Whonix version 17.2.0.1 build from source code failure: The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key

Support
1

First error

## Added deb-src so source package can also be downloaded.

deb http://HTTPS///deb.torproject.org/torproject.org bookworm main
deb-src http://HTTPS///deb.torproject.org/torproject.org bookworm main
+ true 'APTGETOPT_ALT:  -o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew'
+ rm -f /etc/apt/trusted.gpg.d/newer.asc
+ '[' -f /tmp/temporary-repository/repo_signing_key.asc ']'
+ cp --verbose /tmp/temporary-repository/repo_signing_key.asc /etc/apt/trusted.gpg.d/newer.asc
'/tmp/temporary-repository/repo_signing_key.asc' -> '/etc/apt/trusted.gpg.d/newer.asc'
+ chmod o+r /etc/apt/trusted.gpg.d/newer.asc
+ gpg --keyid-format long --import --import-options show-only --with-fingerprint /etc/apt/trusted.gpg.d/newer.asc
gpg: directory '/home/debian/.gnupg' created
gpg: keybox '/home/debian/.gnupg/pubring.kbx' created
gpg: key EE8CBC9E886DDD89: 83 signatures not checked due to missing keys
pub   rsa2048/EE8CBC9E886DDD89 2009-09-04 [SC] [expires: 2026-11-02]
      Key fingerprint = A3C4 F0F9 79CA A22C DBA8  F512 EE8C BC9E 886D DD89
uid                            deb.torproject.org archive signing key

+ '[' /home/debian/derivative-binary/temp_packages_tpo = '' ']'
+ pushd /home/debian/derivative-binary/temp_packages_tpo
~/derivative-binary/temp_packages_tpo /
+ apt-get -o Acquire::http::Proxy=http://127.0.0.1:3142 -o Acquire::https::Proxy=http://127.0.0.1:3142 -o Acquire::tor::Proxy=http://127.0.0.1:3142 -o APT::Update::Error-Mode=any -o Acquire::Languages=none -o Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled=false -o Apt::Install-Recommends=false -o Acquire::Retries=5 -o Dpkg::Options::=--force-confnew -o Dir::Etc::sourcelist=/tmp/temporary-repository/newer.list -o Dir::Etc::sourceparts=- update
Get:1 http://HTTPS///deb.torproject.org/torproject.org bookworm InRelease [3526 B]
Err:1 http://HTTPS///deb.torproject.org/torproject.org bookworm InRelease
  The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
Reading package lists... Done
W: GPG error: http://HTTPS///deb.torproject.org/torproject.org bookworm InRelease: The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
E: The repository 'http://HTTPS///deb.torproject.org/torproject.org bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
I: Copying back the cached apt archive contents
I: unmounting /home/debian/derivative-binary/temp_packages_tpo filesystem
I: unmounting dev/console filesystem
I: unmounting dev/ptmx filesystem
I: unmounting dev/pts filesystem
I: unmounting dev/shm filesystem
I: unmounting proc filesystem
I: unmounting sys filesystem
I: Cleaning COW directory
I: forking: rm -rf /var/cache/pbuilder/cow.cow_arm64/cow.204547
+ dist_build_download_script_exit_code=1
+ true
+ '[' -d /var/cache/pbuilder/base.cow_arm64 ']'
+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD /home/debian/derivative-maker/help-steps/umount_kill.sh /var/cache/pbuilder/base.cow_arm64
INFO: Okay, no pids still running in '/var/cache/pbuilder/base.cow_arm64', no need to kill any.
+ sudo --non-interactive --preserve-env=tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LANG,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,APTGETOPT,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD chown --recursive debian:debian /home/debian/derivative-binary/temp_packages_tpo
++ benchmarktimeend 1721308866
+++ date +%s
++ benchmarktimeend=1721308867
++ benchmark_took_seconds=1
+++ convertsecs 1
+++ local h m s
+++ (( h=1/3600 ))
+++ true
+++ (( m=(1%3600)/60 ))
+++ true
+++ (( s=1%60 ))
+++ printf '%02d:%02d:%02d\n' 0 0 1
++ echo 00:00:01
+ benchmark_took_time=00:00:01
+ true 'INFO: Done with function get_newer_packages_from_third_party_repositories (benchmark: 00:00:01) '
+ '[' '!' 1 = 0 ']'
+ return 1
++ exception_handler_general ERR
++ last_failed_exit_code=1
++ last_failed_bash_command='return "$dist_build_download_script_exit_code"'
++ output_cmd_set
++ '[' -o xtrace ']'
++ output_cmd=true
++ true 'INFO: Middle of function exception_handler_general of ././build-steps.d/2100_create-debian-packages.'
++ exception_handler_process_shared ERR
++ last_script=././build-steps.d/2100_create-debian-packages
++ trap_signal_type_previous=
++ '[' '' = '' ']'
++ trap_signal_type_previous=unset
++ trap_signal_type_last=ERR
++ dist_build_error_counter=1
+++ benchmarktimeend 1721308866
++++ date +%s
+++ benchmarktimeend=1721308867
+++ benchmark_took_seconds=1
++++ convertsecs 1
++++ local h m s
++++ (( h=1/3600 ))
++++ true
++++ (( m=(1%3600)/60 ))
++++ true
++++ (( s=1%60 ))
++++ printf '%02d:%02d:%02d\n' 0 0 1
+++ echo 00:00:01
++ benchmark_took_time=00:00:01
++ local first
++ read -r first _
++ process_backtrace_function
++ true 'INFO: BEGIN: process_backtrace_function'
++ '[' -o xtrace ']'
++ set +x
++ true 'INFO: END  : process_backtrace_function'
++ function_trace_function
++ true 'INFO: BEGIN: function_trace_function'
++ '[' -o xtrace ']'
++ set +x
++ true 'INFO: END  : function_trace_function'
++ output_cmd_set
++ '[' -o xtrace ']'
++ output_cmd=true
++ true '
############################################################
ERROR detected in script!: ././build-steps.d/2100_create-debian-packages

