Whonix 9.6 Maintenance Release - Testers wanted!

Patrick · January 22, 2015, 7:12pm

[html]

Download:

http://mirror.whonix.de/9.6/

Changelog between 9.4 and 9.6:

– tb-updater: added new TBB tbb-team.asc signing key – https://phabricator.whonix.org/T41

– whonix-repository: updated repository signing key – https://phabricator.whonix.org/T100

– whonixcheck: updated Whonix news signing key – https://phabricator.whonix.org/T100

– updated frozen repository

[/html]

troubadour · January 23, 2015, 10:22am

Still getting the TBB signature issue with 9.6 (happens with torbrowser-launcher too, cannot upgrade).

Patrick · January 23, 2015, 12:06pm

Works for me. Just now tested again. Note: The testers and developers repository has not been updated yet. Is that the issue?

troubadour · January 24, 2015, 12:04pm

NO. Whatever the Whonix repository , I get this output from update-tobrowser":

INFO:
## Verifying GPG signature.
## Not using the user's GPG keyring also ensures, that the key can be only
## signed by the GPG keys we added. Signatures from random people from the
## user's keyring will be ignored.
gpg: Signature made Fri 16 Jan 2015 08:28:57 AM UTC using RSA key ID D40814E0
gpg: Can't check signature: public key not found
[ERROR] [torbrowser] GPG download signature could NOT be verified.
Tor Browser update failed! Try again later.

In the host, torbrowser-launcher cannot update either (“SIGNATURE VERIFICATION FAILED! You might be under attack…”).

Installed torbrowser-launcher in two virtual machines, Debian jessie and Ubuntu 14.04, it works. I really don’t know, but I’d like to investigate a little more before wiping the disk.

Patrick · January 24, 2015, 2:27pm

It makes sense to debug this.

Did you “apt get dist-upgrade” from testers or developers repository once before? Because technically in testers and developres have much higher version numbers, but not yet the new key file. If you later switch to the stable repository, it won’t downgrade [without special commands].

The fix is in tb-updater version 3:0.6.2-1.

What’s your tb-updater version? Check.

dpkg -l | grep tb-updater

Got this file on your disk?
/usr/share/torbrowser-updater-keys.d/tbb-team.asc

github.com

Kicksecure/tb-updater/blob/Whonix9/usr/share/torbrowser-updater-keys.d/tbb-team.asc

This file has been truncated. show original

troubadour · January 24, 2015, 5:03pm

Yeah, thanks.

tb-updater version was 3:1.0-1 and /usr/share/torbrowser-updater-keys.d/tbb-team.asc was missing.

It seems that it came from selecting the developers repository on installation. Made a fresh install with the stable repository, everything normal, back using TBB in Whonix.

The combination with the torbrowser-launcher issue in the host did not make sense but was worrying, to say the least.

Patrick · January 24, 2015, 5:13pm

What would be really worrying, if it would install it even if they key was missing. But I am specifically testing this a lot to make sure this is prevented.