subject:"\[tor\-relays\] Debian is not allowing tor to update despite it being listed as a trusted respritory"

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-12 Thread Keifer Bly

Here is the return after running those commands, in the order you typed
them:

root@vps-3e661acc:/home/debian# ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=3.48 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=1.44 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=1.48 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=110 time=1.48 ms

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.435/1.969/3.480/0.873 ms
root@vps-3e661acc:/home/debian# ping -c 4 deb.debian.org
PING debian.map.fastlydns.net (151.101.18.132) 56(84) bytes of data.
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=1 ttl=51 time=0.775
ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=2 ttl=51 time=0.778
ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=3 ttl=51 time=0.836
ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=4 ttl=51 time=0.804
ms

--- debian.map.fastlydns.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 30ms
rtt min/avg/max/mdev = 0.775/0.798/0.836/0.031 ms
root@vps-3e661acc:/home/debian# cat /etc/resolv.conf
domain openstacklocal
search openstacklocal
nameserver 213.186.33.99
root@vps-3e661acc:/home/debian# ls -al /etc/resolv.conf
-rw-r--r-- 1 root root 69 May 12 18:18 /etc/resolv.conf
root@vps-3e661acc:/home/debian# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled;
vendor preset: enabled)
  Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d
   └─resolvconf.conf
   Active: inactive (dead)
 Docs: man:systemd-resolved.service(8)
   https://www.freedesktop.org/wiki/Software/systemd/resolved

https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers

https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
root@vps-3e661acc:/home/debian# systemctl status ntp
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset:
enabled)
   Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2
days ago
 Docs: man:ntpd(8)
  Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited,
status=0/SUCCESS)
 Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
   Memory: 1.9M
   CGroup: /system.slice/ntp.service
   └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file
('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning:
Journal has been rotated since unit was started. Log output is incomplete
or unavailable.
...skipping...
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset:
enabled)
   Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2
days ago
 Docs: man:ntpd(8)
  Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited,
status=0/SUCCESS)
 Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
   Memory: 1.9M
   CGroup: /system.slice/ntp.service
   └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file
('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501Warning:
Journal has been rotated since unit was started. Log output is incomplete
or unavailable.
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
lines 1-13/13 (END)...skipping...
● ntp.service - Network Time Service
   Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset:
enabled)
   Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2
days ago
 Docs: man:ntpd(8)
  Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited,
status=0/SUCCESS)
 Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
   Memory: 1.9M
   CGroup: /system.slice/ntp.service
   └─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file
('/usr/share/zoneinfo/leap-seconds.list'): expired less than 501 days ago
Warning: Journal has been rotated since unit was started. Log output is
incomplete or unavailable.
~
~
~
~
root@vps-3e661acc:/home/debian# curl
https://deb.torproject.org/torproject.org/


 
  Index of /torproject.org
 
 
Index of /torproject.org
 Name
  Last modified
 Size  Description Parent Directory
 -
 A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
2022-04-27 17:32   37K
 dists/
2021-11-20 19:48-
 pool/
   2009-05-30 21:43-
 project/
  2009-09-16 11:56-

Apache Server at deb.torproject.org Port 443

root@vps-3e661acc:/ho

Thanks very much.

--Keifer


On Wed, May 11, 2022 at 4:19 AM  wrote:

> On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wrote:
> > This is

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-11 Thread lists

On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wrote:
> This is what that returns,
> 
> Debian GNU/Linux 10 \n \l
OK, the version is right.

> Running the command you listed returns:
> 
> Err:1 http://ftp.debian.org/debian buster-backports InRelease
>   Temporary failure resolving 'ftp.debian.org'
> Err:2 http://deb.debian.org/debian buster InRelease
>   Temporary failure resolving 'deb.debian.org'
> Err:3 http://security.debian.org/debian-security buster/updates InRelease
>   Temporary failure resolving 'security.debian.org'
> Err:4 http://deb.debian.org/debian buster-updates InRelease
>   Temporary failure resolving 'deb.debian.org'
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> 18 packages can be upgraded. Run 'apt list --upgradable' to see them.
> W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease
>  Temporary failure resolving 'deb.debian.org'
> W: Failed to fetch
> http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary
> failure resolving 'deb.debian.org'
> W: Failed to fetch
> http://security.debian.org/debian-security/dists/buster/updates/InRelease
>  Temporary failure resolving 'security.debian.org'
> W: Failed to fetch
> http://ftp.debian.org/debian/dists/buster-backports/InRelease  Temporary
> failure resolving 'ftp.debian.org'
> W: Some index files failed to download. They have been ignored, or old ones
> used instead.
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Calculating upgrade... Done
> The following packages will be upgraded:
>   apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0
> libapt-pkg5.0 libdns-export1104 libgcrypt20
>   libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1
> libudev1 systemd-sysv udev

Some important packages should be upgraded but the DNS resolution does not 
work. :-(
Can you post the output of the following commands? You don't necessarily have 
to be 'root' for this, as a normal user is sufficient:

ping -c 4 8.8.8.8

ping -c 4 deb.debian.org

cat /etc/resolv.conf

ls -al /etc/resolv.conf

systemctl status systemd-resolved

systemctl status ntp

curl https://deb.torproject.org/torproject.org/


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-11 Thread Keifer Bly

This is what that returns,

Debian GNU/Linux 10 \n \l

Running the command you listed returns:

