I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:
https://support.torproject.org/apt/tor-deb-repo/
Thanks.
···
–Keifer
I am not sure how to get rid of the trusty / ubuntu packages?
You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/
sources.list or you have created the file /etc/apt/sources.list.d/tor.list?
I simply followed the instructions here:
Why and how I can enable Tor Package Repository in Debian? | Tor Project | Support
You are running oldstable 'buster', this guide has been updated for stable
'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not yet
required in buster, but it doesn't hurt.
The new 'deb.torproject.org-keyring' package renews both keyrings in:
/etc/apt/trusted.gpg.d/ and /usr/share/keyrings/
¹Apt-key will last be available in Debian 11 and Ubuntu 22.04.
Since bullseye, 'apt-key add' has been deprecated and is no longer available
in bookworm. Only 'apt-key del' then still works.
¹apt-key(8) — apt — Debian testing — Debian Manpages
Background info:
or $websearch: Why apt-key is deprecated?
···
On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
1 Like
Ok. I have tried different things. And the same is still happening:
sources.list file:
Note, this file is written by cloud-init on first boot of an instance
modifications made here will not survive a re-bundle.
if you wish to make changes you can:
a.) add ‘apt_preserve_sources_list: true’ to /etc/cloud/cloud.cfg
or do the same in user-data
b.) add sources in /etc/apt/sources.list.d
c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
···
–Keifer
Your sources.list file entry looks incorrect. I would definitely not recommend using trust=yes for a repo like tor, as it bypasses apt's security checks.
According to the instructions you linked <https://support.torproject.org/apt/tor-deb-repo/>, your source for the tor packages should be listed in /etc/apt/sources.list.d/tor.list as something like:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] Index of /torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] Index of /torproject.org buster main
The instructions tell you how to import the repo key as well:
···
# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
On 5/3/22 13:10, Keifer Bly wrote:
I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:
Why and how I can enable Tor Package Repository in Debian? | Tor Project | Support
Thanks.
--KeiferOn Mon, May 2, 2022 at 10:31 PM Keifer Bly <keifer.bly@gmail.com> wrote:
Hi all,
So I am running a tor relay on Debian, but no matter what when
updating tor there is an “updating from such a respiritpry can’t
be done securely and is therefore disabled by default”. Here is
the logGet:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 Index of /debian buster InRelease
Get:3 Index of /debian buster-updates InRelease [51.9 kB]
Get:4 Index of /debian buster-backports InRelease
[46.7 kB]Ign:5 Index of /debian stretch InRelease
Hit:6 http://ftpde.debian.org/debian stretch Release
Ign:7 Index of /torproject.org trusty InRelease
Ign:8 Index of /torproject.org trusty Release
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all
PackagesIgn:11 Index of /torproject.org trusty/main amd64
PackagesIgn:12 Index of /torproject.org trusty/main
Translation-enIgn:13 Index of /torproject.org trusty/main
Translation-en_USIgn:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all
PackagesIgn:11 Index of /torproject.org trusty/main amd64
PackagesIgn:12 Index of /torproject.org trusty/main
Translation-enIgn:13 Index of /torproject.org trusty/main
Translation-en_USIgn:14 Index of /torproject.org amd64 InRelease
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all
PackagesIgn:11 Index of /torproject.org trusty/main amd64
PackagesIgn:12 Index of /torproject.org trusty/main
Translation-enIgn:13 Index of /torproject.org trusty/main
Translation-en_USErr:15 Index of /torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted.
