[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Whonixcheck reporting 2 Errors > main concern > "Could not OpenPGP verify authenticity of Whonix News"


#1

This is happening on Qubes OS, though I do not have evidence this is qubes-whonix specific so I’m posting in the general Support section.

Whonixcheck on Whonix Gateway reports 2 ERRORs:
The first one is concerning SocksPort not being reachable, I believe it’s because https://check.torporject.org is currently unreachable (not a specific whonix concern).

Real Issue being the second Error, thus “Could not OpenPGP verify authenticity of Whonix News !!!”, this already happened in the past and has been fixed after reporting the error here in the Support section by @Patrick .

HERE THE LOG OF WHONIXCHECK

ERROR: SocksPort Test Result: https://check.torproject.org was not reachable.
You could check, if you can reach https://check.torproject.org via the Tor Browser Bundle.
(curl exit code: [7] - [Failed to connect to host.])

ERROR: Whonix News Download Result:
Could not OpenPGP verify authenticity of Whonix News !!!
(gpg_bash_lib_output_gpg_verify_exit_code: 0 | gpg_bash_lib_output_validsig_status: true | gpg_bash_lib_output_alright_status: false | gpg_bash_lib_output_failure: )
This is either,
- a Whonix Bug,
- an attack on Whonix,
- or Whonix News Keys might be outdated. Upgrading using apt-get might fix this.

INFO: Whonix News gpg_bash_lib_output_diagnostic_message:
gpg_bash_lib_internal_gpg_verify_status_fd_file: /tmp/tmp.Yo5bTfskbf/news/verify_dir/news_gpg/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /tmp/tmp.Yo5bTfskbf/news/verify_dir/news_gpg/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keyring `/tmp/tmp.Yo5bTfskbf/news/verify_dir/news_gpg/secring.gpg' created
gpg: keyring `/tmp/tmp.Yo5bTfskbf/news/verify_dir/news_gpg/pubring.gpg' created
gpg: /tmp/tmp.Yo5bTfskbf/news/verify_dir/news_gpg/trustdb.gpg: trustdb created
gpg: key 2EEACCDA: public key "Patrick Schleizer " imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Fri 20 Oct 2017 12:28:43 PM UTC using RSA key ID 77BB3C48
gpg: Good signature from "Patrick Schleizer "
gpg: Signature notation: issuer-fpr@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
gpg: Signature notation: file@name=whonix_news.tar.xz
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA
Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] SIG_ID hRa1ReiRpE77MHJebmI48OjT9Ts 2017-10-20 1508502523
[GNUPG:] GOODSIG CB8D50BB77BB3C48 Patrick Schleizer
[GNUPG:] NOTATION_NAME issuer-fpr@notations.openpgp.fifthhorseman.net
[GNUPG:] NOTATION_DATA 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
[GNUPG:] NOTATION_NAME file@name
[GNUPG:] NOTATION_DATA whonix_news.tar.xz
[GNUPG:] VALIDSIG 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48 2017-10-20 1508502523 0 4 0 1 10 00 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
[GNUPG:] TRUST_ULTIMATE

INFO: Debian Package Update Check Result: No updates found via apt-get.

INFO: Whonix APT Repository: Enabled. When the Whonix team releases JESSIE updates, they will be AUTOMATICALLY installed (when you run apt-get dist-upgrade) along with updated packages from the Debian team. Please read https://www.whonix.org/wiki/Trust to understand the risk. If you want to change this, use:

dom0 -> Start Menu -> Template: whonix-gw -> Whonix Repository

#2

Whonix package update is also expired. As I try to update Whonix, I get the following error message:

E: Release file for http://deb.whonix.org/dists/jessie/InRelease is expired (invalid since 12h 34min 19s). Updates for this repository will not be applied.

I download the file ‘InRelease’ and find that it has already expired on 20 Oct 2017 12:41:17 UTC


#3

Yes I’m getting that too now. I think we are all getting the same issue, that’s why all these threads are popping up reporting the same thing.

Let’s hope @Patrick solves this by the end of the day.


#4

Re: Whonix news broken. From the history you can see it relates sometimes to website changes and other minor things. Certainly nothing to panic about. Patrick will get to it.

Re:

E: Release file for http://deb.whonix.org/dists/jessie/InRelease is expired (invalid since 4h 16min 58s). Updates for this repository will not be applied.

Well, 2 people out of 1000s are getting it. I’m not.

Have you tried switching your sources to the available .onion sources and retrying?

http://kkkkkkkkkk63ava6.onion/wiki/Security_Guide#Whonix_and_Debian_Packages

I wonder whether your host is out of sync re: the network time. Very possible.

http://kkkkkkkkkk63ava6.onion/wiki/Post_Install_Advice#Network_Time_Syncing


#5

My bad. Was server side and fixed.


#6

Fixed.