Err:1 http://ftp.debian.org/debian buster-backports InRelease
  Temporary failure resolving 'ftp.debian.org'
Err:2 http://deb.debian.org/debian buster InRelease
  Temporary failure resolving 'deb.debian.org'
Err:3 http://security.debian.org/debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:4 http://deb.debian.org/debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
Building dependency tree
Reading state information... Done
18 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease
 Temporary failure resolving 'deb.debian.org'
W: Failed to fetch
http://deb.debian.org/debian/dists/buster-updates/InRelease  Temporary
failure resolving 'deb.debian.org'
W: Failed to fetch
http://security.debian.org/debian-security/dists/buster/updates/InRelease
 Temporary failure resolving 'security.debian.org'
W: Failed to fetch
http://ftp.debian.org/debian/dists/buster-backports/InRelease  Temporary
failure resolving 'ftp.debian.org'
W: Some index files failed to download. They have been ignored, or old ones
used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0
libapt-pkg5.0 libdns-export1104 libgcrypt20
  libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1
libudev1 systemd-sysv udev
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 10.1 MB of archives.
After this operation, 2048 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64
10.3+deb10u10
  Temporary failure resolving 'deb.debian.org'
Err:2 http://security.debian.org/debian-security buster/updates/main amd64
systemd-sysv amd64 241-7~deb10u8
  Temporary failure resolving 'security.debian.org'
Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64
1.8.3-1+deb10u1
Err:4 http://security.debian.org/debian-security buster/updates/main amd64
udev amd64 241-7~deb10u8
  Temporary failure resolving 'security.debian.org'
Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64
1.8.2.3
Err:6 http://security.debian.org/debian-security buster/updates/main amd64
libudev1 amd64 241-7~deb10u8
  Temporary failure resolving 'security.debian.org'
Ign:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64
1.8.2.3
Err:8 http://security.debian.org/debian-security buster/updates/main amd64
libnettle6 amd64 3.4.1-1+deb10u1
  Temporary failure resolving 'security.debian.org'
Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Ign:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64
1.8.2.3
Err:11 http://security.debian.org/debian-security buster/updates/main amd64
libhogweed4 amd64 3.4.1-1+deb10u1
  Temporary failure resolving 'security.debian.org'
Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64
1.8.3-1+deb10u1
  Temporary failure resolving 'deb.debian.org'
Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64
3.6.7-4+deb10u7
  Temporary failure resolving 'deb.debian.org'
Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64
1.8.4-5+deb10u1
  Temporary failure resolving 'deb.debian.org'
Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64
1.1.1d-0+deb10u6
Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100
amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104
amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64
4.4.1-2+deb10u1
  Temporary failure resolving 'deb.debian.org'
Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64
4.4.1-2+deb10u1
  Temporary failure resolving 'deb.debian.org'
Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64
1.1.1d-0+deb10u6
  Temporary failure resolving 'deb.debian.org'
Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64
1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64
1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64
1.8.2.3
  Temporary failure resolving 'deb.debian.org'
Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100
amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
  Temporary failure resolving 'deb.debian.org'
Err:16 http://deb.debian.org/debian

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-10 Thread lists

On Monday, May 9, 2022 9:40:12 AM CEST ben wrote:

Hi, I think this mail should reach Keifer.

@ Keifer please post the output of:
cat /etc/issue

It should be 'Debian GNU/Linux 10'

apt update && sudo apt full-upgrade
would install missing packages.

Then read what Ben wrote about 'update-ca-certificates'.

--  Forwarded Message  --

Subject: Re: [tor-relays] Debian is not allowing tor to update despite it 
being listed as a trusted respritory
Date: Donnerstag, 5. Mai 2022, 15:09:07 CEST
From: ben 
To: tor-relays 
CC: lists 

> Simply displays a message "no valid openpgp data found". My sources file



You'll see this because your system doesn't trust the cert chain.



You're not seeing a certificate warning because you've got output suppressed 
(the -q in wget's arguments)



If you run



wget https://deb.torproject.org/torproject.org/
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc



I suspect you'll see the certificate warning.



You need to fix that before anything suggested here is going to work - if the 
cert chain isn't trusted then apt isn't going to access the repository's 
indexes, and so won't even see what packages are there, much less install 
them.



As apt didn't grab an updated version for you (which may be due to other repo 
misconfigurations) you probably want to grab and install the cert manually




# Verify that this gives a cert warning

curl https://deb.torproject.org/torproject.org/ 



curl -k --output "/tmp/ISRG_Root_X1.crt"  "https://letsencrypt.org/certs/
isrgrootx1.pem.txt"

sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates



# Now try again

curl https://deb.torproject.org/torproject.org/ 



If that final curl now works, run apt-get update and you should find apt no 
longer complains about the tor repo



-- 
Ben Tasker
https://www.bentasker.co.uk


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-10 Thread lists

On Saturday, May 7, 2022 6:50:43 PM CEST Keifer Bly wrote:
> Ok will try these things. Does that it's an ovh debain have anything to do
> with it? Hosted by them and they may frown on tor.

