Re: [tor-relays] EXPKEYSIG when running 'apt update'

[lists]

On Monday, June 13, 2022 7:11:32 PM CEST Imre Jonk wrote:
> Hi tor-relays,
> 
> I'm getting this error when running 'apt update':
mee too ;-)
> Err:4 https://deb.torproject.org/torproject.org bullseye InRelease
>   The following signatures were invalid: EXPKEYSIG 74A941BA219EC810
> deb.torproject.org archive signing key
> 
> The signing key in
> /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear
> to be expired, so I guess some repository metadata signature has
> expired. Does anyone else encounter this issue?

Had the same thing today and saw that some machines had a newer archive key in:
/usr/share/keyrings/tor-archive-keyring.gpg

You can get the new one with this one line:

wget -qO- 
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
 | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] (No Subject)

[Admin Platinum Host via tor-relays]

Hi there,



I currently own a Tor Relay that has been running since 2022-05-24. A day ago 
it restarted, which was a bit strange. Recently I found that the Relay has 
changed to a Guard Relay, which I am pleased about. I was wondering why the 
restart occurred as the VPS Server has been online since the first start. The 
Relay is called UKLondonRelay1 with the IP address 80.64.218.62. 




https://metrics.torproject.org/rs.html#details/B1B1CAD0A73EC5148B06A0A0E8194C3D0C882253



Any help on this matter would be appreciated.



Kind regards,





Leon
The content of this email is confidential and intended for the recipient 
specified in message only. It is strictly forbidden to share any part of this 
message with any third party, without a written consent of the sender. If you 
received this message by mistake, please reply to this message and follow with 
its deletion, so that we can ensure such a mistake does not occur in the future.



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [Workshop] Sysadmin 101 for (new) relay operators - June 4th @ 1900 UTC

[gus]

Hi,

Thank you for attending the Sysadmin 101 workshop!

You can find the workshop slides here:
https://nycbug1.nycbug.org/sysadmin101/

And below the workshop notes.

Gus

# Sysadmin 101 notes - June 4th 2022 

~67 people in the workshop

### Resources

Join the relay operator community:
- IRC channel: #tor-relays on irc.oftc.net
- Matrix channel: #tor-relays:matrix.org
- Having issues to get in touch? Check this page:
  https://support.torproject.org/get-in-touch/irc-help/
- Mailing lists:
- Tor-relays:
  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- Tor-announce:
  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce

- Tor Relay documentation:
- Documentation: https://community.torproject.org/relay/
- Support: https://support.torproject.org/relay-operators/
- Training:
  https://community.torproject.org/training/resources/tor-relay-workshop/
- Expectations:
  
https://gitlab.torproject.org/tpo/community/team/-/wikis/Expectations-for-Relay-Operators
- Social contract and code of conduct:
  https://gitweb.torproject.org/community/policies.git/tree/
  https://support.torproject.org  https://community.torproject.org
  https://forum.torproject.org

- Other resources
- slides: https://nycbug1.nycbug.org/
- survey stats 
https://gitlab.torproject.org/tpo/community/relays/-/issues/36#note_2810037
- Running a relay isn't for everyone. If you're not comfortable
  running your own relay, consider running a Snowflake or Donating
- Here to one of the many non-profits that run exit relays:
  
https://community.torproject.org/relay/community-resources/relay-associations/
- NSA "Tor stinks" url from the Guardian
  https://commons.wikimedia.org/wiki/File:Tor_Stinks.pdf
- Metrics https://metrics.torproject.org/


### Q/A

- How many people signed up?

- 100+. With 60-70 attendees in practice.

- Tor log: there have been x users in the last 6 hours... What's the
  algorithm for what a distinct tor user is? (torix)

- I believe bridges count it by IP address, rounded up to the next
  multiple of 8. Your bridge also publishes these stats plus more in
its "extrainfo" descriptor, which you can find in
https://collector.torproject.org/recent/bridge-descriptors/extra-infos/
and maybe also in the stats/ directory in your DataDirectory.


- How much time (per week or month) and how many times, should you plan
  to invest?

- Depends on what you're doing and how you're doing it.

- "My eyeballs are the first line of defense." Watching the Tor
  logs, watching the system logs, can help you get more comfortable
with how things are going (and what they look like when things are going
fine).


- What are the regular monitoring or upkeep activities we should be
  performing to not "set it and forget it"

- Log in regularly. Check for updates and if your box needs to be
  rebooted. (Set an alarm or calendar event to log in and check.) If
using Debian/Ubuntu, enable UnattendedUpgrades.

- prometheus:
  
https://forum.torproject.net/t/suggestion-a-summary-page-of-relay-bridge-install-guides-in-one-place/2425/4?u=gus

- george is into "agentless monitoring"


- What are acceptable domains or communications approaches for listing
  in ContactInfo? E.g. what about a duck address.

- Use any domain that you use for normal communication. Don't use an
  address that you never check.

- Any contact info that you regularly check.

- DO NOT obfuscate your contact information! Maintainers already
  burn a lot of time trying to decipher obfuscated contact info!

- (Some people are concerned about spam, and that's why they try to
  obfuscate the address. But actually, spam isn't so bad these days;
or if it is for you, consider using a separate email address for your
contact info.)


- Is a relay that allows exits to port 53 but routes those queries to a
  pihole considered a bad node that is tampering with traffic?
  - Please no! Don't mess with exit traffic. Redirecting outgoing tcp
port 53 connections to somewhere else is going to break things.

- There have been cases where a DNS on a distinct machine increased
  performance


- What is the best way to figure out if a bridge/IP got burned (i.e.
  blocked in certain countries)? What should be rotation intervals?

- At the beginning of 2022, we added a new feature where we're
  measuring reachability of bridges from inside Russia, and
annotating relay-search with the results.

- Check metrics.torproject.org, there will be indicators if your
  bridge is blocked or not

- This "your bridge is blocked in Russia" feature is in-progress:
  the user experience at the end is not intended to be "you have to
watch your metrics page and then go cycle your IP address manually". So
don't worry too much about reacting to the relay-search page 

[tor-relays] EXPKEYSIG when running 'apt update'

[Imre Jonk]

Hi tor-relays,

I'm getting this error when running 'apt update':

Err:4 https://deb.torproject.org/torproject.org bullseye InRelease
  The following signatures were invalid: EXPKEYSIG 74A941BA219EC810
deb.torproject.org archive signing key

The signing key in
/etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg does not appear
to be expired, so I guess some repository metadata signature has
expired. Does anyone else encounter this issue?

Thanks,

Imre


pgpVJgXtOywqn.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays