[SOLVED] Tor browser signature verification failed

[bvliegen]

Hi,

using latest MX Linux, I installed the Tor Browser Launcher from MX Package Installer. When I ran the launcher program, it downloaded the Tor browser, but it didn't install it. I got the message that the signature verification failed. Error code: [long number]: key expired. Here's a screen shot of the message: https://imgur.com/Bwtt7we.png

I clicked Start a couple of more times, but the same error message kept appearing.

I'm guessing there's some workaround by refreshing key rings and what not, but I think this should just work out of the box, right?

Would be nice if this could be fixed.

Kind regards,

Bart

PS. in case you ask, here's my inxi output:

Code: Select all

System:
  Host: <filter> Kernel: 4.19.0-6-amd64 x86_64 bits: 64 compiler: gcc 
  v: 8.3.0 
  parameters: BOOT_IMAGE=/vmlinuz-4.19.0-6-amd64 
  root=UUID=<filter> ro quiet splash 
  Desktop: Xfce 4.14.2 tk: Gtk 3.24.5 info: xfce4-panel wm: xfwm4 
  dm: LightDM 1.26.0 Distro: MX-19.2_x64 patito feo October 21  2019 
  base: Debian GNU/Linux 10 (buster) 
Machine:
  Type: Laptop System: Dell product: Latitude E6320 v: 01 serial: <filter> 
  Chassis: type: 9 serial: <filter> 
  Mobo: Dell model: 0GJF11 v: A00 serial: <filter> BIOS: Dell v: A19 
  date: 11/14/2013 
Battery:
  ID-1: BAT0 charge: 29.9 Wh condition: 30.0/58.0 Wh (52%) volts: 12.7/11.1 
  model: Samsung SDI DELL 7M0N515 type: Li-ion serial: <filter> 
  status: Charging 
CPU:
  Topology: Dual Core model: Intel Core i5-2520M bits: 64 type: MT MCP 
  arch: Sandy Bridge family: 6 model-id: 2A (42) stepping: 7 microcode: 2F 
  L2 cache: 3072 KiB 
  flags: avx lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 19955 
  Speed: 2374 MHz min/max: 800/2500 MHz Core speeds (MHz): 1: 2171 2: 2025 
  3: 2351 4: 2283 
  Vulnerabilities: Type: itlb_multihit status: KVM: Split huge pages 
  Type: l1tf 
  mitigation: PTE Inversion; VMX: conditional cache flushes, SMT vulnerable 
  Type: mds mitigation: Clear CPU buffers; SMT vulnerable 
  Type: meltdown mitigation: PTI 
  Type: spec_store_bypass 
  mitigation: Speculative Store Bypass disabled via prctl and seccomp 
  Type: spectre_v1 
  mitigation: usercopy/swapgs barriers and __user pointer sanitization 
  Type: spectre_v2 mitigation: Full generic retpoline, IBPB: conditional, 
  IBRS_FW, STIBP: conditional, RSB filling 
  Type: tsx_async_abort status: Not affected 
Graphics:
  Device-1: Intel 2nd Generation Core Processor Family Integrated Graphics 
  vendor: Dell driver: i915 v: kernel bus ID: 00:02.0 chip ID: 8086:0126 
  Display: x11 server: X.Org 1.20.4 driver: modesetting unloaded: fbdev,vesa 
  resolution: 1366x768~60Hz 
  OpenGL: renderer: Mesa DRI Intel Sandybridge Mobile v: 3.3 Mesa 18.3.6 
  compat-v: 3.0 direct render: Yes 
Audio:
  Device-1: Intel 6 Series/C200 Series Family High Definition Audio 
  vendor: Dell driver: snd_hda_intel v: kernel bus ID: 00:1b.0 
  chip ID: 8086:1c20 
  Sound Server: ALSA v: k4.19.0-6-amd64 
Network:
  Device-1: Intel 82579LM Gigabit Network vendor: Dell driver: e1000e 
  v: 3.2.6-k port: 4060 bus ID: 00:19.0 chip ID: 8086:1502 
  IF: eth0 state: down mac: <filter> 
  Device-2: Intel Centrino Advanced-N 6205 [Taylor Peak] driver: iwlwifi 
  v: kernel port: 4080 bus ID: 02:00.0 chip ID: 8086:0082 
  IF: wlan0 state: up mac: <filter> 
  IF-ID-1: nordlynx state: unknown speed: 10 Mbps duplex: full mac: N/A 
  IF-ID-2: wwan0 state: down mac: <filter> 
Drives:
  Local Storage: total: 111.79 GiB used: 40.36 GiB (36.1%) 
  ID-1: /dev/sda vendor: Samsung model: SSD 850 EVO 120GB size: 111.79 GiB 
  block size: physical: 512 B logical: 512 B speed: 6.0 Gb/s 
  serial: <filter> rev: 1B6Q scheme: MBR 
Partition:
  ID-1: / raw size: 109.24 GiB size: 107.03 GiB (97.97%) 
  used: 40.22 GiB (37.6%) fs: ext4 dev: /dev/dm-0 
  ID-2: /boot raw size: 512.0 MiB size: 487.9 MiB (95.30%) 
  used: 142.3 MiB (29.2%) fs: ext4 dev: /dev/sda1 
  ID-3: swap-1 size: 1.98 GiB used: 768 KiB (0.0%) fs: swap 
  swappiness: 15 (default 60) cache pressure: 100 (default) dev: /dev/dm-1 
Sensors:
  System Temperatures: cpu: 58.0 C mobo: 31.0 C sodimm: 39.0 C 
  Fan Speeds (RPM): cpu: 0 
Repos:
  No active apt repos in: /etc/apt/sources.list 
  Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
  1: deb http://deb.debian.org/debian buster-updates main contrib non-free
  Active apt repos in: /etc/apt/sources.list.d/debian.list 
  1: deb http://deb.debian.org/debian buster main contrib non-free
  2: deb http://deb.debian.org/debian-security buster/updates main contrib non-free
  Active apt repos in: /etc/apt/sources.list.d/devolo-updates.list 
  1: deb http://update.devolo.com/linux/apt/ stable main
  Active apt repos in: /etc/apt/sources.list.d/google-earth-pro.list 
  1: deb [arch=amd64] http://dl.google.com/linux/earth/deb/ stable main
  Active apt repos in: /etc/apt/sources.list.d/mx.list 
  1: deb http://mxrepo.com/mx/repo/ buster main non-free
  Active apt repos in: /etc/apt/sources.list.d/nordvpn.list 
  1: deb https://repo.nordvpn.com/deb/nordvpn/debian stable main
  Active apt repos in: /etc/apt/sources.list.d/skype-stable.list 
  1: deb [arch=amd64] https://repo.skype.com/deb stable main
  Active apt repos in: /etc/apt/sources.list.d/spotify.list 
  1: deb http://repository.spotify.com stable non-free
  Active apt repos in: /etc/apt/sources.list.d/teams.list 
  1: deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main
  No active apt repos in: /etc/apt/sources.list.d/various.list 
Info:
  Processes: 243 Uptime: 23m Memory: 3.74 GiB used: 1.83 GiB (49.1%) 
  Init: SysVinit v: 2.93 runlevel: 5 default: 5 Compilers: gcc: 8.3.0 alt: 8 
  Shell: quick-system-in running in: quick-system-in inxi: 3.0.36 

