Summary:
I have followed the Installation guide from website Whonix/wiki/SecBrowser/Qubes and failed to install secbrowser in a qubes templatevm. However, I’ve successfully installed it in an AppVM - but that’s of little use as the Appvm is non-persistent.
Details:
Package Installation
Steps 1 to 8. All successful
Step 9 i.e. sudo apt update produces errors:(edited to remove disallowed links)
“user@debian-10-clone:~$ sudo apt-get update
Get:3 … buster InRelease [37.5 kB]
Get:4 … buster InRelease [2,500 B]
Hit:1 …/debian buster InRelease
Err:3 deb… buster InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY CB8D50BB77BB3C48
Hit:2 …org/debian-security buster/updates InRelease
Reading package lists… Done
W: GPG error…org buster InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY CB8D50BB77BB3C48
E: The repository … buster InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.”
It would appear that the unavailable key CB8D50BB77BB3C48, is a subkey of the primary key 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA downloaded earlier.
Have successfully installed the secbrowser package to a StandaloneVM and to an ApppVM but that’s not reaaly ideal for me.
Here is the output from the AppVM=secbrowser and the TemplateVM=debian-10-clone
user@secbrowser:~$ gpg --keyid-format long --import --import-options show-only --with-fingerprint patrick.asc
gpg: key 8D66066A2EEACCDA: 86 signatures not checked due to missing keys
pub rsa4096/8D66066A2EEACCDA 2014-01-16 [SC] [expires: 2021-04-17]
Key fingerprint = 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
uid Patrick Schleizer adrelanos@riseup.net
sub rsa4096/3B1E6942CE998547 2014-01-16 [E] [expires: 2021-04-17]
sub rsa4096/10FDAC53119B3FD6 2014-01-16 [A] [expires: 2021-04-17]
sub rsa4096/CB8D50BB77BB3C48 2014-01-16 [S] [expires: 2021-04-17]
user@secbrowser:~$ gpg --import patrick.asc
gpg: key 8D66066A2EEACCDA: 86 signatures not checked due to missing keys
gpg: key 8D66066A2EEACCDA: public key “Patrick Schleizer adrelanos@riseup.net” imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
user@secbrowser:~$ sudo apt-key export 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA > /tmp/whonix.key
Warning: apt-key output should not be parsed (stdout is not a terminal)
gpg: WARNING: nothing exported
user@secbrowser:~$ qvm-copy /tmp/whonix.key templatevm_debian-10-clone
qfile-agent: Fatal error: stat templatevm_debian-10-clone (error type: No such file or directory)
EOF
user@debian-10-clone:~$ ls ~/QubesIncoming/secbrowser/
whonix.key
user@debian-10-clone:~$ cd ~/QubesIncoming/secbrowser/
user@debian-10-clone:~/QubesIncoming/secbrowser$ gpg --import whonix.key
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0