Hi all,
So I am running a tor relay on Debian, but no matter what when updating tor there is an “updating from such a respiritpry can’t be done securely and is therefore disabled by default”. Here is the log
Get:1 http://security.debian.org buster/updates InRelease [65.4 kB]
Hit:2 Index of /debian buster InRelease
Get:3 Index of /debian buster-updates InRelease [51.9 kB]
Get:4 Index of /debian buster-backports InRelease [46.7 kB]
Ign:5 Index of /debian stretch InRelease
Hit:6 http://ftpde.debian.org/debian stretch Release
Ign:7 Index of /torproject.org trusty InRelease
Ign:8 Index of /torproject.org trusty Release
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all Packages
Ign:11 Index of /torproject.org trusty/main amd64 Packages
Ign:12 Index of /torproject.org trusty/main Translation-en
Ign:13 Index of /torproject.org trusty/main Translation-en_US
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all Packages
Ign:11 Index of /torproject.org trusty/main amd64 Packages
Ign:12 Index of /torproject.org trusty/main Translation-en
Ign:13 Index of /torproject.org trusty/main Translation-en_US
Ign:14 Index of /torproject.org amd64 InRelease
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all Packages
Ign:11 Index of /torproject.org trusty/main amd64 Packages
Ign:12 Index of /torproject.org trusty/main Translation-en
Ign:13 Index of /torproject.org trusty/main Translation-en_US
Err:15 Index of /torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all Packages
Ign:11 Index of /torproject.org trusty/main amd64 Packages
Ign:12 Index of /torproject.org trusty/main Translation-en
Ign:13 Index of /torproject.org trusty/main Translation-en_US
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all Packages
Ign:11 Index of /torproject.org trusty/main amd64 Packages
Ign:12 Index of /torproject.org trusty/main Translation-en
Ign:13 Index of /torproject.org trusty/main Translation-en_US
Ign:9 Index of /torproject.org trusty/main Sources
Ign:10 Index of /torproject.org trusty/main all Packages
Ign:11 Index of /torproject.org trusty/main amd64 Packages
Ign:12 Index of /torproject.org trusty/main Translation-en
Ign:13 Index of /torproject.org trusty/main Translation-en_US
Err:9 Index of /torproject.org trusty/main Sources
404 Not Found [IP: 116.202.120.166 80]
Ign:10 Index of /torproject.org trusty/main all Packages
Ign:11 Index of /torproject.org trusty/main amd64 Packages
Ign:12 Index of /torproject.org trusty/main Translation-en
Ign:13 Index of /torproject.org trusty/main Translation-en_US
Reading package lists… Done
N: Ignoring file ‘DEADJOE’ in directory ‘/etc/apt/sources.list.d/’ as it has no filename extension
E: The repository ‘Index of /torproject.org amd64 Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# nano /etc/apt/sources.list
root@vps-3e661acc:/home/debian# apt-get update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 Index of /debian buster InRelease
Hit:3 Index of /debian buster-updates InRelease
Hit:4 Index of /debian buster-backports InRelease
Ign:5 Index of /torproject.org amd64 InRelease
Ign:6 Index of /debian stretch InRelease
Ign:7 Index of /torproject.org trusty InRelease
Hit:8 Index of /debian stretch Release
Ign:9 Index of /torproject.org trusty Release
Err:10 Index of /torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64 Packages
Ign:13 Index of /torproject.org trusty/main all Packages
Ign:14 Index of /torproject.org trusty/main Translation-en_US
Ign:15 Index of /torproject.org trusty/main Translation-en
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64 Packages
Ign:13 Index of /torproject.org trusty/main all Packages
Ign:14 Index of /torproject.org trusty/main Translation-en_US
Ign:15 Index of /torproject.org trusty/main Translation-en
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64 Packages
Ign:13 http://deb.torproject.org/torprojectorg trusty/main all Packages
Ign:14 Index of /torproject.org trusty/main Translation-en_US
Ign:15 Index of /torproject.org trusty/main Translation-en
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 http://deb.torprojectorg/torproject.org trusty/main amd64 Packages
Ign:13 Index of /torproject.org trusty/main all Packages
Ign:14 Index of /torproject.org trusty/main Translation-en_US
Ign:15 Index of /torproject.org trusty/main Translation-en
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64 Packages
Ign:13 Index of /torproject.org trusty/main all Packages
Ign:14 Index of /torproject.org trusty/main Translation-en_US
Ign:15 Index of /torproject.org trusty/main Translation-en
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main amd64 Packages
Ign:13 Index of /torproject.org trusty/main all Packages
Ign:14 Index of /torproject.org trusty/main Translation-en_US
Ign:15 Index of /torproject.org trusty/main Translation-en
Err:11 Index of /torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 Index of /torproject.org trusty/main amd64 Packages
Ign:13 Index of /torproject.org trusty/main all Packages
Ign:14 Index of /torproject.org trusty/main Translation-en_US
Ign:15 Index of /torproject.org trusty/main Translation-en
Reading package lists… Done
N: Ignoring file ‘DEADJOE’ in directory ‘/etc/apt/sourceslist.d/’ as it has no filename extension
E: The repository ‘Index of /torproject.org amd64 Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@vps-3e661acc:/home/debian# tor
May 03 05:20:21.468 [notice] Tor 0.4.5.10 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, Libzstd 1.3.8 and Glibc 2.28 as libc.