The certificate chain uses expired certificate. Could not
handshake: Error in the certificate verification. [IP:
95.216.163.36 443]Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all
PackagesIgn:11 Index of /torproject.org trusty/main amd64
PackagesIgn:12 Index of /torproject.org trusty/main
Translation-enIgn:13 Index of /torproject.org trusty/main
Translation-en_USIgn:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all
PackagesIgn:11 Index of /torproject.org trusty/main amd64
PackagesIgn:12 Index of /torproject.org trusty/main
Translation-enIgn:13 Index of /torproject.org trusty/main
Translation-en_USIgn:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all
PackagesIgn:11 Index of /torproject.org trusty/main amd64
PackagesIgn:12 Index of /torproject.org trusty/main
Translation-enIgn:13 Index of /torproject.org trusty/main
Translation-en_USErr:9 Index of /torproject.org trusty/main Sources
404 Not Found [IP: 116.202.120.166 80]
Ign:10 Index of /torproject.org trusty/main all
PackagesIgn:11 Index of /torproject.org trusty/main amd64
PackagesIgn:12 Index of /torproject.org trusty/main
Translation-enIgn:13 Index of /torproject.org trusty/main
Translation-en_USReading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/'
as it has no filename extensionE: The repository 'Index of /torproject.org amd64
Release' does not have a Release file.N: Updating from such a repository can't be done securely, and is
therefore disabled by default.N: See apt-secure(8) manpage for repository creation and user
configuration details.root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# apt-get update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 Index of /debian buster InRelease
Hit:3 Index of /debian buster-updates InRelease
Hit:4 Index of /debian buster-backports InRelease
Ign:5 Index of /torproject.org amd64 InRelease
Ign:6 Index of /debian stretch InRelease
Ign:7 Index of /torproject.org trusty InRelease
Hit:8 Index of /debian stretch Release
Ign:9 Index of /torproject.org trusty Release
Err:10 Index of /torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted.
The certificate chain uses expired certificate. Could not
handshake: Error in the certificate verification. [IP:
116.202.120.165 443]Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64
PackagesIgn:13 Index of /torproject.org trusty/main all
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-en_USIgn:15 Index of /torproject.org trusty/main
Translation-enIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64
PackagesIgn:13 Index of /torproject.org trusty/main all
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-en_USIgn:15 Index of /torproject.org trusty/main
Translation-enIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64
PackagesIgn:13 http://deb.torproject.org/torprojectorg trusty/main all
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-en_USIgn:15 Index of /torproject.org trusty/main
Translation-enIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64
PackagesIgn:13 Index of /torproject.org trusty/main all
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-en_USIgn:15 Index of /torproject.org trusty/main
Translation-enIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64
PackagesIgn:13 Index of /torproject.org trusty/main all
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-en_USIgn:15 Index of /torproject.org trusty/main
Translation-enIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64
PackagesIgn:13 Index of /torproject.org trusty/main all
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-en_USIgn:15 Index of /torproject.org trusty/main
Translation-enErr:11 Index of /torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 Index of /torproject.org trusty/main amd64
PackagesIgn:13 Index of /torproject.org trusty/main all
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-en_USIgn:15 Index of /torproject.org trusty/main
Translation-enReading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sourceslist.d/'
as it has no filename extensionE: The repository 'Index of /torproject.org amd64
Release' does not have a Release file.N: Updating from such a repository can't be done securely, and is
therefore disabled by default.N: See apt-secure(8) manpage for repository creation and user
configuration details.root@vps-3e661acc:/home/debian# tor
May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with
Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4,
Libzstd 1.3.8 and Glibc 2.28 as libc.May 03 05:20:21.469 [notice] Tor can't help you if you use it
wrong! Learn how to be safe at
https://www.torproject.org/download/download#warningMay 03 05:20:21.469 [notice] Read configuration file "/etc/tor/torrc".
