Re: [tor-relays] Debian is not allowing tor to update despite it being listed as a trusted respritory

I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:

https://support.torproject.org/apt/tor-deb-repo/

Thanks.

···

–Keifer

I am not sure how to get rid of the trusty / ubuntu packages?

You just have to write 'buster' instead of 'trusty'. Either in /etc/apt/
sources.list or you have created the file /etc/apt/sources.list.d/tor.list?

I simply followed the instructions here:
Why and how I can enable Tor Package Repository in Debian? | Tor Project | Support

You are running oldstable 'buster', this guide has been updated for stable
'bullseye' and testing 'bookworm'. The 'signed-by=foo-bar-keyring' is not yet
required in buster, but it doesn't hurt.
The new 'deb.torproject.org-keyring' package renews both keyrings in:
/etc/apt/trusted.gpg.d/ and /usr/share/keyrings/

¹Apt-key will last be available in Debian 11 and Ubuntu 22.04.
Since bullseye, 'apt-key add' has been deprecated and is no longer available
in bookworm. Only 'apt-key del' then still works.

¹https://manpages.debian.org/testing/apt/apt-key.8.en.html

Background info:

or $websearch: Why apt-key is deprecated?

···

On Tuesday, May 3, 2022 7:10:00 PM CEST Keifer Bly wrote:

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

1 Like

Ok. I have tried different things. And the same is still happening:

sources.list file:

Note, this file is written by cloud-init on first boot of an instance

modifications made here will not survive a re-bundle.

if you wish to make changes you can:

a.) add ‘apt_preserve_sources_list: true’ to /etc/cloud/cloud.cfg

or do the same in user-data

b.) add sources in /etc/apt/sources.list.d

c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl

···

–Keifer

Your sources.list file entry looks incorrect. I would definitely not recommend using trust=yes for a repo like tor, as it bypasses apt's security checks.

According to the instructions you linked <Why and how I can enable Tor Package Repository in Debian? | Tor Project | Support>, your source for the tor packages should be listed in /etc/apt/sources.list.d/tor.list as something like:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] Index of /torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] Index of /torproject.org buster main

The instructions tell you how to import the repo key as well:

···

# wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc > gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

On 5/3/22 13:10, Keifer Bly wrote:

I am not sure how to get rid of the trusty / ubuntu packages? I simply followed the instructions here:

Why and how I can enable Tor Package Repository in Debian? | Tor Project | Support

Thanks.
--Keifer

On Mon, May 2, 2022 at 10:31 PM Keifer Bly <keifer.bly@gmail.com> wrote:

    Hi all,

    So I am running a tor relay on Debian, but no matter what when
    updating tor there is an “updating from such a respiritpry can’t
    be done securely and is therefore disabled by default”. Here is
    the log

    Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]

    Hit:2 Index of /debian buster InRelease

    Get:3 Index of /debian buster-updates InRelease [51.9 kB]

    Get:4 Index of /debian buster-backports InRelease
    [46.7 kB]

    Ign:5 Index of /debian stretch InRelease

    Hit:6 http://ftpde.debian.org/debian stretch Release

    Ign:7 Index of /torproject.org trusty InRelease

    Ign:8 Index of /torproject.org trusty Release

    Ign:9 Index of /torproject.org trusty/main Sources

    Ign:10 Index of /torproject.org trusty/main all
    Packages

    Ign:11 Index of /torproject.org trusty/main amd64
    Packages

    Ign:12 Index of /torproject.org trusty/main
    Translation-en

    Ign:13 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:9 Index of /torproject.org trusty/main Sources

    Ign:10 Index of /torproject.org trusty/main all
    Packages

    Ign:11 Index of /torproject.org trusty/main amd64
    Packages

    Ign:12 Index of /torproject.org trusty/main
    Translation-en

    Ign:13 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:14 Index of /torproject.org amd64 InRelease

    Ign:9 Index of /torproject.org trusty/main Sources

    Ign:10 Index of /torproject.org trusty/main all
    Packages

    Ign:11 Index of /torproject.org trusty/main amd64
    Packages

    Ign:12 Index of /torproject.org trusty/main
    Translation-en

    Ign:13 Index of /torproject.org trusty/main
    Translation-en_US

    Err:15 Index of /torproject.org amd64 Release

     Certificate verification failed: The certificate is NOT trusted.
    The certificate chain uses expired certificate. Could not
    handshake: Error in the certificate verification. [IP:
    95.216.163.36 443]