No, there are a lot (actually too many) Tor relays at OVH.
https://nusenu.github.io/OrNetStats/#autonomous-systems-by-cw-fraction

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-09 Thread ben

Did the final curl complain about an expired certificate?



    curl https://deb.torproject.org/torproject.org/ 





If so, that might indicate you've got OpenSSL 1.0, try



    openssl version



If that's the case, then really you need to get that (and/or the underlying OS) 
updated.



In the short term, we can address this by commenting out the expired root in 
your trust store.



    sudo -s

    cp /etc/ca-certificates.conf ~/ca-certificates.conf.bkup

    sed -i '/^mozilla\/DST_Root_CA_X3.crt$/ s/^/!/' /etc/ca-certificates.conf

    update-ca-certificates



Then try the curl again



    curl https://deb.torproject.org/torproject.org/



It should no longer complain about the certificate having expired. If it now 
complains that the certificate isn't trusted, then the X1 cert isn't properly 
installed and we'll have to look at that.










-- 
Ben Tasker
https://www.bentasker.co.uk




 On Sun, 08 May 2022 15:49:18 +0100 Keifer Bly  wrote 




I have done all these and it still happens. Is there perhaps a tool that will 
set this up? Thanks.

--Keifer



On Sat, May 7, 2022, 10:54 AM Keifer Bly  wrote:

I am running as the root user.

--Keifer



On Sat, May 7, 2022, 10:50 AM Keifer Bly  wrote:

Ok will try these things. Does that it's an ovh debain have anything to do with 
it? Hosted by them and they may frown on tor.
--Keifer




On Thu, May 5, 2022, 8:41 AM ben  wrote:

> Simply displays a message "no valid openpgp data found". My sources file



You'll see this because your system doesn't trust the cert chain.



You're not seeing a certificate warning because you've got output suppressed 
(the -q in wget's arguments)



If you run



    wget 
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc



I suspect you'll see the certificate warning.



You need to fix that before anything suggested here is going to work - if the 
cert chain isn't trusted then apt isn't going to access the repository's 
indexes, and so won't even see what packages are there, much less install them.



As apt didn't grab an updated version for you (which may be due to other repo 
misconfigurations) you probably want to grab and install the cert manually




    # Verify that this gives a cert warning

    curl https://deb.torproject.org/torproject.org/ 



    curl -k --output "/tmp/ISRG_Root_X1.crt"  
"https://letsencrypt.org/certs/isrgrootx1.pem.txt;

    sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

    sudo update-ca-certificates



    # Now try again

    curl https://deb.torproject.org/torproject.org/ 



If that final curl now works, run apt-get update and you should find apt no 
longer complains about the tor repo





-- 
Ben Tasker
https://www.bentasker.co.uk



 On Thu, 05 May 2022 13:21:22 +0100   wrote 




On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote: 
> Thank you. But running wget -qO- 
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 
> 6DDD89.asc 
> 
> gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null 
 
Maybe copy paste error. It must be one line and you must be root or type 
'sudo' in front of it. Maybe you can better copy from here: 
 
3. Then add the gpg key ... 
https://support.torproject.org/apt/ 
 
> Simply displays a message "no valid openpgp data found". My sources file 
 
If this message appears again, install gpg: 
sudo apt update && apt -y install gnupg 
 
-- 
╰_╯ Ciao Marco! 
 
Debian GNU/Linux 
 
It's free software and it gives you 
freedom!___ 
tor-relays mailing list 
mailto:tor-relays@lists.torproject.org 
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays 








___
 tor-relays mailing list
 mailto:tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays






___
tor-relays mailing list 
mailto:tor-relays@lists.torproject.org 
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-09 Thread Keifer Bly

I have done all these and it still happens. Is there perhaps a tool that
will set this up? Thanks.

--Keifer

On Sat, May 7, 2022, 10:54 AM Keifer Bly  wrote:

