Whonix 9.6 Maintenance Release - Testers wanted!




Changelog between 9.4 and 9.6:

– tb-updater: added new TBB tbb-team.asc signing key – https://phabricator.whonix.org/T41

– whonix-repository: updated repository signing key – https://phabricator.whonix.org/T100

– whonixcheck: updated Whonix news signing key – https://phabricator.whonix.org/T100

– updated frozen repository


Still getting the TBB signature issue with 9.6 (happens with torbrowser-launcher too, cannot upgrade).

Works for me. Just now tested again. Note: The testers and developers repository has not been updated yet. Is that the issue?

NO. Whatever the Whonix repository , I get this output from update-tobrowser":

## Verifying GPG signature.
## Not using the user's GPG keyring also ensures, that the key can be only
## signed by the GPG keys we added. Signatures from random people from the
## user's keyring will be ignored.
gpg: Signature made Fri 16 Jan 2015 08:28:57 AM UTC using RSA key ID D40814E0
gpg: Can't check signature: public key not found
[ERROR] [torbrowser] GPG download signature could NOT be verified.
Tor Browser update failed! Try again later.

In the host, torbrowser-launcher cannot update either (“SIGNATURE VERIFICATION FAILED! You might be under attack…”).

Installed torbrowser-launcher in two virtual machines, Debian jessie and Ubuntu 14.04, it works. I really don’t know, but I’d like to investigate a little more before wiping the disk.

It makes sense to debug this.

Did you “apt get dist-upgrade” from testers or developers repository once before? Because technically in testers and developres have much higher version numbers, but not yet the new key file. If you later switch to the stable repository, it won’t downgrade [without special commands].

The fix is in tb-updater version 3:0.6.2-1.

What’s your tb-updater version? Check.

dpkg -l | grep tb-updater

Got this file on your disk?

Yeah, thanks.

tb-updater version was 3:1.0-1 and /usr/share/torbrowser-updater-keys.d/tbb-team.asc was missing.

It seems that it came from selecting the developers repository on installation. Made a fresh install with the stable repository, everything normal, back using TBB in Whonix.

The combination with the torbrowser-launcher issue in the host did not make sense but was worrying, to say the least.

What would be really worrying, if it would install it even if they key was missing. :wink: But I am specifically testing this a lot to make sure this is prevented.