    Ign:9 Index of /torproject.org trusty/main Sources

    Ign:10 Index of /torproject.org trusty/main all
    Packages

    Ign:11 Index of /torproject.org trusty/main amd64
    Packages

    Ign:12 Index of /torproject.org trusty/main
    Translation-en

    Ign:13 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:9 Index of /torproject.org trusty/main Sources

    Ign:10 Index of /torproject.org trusty/main all
    Packages

    Ign:11 Index of /torproject.org trusty/main amd64
    Packages

    Ign:12 Index of /torproject.org trusty/main
    Translation-en

    Ign:13 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:9 Index of /torproject.org trusty/main Sources

    Ign:10 Index of /torproject.org trusty/main all
    Packages

    Ign:11 Index of /torproject.org trusty/main amd64
    Packages

    Ign:12 Index of /torproject.org trusty/main
    Translation-en

    Ign:13 Index of /torproject.org trusty/main
    Translation-en_US

    Err:9 Index of /torproject.org trusty/main Sources

     404 Not Found [IP: 116.202.120.166 80]

    Ign:10 Index of /torproject.org trusty/main all
    Packages

    Ign:11 Index of /torproject.org trusty/main amd64
    Packages

    Ign:12 Index of /torproject.org trusty/main
    Translation-en

    Ign:13 Index of /torproject.org trusty/main
    Translation-en_US

    Reading package lists... Done

    N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/'
    as it has no filename extension

    E: The repository 'Index of /torproject.org amd64
    Release' does not have a Release file.

    N: Updating from such a repository can't be done securely, and is
    therefore disabled by default.

    N: See apt-secure(8) manpage for repository creation and user
    configuration details.

    root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list

    root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list

    root@vps-3e661acc:/home/debian# apt-get update

    Hit:1 http://security.debian.org buster/updates InRelease

    Hit:2 Index of /debian buster InRelease

    Hit:3 Index of /debian buster-updates InRelease

    Hit:4 Index of /debian buster-backports InRelease

    Ign:5 Index of /torproject.org amd64 InRelease

    Ign:6 Index of /debian stretch InRelease

    Ign:7 Index of /torproject.org trusty InRelease

    Hit:8 Index of /debian stretch Release

    Ign:9 Index of /torproject.org trusty Release

    Err:10 Index of /torproject.org amd64 Release

     Certificate verification failed: The certificate is NOT trusted.
    The certificate chain uses expired certificate. Could not
    handshake: Error in the certificate verification. [IP:
    116.202.120.165 443]

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main amd64
    Packages

    Ign:13 Index of /torproject.org trusty/main all
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:15 Index of /torproject.org trusty/main
    Translation-en

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main amd64
    Packages

    Ign:13 Index of /torproject.org trusty/main all
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:15 Index of /torproject.org trusty/main
    Translation-en

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main amd64
    Packages

    Ign:13 http://deb.torproject.org/torprojectorg trusty/main all
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:15 Index of /torproject.org trusty/main
    Translation-en

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64
    Packages

    Ign:13 Index of /torproject.org trusty/main all
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:15 Index of /torproject.org trusty/main
    Translation-en

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main amd64
    Packages

    Ign:13 Index of /torproject.org trusty/main all
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:15 Index of /torproject.org trusty/main
    Translation-en

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main amd64
    Packages

    Ign:13 Index of /torproject.org trusty/main all
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:15 Index of /torproject.org trusty/main
    Translation-en

    Err:11 Index of /torproject.org trusty/main Sources

     404 Not Found [IP: 95.216.163.36 80]

    Ign:12 Index of /torproject.org trusty/main amd64
    Packages

    Ign:13 Index of /torproject.org trusty/main all
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:15 Index of /torproject.org trusty/main
    Translation-en

    Reading package lists... Done

    N: Ignoring file 'DEADJOE' in directory '/etc/apt/sourceslist.d/'
    as it has no filename extension

    E: The repository 'Index of /torproject.org amd64
    Release' does not have a Release file.

    N: Updating from such a repository can't be done securely, and is
    therefore disabled by default.

    N: See apt-secure(8) manpage for repository creation and user
    configuration details.

    root@vps-3e661acc:/home/debian# tor

    May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with
    Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4,
    Libzstd 1.3.8 and Glibc 2.28 as libc.

    May 03 05:20:21.469 [notice] Tor can't help you if you use it
    wrong! Learn how to be safe at
    https://www.torproject.org/download/download#warning

    May 03 05:20:21.469 [notice] Read configuration file "/etc/tor/torrc".

