[tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

lists at for-privacy.net lists at for-privacy.net
Tue May 10 17:22:33 UTC 2022 

On Monday, May 9, 2022 9:40:12 AM CEST ben wrote:

Hi, I think this mail should reach Keifer.

@ Keifer please post the output of:
cat /etc/issue

It should be 'Debian GNU/Linux 10'

apt update && sudo apt full-upgrade
would install missing packages.

Then read what Ben wrote about 'update-ca-certificates'.

----------  Forwarded Message  ----------

Subject: Re: [tor-relays] Debian is not allowing tor to update despite it 
being listed as a trusted respritory
Date: Donnerstag, 5. Mai 2022, 15:09:07 CEST
From: ben <ben at bentasker.co.uk>
To: tor-relays <tor-relays at lists.torproject.org>
CC: lists <lists at for-privacy.net>

> Simply displays a message "no valid openpgp data found". My sources file



You'll see this because your system doesn't trust the cert chain.



You're not seeing a certificate warning because you've got output suppressed 
(the -q in wget's arguments)



If you run



    wget https://deb.torproject.org/torproject.org/
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc



I suspect you'll see the certificate warning.



You need to fix that before anything suggested here is going to work - if the 
cert chain isn't trusted then apt isn't going to access the repository's 
indexes, and so won't even see what packages are there, much less install 
them.



As apt didn't grab an updated version for you (which may be due to other repo 
misconfigurations) you probably want to grab and install the cert manually




    # Verify that this gives a cert warning

    curl https://deb.torproject.org/torproject.org/ 



    curl -k --output "/tmp/ISRG_Root_X1.crt"  "https://letsencrypt.org/certs/
isrgrootx1.pem.txt"

    sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

    sudo update-ca-certificates



    # Now try again

    curl https://deb.torproject.org/torproject.org/ 



If that final curl now works, run apt-get update and you should find apt no 
longer complains about the tor repo



-- 
Ben Tasker
https://www.bentasker.co.uk


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220510/6f03e31e/attachment.sig>

More information about the tor-relays mailing list