Hi all,

So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log

Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]

Hit:2 Index of /debian buster InRelease

Get:3 Index of /debian buster-updates InRelease [51.9 kB]

Get:4 Index of /debian buster-backports InRelease [46.7 kB]

Ign:5 Index of /debian stretch InRelease

Hit:6 http://ftpde.debian.org/debian stretch Release

Ign:7 Index of /torproject.org trusty InRelease

Ign:8 Index of /torproject.org trusty Release

Ign:9 Index of /torproject.org trusty/main Sources

Ign:10 Index of /torproject.org trusty/main all Packages

Ign:11 Index of /torproject.org trusty/main amd64 Packages

Ign:12 Index of /torproject.org trusty/main Translation-en

Ign:13 Index of /torproject.org trusty/main Translation-en_US

Ign:9 Index of /torproject.org trusty/main Sources

Ign:10 Index of /torproject.org trusty/main all Packages

Ign:11 Index of /torproject.org trusty/main amd64 Packages

Ign:12 Index of /torproject.org trusty/main Translation-en

Ign:13 Index of /torproject.org trusty/main Translation-en_US

Ign:14 Index of /torproject.org amd64 InRelease

Ign:9 Index of /torproject.org trusty/main Sources

Ign:10 Index of /torproject.org trusty/main all Packages

Ign:11 Index of /torproject.org trusty/main amd64 Packages

Ign:12 Index of /torproject.org trusty/main Translation-en

Ign:13 Index of /torproject.org trusty/main Translation-en_US

Err:15 Index of /torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]

Ign:9 Index of /torproject.org trusty/main Sources

Ign:10 Index of /torproject.org trusty/main all Packages

Ign:11 Index of /torproject.org trusty/main amd64 Packages

Ign:12 Index of /torproject.org trusty/main Translation-en

Ign:13 Index of /torproject.org trusty/main Translation-en_US

Ign:9 Index of /torproject.org trusty/main Sources

Ign:10 Index of /torproject.org trusty/main all Packages

Ign:11 Index of /torproject.org trusty/main amd64 Packages

Ign:12 Index of /torproject.org trusty/main Translation-en

Ign:13 Index of /torproject.org trusty/main Translation-en_US

Ign:9 Index of /torproject.org trusty/main Sources

Ign:10 Index of /torproject.org trusty/main all Packages

Ign:11 Index of /torproject.org trusty/main amd64 Packages

Ign:12 Index of /torproject.org trusty/main Translation-en

Ign:13 Index of /torproject.org trusty/main Translation-en_US

Err:9 Index of /torproject.org trusty/main Sources

404 Not Found [IP: 116.202.120.166 80]

Ign:10 Index of /torproject.org trusty/main all Packages

Ign:11 Index of /torproject.org trusty/main amd64 Packages

Ign:12 Index of /torproject.org trusty/main Translation-en

Ign:13 Index of /torproject.org trusty/main Translation-en_US

Reading package lists… Done

N: Ignoring file ‘DEADJOE’ in directory ‘/etc/apt/sources.list.d/’ as it has no filename extension

E: The repository ‘Index of /torproject.org amd64 Release’ does not have a Release file.

N: Updating from such a repository can’t be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list

root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list

root@vps-3e661acc:/home/debian# apt-get update

Hit:1 http://security.debian.org buster/updates InRelease

Hit:2 Index of /debian buster InRelease

Hit:3 Index of /debian buster-updates InRelease

Hit:4 Index of /debian buster-backports InRelease

Ign:5 Index of /torproject.org amd64 InRelease

Ign:6 Index of /debian stretch InRelease

Ign:7 Index of /torproject.org trusty InRelease

Hit:8 Index of /debian stretch Release

Ign:9 Index of /torproject.org trusty Release

Err:10 Index of /torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main amd64 Packages

Ign:13 Index of /torproject.org trusty/main all Packages

Ign:14 Index of /torproject.org trusty/main Translation-en_US

Ign:15 Index of /torproject.org trusty/main Translation-en

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main amd64 Packages

Ign:13 Index of /torproject.org trusty/main all Packages

Ign:14 Index of /torproject.org trusty/main Translation-en_US

Ign:15 Index of /torproject.org trusty/main Translation-en

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main amd64 Packages

Ign:13 http://deb.torproject.org/torprojectorg trusty/main all Packages

Ign:14 Index of /torproject.org trusty/main Translation-en_US

Ign:15 Index of /torproject.org trusty/main Translation-en

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64 Packages

Ign:13 Index of /torproject.org trusty/main all Packages

Ign:14 Index of /torproject.org trusty/main Translation-en_US

Ign:15 Index of /torproject.org trusty/main Translation-en

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main amd64 Packages

Ign:13 Index of /torproject.org trusty/main all Packages

Ign:14 Index of /torproject.org trusty/main Translation-en_US

Ign:15 Index of /torproject.org trusty/main Translation-en

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main amd64 Packages

Ign:13 Index of /torproject.org trusty/main all Packages

Ign:14 Index of /torproject.org trusty/main Translation-en_US

Ign:15 Index of /torproject.org trusty/main Translation-en

Err:11 Index of /torproject.org trusty/main Sources

404 Not Found [IP: 95.216.163.36 80]

Ign:12 Index of /torproject.org trusty/main amd64 Packages

Ign:13 Index of /torproject.org trusty/main all Packages

Ign:14 Index of /torproject.org trusty/main Translation-en_US

Ign:15 Index of /torproject.org trusty/main Translation-en

Reading package lists… Done

N: Ignoring file ‘DEADJOE’ in directory ‘/etc/apt/sourceslist.d/’ as it has no filename extension

E: The repository ‘Index of /torproject.org amd64 Release’ does not have a Release file.