    May 03 05:20:21.470 [notice] Based on detected system memory,
    MaxMemInQueues is set to 1462 MB. You can override this by setting
    MaxMemInQueues by hand.

    May 03 05:20:21.472 [notice] Opening Control listener on
    127.0.0.1:9051 <http://127.0.0.1:9051>

    May 03 05:20:21.472 [notice] Opened Control listener connection
    (ready) on 127.0.0.1:9051 <http://127.0.0.1:9051>

    May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001
    <http://0.0.0.0:9001>

    May 03 05:20:21.472 [notice] Opened OR listener connection (ready)
    on 0.0.0.0:9001 <http://0.0.0.0:9001>

    May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001

    May 03 05:20:21.472 [notice] Opened OR listener connection (ready)
    on [::]:9001

    May 03 05:20:21.472 [notice] Opening Directory listener on
    0.0.0.0:9030 <http://0.0.0.0:9030>

    May 03 05:20:21.472 [notice] Opened Directory listener connection
    (ready) on 0.0.0.0:9030 <http://0.0.0.0:9030>

    root@vps-3e661acc:/home/debian# sudo apt update && sudo apt
    install -y --only-upgrade tor

    Hit:1 http://security.debian.org buster/updates InRelease

    Hit:2 Index of /debian buster InRelease

    Hit:3 Index of /debian buster-updates InRelease

    Hit:4 Index of /debian buster-backports InRelease

    Ign:5 Index of /debian stretch InRelease

    Hit:6 Index of /debian stretch Release

    Ign:7 Index of /torproject.org amd64 InRelease

    Ign:8 Index of /torproject.org trusty InRelease

    Ign:9 Index of /torproject.org trusty Release

    Err:10 Index of /torproject.org amd64 Release

     Certificate verification failed: The certificate is NOT trusted.
    The certificate chain uses expired certificate. Could not
    handshake: Error in the certificate verification. [IP:
    116.202.120.165 443]

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main all
    Packages

    Ign:13 Index of /torproject.org trusty/main amd64
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en

    Ign:15 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main all
    Packages

    Ign:13 http://debtorproject.org/torproject.org trusty/main amd64
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en

    Ign:15 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:11 http://debtorproject.org/torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main all
    Packages

    Ign:13 Index of /torproject.org trusty/main amd64
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en

    Ign:15 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main all
    Packages

    Ign:13 Index of /torproject.org trusty/main amd64
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en

    Ign:15 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main all
    Packages

    Ign:13 Index of /torproject.org trusty/main amd64
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en

    Ign:15 Index of /torproject.org trusty/main
    Translation-en_US

    Ign:11 Index of /torproject.org trusty/main Sources

    Ign:12 Index of /torproject.org trusty/main all
    Packages

    Ign:13 Index of /torproject.org trusty/main amd64
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en

    Ign:15 Index of /torproject.org trusty/main
    Translation-en_US

    Err:11 Index of /torproject.org trusty/main Sources

     404 Not Found [IP: 95.216.163.36 80]

    Ign:12 Index of /torproject.org trusty/main all
    Packages

    Ign:13 Index of /torproject.org trusty/main amd64
    Packages

    Ign:14 Index of /torproject.org trusty/main
    Translation-en

    Ign:15 Index of /torproject.org trusty/main
    Translation-en_US

    Reading package lists... Done

    N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/'
    as it has no filename extension

    E: The repository 'Index of /torproject.org amd64
    Release' does not have a Release file.

    N: Updating from such a repository can't be done securely, and is
    therefore disabled by default.

    N: See apt-secure(8) manpage for repository creation and user
    configuration details.

    This happens despite tor being listed as trsuted in my sources file:

    ## Note, this file is written by cloud-init on first boot of an
    instance

    ## modifications made here will not survive a re-bundle.

    ## if you wish to make changes you can:

    ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg

    ## or do the same in user-data

    ## b.) add sources in /etc/apt/sources.list.d

    ## c.) make changes to template file
    /etc/cloud/templates/sources.list.debian.tmpl

    ###

    # See
    http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html

    # for how to upgrade to newer versions of the distribution.

    deb Index of /debian buster main

    deb-src Index of /debian buster main

    ## Major bug fix updates produced after the final release of the

    ## distribution.

    deb http://security.debian.org/ buster/updates main

    deb-src http://security.debian.org/ buster/updates main

    deb [trusted=yes] Index of /debian buster-updates main

    deb-src [trusted=yes] Index of /debian buster-updates main

    ## Uncomment the following two lines to add software from the
    'backports'

    ## repository.

    ##

    ## N.B. software from this repository may not have been tested as

    ## extensively as that contained in the main release, although it
    includes

    ## newer versions of some applications which may provide useful
    features.

    deb Index of /debian buster-backports main

    deb-src Index of /debian buster-backports main

    deb Index of /debian stretch main

    deb [trusted=yes] Index of /torproject.org trusty main

    deb-src [trusted=yes] Index of /torproject.org
    trusty main

    So, for some reason Debian is seeing tor as untrusted despite that
    it has been listed as trusted. Tor is being run as root so its not
    a restricted user error. I am wondering why this might be
    happening? Thanks.