> I am running as the root user.
>
> --Keifer
>
> On Sat, May 7, 2022, 10:50 AM Keifer Bly  wrote:
>
>> Ok will try these things. Does that it's an ovh debain have anything to
>> do with it? Hosted by them and they may frown on tor.
>>
>> --Keifer
>>
>> On Thu, May 5, 2022, 8:41 AM ben  wrote:
>>
>>> > Simply displays a message "no valid openpgp data found". My sources
>>> file
>>>
>>> You'll see this because your system doesn't trust the cert chain.
>>>
>>> You're not seeing a certificate warning because you've got output
>>> suppressed (the -q in wget's arguments)
>>>
>>> If you run
>>>
>>> wget
>>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>>> 6DDD89.asc
>>>
>>> I suspect you'll see the certificate warning.
>>>
>>> You need to fix that before anything suggested here is going to work -
>>> if the cert chain isn't trusted then apt isn't going to access the
>>> repository's indexes, and so won't even see what packages are there, much
>>> less install them.
>>>
>>> As apt didn't grab an updated version for you (which may be due to other
>>> repo misconfigurations) you probably want to grab and install the cert
>>> manually
>>>
>>> # Verify that this gives a cert warning
>>> curl https://deb.torproject.org/torproject.org/
>>>
>>> curl -k --output "/tmp/ISRG_Root_X1.crt"  "
>>> https://letsencrypt.org/certs/isrgrootx1.pem.txt;
>>> sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
>>> sudo update-ca-certificates
>>>
>>> # Now try again
>>> curl https://deb.torproject.org/torproject.org/
>>>
>>> If that final curl now works, run apt-get update and you should find apt
>>> no longer complains about the tor repo
>>>
>>>
>>> --
>>> Ben Tasker
>>> https://www.bentasker.co.uk
>>>
>>>  On Thu, 05 May 2022 13:21:22 +0100 * >> >* wrote 
>>>
>>> On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
>>> > Thank you. But running wget -qO-
>>> >
>>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>>> > 6DDD89.asc
>>> >
>>> > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
>>> >/dev/null
>>>
>>> Maybe copy paste error. It must be one line and you must be root or type
>>> 'sudo' in front of it. Maybe you can better copy from here:
>>>
>>> 3. Then add the gpg key ...
>>> https://support.torproject.org/apt/
>>>
>>> > Simply displays a message "no valid openpgp data found". My sources
>>> file
>>>
>>> If this message appears again, install gpg:
>>> sudo apt update && apt -y install gnupg
>>>
>>> --
>>> ╰_╯ Ciao Marco!
>>>
>>> Debian GNU/Linux
>>>
>>> It's free software and it gives you
>>> freedom!___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-09 Thread Keifer Bly

I am running as the root user.

--Keifer

On Sat, May 7, 2022, 10:50 AM Keifer Bly  wrote:

> Ok will try these things. Does that it's an ovh debain have anything to do
> with it? Hosted by them and they may frown on tor.
>
> --Keifer
>
> On Thu, May 5, 2022, 8:41 AM ben  wrote:
>
>> > Simply displays a message "no valid openpgp data found". My sources file
>>
>> You'll see this because your system doesn't trust the cert chain.
>>
>> You're not seeing a certificate warning because you've got output
>> suppressed (the -q in wget's arguments)
>>
>> If you run
>>
>> wget
>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>> 6DDD89.asc
>>
>> I suspect you'll see the certificate warning.
>>
>> You need to fix that before anything suggested here is going to work - if
>> the cert chain isn't trusted then apt isn't going to access the
>> repository's indexes, and so won't even see what packages are there, much
>> less install them.
>>
>> As apt didn't grab an updated version for you (which may be due to other
>> repo misconfigurations) you probably want to grab and install the cert
>> manually
>>
>> # Verify that this gives a cert warning
>> curl https://deb.torproject.org/torproject.org/
>>
>> curl -k --output "/tmp/ISRG_Root_X1.crt"  "
>> https://letsencrypt.org/certs/isrgrootx1.pem.txt;
>> sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
>> sudo update-ca-certificates
>>
>> # Now try again
>> curl https://deb.torproject.org/torproject.org/
>>
>> If that final curl now works, run apt-get update and you should find apt
>> no longer complains about the tor repo
>>
>>
>> --
>> Ben Tasker
>> https://www.bentasker.co.uk
>>
>>  On Thu, 05 May 2022 13:21:22 +0100 * > >* wrote 
>>
>> On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
>> > Thank you. But running wget -qO-
>> >
>> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
>> > 6DDD89.asc
>> >
>> > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
>> >/dev/null
>>
>> Maybe copy paste error. It must be one line and you must be root or type
>> 'sudo' in front of it. Maybe you can better copy from here:
>>
>> 3. Then add the gpg key ...
>> https://support.torproject.org/apt/
>>
>> > Simply displays a message "no valid openpgp data found". My sources
>> file
>>
>> If this message appears again, install gpg:
>> sudo apt update && apt -y install gnupg
>>
>> --
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you
>> freedom!___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-09 Thread Keifer Bly

Ok will try these things. Does that it's an ovh debain have anything to do
with it? Hosted by them and they may frown on tor.

--Keifer

On Thu, May 5, 2022, 8:41 AM ben  wrote:

> > Simply displays a message "no valid openpgp data found". My sources file
>
> You'll see this because your system doesn't trust the cert chain.
>
> You're not seeing a certificate warning because you've got output
> suppressed (the -q in wget's arguments)
>
> If you run
>
> wget
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
> 6DDD89.asc
>
> I suspect you'll see the certificate warning.
>
> You need to fix that before anything suggested here is going to work - if
> the cert chain isn't trusted then apt isn't going to access the
> repository's indexes, and so won't even see what packages are there, much
> less install them.
>
> As apt didn't grab an updated version for you (which may be due to other
> repo misconfigurations) you probably want to grab and install the cert
> manually
>
> # Verify that this gives a cert warning
> curl https://deb.torproject.org/torproject.org/
>
> curl -k --output "/tmp/ISRG_Root_X1.crt"  "
> https://letsencrypt.org/certs/isrgrootx1.pem.txt;
> sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
> sudo update-ca-certificates
>
> # Now try again
> curl https://deb.torproject.org/torproject.org/
>
> If that final curl now works, run apt-get update and you should find apt
> no longer complains about the tor repo
>
>
> --
> Ben Tasker
> https://www.bentasker.co.uk
>
>  On Thu, 05 May 2022 13:21:22 +0100 *  >* wrote 
>
> On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
> > Thank you. But running wget -qO-
> >
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
> > 6DDD89.asc
> >
> > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg
> >/dev/null
>
> Maybe copy paste error. It must be one line and you must be root or type
> 'sudo' in front of it. Maybe you can better copy from here:
>
> 3. Then add the gpg key ...
> https://support.torproject.org/apt/
>
> > Simply displays a message "no valid openpgp data found". My sources file
>
> If this message appears again, install gpg:
> sudo apt update && apt -y install gnupg
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-05 Thread ben