[metreo]

I believe the proposed solution in this bug report addresses the issue: https://bugs.debian.org/cgi-bin/bugrepo ... bug=925878

[fehlix]

Hi,

using latest MX Linux, I installed the Tor Browser Launcher from MX Package Installer. When I ran the launcher program, it downloaded the Tor browser, but it didn't install it. I got the message that the signature verification failed. Error code: [long number]: key expired. Here's a screen shot of the message: https://imgur.com/Bwtt7we.png

I clicked Start a couple of more times, but the same error message kept appearing.

I'm guessing there's some workaround by refreshing key rings and what not, but I think this should just work out of the box, right?

Would be nice if this could be fixed.

They fixed the code to get the new verification key. The updated version torbrowser-launcher:0.3.2-14~bpo10+1
can be installed through MX Package Installer -> Debian Backports Tab:

mxpi-torbrowser-launcher.png

[bvliegen]

Indeed, the version from Debian Backports works. Thanks for that.

So to avoid confusion among other users, should the non-working version in stable be removed? Or the one from backports be moved or copied to the stable repo?

[metreo]

If you don't think your issue has been addressed in existing reports I would definitely recommend filing a bug report.

[Stevo]

I'm sending an even newer version from Debian testing to MX 19 main that also fixes the signing issue. It will upgrade over any previous versions.

https://drive.google.com/file/d/12wk5zS ... sp=sharing

We can't remove the "stable" version from apt, since it's in the Debian repos. But we can provide the newer version so most users will never even see it.

[metreo]

How long does that take?

[bvliegen]

It's already done. Stable is at 0.3.3-2~mx19+1, while Debian Backports is at 0.3.2-14~bpo10+1. Thanks a lot Stevo!

[metreo]

It's so nice to hear there was an eventual solution!

[Stevo]

We like to refer to the main Debian Buster repo as "Stable", because the package versions in it very rarely change, and call the various MX repos "main", "test", and the AHS section. Packages in any of MX's repos can be updated as we see fit, but we have no control over what Debian does with theirs.