    --Keifer

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I am slightly confused, thank you.

···

–Keifer

Thank you. But running wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Simply displays a message “no valid openpgp data found”. My sources file looks like this now.deb http://deb.debian.org/debian buster main
deb-src http://deb.debian.org/debian buster main

Major bug fix updates produced after the final release of the

distribution.

deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main

deb http://deb.torproject.org/torproject.org buster main
deb http://deb.torproject.org/torproject.org buster main

deb-src http://deb.torproject.org/torproject.org buster main

Uncomment the following two lines to add software from the ‘backports’

repository.

···

–Keifer

Ok. I have tried different things. And the same is still happening:

sources.list file:

## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:

## c.) make changes to template file
/etc/cloud/templates/sources.list.debian.tmpl

OK, you must look in '/etc/apt/sources.list' and in
'/etc/cloud/templates/sources.list.debian.tmpl' and delete or comment out the
below mentioned 4 lines:

# See
Chapter 4. Upgrades from Debian 10 (buster)
# for how to upgrade to newer versions of the distribution.

Ignore the upgrade notice and i386. You can use buster until the end of 2022
and I'm pretty sure google cloud is amd64.

deb Index of /debian buster main
deb-src Index of /debian buster main

## Major bug fix updates produced after the final release of the
## distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main

You can|must delete these 3 lines...

deb [trusted=yes] Index of /torproject.org buster main
deb Index of /torproject.org buster main
deb-src [trusted=yes] Index of /torproject.org buster main

## Uncomment the following two lines to add software from the 'backports'
## repository.
##
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
deb Index of /debian buster-backports main
deb-src Index of /debian buster-backports main

... and this old one from debian stretch:

deb Index of /debian stretch main

tor.list file:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org amd64 main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org amd64 main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org <buster> main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org <buster> main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org buster main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-<buster> main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-<buster> main
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-buster main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg]
Index of /torproject.org tor-nightly-main-buster main

Please, what should the sources.list and tor.list files look like? I am
sorry to ask. Thanks.

In '/etc/apt/sources.list.d/tor.list' just this one line:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://
Index of /torproject.org buster main

Generally 'deb-src' are the package sources if you want to compile packages
yourself. You don't need that. Not for Tor and not for Debian either. But it
doesn't matter if you leave them, it occupies a few MB more in /var/cache/apt/
archives/

···

On Thursday, May 5, 2022 2:29:30 AM CEST Keifer Bly wrote:

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type
'sudo' in front of it. Maybe you can better copy from here:

3. Then add the gpg key ...

Simply displays a message "no valid openpgp data found". My sources file

If this message appears again, install gpg:
sudo apt update && apt -y install gnupg

···

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Simply displays a message “no valid openpgp data found”. My sources file

You’ll see this because your system doesn’t trust the cert chain.

You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)

If you run

wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

I suspect you’ll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.

As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually

Verify that this gives a cert warning

curl https://deb.torproject.org/torproject.org/

curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt

sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates

Now try again

curl https://deb.torproject.org/torproject.org/

If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo

···


Ben Tasker
https://www.bentasker.co.uk

---- On Thu, 05 May 2022 13:21:22 +0100 lists@for-privacy.net wrote ----

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:

  1. Then add the gpg key …
    https://support.torproject.org/apt/

Simply displays a message “no valid openpgp data found”. My sources file

If this message appears again, install gpg:
sudo apt update && apt -y install gnupg


╰_╯ Ciao Marco!

Debian GNU/Linux

It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

2 Likes

Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.

–Keifer

···

On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:

Simply displays a message “no valid openpgp data found”. My sources file

You’ll see this because your system doesn’t trust the cert chain.

You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)

If you run

wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

I suspect you’ll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.