dist_build_version: 17.2.0.1
dist_build_error_counter: 1
benchmark: 00:00:01
last_failed_exit_code: 1
trap_signal_type_previous: unset
trap_signal_type_last    : ERR

process_backtrace_result:
1: : init
2: : /lib/systemd/systemd --user 
3: : /usr/libexec/gnome-terminal-server 
4: : bash 
5: : /bin/bash /home/debian/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target utm --arch arm64 --tb open --repo true --vmsize 15G 
6: : /bin/bash ././build-steps.d/2100_create-debian-packages --flavor whonix-gateway-xfce --target utm --arch arm64 --tb open --repo true --vmsize 15G 

function_trace_result:
main (line number: 429)
build_run_function (line number: 53)
main (line number: 425)
build_run_function (line number: 53)
create-debian-packages (line number: 414)
build_run_function (line number: 53)
download_tpo_packages (line number: 54)
build_run_function (line number: 53)
exception_handler_general (line number: 53)
exception_handler_process_shared (line number: 53)


last_failed_bash_command: return "$dist_build_download_script_exit_code"
############################################################
2

Second error

ERROR detected in script!: ././build-steps.d/2100_create-debian-packages

dist_build_version: 17.2.0.1
dist_build_error_counter: 2
benchmark: 00:00:01
last_failed_exit_code: 1
trap_signal_type_previous: ERR
trap_signal_type_last    : ERR

process_backtrace_result:
1: : init
2: : /lib/systemd/systemd --user 
3: : /usr/libexec/gnome-terminal-server 
4: : bash 
5: : /bin/bash /home/debian/derivative-maker/derivative-maker --flavor whonix-gateway-xfce --target utm --arch arm64 --tb open --repo true --vmsize 15G 
6: : /bin/bash ././build-steps.d/2100_create-debian-packages --flavor whonix-gateway-xfce --target utm --arch arm64 --tb open --repo true --vmsize 15G 

function_trace_result:
main (line number: 429)
build_run_function (line number: 53)
main (line number: 425)
build_run_function (line number: 53)
create-debian-packages (line number: 416)
build_run_function (line number: 53)
create_derivative_distribution_debian_packages (line number: 381)
exception_handler_general (line number: 381)
exception_handler_process_shared (line number: 381)
exception_handler_process_shared (line number: 53)
exception_handler_general (line number: 53)
build_run_function (line number: 53)
download_tpo_packages (line number: 54)
build_run_function (line number: 53)
create-debian-packages (line number: 414)
build_run_function (line number: 53)
main (line number: 425)
build_run_function (line number: 53)
main (line number: 429)


last_failed_bash_command: "$source_code_folder_dist/packages/kicksecure/genmkfile/usr/bin/genmkfile" deb-pkg
############################################################
3