May 03 05:20:21.470 [notice] Based on detected system memory,
MaxMemInQueues is set to 1462 MB. You can override this by setting
MaxMemInQueues by hand.May 03 05:20:21.472 [notice] Opening Control listener on
127.0.0.1:9051 <http://127.0.0.1:9051>May 03 05:20:21.472 [notice] Opened Control listener connection
(ready) on 127.0.0.1:9051 <http://127.0.0.1:9051>May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001
<http://0.0.0.0:9001>May 03 05:20:21.472 [notice] Opened OR listener connection (ready)
on 0.0.0.0:9001 <http://0.0.0.0:9001>May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001
May 03 05:20:21.472 [notice] Opened OR listener connection (ready)
on [::]:9001May 03 05:20:21.472 [notice] Opening Directory listener on
0.0.0.0:9030 <http://0.0.0.0:9030>May 03 05:20:21.472 [notice] Opened Directory listener connection
(ready) on 0.0.0.0:9030 <http://0.0.0.0:9030>root@vps-3e661acc:/home/debian# sudo apt update && sudo apt
install -y --only-upgrade torHit:1 http://security.debian.org buster/updates InRelease
Hit:2 Index of /debian buster InRelease
Hit:3 Index of /debian buster-updates InRelease
Hit:4 Index of /debian buster-backports InRelease
Ign:5 Index of /debian stretch InRelease
Hit:6 Index of /debian stretch Release
Ign:7 Index of /torproject.org amd64 InRelease
Ign:8 Index of /torproject.org trusty InRelease
Ign:9 Index of /torproject.org trusty Release
Err:10 Index of /torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted.
The certificate chain uses expired certificate. Could not
handshake: Error in the certificate verification. [IP:
116.202.120.165 443]Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all
PackagesIgn:13 Index of /torproject.org trusty/main amd64
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-enIgn:15 Index of /torproject.org trusty/main
Translation-en_USIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all
PackagesIgn:13 http://debtorproject.org/torproject.org trusty/main amd64
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-enIgn:15 Index of /torproject.org trusty/main
Translation-en_USIgn:11 http://debtorproject.org/torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all
PackagesIgn:13 Index of /torproject.org trusty/main amd64
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-enIgn:15 Index of /torproject.org trusty/main
Translation-en_USIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all
PackagesIgn:13 Index of /torproject.org trusty/main amd64
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-enIgn:15 Index of /torproject.org trusty/main
Translation-en_USIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all
PackagesIgn:13 Index of /torproject.org trusty/main amd64
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-enIgn:15 Index of /torproject.org trusty/main
Translation-en_USIgn:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all
PackagesIgn:13 Index of /torproject.org trusty/main amd64
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-enIgn:15 Index of /torproject.org trusty/main
Translation-en_USErr:11 Index of /torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 Index of /torproject.org trusty/main all
PackagesIgn:13 Index of /torproject.org trusty/main amd64
PackagesIgn:14 Index of /torproject.org trusty/main
Translation-enIgn:15 Index of /torproject.org trusty/main
Translation-en_USReading package lists... Done
N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/'
as it has no filename extensionE: The repository 'Index of /torproject.org amd64
Release' does not have a Release file.N: Updating from such a repository can't be done securely, and is
therefore disabled by default.N: See apt-secure(8) manpage for repository creation and user
configuration details.This happens despite tor being listed as trsuted in my sources file:
## Note, this file is written by cloud-init on first boot of an
instance## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
## or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file
/etc/cloud/templates/sources.list.debian.tmpl###
# See
http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html# for how to upgrade to newer versions of the distribution.
deb Index of /debian buster main
deb-src Index of /debian buster main
## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb [trusted=yes] Index of /debian buster-updates main
deb-src [trusted=yes] Index of /debian buster-updates main
## Uncomment the following two lines to add software from the
'backports'## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it
includes## newer versions of some applications which may provide useful
features.deb Index of /debian buster-backports main
deb-src Index of /debian buster-backports main
deb Index of /debian stretch main
deb [trusted=yes] Index of /torproject.org trusty main
deb-src [trusted=yes] Index of /torproject.org
trusty mainSo, for some reason Debian is seeing tor as untrusted despite that
it has been listed as trusted. Tor is being run as root so its not
a restricted user error. I am wondering why this might be
happening? Thanks.--Keifer
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am slightly confused, thank you.
