:31 PM Keifer Bly <keifer.bly@gmail.com> wrote:

...

Hi all,

So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log

Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]

Hit:2 http://deb.debian.org/debian buster InRelease

Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]

Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]

Ign:5 http://ftp.de.debian.org/debian stretch InRelease

Hit:6 http://ftpde.debian.org/debian stretch Release

Ign:7 http://deb.torproject.org/torproject.org trusty InRelease

Ign:8 http://deb.torproject.org/torproject.org trusty Release

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Err:15 https://deb.torproject.org/torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Err:9 http://deb.torproject.org/torproject.org trusty/main Sources

404 Not Found [IP: 116.202.120.166 80]

Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Reading package lists... Done

N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension

E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.

N: Updating from such a repository can't be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list

root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list

root@vps-3e661acc:/home/debian# apt-get update

Hit:1 http://security.debian.org buster/updates InRelease

Hit:2 http://deb.debian.org/debian buster InRelease

Hit:3 http://deb.debian.org/debian buster-updates InRelease

Hit:4 http://deb.debian.org/debian buster-backports InRelease

Ign:5 https://deb.torproject.org/torproject.org amd64 InRelease

Ign:6 http://ftp.de.debian.org/debian stretch InRelease

Ign:7 http://deb.torproject.org/torproject.org trusty InRelease

Hit:8 http://ftp.de.debian.org/debian stretch Release

Ign:9 http://deb.torproject.org/torproject.org trusty Release

Err:10 https://deb.torproject.org/torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torprojectorg trusty/main all Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en

Err:11 http://deb.torproject.org/torproject.org trusty/main Sources

404 Not Found [IP: 95.216.163.36 80]

Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en

Reading package lists... Done

N: Ignoring file 'DEADJOE' in directory '/etc/apt/sourceslist.d/' as it has no filename extension

E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.

N: Updating from such a repository can't be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

root@vps-3e661acc:/home/debian# tor

May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc.

May 03 05:20:21.469 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning

May 03 05:20:21.469 [notice] Read configuration file "/etc/tor/torrc".

May 03 05:20:21.470 [notice] Based on detected system memory, MaxMemInQueues is set to 1462 MB. You can override this by setting MaxMemInQueues by hand.

May 03 05:20:21.472 [notice] Opening Control listener on 127.0.0.1:9051

May 03 05:20:21.472 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051

May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001

May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001

May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001

May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on [::]:9001

May 03 05:20:21.472 [notice] Opening Directory listener on 0.0.0.0:9030

May 03 05:20:21.472 [notice] Opened Directory listener connection (ready) on 0.0.0.0:9030

root@vps-3e661acc:/home/debian# sudo apt update && sudo apt install -y --only-upgrade tor

Hit:1 http://security.debian.org buster/updates InRelease

Hit:2 http://deb.debian.org/debian buster InRelease

Hit:3 http://deb.debian.org/debian buster-updates InRelease

Hit:4 http://deb.debian.org/debian buster-backports InRelease

Ign:5 http://ftp.de.debian.org/debian stretch InRelease

Hit:6 http://ftp.de.debian.org/debian stretch Release

Ign:7 https://deb.torproject.org/torproject.org amd64 InRelease

Ign:8 http://deb.torproject.org/torproject.org trusty InRelease

Ign:9 http://deb.torproject.org/torproject.org trusty Release

Err:10 https://deb.torproject.org/torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:13 http://debtorproject.org/torproject.org trusty/main amd64 Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:11 http://debtorproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Err:11 http://deb.torproject.org/torproject.org trusty/main Sources

404 Not Found [IP: 95.216.163.36 80]

Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages

Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64 Packages

Ign:14 http://deb.torproject.org/torproject.org trusty/main Translation-en

Ign:15 http://deb.torproject.org/torproject.org trusty/main Translation-en_US

Reading package lists... Done

N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension

E: The repository 'https://deb.torproject.org/torproject.org amd64 Release' does not have a Release file.

N: Updating from such a repository can't be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

This happens despite tor being listed as trsuted in my sources file:

## Note, this file is written by cloud-init on first boot of an instance

## modifications made here will not survive a re-bundle.

## if you wish to make changes you can:

## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg

## or do the same in user-data

## b.) add sources in /etc/apt/sources.list.d

## c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl

###

# See http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html

# for how to upgrade to newer versions of the distribution.

deb http://deb.debian.org/debian buster main

deb-src http://deb.debian.org/debian buster main

## Major bug fix updates produced after the final release of the

## distribution.

deb http://security.debian.org/ buster/updates main

deb-src http://security.debian.org/ buster/updates main

deb [trusted=yes] http://deb.debian.org/debian buster-updates main

deb-src [trusted=yes] http://deb.debian.org/debian buster-updates main

## Uncomment the following two lines to add software from the 'backports'

## repository.

##

## N.B. software from this repository may not have been tested as

## extensively as that contained in the main release, although it includes

## newer versions of some applications which may provide useful features.

deb http://deb.debian.org/debian buster-backports main

deb-src http://deb.debian.org/debian buster-backports main

deb http://ftp.de.debian.org/debian stretch main

deb [trusted=yes] http://deb.torproject.org/torproject.org trusty main

deb-src [trusted=yes] http://deb.torproject.org/torproject.org trusty main

So, for some reason Debian is seeing tor as untrusted despite that it has been listed as trusted. Tor is being run as root so its not a restricted user error. I am wondering why this might be happening? Thanks.