N: Updating from such a repository can’t be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

root@vps-3e661acc:/home/debian# tor

May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc.

May 03 05:20:21.469 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning

May 03 05:20:21.469 [notice] Read configuration file “/etc/tor/torrc”.

May 03 05:20:21.470 [notice] Based on detected system memory, MaxMemInQueues is set to 1462 MB. You can override this by setting MaxMemInQueues by hand.

May 03 05:20:21.472 [notice] Opening Control listener on 127.0.0.1:9051

May 03 05:20:21.472 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051

May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001

May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001

May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001

May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on [::]:9001

May 03 05:20:21.472 [notice] Opening Directory listener on 0.0.0.0:9030

May 03 05:20:21.472 [notice] Opened Directory listener connection (ready) on 0.0.0.0:9030

root@vps-3e661acc:/home/debian# sudo apt update && sudo apt install -y --only-upgrade tor

Hit:1 http://security.debian.org buster/updates InRelease

Hit:2 Index of /debian buster InRelease

Hit:3 Index of /debian buster-updates InRelease

Hit:4 Index of /debian buster-backports InRelease

Ign:5 Index of /debian stretch InRelease

Hit:6 Index of /debian stretch Release

Ign:7 Index of /torproject.org amd64 InRelease

Ign:8 Index of /torproject.org trusty InRelease

Ign:9 Index of /torproject.org trusty Release

Err:10 Index of /torproject.org amd64 Release

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main all Packages

Ign:13 Index of /torproject.org trusty/main amd64 Packages

Ign:14 Index of /torproject.org trusty/main Translation-en

Ign:15 Index of /torproject.org trusty/main Translation-en_US

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main all Packages

Ign:13 http://debtorproject.org/torproject.org trusty/main amd64 Packages

Ign:14 Index of /torproject.org trusty/main Translation-en

Ign:15 Index of /torproject.org trusty/main Translation-en_US

Ign:11 http://debtorproject.org/torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main all Packages

Ign:13 Index of /torproject.org trusty/main amd64 Packages

Ign:14 Index of /torproject.org trusty/main Translation-en

Ign:15 Index of /torproject.org trusty/main Translation-en_US

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main all Packages

Ign:13 Index of /torproject.org trusty/main amd64 Packages

Ign:14 Index of /torproject.org trusty/main Translation-en

Ign:15 Index of /torproject.org trusty/main Translation-en_US

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main all Packages

Ign:13 Index of /torproject.org trusty/main amd64 Packages

Ign:14 Index of /torproject.org trusty/main Translation-en

Ign:15 Index of /torproject.org trusty/main Translation-en_US

Ign:11 Index of /torproject.org trusty/main Sources

Ign:12 Index of /torproject.org trusty/main all Packages

Ign:13 Index of /torproject.org trusty/main amd64 Packages

Ign:14 Index of /torproject.org trusty/main Translation-en

Ign:15 Index of /torproject.org trusty/main Translation-en_US

Err:11 Index of /torproject.org trusty/main Sources

404 Not Found [IP: 95.216.163.36 80]

Ign:12 Index of /torproject.org trusty/main all Packages

Ign:13 Index of /torproject.org trusty/main amd64 Packages

Ign:14 Index of /torproject.org trusty/main Translation-en

Ign:15 Index of /torproject.org trusty/main Translation-en_US

Reading package lists… Done

N: Ignoring file ‘DEADJOE’ in directory ‘/etc/apt/sources.list.d/’ as it has no filename extension

E: The repository ‘Index of /torproject.org amd64 Release’ does not have a Release file.

N: Updating from such a repository can’t be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

This happens despite tor being listed as trsuted in my sources file:

Note, this file is written by cloud-init on first boot of an instance

modifications made here will not survive a re-bundle.

if you wish to make changes you can:

a.) add ‘apt_preserve_sources_list: true’ to /etc/cloud/cloud.cfg

or do the same in user-data

b.) add sources in /etc/apt/sources.list.d

c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl

···

See http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html

for how to upgrade to newer versions of the distribution.

deb Index of /debian buster main

deb-src Index of /debian buster main

Major bug fix updates produced after the final release of the

distribution.

deb http://security.debian.org/ buster/updates main

deb-src http://security.debian.org/ buster/updates main

deb [trusted=yes] Index of /debian buster-updates main

deb-src [trusted=yes] Index of /debian buster-updates main

Uncomment the following two lines to add software from the ‘backports’

repository.

N.B. software from this repository may not have been tested as

extensively as that contained in the main release, although it includes

newer versions of some applications which may provide useful features.

deb Index of /debian buster-backports main

deb-src Index of /debian buster-backports main

deb Index of /debian stretch main

deb [trusted=yes] Index of /torproject.org trusty main

deb-src [trusted=yes] Index of /torproject.org trusty main

So, for some reason Debian is seeing tor as untrusted despite that it has been listed as trusted. Tor is being run as root so its not a restricted user error. I am wondering why this might be happening? Thanks.

–Keifer