···
–Keifer
Thank you. But running wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Simply displays a message “no valid openpgp data found”. My sources file looks like this now.deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main
Major bug fix updates produced after the final release of the
distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb http://deb.torproject.org/torproject.org buster main
deb http://deb.torproject.org/torproject.org buster main
deb-src http://deb.torproject.org/torproject.org buster main
Uncomment the following two lines to add software from the ‘backports’
repository.
···
–Keifer
Ok. I have tried different things. And the same is still happening:
sources.list file:
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## c.) make changes to template file
/etc/cloud/templates/sources.list.debian.tmpl
OK, you must look in '/etc/apt/sources.list' and in
'/etc/cloud/templates/sources.list.debian.tmpl' and delete or comment out the
below mentioned 4 lines:
# See
Chapter 4. Upgrades from Debian 11 (bullseye)
# for how to upgrade to newer versions of the distribution.
Ignore the upgrade notice and i386. You can use buster until the end of 2022
and I'm pretty sure google cloud is amd64.
deb Index of /debian buster main
deb-src Index of /debian buster main## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
You can|must delete these 3 lines...
deb [trusted=yes] Index of /torproject.org buster main
deb Index of /torproject.org buster main
deb-src [trusted=yes] Index of /torproject.org buster main
## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb Index of /debian buster-backports main
deb-src Index of /debian buster-backports main
... and this old one from debian stretch:
deb Index of /debian stretch main
tor.list file:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org amd64 main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org amd64 main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org <buster> main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org <buster> main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org buster main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-<buster> main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-<buster> main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-buster mainPlease, what should the sources.list and tor.list files look like? I am
sorry to ask. Thanks.
In '/etc/apt/sources.list.d/tor.list' just this one line:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://
deb.torproject.org/torproject.org buster main
Generally 'deb-src' are the package sources if you want to compile packages
yourself. You don't need that. Not for Tor and not for Debian either. But it
doesn't matter if you leave them, it occupies a few MB more in /var/cache/apt/
archives/
···
On Thursday, May 5, 2022 2:29:30 AM CEST Keifer Bly wrote:
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.ascgpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Maybe copy paste error. It must be one line and you must be root or type
'sudo' in front of it. Maybe you can better copy from here:
3. Then add the gpg key ...
Simply displays a message "no valid openpgp data found". My sources file
If this message appears again, install gpg:
sudo apt update && apt -y install gnupg
···
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
Simply displays a message “no valid openpgp data found”. My sources file
You’ll see this because your system doesn’t trust the cert chain.
You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)
If you run
wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you’ll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.
As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt”
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
···
–
Ben Tasker
https://www.bentasker.co.uk
---- On Thu, 05 May 2022 13:21:22 +0100 lists@for-privacy.net wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.ascgpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:
- Then add the gpg key …
https://support.torproject.org/apt/Simply displays a message “no valid openpgp data found”. My sources file
If this message appears again, install gpg:
sudo apt update && apt -y install gnupg–
╰_╯ Ciao Marco!Debian GNU/Linux
It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
2 Likes
Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
–Keifer
···
On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:
Simply displays a message “no valid openpgp data found”. My sources file
You’ll see this because your system doesn’t trust the cert chain.
You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)
If you run
wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you’ll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.
As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt”
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
–
Ben Tasker
https://www.bentasker.co.uk---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.ascgpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:
- Then add the gpg key …
https://support.torproject.org/apt/Simply displays a message “no valid openpgp data found”. My sources file
If this message appears again, install gpg:
sudo apt update && apt -y install gnupg–
╰_╯ Ciao Marco!Debian GNU/Linux
It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am running as the root user.
–Keifer
···
On Sat, May 7, 2022, 10:50 AM Keifer Bly <keifer.bly@gmail.com> wrote:
Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
–Keifer
On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:
Simply displays a message “no valid openpgp data found”. My sources file
You’ll see this because your system doesn’t trust the cert chain.