As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually

Verify that this gives a cert warning

curl https://deb.torproject.org/torproject.org/

curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt

sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates

Now try again

curl https://deb.torproject.org/torproject.org/

If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo


Ben Tasker
https://www.bentasker.co.uk

---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:

  1. Then add the gpg key …
    https://support.torproject.org/apt/

Simply displays a message “no valid openpgp data found”. My sources file

If this message appears again, install gpg:
sudo apt update && apt -y install gnupg


╰_╯ Ciao Marco!

Debian GNU/Linux

It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I am running as the root user.

–Keifer

···

On Sat, May 7, 2022, 10:50 AM Keifer Bly <keifer.bly@gmail.com> wrote:

Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.

–Keifer

On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:

Simply displays a message “no valid openpgp data found”. My sources file

You’ll see this because your system doesn’t trust the cert chain.

You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)

If you run

wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

I suspect you’ll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.

As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually

Verify that this gives a cert warning

curl https://deb.torproject.org/torproject.org/

curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt

sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates

Now try again

curl https://deb.torproject.org/torproject.org/

If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo


Ben Tasker
https://www.bentasker.co.uk

---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:

  1. Then add the gpg key …
    https://support.torproject.org/apt/

Simply displays a message “no valid openpgp data found”. My sources file

If this message appears again, install gpg:
sudo apt update && apt -y install gnupg


╰_╯ Ciao Marco!

Debian GNU/Linux

It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I have done all these and it still happens. Is there perhaps a tool that will set this up? Thanks.

–Keifer

···

On Sat, May 7, 2022, 10:54 AM Keifer Bly <keifer.bly@gmail.com> wrote:

I am running as the root user.

–Keifer

On Sat, May 7, 2022, 10:50 AM Keifer Bly <keifer.bly@gmail.com> wrote:

Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.

–Keifer

On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:

Simply displays a message “no valid openpgp data found”. My sources file

You’ll see this because your system doesn’t trust the cert chain.

You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)

If you run

wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

I suspect you’ll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.

As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually

Verify that this gives a cert warning

curl https://deb.torproject.org/torproject.org/

curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt

sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates

Now try again

curl https://deb.torproject.org/torproject.org/

If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo


Ben Tasker
https://www.bentasker.co.uk

---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:

  1. Then add the gpg key …
    https://support.torproject.org/apt/

Simply displays a message “no valid openpgp data found”. My sources file

If this message appears again, install gpg:
sudo apt update && apt -y install gnupg


╰_╯ Ciao Marco!

Debian GNU/Linux

It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Did the final curl complain about an expired certificate?

curl https://deb.torproject.org/torproject.org/

If so, that might indicate you’ve got OpenSSL 1.0, try

openssl version

If that’s the case, then really you need to get that (and/or the underlying OS) updated.

In the short term, we can address this by commenting out the expired root in your trust store.

sudo -s

cp /etc/ca-certificates.conf ~/ca-certificates.conf.bkup

sed -i ‘/^mozilla/DST_Root_CA_X3.crt$/ s/^/!/’ /etc/ca-certificates.conf

update-ca-certificates

Then try the curl again

curl https://deb.torproject.org/torproject.org/

It should no longer complain about the certificate having expired. If it now complains that the certificate isn’t trusted, then the X1 cert isn’t properly installed and we’ll have to look at that.

···


Ben Tasker
https://www.bentasker.co.uk

---- On Sun, 08 May 2022 15:49:18 +0100 Keifer Bly keifer.bly@gmail.com wrote ----

I have done all these and it still happens. Is there perhaps a tool that will set this up? Thanks.

–Keifer

On Sat, May 7, 2022, 10:54 AM Keifer Bly <keifer.bly@gmail.com> wrote:

I am running as the root user.

–Keifer

On Sat, May 7, 2022, 10:50 AM Keifer Bly <keifer.bly@gmail.com> wrote:

Ok will try these things. Does that it’s an ovh debain have anything to do with it? Hosted by them and they may frown on tor.

–Keifer

On Thu, May 5, 2022, 8:41 AM ben <ben@bentasker.co.uk> wrote:

Simply displays a message “no valid openpgp data found”. My sources file

You’ll see this because your system doesn’t trust the cert chain.

You’re not seeing a certificate warning because you’ve got output suppressed (the -q in wget’s arguments)

If you run

wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

I suspect you’ll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the cert chain isn’t trusted then apt isn’t going to access the repository’s indexes, and so won’t even see what packages are there, much less install them.