@Patrick Let me know, how can I help to debug this.

4

This needs a signing key update.

This I have done in 17.2.0.3-developers-only but I didn’t test yet if that tag can be build.

5

Log is too short. Unclear what the error is. Unclear if this is a follow-up issue or other issue.

6

Not yet fixed.

7

17.2.0.4-developers-only has a higher chance of being fixed.

8

I just tried building the developers only branch and I seem to be getting the same error:

############################################################
ERROR detected in script!: ././build-steps.d/2100_create-debian-packages

dist_build_version: 17.2.0.1
dist_build_error_counter: 1
benchmark: 00:00:08
last_failed_exit_code: 1
trap_signal_type_previous: unset
trap_signal_type_last    : ERR

process_backtrace_result:
1: : init
2: : /lib/systemd/systemd --user 
3: : /usr/libexec/gnome-terminal-server 
4: : bash 
5: : /bin/bash ./derivative-maker --flavor whonix-workstation-xfce --target qcow2 --arch amd64 --repo true 
6: : /bin/bash ././build-steps.d/2100_create-debian-packages --flavor whonix-workstation-xfce --target qcow2 --arch amd64 --repo true 

function_trace_result:
main (line number: 429)
build_run_function (line number: 53)
main (line number: 425)
build_run_function (line number: 53)
create-debian-packages (line number: 414)
build_run_function (line number: 53)
download_tpo_packages (line number: 54)
build_run_function (line number: 53)
exception_handler_general (line number: 53)
exception_handler_process_shared (line number: 53)


last_failed_bash_command: return "$dist_build_download_script_exit_code"
############################################################
'
++ unset error_reason
++ '[' ERR = INT ']'
++ '[' ERR = TERM ']'
++ '[' ERR = ERR ']'
++ '[' '!' 0 = 0 ']'
++ true 'INFO: dist_build_auto_retry set to 0 (--retry-max). No auto retry.'
++ unset dist_build_auto_retry_counter
++ true
++ ignore_error=false
++ answer=
++ '[' ERR = ERR ']'
++ '[' '' = true ']'
++ '[' -t 0 ']'
++ true 'INFO: stdin connected to terminal, using interactive error handler.'
++ true 'ERROR: An issue in ././build-steps.d/2100_create-debian-packages has been detected!

I’m using a mostly fresh install of Debian 12. Is it safe to build the previous version then upgrade from within Whonix?

9

Too old.

Won’t build because signing key outdated in old version.

10

My mistake, I didn’t notice the .4 at the end of the version number. Is it safe to use dev builds anyway?

11

It says developers-only. Go big or go home.

12

I don’t understand, the same skill level is required to build the stable branch… I’m just wondering if it’s even recommended to use the dev branch for any use other than testing. I don’t want any leaks

Edit: Ok I see that there’s a separate testing branch, so it’s obviously not only used for testing. The wiki page on building could use a bit more clarification on the difference between the branches. I did notice this though:

3. For example, if 17.2.0.1 has been announced in the forums and is available from the wiki, git tag 17.2.0.1-developers-only is avaialble but 17.2.0.1-stable is not, then 17.2.0.1-developers-only can be safely used.

But this is a little bit different because apparently only 17.2.0.4 can be built.

Whonix ™ VM Build Documentation

13

3 posts were merged into an existing topic: derivative-maker: missing /usr/libexec/helper-scripts/get_colors.sh

14

I added a link Reliable IP Hiding - with Whonix - The All Tor Operating System to the Special Notice just now.