Help! tb-updater gpg authentication failure - am I hosed?


So last night I was updating whonix-gw and whonix-ws from the Qubes VM Manager like I always do. The gw update went fine, and the ws update went fine except I noticed some strange output.

I was in a hurry so I already closed the terminal and no longer have the exact output. It was a bad mistake, sorry. It was late and I hadn’t slept in nearly 24 hours. I just closed it and went to bed. I do still have the dpkg logs and such however.

It said something about getting something.asc… CURL: HTTP error 400 or above… something could not be authenticated… something something. I don’t remember the exact output or the exact URL.

I believe it might have been output from the tb-updater script running within dpkg, because it began with “Checking connectivity…”, “CURL: this”, “CURL: that”

It resembled the sequence of the tb-updater GUI according to the Whonix wiki page. So that’s why I think the tb-update script was running under dpkg while updating whonix-ws. But I don’t think it makes sense for tb-updater to be run in whonix-ws in the first place because /home/user/.tb is local to anon-whonix?

Anyway, some signature file couldn’t be downloaded and thus some file could not be authenticated.

Was it tb-updater telling me that the tor-browser-en_US-*.tar.xz.asc signature file couldn’t be downloaded? Or was it dpkg/apt-get telling me that the signature file for the tb-updater couldn’t be downloaded and thus the tb-updater package could not be authenticated?

Am I hosed? In either case I would hope that dpkg or tb-update would fail safely and not install the package or extract the tarball, but you can never be too sure. I’m hoping someone can reassure me and/or explain what happened and/or what to do to fix the issue (if anything - I never (intentionally) use tb-updater, I use the internal updater)

whonix-gw (Note: the clock seems to be way behind)
user@host:~$ date
Tue Nov 28 06:24:42 UTC 2017
user@host:~$ ls -l /usr/bin/update-torbrowser
-rwxr-xr-x 1 root root 69106 Oct 20 14:05 /usr/bin/update-torbrowser
user@host:~$ ls -la /usr/lib/tb-updater/
total 28
drwxr-xr-x 2 root root 4096 Nov 28 04:38 .
drwxr-xr-x 121 root root 20480 Nov 28 04:39 …
-rwxr-xr-x 1 root root 792 Oct 20 14:05 first-boot-home-population
user@host:~$ sudo apt-cache show tb-updater
Package: tb-updater
Version: 3:3.7.19-1
Architecture: all
Maintainer: Patrick Schleizer adrelanos@riseup.net
Installed-Size: 280
Depends: msgcollector, curl, psmisc, gpg-bash-lib, pv, bsdtar, sudo, init-system-helpers (>= 1.18~)
Recommends: tb-starter, anon-icon-pack, anon-shared-helper-scripts, curl-scripts
Suggests: tb-default-browser, open-link-confirmation
Homepage: https://github.com/Whonix/tb-updater
Priority: optional
Section: misc
Filename: pool/main/t/tb-updater/tb-updater_3.7.19-1_all.deb
Size: 154764
SHA256: 6ead1a54ee587b05e52350dab5073b3a38a18b319cb3c07f86e29a2ea07f9a92
SHA1: fed81ae12d9cc0381cafaa6e7410a74876f13ed3
MD5sum: ca6ffefeb0ea78175345916122f58ebb


2017-11-28 04:41:49 configure tb-updater:all 3:3.7.19-1
2017-11-28 04:41:49 status unpacked tb-updater:all 3:3.7.19-1
2017-11-28 04:41:49 status half-configured tb-updater:all 3:3.7.19-1
2017-11-28 04:42:01 status installed tb-updater:all 3:3.7.19-1

anon-whonix (this is with whonix-ws NOT restarted since the update last night - changes in whonix-ws are NOT reflected)
user@host:~$ date
Tue Nov 28 13:54:02 UTC 2017
user@host:~$ ls -la .tb
total 12
drwxrwxr-x 3 user user 4096 Mar 3 2017 .
drwxr-xr-x 24 user user 4096 Nov 28 13:18 …
drwxrwxr-x 3 user user 4096 Nov 27 15:50 tor-browser
user@host:~$ ls -la .tb/tor-browser/
total 16
drwxrwxr-x 3 user user 4096 Nov 27 15:50 .
drwxrwxr-x 3 user user 4096 Mar 3 2017 …
drwxr-xr-x 14 user user 4096 Nov 26 15:58 Browser
-rwx------ 1 user user 1759 Nov 27 15:50 start-tor-browser.desktop
user@host:~$ ls -la .tb/tor-browser/Browser/start-tor-browser
-rwxr-xr-x 1 user user 12692 Nov 16 12:34 .tb/tor-browser/Browser/start-tor-browser





Thank you for the technical description of tb-updater. It was supremely helpful and answered all of my questions. Exactly what I was looking for!

About the first link: I understand no one can tell me if I am compromised or not. It was a rhetorical question. I was really looking for a technical description like the one you gave me in the second link. Also I did search around and read a few wiki pages before posting. But yes you’re right and I can understand why the Whonix community doesn’t want posts like that (or at list not in those words) on the forum.

Just a friendly suggestion from a now humbled forum poster: this whole thread could have been avoided if https://www.whonix.org/wiki/Tor_Browser#Tor_Browser_Downloader_by_Whonix contained a link to https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#tb-updater_in_Qubes_TemplateVM (even just as a “See Also”), since I did read that section in full before my initial post.

It looks like I have permission to edit that page, so I’d like to add that link later if there are no objections.

Thank you once again and my apologies for the superfluous post!


Thanks. Yes, please edit.