Saw something similar to this addressed in the forums about a year ago. Sounds like it was fixed at one point. I’m persistently getting the following warning when running WhonixCheck. Using apt-get upgrade doesn’t seem to solve this issue.
ERROR: Whonix News Download Result:
Could not OpenPGP verify authenticity of Whonix News !!!
(gpg_bash_lib_output_gpg_verify_exit_code: 0 | gpg_bash_lib_output_validsig_status: true | gpg_bash_lib_output_alright_status: false | gpg_bash_lib_output_failure: )
This is either,
- a Whonix Bug,
- an attack on Whonix,
- or Whonix News Keys might be outdated. Upgrading using apt-get might fix this.
INFO: Whonix News gpg_bash_lib_output_diagnostic_message:
gpg_bash_lib_internal_gpg_verify_status_fd_file: /tmp/tmp.s479JmXymw/news_verify_dir/news_gpg/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /tmp/tmp.s479JmXymw/news_verify_dir/news_gpg/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keyring `/tmp/tmp.s479JmXymw/news_verify_dir/news_gpg/secring.gpg' created
gpg: keyring `/tmp/tmp.s479JmXymw/news_verify_dir/news_gpg/pubring.gpg' created
gpg: /tmp/tmp.s479JmXymw/news_verify_dir/news_gpg/trustdb.gpg: trustdb created
gpg: key 2EEACCDA: public key "Patrick Schleizer " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Fri 23 Oct 2015 08:18:55 AM JST using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer "
gpg: Signature notation: issuer-fpr@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Signature notation: file@name=whonix_news.tar.xz
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] SIG_ID 5nfHnoEfyvGZ7pyyfLJapb96B/A 2015-10-22 1445555935
[GNUPG:] GOODSIG CB8D50BB77BB3C48 Patrick Schleizer
[GNUPG:] NOTATION_NAME issuer-fpr@notations.openpgp.fifthhorseman.net
[GNUPG:] NOTATION_DATA 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
[GNUPG:] NOTATION_NAME file@name
[GNUPG:] NOTATION_DATA whonix_news.tar.xz
[GNUPG:] VALIDSIG 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48 2015-10-22 1445555935 0 4 0 1 10 00 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
[GNUPG:] TRUST_ULTIMATE
I use Whonix on Virtualbox everyday, and today, I have this error when running WhonixCheck:
[quote]ERROR: Whonix News Download Result:
Could not OpenPGP verify authenticity of Whonix News !!!
(gpg_bash_lib_output_gpg_verify_exit_code: 0 | gpg_bash_lib_output_validsig_status: true | gpg_bash_lib_output_alright_status: false | gpg_bash_lib_output_failure: )
This is either,
a Whonix Bug,
an attack on Whonix,
or Whonix News Keys might be outdated. Upgrading using apt-get might fix this.
INFO: Whonix News gpg_bash_lib_output_diagnostic_message:
gpg_bash_lib_internal_gpg_verify_status_fd_file: /tmp/tmp.I2JYrkwSsK/news/verify_dir/news_gpg/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /tmp/tmp.I2JYrkwSsK/news/verify_dir/news_gpg/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keyring /tmp/tmp.I2JYrkwSsK/news/verify_dir/news_gpg/secring.gpg' created gpg: keyring /tmp/tmp.I2JYrkwSsK/news/verify_dir/news_gpg/pubring.gpg’ created
gpg: /tmp/tmp.I2JYrkwSsK/news/verify_dir/news_gpg/trustdb.gpg: trustdb created
gpg: key 2EEACCDA: public key "Patrick Schleizer " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Thu 23 Jun 2016 09:59:01 AM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer "
gpg: Signature notation: issuer-fpr@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Signature notation: file@name=whonix_news.tar.xz
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] SIG_ID g+xq+3RlQXGgn22QZ87j/OpElAc 2016-06-23 1466675941
[GNUPG:] GOODSIG CB8D50BB77BB3C48 Patrick Schleizer
[GNUPG:] NOTATION_NAME issuer-fpr@notations.openpgp.fifthhorseman.net
[GNUPG:] NOTATION_DATA 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
[GNUPG:] NOTATION_NAME file@name
[GNUPG:] NOTATION_DATA whonix_news.tar.xz
[GNUPG:] VALIDSIG 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48 2016-06-23 1466675941 0 4 0 1 10 00 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
[GNUPG:] TRUST_ULTIMATE
WARNING: Debian Package Update Check Result: Could not check for software updates! (apt-get code: 100)
Please manually check:
(Open a terminal, Start Menu → Applications → System → Terminal.)
I got same problem guys, since yesterday.
Worked perfectly fine.
I tried install new VM of Whonix 13 on Virtualbox but didn’t help
Hope somebody have solution.
Is Whonix under attack or just a bug?
A spitted out whole google, tried the command:
Updated Virtualbox 13.
Tried updating “sudo apt-get update && sudo apt-get dist-upgrade” but said no updates available.
But nothing worked.
I’m out of ideas bout fixin this problem.
yea I think it’s a common problem at this point. Today is Sunday so much probably any admin/mod is gonna take a look. Let’s wait tomorrow for some update on the matter. Maybe the gpg key expired or they forgot to sign some package idk. We’ll see…
Yes, me too @5yn74x_3rr0r , I get the same output when updating, though my repositories are onionized, but I do get the same error specifically at the repo with /dists/jessie/InRelease .
I do not want to complain, I’m very thankful to whonix developers and everyone positively connected to it, but what? aren’t they making sufficient money to take a look at their own creature on a Monday?