You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)
If you run
wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you’ll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.
As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt”
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
–
Ben Tasker
https://www.bentasker.co.uk---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.ascgpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:
- Then add the gpg key …
https://support.torproject.org/apt/Simply displays a message “no valid openpgp data found”. My sources file
If this message appears again, install gpg:
sudo apt update && apt -y install gnupg–
╰_╯ Ciao Marco!Debian GNU/Linux
It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I have done all these and it still happens. Is there perhaps a tool that will set this up? Thanks.
–Keifer
···
On Sat, May 7, 2022, 10:54 AM Keifer Bly <keifer.bly@gmail.com> wrote:
I am running as the root user.
–Keifer
On Sat, May 7, 2022, 10:50 AM Keifer Bly <keifer.bly@gmail.com> wrote:
Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
–Keifer
On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:
Simply displays a message “no valid openpgp data found”. My sources file
You’ll see this because your system doesn’t trust the cert chain.
You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)
If you run
wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you’ll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.
As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt”
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
–
Ben Tasker
https://www.bentasker.co.uk---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.ascgpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:
- Then add the gpg key …
https://support.torproject.org/apt/Simply displays a message “no valid openpgp data found”. My sources file
If this message appears again, install gpg:
sudo apt update && apt -y install gnupg–
╰_╯ Ciao Marco!Debian GNU/Linux
It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Did the final curl complain about an expired certificate?
curl https://deb.torproject.org/torproject.org/
If so, that might indicate you’ve got OpenSSL 1.0, try
openssl version
If that’s the case, then really you need to get that (and/or the underlying OS) updated.
In the short term, we can address this by commenting out the expired root in your trust store.
sudo -s
cp /etc/ca-certificates.conf ~/ca-certificates.conf.bkup
sed -i ‘/^mozilla/DST_Root_CA_X3.crt$/ s/^/!/’ /etc/ca-certificates.conf
update-ca-certificates
Then try the curl again
curl https://deb.torproject.org/torproject.org/
It should no longer complain about the certificate having expired. If it now complains that the certificate isn’t trusted, then the X1 cert isn’t properly installed and we’ll have to look at that.
···
–
Ben Tasker
https://www.bentasker.co.uk
---- On Sun, 08 May 2022 15:49:18 +0100 Keifer Bly keifer.bly@gmail.com wrote ----
I have done all these and it still happens. Is there perhaps a tool that will set this up? Thanks.
–Keifer
On Sat, May 7, 2022, 10:54 AM Keifer Bly <keifer.bly@gmail.com> wrote:
I am running as the root user.
–Keifer
On Sat, May 7, 2022, 10:50 AM Keifer Bly <keifer.bly@gmail.com> wrote:
Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.
–Keifer
On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:
Simply displays a message “no valid openpgp data found”. My sources file
You’ll see this because your system doesn’t trust the cert chain.
You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)
If you run
wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you’ll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.
As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually
Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt”
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo
–
Ben Tasker
https://www.bentasker.co.uk---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----
On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:
Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.ascgpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:
- Then add the gpg key …
https://support.torproject.org/apt/Simply displays a message “no valid openpgp data found”. My sources file
If this message appears again, install gpg:
sudo apt update && apt -y install gnupg–
╰_╯ Ciao Marco!Debian GNU/Linux
It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
No, there are a lot (actually too many) Tor relays at OVH.
https://nusenu.github.io/OrNetStats/#autonomous-systems-by-cw-fraction
···
On Saturday, May 7, 2022 6:50:43 PM CEST Keifer Bly wrote:
Ok will try these things. Does that it's an ovh debain have anything to do
with it? Hosted by them and they may frown on tor.
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
Hi, I think this mail should reach Keifer.
@ Keifer please post the output of:
cat /etc/issue
It should be 'Debian GNU/Linux 10'
apt update && sudo apt full-upgrade
would install missing packages.
Then read what Ben wrote about 'update-ca-certificates'.