May 03 05:20:21.469 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
May 03 05:20:21.469 [notice] Read configuration file “/etc/tor/torrc”.
May 03 05:20:21.470 [notice] Based on detected system memory, MaxMemInQueues is set to 1462 MB. You can override this by setting MaxMemInQueues by hand.
May 03 05:20:21.472 [notice] Opening Control listener on 127.0.0.1:9051
May 03 05:20:21.472 [notice] Opened Control listener connection (ready) on 127.0.0.1:9051
May 03 05:20:21.472 [notice] Opening OR listener on 0.0.0.0:9001
May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on 0.0.0.0:9001
May 03 05:20:21.472 [notice] Opening OR listener on [::]:9001
May 03 05:20:21.472 [notice] Opened OR listener connection (ready) on [::]:9001
May 03 05:20:21.472 [notice] Opening Directory listener on 0.0.0.0:9030
May 03 05:20:21.472 [notice] Opened Directory listener connection (ready) on 0.0.0.0:9030
root@vps-3e661acc:/home/debian# sudo apt update && sudo apt install -y --only-upgrade tor
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 Index of /debian buster InRelease
Hit:3 Index of /debian buster-updates InRelease
Hit:4 Index of /debian buster-backports InRelease
Ign:5 Index of /debian stretch InRelease
Hit:6 Index of /debian stretch Release
Ign:7 Index of /torproject.org amd64 InRelease
Ign:8 Index of /torproject.org trusty InRelease
Ign:9 Index of /torproject.org trusty Release
Err:10 Index of /torproject.org amd64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 116.202.120.165 443]
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all Packages
Ign:13 Index of /torproject.org trusty/main amd64 Packages
Ign:14 Index of /torproject.org trusty/main Translation-en
Ign:15 Index of /torproject.org trusty/main Translation-en_US
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all Packages
Ign:13 http://debtorproject.org/torproject.org trusty/main amd64 Packages
Ign:14 Index of /torproject.org trusty/main Translation-en
Ign:15 Index of /torproject.org trusty/main Translation-en_US
Ign:11 http://debtorproject.org/torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all Packages
Ign:13 Index of /torproject.org trusty/main amd64 Packages
Ign:14 Index of /torproject.org trusty/main Translation-en
Ign:15 Index of /torproject.org trusty/main Translation-en_US
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all Packages
Ign:13 Index of /torproject.org trusty/main amd64 Packages
Ign:14 Index of /torproject.org trusty/main Translation-en
Ign:15 Index of /torproject.org trusty/main Translation-en_US
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all Packages
Ign:13 Index of /torproject.org trusty/main amd64 Packages
Ign:14 Index of /torproject.org trusty/main Translation-en
Ign:15 Index of /torproject.org trusty/main Translation-en_US
Ign:11 Index of /torproject.org trusty/main Sources
Ign:12 Index of /torproject.org trusty/main all Packages
Ign:13 Index of /torproject.org trusty/main amd64 Packages
Ign:14 Index of /torproject.org trusty/main Translation-en
Ign:15 Index of /torproject.org trusty/main Translation-en_US
Err:11 Index of /torproject.org trusty/main Sources
404 Not Found [IP: 95.216.163.36 80]
Ign:12 Index of /torproject.org trusty/main all Packages
Ign:13 Index of /torproject.org trusty/main amd64 Packages
Ign:14 Index of /torproject.org trusty/main Translation-en
Ign:15 Index of /torproject.org trusty/main Translation-en_US
Reading package lists… Done
N: Ignoring file ‘DEADJOE’ in directory ‘/etc/apt/sources.list.d/’ as it has no filename extension
E: The repository ‘Index of /torproject.org amd64 Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
This happens despite tor being listed as trsuted in my sources file:
Note, this file is written by cloud-init on first boot of an instance
modifications made here will not survive a re-bundle.
if you wish to make changes you can:
a.) add ‘apt_preserve_sources_list: true’ to /etc/cloud/cloud.cfg
or do the same in user-data
b.) add sources in /etc/apt/sources.list.d
c.) make changes to template file /etc/cloud/templates/sources.list.debian.tmpl
···
See http://www.debianorg/releases/stable/i386/release-notes/ch-upgrading.html
for how to upgrade to newer versions of the distribution.
deb Index of /debian buster main
deb-src Index of /debian buster main
Major bug fix updates produced after the final release of the
distribution.
deb http://security.debian.org/ buster/updates main
deb-src http://security.debian.org/ buster/updates main
deb [trusted=yes] Index of /debian buster-updates main
deb-src [trusted=yes] Index of /debian buster-updates main
Uncomment the following two lines to add software from the ‘backports’
repository.
N.B. software from this repository may not have been tested as
extensively as that contained in the main release, although it includes
newer versions of some applications which may provide useful features.
deb Index of /debian buster-backports main
deb-src Index of /debian buster-backports main
deb Index of /debian stretch main
deb [trusted=yes] Index of /torproject.org trusty main
deb-src [trusted=yes] Index of /torproject.org trusty main
So, for some reason Debian is seeing tor as untrusted despite that it has been listed as trusted. Tor is being run as root so its not a restricted user error. I am wondering why this might be happening? Thanks.
–Keifer