> Simply displays a message "no valid openpgp data found". My sources file



You'll see this because your system doesn't trust the cert chain.



You're not seeing a certificate warning because you've got output suppressed 
(the -q in wget's arguments)



If you run



    wget 
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc



I suspect you'll see the certificate warning.



You need to fix that before anything suggested here is going to work - if the 
cert chain isn't trusted then apt isn't going to access the repository's 
indexes, and so won't even see what packages are there, much less install them.



As apt didn't grab an updated version for you (which may be due to other repo 
misconfigurations) you probably want to grab and install the cert manually




    # Verify that this gives a cert warning

    curl https://deb.torproject.org/torproject.org/ 



    curl -k --output "/tmp/ISRG_Root_X1.crt"  
"https://letsencrypt.org/certs/isrgrootx1.pem.txt;

    sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

    sudo update-ca-certificates



    # Now try again

    curl https://deb.torproject.org/torproject.org/ 



If that final curl now works, run apt-get update and you should find apt no 
longer complains about the tor repo





-- 
Ben Tasker
https://www.bentasker.co.uk



 On Thu, 05 May 2022 13:21:22 +0100   wrote 



On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote: 
> Thank you. But running wget -qO- 
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88 
> 6DDD89.asc 
> 
> gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null 
 
Maybe copy paste error. It must be one line and you must be root or type 
'sudo' in front of it. Maybe you can better copy from here: 
 
3. Then add the gpg key ... 
https://support.torproject.org/apt/ 
 
> Simply displays a message "no valid openpgp data found". My sources file 
 
If this message appears again, install gpg: 
sudo apt update && apt -y install gnupg 
 
-- 
╰_╯ Ciao Marco! 
 
Debian GNU/Linux 
 
It's free software and it gives you 
freedom!___ 
tor-relays mailing list 
mailto:tor-relays@lists.torproject.org 
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-05 Thread lists

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
> Thank you. But running wget -qO-
> https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
> 6DDD89.asc
> 
> gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type 
'sudo' in front of it. Maybe you can better copy from here:

3. Then add the gpg key ...
https://support.torproject.org/apt/

> Simply displays a message "no valid openpgp data found". My sources file

If this message appears again, install gpg:
sudo apt update && apt -y install gnupg

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-05 Thread lists

On Thursday, May 5, 2022 2:29:30 AM CEST Keifer Bly wrote:
> Ok. I have tried different things. And the same is still happening:
> 
> sources.list file:
> 
> ## Note, this file is written by cloud-init on first boot of an instance
> ## modifications made here will not survive a re-bundle.
> ## if you wish to make changes you can:

> ## c.) make changes to template file
> /etc/cloud/templates/sources.list.debian.tmpl

OK, you must look in '/etc/apt/sources.list' and in
'/etc/cloud/templates/sources.list.debian.tmpl' and delete or comment out the 
below mentioned 4 lines:

> 
> # See
> http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
> # for how to upgrade to newer versions of the distribution.
Ignore the upgrade notice and i386. You can use buster until the end of 2022 
and I'm pretty sure google cloud is amd64.

> deb http://deb.debian.org/debian buster main
> deb-src http://deb.debian.org/debian buster main
> 
> ## Major bug fix updates produced after the final release of the
> ## distribution.
> deb http://security.debian.org/ buster/updates main
> deb-src http://security.debian.org/ buster/updates main

You can|must delete these 3 lines...
> deb [trusted=yes] http://deb.torproject.org/torproject.org buster main
> deb http://deb.torproject.org/torproject.org buster main 
> deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main

> ## Uncomment the following two lines to add software from the 'backports'
> ## repository.
> ##
> ## N.B. software from this repository may not have been tested as
> ## extensively as that contained in the main release, although it includes
> ## newer versions of some applications which may provide useful features.
> deb http://deb.debian.org/debian buster-backports main
> deb-src http://deb.debian.org/debian buster-backports main
... and this old one from debian stretch:
> deb http://ftp.de.debian.org/debian stretch main


> tor.list file:
> 
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org amd64 main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org amd64 main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org  main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org  main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main- main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main- main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main-buster main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main-buster main
> 
> Please, what should the sources.list and tor.list files look like? I am
> sorry to ask. Thanks.