···
On Monday, May 9, 2022 9:40:12 AM CEST ben wrote:
---------- Forwarded Message ----------
Subject: Re: [tor-relays] Debian is not allowing tor to update despite it
being listed as a trusted respritory
Date: Donnerstag, 5. Mai 2022, 15:09:07 CEST
From: ben <ben@bentasker.co.uk>
To: tor-relays <tor-relays@lists.torproject.org>
CC: lists <lists@for-privacy.net>
Simply displays a message "no valid openpgp data found". My sources file
You'll see this because your system doesn't trust the cert chain.
You're not seeing a certificate warning because you've got output suppressed
(the -q in wget's arguments)
If you run
wget https://deb.torproject.org/torproject.org/
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc
I suspect you'll see the certificate warning.
You need to fix that before anything suggested here is going to work - if the
cert chain isn't trusted then apt isn't going to access the repository's
indexes, and so won't even see what packages are there, much less install
them.
As apt didn't grab an updated version for you (which may be due to other repo
misconfigurations) you probably want to grab and install the cert manually
# Verify that this gives a cert warning
curl https://deb.torproject.org/torproject.org/
curl -k --output "/tmp/ISRG_Root_X1.crt" "Chain of Trust - Let's Encrypt
isrgrootx1.pem.txt"
sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
# Now try again
curl https://deb.torproject.org/torproject.org/
If that final curl now works, run apt-get update and you should find apt no
longer complains about the tor repo
--
Ben Tasker
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
This is what that returns,
Debian GNU/Linux 10 \n \l
Running the command you listed returns:
Err:1 http://ftp.debian.org/debian buster-backports InRelease
Temporary failure resolving ‘ftp.debian.org’
Err:2 http://deb.debian.org/debian buster InRelease
Temporary failure resolving ‘deb.debian.org’
Err:3 http://security.debian.org/debian-security buster/updates InRelease
Temporary failure resolving ‘security.debian.org’
Err:4 http://deb.debian.org/debian buster-updates InRelease
Temporary failure resolving ‘deb.debian.org’
Reading package lists… Done
Building dependency tree
Reading state information… Done
18 packages can be upgraded. Run ‘apt list --upgradable’ to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving ‘deb.debian.org’
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving ‘deb.debian.org’
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving ‘security.debian.org’
W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving ‘ftp.debian.org’
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages will be upgraded:
apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20
libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 10.1 MB of archives.
After this operation, 2048 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10
Temporary failure resolving ‘deb.debian.org’
Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org’
Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org’
Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org’
Ign:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Err:8 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org’
Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Ign:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Err:11 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org’
Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Temporary failure resolving ‘deb.debian.org’
Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7
Temporary failure resolving ‘deb.debian.org’
Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1
Temporary failure resolving ‘deb.debian.org’
Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org’
Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org’
Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Temporary failure resolving ‘deb.debian.org’
Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org’
Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_1.8.3-1+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/systemd-sysv_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libudev1_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnettle6_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhogweed4_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u7_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1d-0+deb10u6_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-export1100_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-export1104_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
root@LAPTOP-20TFLN0V:/home/keifer# apt update && sudo apt full-upgrade
Err:1 http://security.debian.org/debian-security buster/updates InRelease
Temporary failure resolving ‘security.debian.org’
Err:2 http://ftp.debian.org/debian buster-backports InRelease
Temporary failure resolving ‘ftp.debian.org’
Err:3 http://deb.debian.org/debian buster InRelease
Temporary failure resolving ‘deb.debian.org’
Err:4 http://deb.debian.org/debian buster-updates InRelease
Temporary failure resolving ‘deb.debian.org’
Reading package lists… Done
Building dependency tree
Reading state information… Done
18 packages can be upgraded. Run ‘apt list --upgradable’ to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving ‘deb.debian.org’
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving ‘deb.debian.org’
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving ‘security.debian.org’
W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving ‘ftp.debian.org’
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages will be upgraded:
apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20
libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 10.1 MB of archives.
