[tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory
Keifer Bly
keifer.bly at gmail.com
Thu May 5 03:17:23 UTC 2022
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
|
gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Simply displays a message "no valid openpgp data found". My sources file
looks like this now.deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main
## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb http://deb.torproject.org/torproject.org buster main
deb http://deb.torproject.org/torproject.org buster main
deb-src http://deb.torproject.org/torproject.org buster main
## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
deb http://ftp.de.debian.org/debian stretch main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org buster main
Thank you.
--Keifer
On Wed, May 4, 2022 at 7:27 PM tor admin via tor-relays <
tor-relays at lists.torproject.org> wrote:
> Your sources.list file entry looks incorrect. I would definitely not
> recommend using trust=yes for a repo like tor, as it bypasses apt's
> security checks.
>
> According to the instructions you linked
> <https://support.torproject.org/apt/tor-deb-repo/>, your source for the
> tor packages should be listed in /etc/apt/sources.list.d/tor.list as
> something like:
>
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
>
>
> The instructions tell you how to import the repo key as well:
>
>
> # wget -qO-
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
> | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
>
>
>
>
> On 5/3/22 13:10, Keifer Bly wrote:
>
> I am not sure how to get rid of the trusty / ubuntu packages? I simply
> followed the instructions here:
>
> https://support.torproject.org/apt/tor-deb-repo/
>
> Thanks.
> --Keifer
>
>
> On Mon, May 2, 2022 at 10:31 PM Keifer Bly <keifer.bly at gmail.com> wrote:
>
>> Hi all,
>>
>>
>>
>> So I am running a tor relay on Debian, but no matter what when updating
>> tor there is an “updating from such a respiritpry can’t be done securely
>> and is therefore disabled by default”. Here is the log
>>
>>
>>
>>
>>
>> Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
>>
>> Hit:2 http://deb.debian.org/debian buster InRelease
>>
>> Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
>>
>> Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
>>
>> Ign:5 http://ftp.de.debian.org/debian stretch InRelease
>>
>> Hit:6 http://ftpde.debian.org/debian stretch Release
>>
>> Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
>>
>> Ign:8 http://deb.torproject.org/torproject.org trusty Release
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Err:15 https://deb.torproject.org/torproject.org amd64 Release
>>
>> Certificate verification failed: The certificate is NOT trusted. The
>> certificate chain uses expired certificate. Could not handshake: Error in
>> the certificate verification. [IP: 95.216.163.36 443]
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Err:9 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> 404 Not Found [IP: 116.202.120.166 80]
>>
>> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Reading package lists... Done
>>
>> N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it
>> has no filename extension
>>
>> E: The repository 'https://deb.torproject.org/torproject.org amd64
>> Release' does not have a Release file.
>>
>> N: Updating from such a repository can't be done securely, and is
>> therefore disabled by default.
>>
>> N: See apt-secure(8) manpage for repository creation and user
>> configuration details.
>>
>> root at vps-3e661acc:/home/debian# nano /etc/apt/sources.list
>>
>> root at vps-3e661acc:/home/debian# nano /etc/apt/sources.list
>>
>> root at vps-3e661acc:/home/debian# apt-get update
>>
>> Hit:1 http://security.debian.org buster/updates InRelease
>>
>> Hit:2 http://deb.debian.org/debian buster InRelease
>>
>> Hit:3 http://deb.debian.org/debian buster-updates InRelease
>>
>> Hit:4 http://deb.debian.org/debian buster-backports InRelease
>>
>> Ign:5 https://deb.torproject.org/torproject.org amd64 InRelease
>>
>> Ign:6 http://ftp.de.debian.org/debian stretch InRelease
>>
>> Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
>>
>> Hit:8 http://ftp.de.debian.org/debian stretch Release
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty Release
>>
>> Err:10 https://deb.torproject.org/torproject.org amd64 Release
>>
>> Certificate verification failed: The certificate is NOT trusted. The
>> certificate chain uses expired certificate. Could not handshake: Error in
>> the certificate verification. [IP: 116.202.120.165 443]
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:13 http://deb.torproject.org/torprojectorg trusty/main all Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64 Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Err:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> 404 Not Found [IP: 95.216.163.36 80]
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Reading package lists... Done
>>
>> N: Ignoring file 'DEADJOE' in directory '/etc/apt/sourceslist.d/' as it
>> has no filename extension
>>
>> E: The repository 'https://deb.torproject.org/torproject.org amd64
>> Release' does not have a Release file.
>>
>> N: Updating from such a repository can't be done securely, and is
>> therefore disabled by default.
>>
>> N: See apt-secure(8) manpage for repository creation and user
>> configuration details.
>>
>> root at vps-3e661acc:/home/debian# tor
>>
>> May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with Libevent
>> 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and
>> Glibc 2.28 as libc.
>>
>> May 03 05:20:21.469 [notice] Tor can't help you if you use it wrong!
>> Learn how to be safe at
>> https://www.torproject.org/download/download#warning
>>
>> May 03 05:20:21.469 [notice] Read configuration file "/etc/tor/torrc".
>>
>> May 03 05:20:21.470 [notice] Based on detected system memory,
>> MaxMemInQueues is set to 1462 MB. You can override this by setting
>> MaxMemInQueues by hand.