In '/etc/apt/sources.list.d/tor.list' just this one line:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://
deb.torproject.org/torproject.org buster main


Generally 'deb-src' are the package sources if you want to compile packages 
yourself. You don't need that. Not for Tor and not for Debian either. But it 
doesn't matter if you leave them, it occupies a few MB more in /var/cache/apt/
archives/


-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-04 Thread Keifer Bly

I am slightly confused, thank you.
--Keifer


On Wed, May 4, 2022 at 5:29 PM Keifer Bly  wrote:

> Ok. I have tried different things. And the same is still happening:
>
> sources.list file:
>
> ## Note, this file is written by cloud-init on first boot of an instance
> ## modifications made here will not survive a re-bundle.
> ## if you wish to make changes you can:
> ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
> ## or do the same in user-data
> ## b.) add sources in /etc/apt/sources.list.d
> ## c.) make changes to template file
> /etc/cloud/templates/sources.list.debian.tmpl
> ###
>
> # See
> http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
> # for how to upgrade to newer versions of the distribution.
> deb http://deb.debian.org/debian buster main
> deb-src http://deb.debian.org/debian buster main
>
> ## Major bug fix updates produced after the final release of the
> ## distribution.
> deb http://security.debian.org/ buster/updates main
> deb-src http://security.debian.org/ buster/updates main
>
> deb [trusted=yes] http://deb.torproject.org/torproject.org buster main
> deb http://deb.torproject.org/torproject.org buster main
>
> deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main
>
>
>
> ## Uncomment the following two lines to add software from the 'backports'
> ## repository.
> ##
> ## N.B. software from this repository may not have been tested as
> ## extensively as that contained in the main release, although it includes
> ## newer versions of some applications which may provide useful features.
> deb http://deb.debian.org/debian buster-backports main
> deb-src http://deb.debian.org/debian buster-backports main
> deb http://ftp.de.debian.org/debian stretch main
>
> tor.list file:
>
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org amd64 main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org amd64 main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org  main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org  main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org buster main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main- main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main- main
> deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main-buster main
> deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
> https://deb.torproject.org/torproject.org tor-nightly-main-buster main
>
> Please, what should the sources.list and tor.list files look like? I am
> sorry to ask. Thanks.
>
> --Keifer
>
>
> On Wed, May 4, 2022 at 4:34 AM  wrote:
>
>> On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
>> > I am not sure how to get rid of the trusty / ubuntu packages?
>>
>> You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/
>> sources.list or you have created the file
>> /etc/apt/sources.list.d/tor.list?
>>
>> > I simply followed the instructions here:
>> > https://support.torproject.org/apt/tor-deb-repo/
>>
>> You are running oldstable 'buster', this guide has been updated for
>> stable
>> 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not
>> yet
>> required in buster, but it doesn't hurt.
>> The new 'deb.torproject.org-keyring' package renews both keyrings in:
>> /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
>>
>> ¹Apt-key will last be available in Debian 11 and Ubuntu 22.04.
>> Since bullseye, 'apt-key add' has been deprecated and is no longer
>> available
>> in bookworm. Only 'apt-key del' then still works.
>>
>> ¹https://manpages.debian.org/testing/apt/apt-key.8.en.html
>>
>> Background info:
>>
>> https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key
>> or $websearch: Why apt-key is deprecated?
>>
>>
>> --
>> ╰_╯ Ciao Marco!
>>
>> Debian GNU/Linux
>>
>> It's free software and it gives you
>> freedom!___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-04 Thread tor admin via tor-relays

Your sources.list file entry looks incorrect.  I would definitely not 
recommend using trust=yes for a repo like tor, as it bypasses apt's 
security checks.


According to the instructions you linked 
, your source for the 
tor packages should be listed in /etc/apt/sources.list.d/tor.list as 
something like:


deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] 
https://deb.torproject.org/torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] 
https://deb.torproject.org/torproject.org buster main


The instructions tell you how to import the repo key as well:



# wget -qO- 
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc 
| gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg 
>/dev/null




On 5/3/22 13:10, Keifer Bly wrote:
I am not sure how to get rid of the trusty / ubuntu packages? I simply 
followed the instructions here:


https://support.torproject.org/apt/tor-deb-repo/

Thanks.
--Keifer


On Mon, May 2, 2022 at 10:31 PM Keifer Bly  wrote:

Hi all,

So I am running a tor relay on Debian, but no matter what when
updating tor there is an “updating from such a respiritpry can’t
be done securely and is therefore disabled by default”. Here is
the log

Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]

Hit:2 http://deb.debian.org/debian buster InRelease

Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]

Get:4 http://deb.debian.org/debian buster-backports InRelease
[46.7 kB]

Ign:5 http://ftp.de.debian.org/debian stretch InRelease

Hit:6 http://ftpde.debian.org/debian stretch Release

Ign:7 http://deb.torproject.org/torproject.org trusty InRelease

Ign:8 http://deb.torproject.org/torproject.org trusty Release

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all
Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main
Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main
Translation-en_US

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all
Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main
Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main
Translation-en_US

Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all
Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main
Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main
Translation-en_US

Err:15 https://deb.torproject.org/torproject.org amd64 Release

  Certificate verification failed: The certificate is NOT trusted.
The certificate chain uses expired certificate.  Could not
handshake: Error in the certificate verification. [IP:
95.216.163.36 443]

