[tor-relays] Update on tor issue on my debian

Hi all,

So upon trying all of the mentioned commands, my tor installation still encounters an error when trying to update. Attached is a photo of my sources.list.debian.templ and sources.list. When trying to update the returned error

N: Ignoring file ‘DEADJOE’ in directory ‘/etc/apt/sources.list.d/’ as it has no filename extension

N: Ignoring file ‘tor.list.save.2’ in directory ‘/etc/apt/sources.list.d/’ as it has an invalid filename extension

N: Ignoring file ‘tor.list.save.1’ in directory ‘/etc/apt/sources.list.d/’ as it has an invalid filename extension

E: Conflicting values set for option Signed-By regarding source Index of /torproject.org buster: /usr/share/keyrings/tor-archive-keyring.gpg !=

E: The list of sources could not be read.

I am wondering, is there simply a tool for configuring the sources.list and all other Debian os needed files for tor updates? Thank you.

–Keifer

list shot.png1917×777 45.9 KB

sources.list shot.png1122×767 23.5 KB

So upon trying all of the mentioned commands, my tor installation still
encounters an error when trying to update. Attached is a photo of my
sources.list.debian.templ and sources.list. When trying to update the
returned error

sources.list.debian.temp
I would not change the template from the provider.

N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has
no filename extension

N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/'
as it has an invalid filename extension

N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/'
as it has an invalid filename extension

Dir '/etc/apt/sources.list.d/' is empty by default. I would delete all files
there. $ sudo rm -i /etc/apt/sources.list.d/*

E: Conflicting values set for option Signed-By regarding source
https://deb.torproject.org/torproject.org/ buster:
/usr/share/keyrings/tor-archive-keyring.gpg !=

E: The list of sources could not be read.

You have to configure it in either the Debian buster way or the new way since
Debian bullseye.

Old buster way + (apt-key add) in file: /etc/apt/sources.list
deb Index of /torproject.org buster main

New bullseye way + (tor-archive-keyring) create a file in the directory:
'/etc/apt/sources.list.d/' with the name 'tor.list'
with just one line:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://
deb.torproject.org/torproject.org buster main

For Buster, you just have to delete the penultimate line:
deb Index of /debian stretch main
and
[signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] in the last line
in /etc/apt/sources.list.

Other consideration:
(You must upgrade buster to bullseye, your certificates may still be out of
date, your tor daemon is running as root!?, etc.)
nusenu gave tips on relay migration a few days ago.
- stop tor, save tor config and the entire datadir
Reinstall bullseye from the provider customer menu
- then copy over tor config and datadir, set the right permissions and let the
relay run again.

Tomorrow is a workshop from Torproject

Well, after deleting those files, etc, here is the terminal output when running apt-get update.

root@vps-3e661acc:/home/debian# root@vps-3e661acc:/home/debian# apt-get update
Hit:1 http://security.debian.org buster/updates InRelease
Hit:2 http://deb.debian.org/debian buster InRelease
Hit:3 http://deb.debian.org/debian buster-backports InRelease
Ign:4 https://deb.torproject.org/torproject.org buster InRelease
Ign:5 https://deb.torproject.org/torproject.org buster Release
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Ign:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Ign:6 https://deb.torproject.org/torproject.org buster/main all Packages
Err:7 https://deb.torproject.org/torproject.org buster/main amd64 Packages
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]
Ign:8 https://deb.torproject.org/torproject.org buster/main Translation-en
Ign:9 https://deb.torproject.org/torproject.org buster/main Translation-en_US
Reading package lists… Done
E: Failed to fetch https://deb.torproject.org/torproject.org/dists/buster/main/binary-amd64/Packages Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 95.216.163.36 443]

So, that appears to have fixed the updating from a respiratory issue. But I am wondering what is the terminal command to update the SSL certificate? Thanks.

Nevermind, I got it.

Now there are two other things I wanted to ask about, is there a way I can set tor to automatically update over time? Also, my bridge at https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1D4C8C91923AB says it’s blocked in Russia. Is there a way to set a bridge to get a new IP address automatically every once in a while so it will have a new, unblocked IP address? I think this would be a good idea.

Hey,

yes: UnattendedUpgrades - Debian Wiki

Greetings

Nevermind, I got it.

Now there are two other things I wanted to ask about, is there a way I can
set tor to automatically update over time? Also, my bridge at
Relay Search
4C8C91923AB says it's blocked in Russia.

Yes, that's how it should be. Meskio did this especially so that your
bridge would not be found by the Russian government.

Is there a way to set a bridge to
get a new IP address automatically every once in a while so it will have a
new, unblocked IP address? I think this would be a good idea.

New IP's are available from the provider or entire blocks from the RIR.

Keifer Bly:

Hi all,

So upon trying all of the mentioned commands, my tor installation still encounters an error when trying to update. Attached is a photo of my sources.list.debian.templ and sources.list. When trying to update the returned error

N: Ignoring file 'DEADJOE' in directory '/etc/apt/sources.list.d/' as it has no filename extension

N: Ignoring file 'tor.list.save.2' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension

N: Ignoring file 'tor.list.save.1' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension

E: Conflicting values set for option Signed-By regarding source https://deb.torproject.org/torproject.org/ buster: /usr/share/keyrings/tor-archive-keyring.gpg !=

E: The list of sources could not be read.

I am wondering, is there simply a tool for configuring the sources.list

Yes, extrepo. It is recommended by your os.

apt install extrepo -y && extrepo enable torproject