Trisquel 9.0 Mate cannot update!
- Anmelden oder Registrieren um Kommentare zu schreiben
I installed Trisquel 9 Mate and cannot update.I get the error "Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate."
I am a translator!
I copy Ark74's messages from Trisquel's IRC yesterday (someone had the same problem):
you could try do on a terminal: sudo sed -i 's|https|http|g' /etc/apt/sources.list then try updating there is a issue all over the world with a ssl certificate expiring the current iso is a bit old we need to update so is not affected for new users installed systems are not affected
Using http instead of https as suggested is not so secure, you could also wait for the iso to be updated, perhaps it will be very soon.
I had a similar issue, more details here:
https://trisquel.info/en/forum/ca-certificate-issue-while-installing-any-package#comment-161242
I tried Ark74's suggestions to use http instead of https, as posted by Avron. But it still won't upgrade, due to errors related to the SyncThing and Mailpile repos:
Err:8 https://apt.syncthing.net syncthing Release
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Ign:9 https://www.mailpile.is/deb release InRelease
Err:10 https://www.mailpile.is/deb release Release
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
Reading package lists... Done
E: The repository 'https://apt.syncthing.net syncthing Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://packages.mailpile.is/deb release Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
Any suggestions?
After following Ark74's suggestion, I tried disabling the SyncThing and Mailpile repos in System > Admin > Software & Updates. Apt update and apt upgrade now run but says there are no new packages.
Installing from HTTP instead of HTTPS is something not secure I mean changing protocol from sources.list is not risky as we are just downloading repo from trisquel Servers ?
I am a translator!
I already raised that and Ark74 answered this: https://trisquel.info/fr/forum/trisquel-90-mate-cannot-update#comment-160937
I will try Ark74's suggestion.Thank you Avron!
On Fri Oct 1 2021 UTC 13:11 I posted in this same topic:
I have been using Trisquel9 (Etiona) as a live USB and installing Geany, Gnumeric and mtPaint for at least the last fortnight without problems but this morning I couldn't.
My request was replied by the terminal as can be seen in the attachment.
PS: Sat Oct 2 2021 15:18 UTC
I have solved my problem using Ark74's IRC message that was forwarded by Avron and worked for GeorgeK
Thanks to all of you!
I have updated my system.Is there any way i can enable https only again for updating?
Try the reverse,
sudo sed -i "s|http|https|g" /etc/apt/sources.list
About http not being secure in this specific use, I partially disagree, since you are not pulling or sending personal information but connecting to a publicly available, worldwide accessible repository of packages.
So using https is kind of an added layer of security but not make it secure in a operative sense with the OS package manager.
All the packages are signed with gpg, so even they are pulled using https or htpp directly, over a proxy cache system, CD/DVD if the signature is tainted, or wrong then you'll be alerted and it won't install any package.
That is standard security for any package system distribution for all/(most) GNU/Linux systems.
Is it flawless to any kind of attack in the XXI century, maybe not, but does using SSL will be the be-all and end-all?, don't think so either.
I am a translator!
Thanks for the explanations, I did not think that much before writing and forgot about the gpg signature.
Besides, I noticed that by default Debian seems not to use ssl, I don't know why.
It is much simpler for using a proxy cache when using http instead of https
I guess that simplifies the work for the people using proxy cache for saving bandwidth on both ends, Debian servers and users under the proxy.
It does too at home for trisquel repos. ;)
Thank you Ark74!
Thank-you for the help we are getting in advance:
I tried ark74's suggestion literally.
This confirms that I am running a corrupt distro as the forum language switched to French in the process!
Will follow up when I will have downloaded and installed from a T9.1 ISO
I am a translator!
Maybe you followed my link above to the forum that has "fr" in it, since I am set in French. When I follow a link from someone to the forum, I have the language switched as well.
you used the command to change from http > https
not the one to change from https > http (this one you needed).
Edit manually the sources.lits file to fix the double s at "httpss"
regards
Thank you again Ark74 for the help.
In the meantime I found and installed the Triskel 9.02 iso that installs the KDE Plasma desktop nicely on a 10 year old acer Aspire which had refused to launch the T10.00 iso.
I was pleased to discover that apt-get --update and apt-get --install work despite the Plasma gui terminating its version of add/remove programs.
Unfortunately shortcuts cannot be defined for simpler older programs like scite, and mate-terminal which allows copying a bash session to the clipboard. I suppose this should be addressed to the KDE people.
Regards, Martins
- Anmelden oder Registrieren um Kommentare zu schreiben