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all
Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main
Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main
Translation-en_US

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all
Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main
Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main
Translation-en_US

Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources

Ign:10 http://deb.torproject.org/torproject.org trusty/main all
Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
Packages

Ign:12 http://deb.torproject.org/torproject.org trusty/main
Translation-en

Ign:13 http://deb.torproject.org/torproject.org trusty/main
Translation-en_US

Err:9 http://deb.torproject.org/torproject.org trusty/main Sources

  404  Not Found [IP: 116.202.120.166 80]

Ign:10 http://deb.torproject.org/torproject.org trusty/main all
Packages

Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64
Packages

Ign:12

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-04 Thread Keifer Bly

Ok. I have tried different things. And the same is still happening:

sources.list file:

## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file
/etc/cloud/templates/sources.list.debian.tmpl
###

# See
http://www.debian.org/releases/stable/i386/release-notes/ch-upgrading.html
# for how to upgrade to newer versions of the distribution.
deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main

## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main

deb [trusted=yes] http://deb.torproject.org/torproject.org buster main
deb http://deb.torproject.org/torproject.org buster main

deb-src [trusted=yes] http://deb.torproject.org/torproject.org buster main

## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb http://deb.debian.org/debian buster-backports main
deb-src http://deb.debian.org/debian buster-backports main
deb http://ftp.de.debian.org/debian stretch main

tor.list file:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org amd64 main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org amd64 main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org  main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org  main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org buster main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main- main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main- main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main-buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
https://deb.torproject.org/torproject.org tor-nightly-main-buster main

Please, what should the sources.list and tor.list files look like? I am
sorry to ask. Thanks.

--Keifer

On Wed, May 4, 2022 at 4:34 AM  wrote:

> On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
> > I am not sure how to get rid of the trusty / ubuntu packages?
>
> You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/
> sources.list or you have created the file /etc/apt/sources.list.d/tor.list?
>
> > I simply followed the instructions here:
> > https://support.torproject.org/apt/tor-deb-repo/
>
> You are running oldstable 'buster', this guide has been updated for stable
> 'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not
> yet
> required in buster, but it doesn't hurt.
> The new 'deb.torproject.org-keyring' package renews both keyrings in:
> /etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
>
> ¹Apt-key will last be available in Debian 11 and Ubuntu 22.04.
> Since bullseye, 'apt-key add' has been deprecated and is no longer
> available
> in bookworm. Only 'apt-key del' then still works.
>
> ¹https://manpages.debian.org/testing/apt/apt-key.8.en.html
>
> Background info:
>
> https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key
> or $websearch: Why apt-key is deprecated?
>
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you
> freedom!___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-04 Thread lists

On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
> I am not sure how to get rid of the trusty / ubuntu packages?

You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/
sources.list or you have created the file /etc/apt/sources.list.d/tor.list?

> I simply followed the instructions here:
> https://support.torproject.org/apt/tor-deb-repo/

You are running oldstable 'buster', this guide has been updated for stable 
'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not yet 
required in buster, but it doesn't hurt.
The new 'deb.torproject.org-keyring' package renews both keyrings in:
/etc/apt/trusted.gpg.d/ and /usr/share/keyrings/

¹Apt-key will last be available in Debian 11 and Ubuntu 22.04.
Since bullseye, 'apt-key add' has been deprecated and is no longer available 
in bookworm. Only 'apt-key del' then still works.

¹https://manpages.debian.org/testing/apt/apt-key.8.en.html

Background info:
https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key
or $websearch: Why apt-key is deprecated?

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-04 Thread Keifer Bly

I am not sure how to get rid of the trusty / ubuntu packages? I simply
followed the instructions here:

https://support.torproject.org/apt/tor-deb-repo/

Thanks.
--Keifer


On Mon, May 2, 2022 at 10:31 PM Keifer Bly  wrote:

> Hi all,
>
>
>
> So I am running a tor relay on Debian, but no matter what when updating
> tor there is an “updating from such a respiritpry can’t be done securely
> and is therefore disabled by default”. Here is the log
>
>
>
>
>
> Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
>
> Hit:2 http://deb.debian.org/debian buster InRelease
>
> Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
>
> Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
>
> Ign:5 http://ftp.de.debian.org/debian stretch InRelease
>
> Hit:6 http://ftpde.debian.org/debian stretch Release
>
> Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
>
> Ign:8 http://deb.torproject.org/torproject.org trusty Release
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:14 https://deb.torproject.org/torproject.org amd64 InRelease
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Err:15 https://deb.torproject.org/torproject.org amd64 Release
>
>   Certificate verification failed: The certificate is NOT trusted. The
> certificate chain uses expired certificate.  Could not handshake: Error in
> the certificate verification. [IP: 95.216.163.36 443]
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Ign:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Err:9 http://deb.torproject.org/torproject.org trusty/main Sources
>
>   404  Not Found [IP: 116.202.120.166 80]
>
> Ign:10 http://deb.torproject.org/torproject.org trusty/main all Packages
>
> Ign:11 http://deb.torproject.org/torproject.org trusty/main amd64 Packages
>
> Ign:12 http://deb.torproject.org/torproject.org trusty/main Translation-en
>
> Ign:13 http://deb.torproject.org/torproject.org trusty/main
> Translation-en_US
>
> Reading package lists... Done
>
> N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it
> has no filename extension
>
> E: The repository 'https://deb.torproject.org/torproject.org amd64
> Release' does not have a Release file.
>
> N: Updating from such a repository can't be done securely, and is
> therefore disabled by default.
>
> N: See apt-secure(8) manpage for repository creation and user
> configuration details.
>
> root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
>
> root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
>
> root@vps-3e661acc:/home/debian# apt-get update
>
> Hit:1 http://security.debian.org buster/updates InRelease
>
> Hit:2 http://deb.debian.org/debian buster InRelease
>
> Hit:3 http://deb.debian.org/debian buster-updates InRelease
>
> Hit:4 http://deb.debian.org/debian buster-backports InRelease
>
> Ign:5