After this operation, 2048 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10
Temporary failure resolving ‘deb.debian.org’
Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org’
Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org’
Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org’
Err:7 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org’
Ign:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Err:10 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org’
Ign:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7
Temporary failure resolving ‘deb.debian.org’
Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1
Temporary failure resolving ‘deb.debian.org’
Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Temporary failure resolving ‘deb.debian.org’
Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org’
Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org’
Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Temporary failure resolving ‘deb.debian.org’
Err:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org’
Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org’
Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_1.8.3-1+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/systemd-sysv_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libudev1_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnettle6_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhogweed4_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u7_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1d-0+deb10u6_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-export1100_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-export1104_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org’
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Thank you.
···
–Keifer
This is what that returns,
Debian GNU/Linux 10 \n \l
OK, the version is right.
Running the command you listed returns:
Err:1 Index of /debian buster-backports InRelease
Temporary failure resolving 'ftp.debian.org'
Err:2 Index of /debian buster InRelease
Temporary failure resolving 'deb.debian.org'
Err:3 Index of /debian-security buster/updates InRelease
Temporary failure resolving 'security.debian.org'
Err:4 Index of /debian buster-updates InRelease
Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
Building dependency tree
Reading state information... Done
18 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease
Temporary failure resolving 'deb.debian.org'
W: Failed to fetch
http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary
failure resolving 'deb.debian.org'
W: Failed to fetch
http://security.debian.org/debian-security/dists/buster/updates/InRelease
Temporary failure resolving 'security.debian.org'
W: Failed to fetch
http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary
failure resolving 'ftp.debian.org'
W: Some index files failed to download. They have been ignored, or old ones
used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0
libapt-pkg5.0 libdns-export1104 libgcrypt20
libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1
libudev1 systemd-sysv udev
Some important packages should be upgraded but the DNS resolution does not
work. 
Can you post the output of the following commands? You don't necessarily have
to be 'root' for this, as a normal user is sufficient:
ping -c 4 8.8.8.8
ping -c 4 deb.debian.org
cat /etc/resolv.conf
ls -al /etc/resolv.conf
systemctl status systemd-resolved
systemctl status ntp
curl https://deb.torproject.org/torproject.org/
···
On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wrote:
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
Here is the return after running those commands, in the order you typed them:
root@vps-3e661acc:/home/debian# ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=3.48 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=1.44 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=1.48 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=110 time=1.48 ms
— 8.8.8.8 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.435/1.969/3.480/0.873 ms
root@vps-3e661acc:/home/debian# ping -c 4 deb.debian.org
PING debian.map.fastlydns.net (151.101.18.132) 56(84) bytes of data.
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=1 ttl=51 time=0.775 ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=2 ttl=51 time=0.778 ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=3 ttl=51 time=0.836 ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=4 ttl=51 time=0.804 ms
— debian.map.fastlydns.net ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 30ms
rtt min/avg/max/mdev = 0.775/0.798/0.836/0.031 ms
root@vps-3e661acc:/home/debian# cat /etc/resolv.conf
domain openstacklocal
search openstacklocal
nameserver 213.186.33.99
root@vps-3e661acc:/home/debian# ls -al /etc/resolv.conf
-rw-r–r-- 1 root root 69 May 12 18:18 /etc/resolv.conf
root@vps-3e661acc:/home/debian# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d
└─resolvconf.conf
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
root@vps-3e661acc:/home/debian# systemctl status ntp
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago
Docs: man:ntpd(8)
Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
Memory: 1.9M
CGroup: /system.slice/ntp.service
└─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112
May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file (’/usr/share/zoneinfo/leap-seconds.list’): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
…skipping…
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago
Docs: man:ntpd(8)
Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
Memory: 1.9M
CGroup: /system.slice/ntp.service
└─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112
May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file (’/usr/share/zoneinfo/leap-seconds.list’): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
···
–Keifer