--Keifer

_______________________________________________ tor-relays mailing listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Simply displays a message "no valid openpgp data found". My sources file

You'll see this because your system doesn't trust the cert chain. You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments) If you run     wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... I suspect you'll see the certificate warning. You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them. As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually     # Verify that this gives a cert warning     curl https://deb.torproject.org/torproject.org/     curl -k --output "/tmp/ISRG_Root_X1.crt"  "https://letsencrypt.org/certs/isrgrootx1.pem.txt"     sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/     sudo update-ca-certificates     # Now try again     curl https://deb.torproject.org/torproject.org/ If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo -- Ben Tasker https://www.bentasker.co.uk ---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ---- On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

Thank you. But running wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type 'sudo' in front of it. Maybe you can better copy from here: 3. Then add the gpg key ... https://support.torproject.org/apt/

Simply displays a message "no valid openpgp data found". My sources file

If this message appears again, install gpg: sudo apt update && apt -y install gnupg -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I am running as the root user. --Keifer On Sat, May 7, 2022, 10:50 AM Keifer Bly <keifer.bly@gmail.com> wrote:

Ok will try these things. Does that it's an ovh debain have anything to do with it? Hosted by them and they may frown on tor.

--Keifer

On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:

...

...

Simply displays a message "no valid openpgp data found". My sources file

You'll see this because your system doesn't trust the cert chain.

You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)

If you run

wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 6DDD89.asc

I suspect you'll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.

As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually

# Verify that this gives a cert warning curl https://deb.torproject.org/torproject.org/

curl -k --output "/tmp/ISRG_Root_X1.crt" " https://letsencrypt.org/certs/isrgrootx1.pem.txt" sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/ sudo update-ca-certificates

# Now try again curl https://deb.torproject.org/torproject.org/

If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo

-- Ben Tasker https://www.bentasker.co.uk

---- On Thu, 05 May 2022 13:21:22 +0100 * <lists@for-privacy.net <lists@for-privacy.net>>* wrote ----

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

...

Thank you. But running wget -qO-

https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88

...

6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg /dev/null

Maybe copy paste error. It must be one line and you must be root or type 'sudo' in front of it. Maybe you can better copy from here:

3. Then add the gpg key ... https://support.torproject.org/apt/

...

Simply displays a message "no valid openpgp data found". My sources file

If this message appears again, install gpg: sudo apt update && apt -y install gnupg

-- ╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Did the final curl complain about an expired certificate?     curl https://deb.torproject.org/torproject.org/ If so, that might indicate you've got OpenSSL 1.0, try     openssl version If that's the case, then really you need to get that (and/or the underlying OS) updated. In the short term, we can address this by commenting out the expired root in your trust store.     sudo -s     cp /etc/ca-certificates.conf ~/ca-certificates.conf.bkup     sed -i '/^mozilla\/DST_Root_CA_X3.crt$/ s/^/!/' /etc/ca-certificates.conf     update-ca-certificates Then try the curl again     curl https://deb.torproject.org/torproject.org/ It should no longer complain about the certificate having expired. If it now complains that the certificate isn't trusted, then the X1 cert isn't properly installed and we'll have to look at that. -- Ben Tasker https://www.bentasker.co.uk ---- On Sun, 08 May 2022 15:49:18 +0100 Keifer Bly <keifer.bly@gmail.com> wrote ---- I have done all these and it still happens. Is there perhaps a tool that will set this up? Thanks. --Keifer On Sat, May 7, 2022, 10:54 AM Keifer Bly <mailto:keifer.bly@gmail.com> wrote: I am running as the root user. --Keifer On Sat, May 7, 2022, 10:50 AM Keifer Bly <mailto:keifer.bly@gmail.com> wrote: Ok will try these things. Does that it's an ovh debain have anything to do with it? Hosted by them and they may frown on tor. --Keifer On Thu, May 5, 2022, 8:41 AM ben <mailto:ben@bentasker.co.uk> wrote:

Simply displays a message "no valid openpgp data found". My sources file

You'll see this because your system doesn't trust the cert chain. You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments) If you run     wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88... I suspect you'll see the certificate warning. You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them. As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually     # Verify that this gives a cert warning     curl https://deb.torproject.org/torproject.org/     curl -k --output "/tmp/ISRG_Root_X1.crt"  "https://letsencrypt.org/certs/isrgrootx1.pem.txt"     sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/     sudo update-ca-certificates     # Now try again     curl https://deb.torproject.org/torproject.org/ If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo -- Ben Tasker https://www.bentasker.co.uk ---- On Thu, 05 May 2022 13:21:22 +0100 <mailto:lists@for-privacy.net> wrote ---- On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

Thank you. But running wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type 'sudo' in front of it. Maybe you can better copy from here: 3. Then add the gpg key ... https://support.torproject.org/apt/

Simply displays a message "no valid openpgp data found". My sources file

If this message appears again, install gpg: sudo apt update && apt -y install gnupg -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

This is what that returns, Debian GNU/Linux 10 \n \l Running the command you listed returns: Err:1 http://ftp.debian.org/debian buster-backports InRelease Temporary failure resolving 'ftp.debian.org' Err:2 http://deb.debian.org/debian buster InRelease Temporary failure resolving 'deb.debian.org' Err:3 http://security.debian.org/debian-security buster/updates InRelease Temporary failure resolving 'security.debian.org' Err:4 http://deb.debian.org/debian buster-updates InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving 'ftp.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20 libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev 18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 10.1 MB of archives. After this operation, 2048 B of additional disk space will be used. Do you want to continue? [Y/n] y Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10 Temporary failure resolving 'deb.debian.org' Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Err:8 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Ign:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Err:11 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Temporary failure resolving 'deb.debian.org' Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7 Temporary failure resolving 'deb.debian.org' Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1 Temporary failure resolving 'deb.debian.org' Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Temporary failure resolving 'deb.debian.org' Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/syste... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libud... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnet... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhog... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libss... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? root@LAPTOP-20TFLN0V:/home/keifer# apt update && sudo apt full-upgrade Err:1 http://security.debian.org/debian-security buster/updates InRelease Temporary failure resolving 'security.debian.org' Err:2 http://ftp.debian.org/debian buster-backports InRelease Temporary failure resolving 'ftp.debian.org' Err:3 http://deb.debian.org/debian buster InRelease Temporary failure resolving 'deb.debian.org' Err:4 http://deb.debian.org/debian buster-updates InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving 'ftp.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20 libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev 18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 10.1 MB of archives. After this operation, 2048 B of additional disk space will be used. Do you want to continue? [Y/n] Y Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10 Temporary failure resolving 'deb.debian.org' Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8 Temporary failure resolving 'security.debian.org' Err:7 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Ign:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Err:10 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1 Temporary failure resolving 'security.debian.org' Ign:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7 Temporary failure resolving 'deb.debian.org' Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1 Temporary failure resolving 'deb.debian.org' Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1 Temporary failure resolving 'deb.debian.org' Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1 Temporary failure resolving 'deb.debian.org' Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6 Temporary failure resolving 'deb.debian.org' Err:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3 Temporary failure resolving 'deb.debian.org' Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5 Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/syste... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libud... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnet... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhog... Temporary failure resolving 'security.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libss... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+de... Temporary failure resolving 'deb.debian.org' E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing? Thank you. --Keifer On Tue, May 10, 2022 at 10:22 AM <lists@for-privacy.net> wrote:

On Monday, May 9, 2022 9:40:12 AM CEST ben wrote:

Hi, I think this mail should reach Keifer.

@ Keifer please post the output of: cat /etc/issue

It should be 'Debian GNU/Linux 10'

apt update && sudo apt full-upgrade would install missing packages.

Then read what Ben wrote about 'update-ca-certificates'.

---------- Forwarded Message ----------

Subject: Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory Date: Donnerstag, 5. Mai 2022, 15:09:07 CEST From: ben <ben@bentasker.co.uk> To: tor-relays <tor-relays@lists.torproject.org> CC: lists <lists@for-privacy.net>

...

Simply displays a message "no valid openpgp data found". My sources file

You'll see this because your system doesn't trust the cert chain.

You're not seeing a certificate warning because you've got output suppressed (the -q in wget's arguments)

If you run

wget https://deb.torproject.org/torproject.org/ A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

I suspect you'll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the cert chain isn't trusted then apt isn't going to access the repository's indexes, and so won't even see what packages are there, much less install them.