As apt didn’t grab an updated version for you (which may be due to other repo misconfigurations) you probably want to grab and install the cert manually

Verify that this gives a cert warning

curl https://deb.torproject.org/torproject.org/

curl -k --output “/tmp/ISRG_Root_X1.crt” “https://letsencrypt.org/certs/isrgrootx1.pem.txt

sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

sudo update-ca-certificates

Now try again

curl https://deb.torproject.org/torproject.org/

If that final curl now works, run apt-get update and you should find apt no longer complains about the tor repo


Ben Tasker
https://www.bentasker.co.uk

---- On Thu, 05 May 2022 13:21:22 +0100 <lists@for-privacy.net> wrote ----

On Thursday, May 5, 2022 5:17:23 AM CEST Keifer Bly wrote:

Thank you. But running wget -qO-
https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E88
6DDD89.asc

gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Maybe copy paste error. It must be one line and you must be root or type
‘sudo’ in front of it. Maybe you can better copy from here:

  1. Then add the gpg key …
    https://support.torproject.org/apt/

Simply displays a message “no valid openpgp data found”. My sources file

If this message appears again, install gpg:
sudo apt update && apt -y install gnupg


╰_╯ Ciao Marco!

Debian GNU/Linux

It’s free software and it gives you freedom!_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

No, there are a lot (actually too many) Tor relays at OVH.
https://nusenu.github.io/OrNetStats/#autonomous-systems-by-cw-fraction

···

On Saturday, May 7, 2022 6:50:43 PM CEST Keifer Bly wrote:

Ok will try these things. Does that it's an ovh debain have anything to do
with it? Hosted by them and they may frown on tor.

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Hi, I think this mail should reach Keifer.

@ Keifer please post the output of:
cat /etc/issue

It should be 'Debian GNU/Linux 10'

apt update && sudo apt full-upgrade
would install missing packages.

Then read what Ben wrote about 'update-ca-certificates'.

···

On Monday, May 9, 2022 9:40:12 AM CEST ben wrote:

---------- Forwarded Message ----------

Subject: Re: [tor-relays] Debian is not allowing tor to update despite it
being listed as a trusted respritory
Date: Donnerstag, 5. Mai 2022, 15:09:07 CEST
From: ben <ben@bentasker.co.uk>
To: tor-relays <tor-relays@lists.torproject.org>
CC: lists <lists@for-privacy.net>

Simply displays a message "no valid openpgp data found". My sources file

You'll see this because your system doesn't trust the cert chain.

You're not seeing a certificate warning because you've got output suppressed
(the -q in wget's arguments)

If you run

    wget Index of /torproject.org
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc

I suspect you'll see the certificate warning.

You need to fix that before anything suggested here is going to work - if the
cert chain isn't trusted then apt isn't going to access the repository's
indexes, and so won't even see what packages are there, much less install
them.

As apt didn't grab an updated version for you (which may be due to other repo
misconfigurations) you probably want to grab and install the cert manually

    # Verify that this gives a cert warning

    curl Index of /torproject.org

    curl -k --output "/tmp/ISRG_Root_X1.crt" "Chain of Trust - Let's Encrypt
isrgrootx1.pem.txt"

    sudo mv /tmp/ISRG_Root_X1.crt /usr/local/share/ca-certificates/

    sudo update-ca-certificates

    # Now try again

    curl Index of /torproject.org

If that final curl now works, run apt-get update and you should find apt no
longer complains about the tor repo

--
Ben Tasker

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

This is what that returns,

Debian GNU/Linux 10 \n \l

Running the command you listed returns:

Err:1 http://ftp.debian.org/debian buster-backports InRelease
Temporary failure resolving ‘ftp.debian.org
Err:2 http://deb.debian.org/debian buster InRelease
Temporary failure resolving ‘deb.debian.org
Err:3 http://security.debian.org/debian-security buster/updates InRelease
Temporary failure resolving ‘security.debian.org
Err:4 http://deb.debian.org/debian buster-updates InRelease
Temporary failure resolving ‘deb.debian.org
Reading package lists… Done
Building dependency tree
Reading state information… Done
18 packages can be upgraded. Run ‘apt list --upgradable’ to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving ‘deb.debian.org
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving ‘deb.debian.org
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving ‘security.debian.org
W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving ‘ftp.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages will be upgraded:
apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20
libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 10.1 MB of archives.
After this operation, 2048 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10
Temporary failure resolving ‘deb.debian.org
Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org
Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org
Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org
Ign:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Err:8 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org
Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Ign:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Err:11 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org
Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Temporary failure resolving ‘deb.debian.org
Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7
Temporary failure resolving ‘deb.debian.org
Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1
Temporary failure resolving ‘deb.debian.org
Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org
Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org
Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Temporary failure resolving ‘deb.debian.org
Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:7 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:10 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org
Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_1.8.3-1+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/systemd-sysv_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libudev1_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnettle6_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhogweed4_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u7_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1d-0+deb10u6_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-export1100_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-export1104_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
root@LAPTOP-20TFLN0V:/home/keifer# apt update && sudo apt full-upgrade
Err:1 http://security.debian.org/debian-security buster/updates InRelease
Temporary failure resolving ‘security.debian.org
Err:2 http://ftp.debian.org/debian buster-backports InRelease
Temporary failure resolving ‘ftp.debian.org
Err:3 http://deb.debian.org/debian buster InRelease
Temporary failure resolving ‘deb.debian.org
Err:4 http://deb.debian.org/debian buster-updates InRelease
Temporary failure resolving ‘deb.debian.org
Reading package lists… Done
Building dependency tree
Reading state information… Done
18 packages can be upgraded. Run ‘apt list --upgradable’ to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease Temporary failure resolving ‘deb.debian.org
W: Failed to fetch http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary failure resolving ‘deb.debian.org
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Temporary failure resolving ‘security.debian.org
W: Failed to fetch http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary failure resolving ‘ftp.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages will be upgraded:
apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0 libapt-pkg5.0 libdns-export1104 libgcrypt20
libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1 libudev1 systemd-sysv udev
18 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 10.1 MB of archives.
After this operation, 2048 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Err:1 http://deb.debian.org/debian buster/main amd64 base-files amd64 10.3+deb10u10
Temporary failure resolving ‘deb.debian.org
Err:2 http://security.debian.org/debian-security buster/updates/main amd64 systemd-sysv amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org
Ign:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Err:4 http://security.debian.org/debian-security buster/updates/main amd64 udev amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org
Ign:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Err:6 http://security.debian.org/debian-security buster/updates/main amd64 libudev1 amd64 241-7~deb10u8
Temporary failure resolving ‘security.debian.org
Err:7 http://security.debian.org/debian-security buster/updates/main amd64 libnettle6 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org
Ign:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Ign:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Err:10 http://security.debian.org/debian-security buster/updates/main amd64 libhogweed4 amd64 3.4.1-1+deb10u1
Temporary failure resolving ‘security.debian.org
Ign:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Err:12 http://deb.debian.org/debian buster/main amd64 libgnutls30 amd64 3.6.7-4+deb10u7
Temporary failure resolving ‘deb.debian.org
Err:13 http://deb.debian.org/debian buster/main amd64 libgcrypt20 amd64 1.8.4-5+deb10u1
Temporary failure resolving ‘deb.debian.org
Err:3 http://deb.debian.org/debian buster/main amd64 liblz4-1 amd64 1.8.3-1+deb10u1
Temporary failure resolving ‘deb.debian.org
Ign:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Ign:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Ign:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Err:17 http://deb.debian.org/debian buster/main amd64 isc-dhcp-client amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org
Err:18 http://deb.debian.org/debian buster/main amd64 isc-dhcp-common amd64 4.4.1-2+deb10u1
Temporary failure resolving ‘deb.debian.org
Err:5 http://deb.debian.org/debian buster/main amd64 libapt-pkg5.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:14 http://deb.debian.org/debian buster/main amd64 libssl1.1 amd64 1.1.1d-0+deb10u6
Temporary failure resolving ‘deb.debian.org
Err:8 http://deb.debian.org/debian buster/main amd64 libapt-inst2.0 amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:9 http://deb.debian.org/debian buster/main amd64 apt amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:11 http://deb.debian.org/debian buster/main amd64 apt-utils amd64 1.8.2.3
Temporary failure resolving ‘deb.debian.org
Err:15 http://deb.debian.org/debian buster/main amd64 libisc-export1100 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org
Err:16 http://deb.debian.org/debian buster/main amd64 libdns-export1104 amd64 1:9.11.5.P4+dfsg-5.1+deb10u5
Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/b/base-files/base-files_10.3+deb10u10_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/l/lz4/liblz4-1_1.8.3-1+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/systemd-sysv_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/udev_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/s/systemd/libudev1_241-7~deb10u8_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-pkg5.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/libapt-inst2.0_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/a/apt/apt-utils_1.8.2.3_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libnettle6_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/n/nettle/libhogweed4_3.4.1-1+deb10u1_amd64.deb Temporary failure resolving ‘security.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/g/gnutls28/libgnutls30_3.6.7-4+deb10u7_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/libg/libgcrypt20/libgcrypt20_1.8.4-5+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1d-0+deb10u6_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libisc-export1100_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://security.debian.org/debian-security/pool/updates/main/b/bind9/libdns-export1104_9.11.5.P4+dfsg-5.1+deb10u5_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-client_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Failed to fetch http://deb.debian.org/debian/pool/main/i/isc-dhcp/isc-dhcp-common_4.4.1-2+deb10u1_amd64.deb Temporary failure resolving ‘deb.debian.org
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Thank you.