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-04 Thread Keifer Bly

What is the command for doing that? Thanks.
--Keifer


On Tue, May 3, 2022 at 12:00 AM Toralf Förster 
wrote:

> On 5/3/22 07:31, Keifer Bly wrote:
> > Err:15 https://deb.torproject.org/torproject.org amd64 Release
> >
> > Certificate verification failed: The certificate is NOT trusted. The
> > certificate chain uses expired certificate.  Could not handshake: Error
> > in the certificate verification. [IP: 95.216.163.36 443]
> >
> Maybe renew the key ?
>
> --
> Toralf
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-03 Thread Keifer Bly

Just did this, and it says its up to date. Thanks.
--Keifer


On Tue, May 3, 2022 at 1:17 AM ben  wrote:

> >> Certificate verification failed: The certificate is NOT trusted. The
> >> certificate chain uses expired certificate.  Could not handshake: Error
> >> in the certificate verification. [IP: 95.216.163.36 443]
> >>
> > Maybe renew the key ?
>
> The repo uses a LetsEncrypt certificate.
>
> Odds are, the OP's system's trust store is quite old and so still has the
> old root in place - LE's intermediate has multiple signatures and one of
> the roots expired last year.
>
> Running
>
> sudo apt-get -y install ca-certificates
>
> Should bring it up to date (assuming there's a relatively modern openssl
> in use - I think 1.0 will throw an error either way because it still tries
> to follow both forks in the chain and borks when it sees the expired cert).
>
>
>
> --
> Ben Tasker
> https://www.bentasker.co.uk
>
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-03 Thread lists

On Tuesday, May 3, 2022 7:31:46 AM CEST Keifer Bly wrote:

> So I am running a tor relay on Debian, but no matter what when updating tor
> there is an “updating from such a respiritpry can’t be done securely and is
> therefore disabled by default”. Here is the log
> 
>  

In addition to the outdated certificates, you get Tor for Ubuntu and not 
Debian:

>  
> 
> Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
> 
> Hit:2 http://deb.debian.org/debian buster InRelease
> 
> Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
> 
> Get:4 http://deb.debian.org/debian buster-backports InRelease [46.7 kB]
> 
> Ign:5 http://ftp.de.debian.org/debian stretch InRelease
> 
> Hit:6 http://ftpde.debian.org/debian stretch Release
I would delete the outdated Debian stretch archives.

> Ign:7 http://deb.torproject.org/torproject.org trusty InRelease
> 
> Ign:8 http://deb.torproject.org/torproject.org trusty Release
> 

Trusty? Why are you using Tor for Ubuntu? For Debian Buster you should also 
use the buster archive:

deb https://deb.torproject.org/torproject.org buster main

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

signature.asc
Description: This is a digitally signed message part.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-03 Thread Peter Ludikovsky



Seems like your machine doesn't recognize the certificate for 
https://deb.torproject.org, which is a separate issue from eg. the GPG 
key not matching which would make it untrusted.


Seems something in the certificate chain from Let's Encrypt has expired, 
because the cert itself is still valid.


OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-03 Thread ben

>> Certificate verification failed: The certificate is NOT trusted. The 

>> certificate chain uses expired certificate.  Could not handshake: Error 

>> in the certificate verification. [IP: 95.216.163.36 443] 

>> 

> Maybe renew the key ?



The repo uses a LetsEncrypt certificate. 



Odds are, the OP's system's trust store is quite old and so still has the old 
root in place - LE's intermediate has multiple signatures and one of the roots 
expired last year.



Running



    sudo apt-get -y install ca-certificates



Should bring it up to date (assuming there's a relatively modern openssl in use 
- I think 1.0 will throw an error either way because it still tries to follow 
both forks in the chain and borks when it sees the expired cert).







-- 
Ben Tasker
https://www.bentasker.co.uk___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

2022-05-03 Thread Toralf Förster


On 5/3/22 07:31, Keifer Bly wrote:

Err:15 https://deb.torproject.org/torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The 
certificate chain uses expired certificate.  Could not handshake: Error 
in the certificate verification. [IP: 95.216.163.36 443]



Maybe renew the key ?

--
Toralf


OpenPGP_signature
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

23 matches

Site Navigation

Mail list logo

Footer information