>>
>> May 03 05:20:21.472 [notice] Opening Control listener on 127.0.0.1:9051
>>
>> May 03 05:20:21.472 [notice] Opened Control listener connection (ready)
>> on 127.0.0.1:9051
>>
>> May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001
>>
>> May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on
>> 0.0.0.0:9001
>>
>> May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001
>>
>> May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on
>> [::]:9001
>>
>> May 03 05:20:21.472 [notice] Opening Directory listener on 0.0.0.0:9030
>>
>> May 03 05:20:21.472 [notice] Opened Directory listener connection (ready)
>> on 0.0.0.0:9030
>>
>> root at vps-3e661acc:/home/debian# sudo apt update && sudo apt install -y
>> --only-upgrade tor
>>
>> Hit:1 http://security.debian.org buster/updates InRelease
>>
>> Hit:2 http://deb.debian.org/debian buster InRelease
>>
>> Hit:3 http://deb.debian.org/debian buster-updates InRelease
>>
>> Hit:4 http://deb.debian.org/debian buster-backports InRelease
>>
>> Ign:5 http://ftp.de.debian.org/debian stretch InRelease
>>
>> Hit:6 http://ftp.de.debian.org/debian stretch Release
>>
>> Ign:7 https://deb.torproject.org/torproject.org amd64 InRelease
>>
>> Ign:8 http://deb.torproject.org/torproject.org trusty InRelease
>>
>> Ign:9 http://deb.torproject.org/torproject.org trusty Release
>>
>> Err:10 https://deb.torproject.org/torproject.org amd64 Release
>>
>> Certificate verification failed: The certificate is NOT trusted. The
>> certificate chain uses expired certificate. Could not handshake: Error in
>> the certificate verification. [IP: 116.202.120.165 443]
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:13 http://debtorproject.org/torproject.org trusty/main amd64 Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:11 http://debtorproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Ign:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Err:11 http://deb.torproject.org/torproject.org trusty/main Sources
>>
>> 404 Not Found [IP: 95.216.163.36 80]
>>
>> Ign:12 http://deb.torproject.org/torproject.org trusty/main all Packages
>>
>> Ign:13 http://deb.torproject.org/torproject.org trusty/main amd64
>> Packages
>>
>> Ign:14 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en
>>
>> Ign:15 http://deb.torproject.org/torproject.org trusty/main
>> Translation-en_US
>>
>> Reading package lists... Done
>>
>> N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it
>> has no filename extension
>>
>> E: The repository 'https://deb.torproject.org/torproject.org amd64
>> Release' does not have a Release file.
>>
>> N: Updating from such a repository can't be done securely, and is
>> therefore disabled by default.
>>
>> N: See apt-secure(8) manpage for repository creation and user
>> configuration details.
>>
>>
>>
>> This happens despite tor being listed as trsuted in my sources file:
>>
>>
>>
>> ## Note, this file is written by cloud-init on first boot of an instance
>>
>> ## modifications made here will not survive a re-bundle.
>>
>> ## if you wish to make changes you can:
>>
>> ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
>>
>> ## or do the same in user-data
>>
>> ## b.) add sources in /etc/apt/sources.list.d
>>
>> ## c.) make changes to template file
>> /etc/cloud/templates/sources.list.debian.tmpl
>>
>> ###
>>
>>
>>
>> # See
>> http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html
>>
>> # for how to upgrade to newer versions of the distribution.
>>
>> deb http://deb.debian.org/debian buster main
>>
>> deb-src http://deb.debian.org/debian buster main
>>
>>
>>
>> ## Major bug fix updates produced after the final release of the
>>
>> ## distribution.
>>
>> deb http://security.debian.org/ buster/updates main
>>
>> deb-src http://security.debian.org/ buster/updates main
>>
>> deb [trusted=yes] http://deb.debian.org/debian buster-updates main
>>
>> deb-src [trusted=yes] http://deb.debian.org/debian buster-updates main
>>
>>
>>
>> ## Uncomment the following two lines to add software from the 'backports'
>>
>> ## repository.
>>
>> ##
>>
>> ## N.B. software from this repository may not have been tested as
>>
>> ## extensively as that contained in the main release, although it includes
>>
>> ## newer versions of some applications which may provide useful features.
>>
>> deb http://deb.debian.org/debian buster-backports main
>>
>> deb-src http://deb.debian.org/debian buster-backports main
>>
>> deb http://ftp.de.debian.org/debian stretch main
>>
>>
>>
>> deb [trusted=yes] http://deb.torproject.org/torproject.org trusty main
>>
>> deb-src [trusted=yes] http://deb.torproject.org/torproject.org trusty
>> main
>>
>>
>>
>>
>>
>> So, for some reason Debian is seeing tor as untrusted despite that it has
>> been listed as trusted. Tor is being run as root so its not a restricted
>> user error. I am wondering why this might be happening? Thanks.
>>
>>
>>
>>
>>
>> --Keifer
>>
>>
>>
>
> _______________________________________________
> tor-relays mailing listtor-relays at lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220504/0cd5f46a/attachment-0001.htm>
More information about the tor-relays
mailing list