[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Help! tb-updater gpg authentication failure - am I hosed?


#1

So last night I was updating whonix-gw and whonix-ws from the Qubes VM Manager like I always do. The gw update went fine, and the ws update went fine except I noticed some strange output.

I was in a hurry so I already closed the terminal and no longer have the exact output. It was a bad mistake, sorry. It was late and I hadn’t slept in nearly 24 hours. I just closed it and went to bed. I do still have the dpkg logs and such however.

It said something about getting something.asc… CURL: HTTP error 400 or above… something could not be authenticated… something something. I don’t remember the exact output or the exact URL.

I believe it might have been output from the tb-updater script running within dpkg, because it began with “Checking connectivity…”, “CURL: this”, “CURL: that”

It resembled the sequence of the tb-updater GUI according to the Whonix wiki page. So that’s why I think the tb-update script was running under dpkg while updating whonix-ws. But I don’t think it makes sense for tb-updater to be run in whonix-ws in the first place because /home/user/.tb is local to anon-whonix?

Anyway, some signature file couldn’t be downloaded and thus some file could not be authenticated.

Was it tb-updater telling me that the tor-browser-en_US-*.tar.xz.asc signature file couldn’t be downloaded? Or was it dpkg/apt-get telling me that the signature file for the tb-updater couldn’t be downloaded and thus the tb-updater package could not be authenticated?

Am I hosed? In either case I would hope that dpkg or tb-update would fail safely and not install the package or extract the tarball, but you can never be too sure. I’m hoping someone can reassure me and/or explain what happened and/or what to do to fix the issue (if anything - I never (intentionally) use tb-updater, I use the internal updater)

whonix-gw (Note: the clock seems to be way behind)
user@host:~$ date
Tue Nov 28 06:24:42 UTC 2017
user@host:~$ ls -l /usr/bin/update-torbrowser
-rwxr-xr-x 1 root root 69106 Oct 20 14:05 /usr/bin/update-torbrowser
user@host:~$ ls -la /usr/lib/tb-updater/
total 28
drwxr-xr-x 2 root root 4096 Nov 28 04:38 .
drwxr-xr-x 121 root root 20480 Nov 28 04:39 …
-rwxr-xr-x 1 root root 792 Oct 20 14:05 first-boot-home-population
user@host:~$ sudo apt-cache show tb-updater
Package: tb-updater
Version: 3:3.7.19-1
Architecture: all
Maintainer: Patrick Schleizer adrelanos@riseup.net
Installed-Size: 280
Depends: msgcollector, curl, psmisc, gpg-bash-lib, pv, bsdtar, sudo, init-system-helpers (>= 1.18~)
Recommends: tb-starter, anon-icon-pack, anon-shared-helper-scripts, curl-scripts
Suggests: tb-default-browser, open-link-confirmation
Homepage: https://github.com/Whonix/tb-updater
Priority: optional
Section: misc
Filename: pool/main/t/tb-updater/tb-updater_3.7.19-1_all.deb
Size: 154764
SHA256: 6ead1a54ee587b05e52350dab5073b3a38a18b319cb3c07f86e29a2ea07f9a92
SHA1: fed81ae12d9cc0381cafaa6e7410a74876f13ed3
MD5sum: ca6ffefeb0ea78175345916122f58ebb

dpkg.log

2017-11-28 04:41:49 configure tb-updater:all 3:3.7.19-1
2017-11-28 04:41:49 status unpacked tb-updater:all 3:3.7.19-1
2017-11-28 04:41:49 status half-configured tb-updater:all 3:3.7.19-1
2017-11-28 04:42:01 status installed tb-updater:all 3:3.7.19-1

anon-whonix (this is with whonix-ws NOT restarted since the update last night - changes in whonix-ws are NOT reflected)
user@host:~$ date
Tue Nov 28 13:54:02 UTC 2017
user@host:~$ ls -la .tb
total 12
drwxrwxr-x 3 user user 4096 Mar 3 2017 .
drwxr-xr-x 24 user user 4096 Nov 28 13:18 …
drwxrwxr-x 3 user user 4096 Nov 27 15:50 tor-browser
user@host:~$ ls -la .tb/tor-browser/
total 16
drwxrwxr-x 3 user user 4096 Nov 27 15:50 .
drwxrwxr-x 3 user user 4096 Mar 3 2017 …
drwxr-xr-x 14 user user 4096 Nov 26 15:58 Browser
-rwx------ 1 user user 1759 Nov 27 15:50 start-tor-browser.desktop
user@host:~$ ls -la .tb/tor-browser/Browser/start-tor-browser
-rwxr-xr-x 1 user user 12692 Nov 16 12:34 .tb/tor-browser/Browser/start-tor-browser


#2

https://www.whonix.org/wiki/FAQ#Am_I_compromised.3F

https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#tb-updater_in_Qubes_TemplateVM


#3

Thank you for the technical description of tb-updater. It was supremely helpful and answered all of my questions. Exactly what I was looking for!

About the first link: I understand no one can tell me if I am compromised or not. It was a rhetorical question. I was really looking for a technical description like the one you gave me in the second link. Also I did search around and read a few wiki pages before posting. But yes you’re right and I can understand why the Whonix community doesn’t want posts like that (or at list not in those words) on the forum.

Just a friendly suggestion from a now humbled forum poster: this whole thread could have been avoided if https://www.whonix.org/wiki/Tor_Browser#Tor_Browser_Downloader_by_Whonix contained a link to https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#tb-updater_in_Qubes_TemplateVM (even just as a “See Also”), since I did read that section in full before my initial post.

It looks like I have permission to edit that page, so I’d like to add that link later if there are no objections.

Thank you once again and my apologies for the superfluous post!


#4

Thanks. Yes, please edit.