···

–Keifer

This is what that returns,

Debian GNU/Linux 10 \n \l

OK, the version is right.

Running the command you listed returns:

Err:1 Index of /debian buster-backports InRelease
  Temporary failure resolving 'ftp.debian.org'
Err:2 Index of /debian buster InRelease
  Temporary failure resolving 'deb.debian.org'
Err:3 Index of /debian-security buster/updates InRelease
  Temporary failure resolving 'security.debian.org'
Err:4 Index of /debian buster-updates InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
Building dependency tree
Reading state information... Done
18 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease
Temporary failure resolving 'deb.debian.org'
W: Failed to fetch
http://deb.debian.org/debian/dists/buster-updates/InRelease Temporary
failure resolving 'deb.debian.org'
W: Failed to fetch
http://security.debian.org/debian-security/dists/buster/updates/InRelease
Temporary failure resolving 'security.debian.org'
W: Failed to fetch
http://ftp.debian.org/debian/dists/buster-backports/InRelease Temporary
failure resolving 'ftp.debian.org'
W: Some index files failed to download. They have been ignored, or old ones
used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  apt apt-utils base-files isc-dhcp-client isc-dhcp-common libapt-inst2.0
libapt-pkg5.0 libdns-export1104 libgcrypt20
  libgnutls30 libhogweed4 libisc-export1100 liblz4-1 libnettle6 libssl1.1
libudev1 systemd-sysv udev

Some important packages should be upgraded but the DNS resolution does not
work. :frowning:
Can you post the output of the following commands? You don't necessarily have
to be 'root' for this, as a normal user is sufficient:

ping -c 4 8.8.8.8

ping -c 4 deb.debian.org

cat /etc/resolv.conf

ls -al /etc/resolv.conf

systemctl status systemd-resolved

systemctl status ntp

curl Index of /torproject.org

···

On Tuesday, May 10, 2022 10:51:23 PM CEST Keifer Bly wrote:

--
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Here is the return after running those commands, in the order you typed them:

root@vps-3e661acc:/home/debian# ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=110 time=3.48 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=110 time=1.44 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=110 time=1.48 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=110 time=1.48 ms

— 8.8.8.8 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 1.435/1.969/3.480/0.873 ms
root@vps-3e661acc:/home/debian# ping -c 4 deb.debian.org
PING debian.map.fastlydns.net (151.101.18.132) 56(84) bytes of data.
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=1 ttl=51 time=0.775 ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=2 ttl=51 time=0.778 ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=3 ttl=51 time=0.836 ms
64 bytes from 151.101.18.132 (151.101.18.132): icmp_seq=4 ttl=51 time=0.804 ms

debian.map.fastlydns.net ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 30ms
rtt min/avg/max/mdev = 0.775/0.798/0.836/0.031 ms
root@vps-3e661acc:/home/debian# cat /etc/resolv.conf
domain openstacklocal
search openstacklocal
nameserver 213.186.33.99
root@vps-3e661acc:/home/debian# ls -al /etc/resolv.conf
-rw-r–r-- 1 root root 69 May 12 18:18 /etc/resolv.conf
root@vps-3e661acc:/home/debian# systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d
└─resolvconf.conf
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
root@vps-3e661acc:/home/debian# systemctl status ntp
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago
Docs: man:ntpd(8)
Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
Memory: 1.9M
CGroup: /system.slice/ntp.service
└─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file (’/usr/share/zoneinfo/leap-seconds.list’): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
…skipping…
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-03 16:49:45 UTC; 1 weeks 2 days ago
Docs: man:ntpd(8)
Process: 422 ExecStart=/usr/lib/ntp/ntp-systemd-wrapper (code=exited, status=0/SUCCESS)
Main PID: 443 (ntpd)
Tasks: 2 (limit: 2318)
Memory: 1.9M
CGroup: /system.slice/ntp.service
└─443 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:112

May 12 16:49:44 vps-3e661acc ntpd[443]: leapsecond file (’/usr/share/zoneinfo/leap-seconds.list’): expired less than 501Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

···

–Keifer