As apt didn't grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually

# Verify that this gives a cert warning

curl https://deb.torproject.org/torproject.org/

curl -k --output "/tmp/ISRG_Root_X1.crt" " https://letsencrypt.org/certs/ isrgrootx1.pem.txt"

sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates

# Now try again

curl https://deb.torproject.org/torproject.org/

If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo

-- Ben Tasker https://www.bentasker.co.uk

-- ╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Here is the return after running those commands, in the order you typed them: root@vps-3e661acc:/home/debian# ping -c 4 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=3.48 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=1.44 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=1.48 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=110 time=1.48 ms --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 8ms rtt min/avg/max/mdev = 1.435/1.969/3.480/0.873 ms root@vps-3e661acc:/home/debian# ping -c 4 deb.debian.org PING debian.map.fastlydns.net (151.101.18.132) 56(84) bytes of data. 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=1 ttl=51 time=0.775 ms 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=2 ttl=51 time=0.778 ms 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=3 ttl=51 time=0.836 ms 64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=4 ttl=51 time=0.804 ms --- debian.map.fastlydns.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 30ms rtt min/avg/max/mdev = 0.775/0.798/0.836/0.031 ms root@vps-3e661acc:/home/debian# cat /etc/resolv.conf domain openstacklocal search openstacklocal nameserver 213.186.33.99 root@vps-3e661acc:/home/debian# ls -al /etc/resolv.conf -rw-r--r-- 1 root root 69 May 12 18:18 /etc/resolv.conf root@vps-3e661acc:/home/debian# systemctl status systemd-resolved ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled) Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d └─resolvconf.conf Active: inactive (dead) Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved https://www.freedesktop.org/wiki/Software/systemd/writing-network-configurat... https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients root@vps-3e661acc:/home/debian# systemctl status ntp ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago Docs: man:ntpd(8) Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 443 (ntpd) Tasks: 2 (limit: 2318) Memory: 1.9M CGroup: /system.slice/ntp.service └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112 May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. ...skipping... ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago Docs: man:ntpd(8) Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 443 (ntpd) Tasks: 2 (limit: 2318) Memory: 1.9M CGroup: /system.slice/ntp.service └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112 May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ lines 1-13/13 (END)...skipping... ● ntp.service - Network Time Service Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago Docs: man:ntpd(8) Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS) Main PID: 443 (ntpd) Tasks: 2 (limit: 2318) Memory: 1.9M CGroup: /system.slice/ntp.service └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112 May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501 days ago Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. ~ ~ ~ ~ root@vps-3e661acc:/home/debian# curl https://deb.torproject.org/torproject.org/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /torproject.org</title> </head> <body> <h1>Index of /torproject.org</h1> <pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D">Name</a> <a href="?C=M;O=A">Last modified</a> <a href="?C=S;O=A">Size</a> <a href="?C=D;O=A">Description</a><hr><img src="/icons/back.gif" alt="[PARENTDIR]"> <a href="/">Parent Directory</a> - <img src="/icons/unknown.gif" alt="[ ]"> <a href="A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc">A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc</a> 2022-04-27 17:32 37K <img src="/icons/folder.gif" alt="[DIR]"> <a href="dists/">dists/</a> 2021-11-20 19:48 - <img src="/icons/folder.gif" alt="[DIR]"> <a href="pool/">pool/</a> 2009-05-30 21:43 - <img src="/icons/folder.gif" alt="[DIR]"> <a href="project/">project/</a> 2009-09-16 11:56 - <hr></pre> <address>Apache Server at deb.torproject.org Port 443</address> </body></html> root@vps-3e661acc:/ho Thanks very much. --Keifer On Wed, May 11, 2022 at 4:19 AM <lists@for-privacy.net> wrote:

On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wrote:

...

This is what that returns,

Debian GNU/Linux 10 \n \l OK, the version is right.

...

Running the command you listed returns:

Err:1 http://ftp.debian.org/debian buster-backports InRelease Temporary failure resolving 'ftp.debian.org' Err:2 http://deb.debian.org/debian buster InRelease Temporary failure resolving 'deb.debian.org' Err:3 http://security.debian.org/debian-security buster/updates InRelease Temporary failure resolving 'security.debian.org' Err:4 http://deb.debian.org/debian buster-updates InRelease Temporary failure resolving 'deb.debian.org' Reading package lists... Done Building dependency tree Reading state information... Done 18 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving 'deb.debian.org' W: Failed to fetch

http://security.debian.org/debian-security/dists/buster/updates/InRelease

...

Temporary failure resolving 'security.debian.org' W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving 'ftp.debian.org' W: Some index files failed to download. They have been ignored, or old ones used instead. Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20 libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev

Some important packages should be upgraded but the DNS resolution does not work. :-( Can you post the output of the following commands? You don't necessarily have to be 'root' for this, as a normal user is sufficient:

ping -c 4 8.8.8.8

ping -c 4 deb.debian.org

cat /etc/resolv.conf

ls -al /etc/resolv.conf

systemctl status systemd-resolved

systemctl status ntp

curl https://deb.torproject.org/torproject.org/

-- ╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays