Release announcement: Trisquel 9.0.1 Etiona security update

16 respostas [Última entrada]
quidam

I am a member!

I am a translator!

Desconectado
Joined: 12/22/2004

Images are available at https://trisquel.info/download or directly at
https://cdimage.trisquel.info/ and its mirrors.

This minor update to the 9.x "Etiona" series is intended to provide an
up to date set of ISO images, both for use as an installation medium and
as a live environment with newer packages. This addresses two main
security concerns in the 9.0 original ISO images:

* An outdated Certificate Authority collection (package
ca-certificates) included an expired root certificate for LetsEncrypt,
resulting in blocked access to repositories for new packages or updates.
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

* Overlooked binary blobs were found in versions of Linux-Libre prior
to v5.14. Updated packages were added to the Trisquel repositores to
correct the issue, and new ISO images were produced to include the fix.
http://www.fsfla.org/pipermail/linux-libre/2021-August/003439.html

Along with those fixes, the release includes any other security update
published upstream since we published Etiona, and the latest version of
the Mozilla-based "Abrowser" (v93).

These updates will contribute to keep the v9.0 branch in good working
order as it will continue to be actively maintained until April 2023.

In other news, the development of Trisquel 10 is ongoing at great pace,
with initial ISO images being now available for testing at
https://cdbuilds.trisquel.org/nabia/ Please note that these images are
not yet intended for production usage, so use them only for testing and
development or (as it is true in any case) at your own risk.

Magic Banana

I am a member!

Desconectado
Joined: 07/24/2010

Thank you for the good news and, one more time, for your great work!

andyprough
Desconectado
Joined: 02/12/2015

nabia is quite pleasant to work with so far. I haven't found any problems with it. Nice work @quidam and devs.

loldier
Desconectado
Joined: 02/17/2016

A few minor issues:

https://trisquel.info/en/forum/samsung-scx-4200-scanner

https://trisquel.info/en/forum/trisquel-10-keyboard-indicator-missing

https://trisquel.info/en/forum/forward-triskel-100-beta-capable-install-and-boot#comment-161214

##EDIT##

Moreover, I have a hard time getting the ISO at one go. There seems to be a bandwidth problem on the server. The download is interrupted, usually every 1.01 GB, and then resumed.

wget_209.51.188.51.png
Gnu
Gnu
Desconectado
Joined: 03/08/2012

To verify the iso:

gpg -o trisquel-netinst_9.0.1_amd64.iso -d trisquel-netinst_9.0.1_amd64.iso.asc

Dave_Hunt

I am a member!

Desconectado
Joined: 09/19/2011

I, too, note the possible bandwidth problem on the server. I finally got a good download on the 4th try. Also, the torrent seemed not to work. I have Nabia on one machine. On another, I tried to upgrade Etiona to Nabia. I'll just go ahead and install from the iso.

quidam

I am a member!

I am a translator!

Desconectado
Joined: 12/22/2004

Thanks for the reports, there are several problems and a 9.0.2 release is in the works.

quidam

I am a member!

I am a translator!

Desconectado
Joined: 12/22/2004

Test message (working on mail servers)

Gnu
Gnu
Desconectado
Joined: 03/08/2012

gpg -o sha256sum.txt -d sha256sum.txt.asc

linuc
Desconectado
Joined: 10/17/2021

Unfortunately the server is so extremely slow that a download would take up to 80 hours. I'd rather wait a week before installing the new ISO ;-)

lanun
Desconectado
Joined: 04/01/2021

If this is an option for you, you might use the torrent file instead:

https://cdimage.trisquel.info/trisquel-images/trisquel-mini_9.0.1_amd64.iso.torrent

GNUbahn
Desconectado
Joined: 02/18/2016

Thanks for the continuous work on maintaining Trisquel.

Which would be the better/easier way to upgrade to version 9.0.1? Will one have to do a 'regular' installation via a usb pen or cd/dvd?

I tried to use the following commands without luck:

'do-release-upgrade'
$ sudo do-release-upgrade
Checking for a new Trisquel release
There is no development version of an LTS available.
To upgrade to the latest non-LTS develoment release
set Prompt=normal in /etc/update-manager/release-upgrades.

'do-release-upgrade -d' (https://trisquel.info/en/forum/distro-upgrade-documentation#comment-154808)
$ sudo do-release-upgrade -d
Checking for a new Trisquel release
There is no development version of an LTS available.
To upgrade to the latest non-LTS develoment release
set Prompt=normal in /etc/update-manager/release-upgrades.

'sudo sed -i s/flidas/etiona/ /etc/apt/sources.list && sudo apt update && sudo apt full-upgrade' (https://trisquel.info/en/forum/how-upgrade-trisquel-8-trisquel-9#comment-154948)
$ sudo sed -i s/flidas/etiona/ /etc/apt/sources.list && sudo apt update && sudo apt full-upgrade
[sudo] password for jcb:
Get:1 https://packages.riot.im/debian default InRelease [2.892 B]
Err:1 https://packages.riot.im/debian default InRelease
The following signatures were invalid: EXPKEYSIG C2850B265AC085BD riot.im packages <name at domain>
Ign:2 https://archive.trisquel.info/trisquel etiona InRelease
Ign:3 https://archive.trisquel.info/trisquel etiona-security InRelease
Ign:4 https://archive.trisquel.info/trisquel etiona-updates InRelease
Err:5 https://archive.trisquel.info/trisquel etiona Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Err:6 https://archive.trisquel.info/trisquel etiona-security Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Err:7 https://archive.trisquel.info/trisquel etiona-updates Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.riot.im/debian default InRelease: The following signatures were invalid: EXPKEYSIG C2850B265AC085BD riot.im packages <name at domain>
E: The repository 'https://archive.trisquel.info/trisquel etiona Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://archive.trisquel.info/trisquel etiona-security Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://archive.trisquel.info/trisquel etiona-updates Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

It appears that I have had the same issue before: https://trisquel.info/en/forum/do-release-upgrade-doesnt-work

But this time I do not have 'any software installed via other PPA's (e.g. micahflee's PPA) or downloaded from other sites (e.g. https://sogo.nu/download.html#/frontends)?'

My etc/apt/sources.list only contains entries of Etonia:
#deb cdrom:[Trisquel 9.0 _etiona_ - Release amd64 (20201018)]/ etiona main
# Trisquel repositories for supported software and updates
deb https://archive.trisquel.info/trisquel/ etiona main
deb-src https://archive.trisquel.info/trisquel/ etiona main
deb https://archive.trisquel.info/trisquel/ etiona-security main
deb-src https://archive.trisquel.info/trisquel/ etiona-security main
deb https://archive.trisquel.info/trisquel/ etiona-updates main
deb-src https://archive.trisquel.info/trisquel/ etiona-updates main
#deb https://archive.trisquel.info/trisquel/ etiona-backports main
#deb-src https://archive.trisquel.info/trisquel/ etiona-backports main

Magic Banana

I am a member!

Desconectado
Joined: 07/24/2010

EDIT: I read too rapidly what your post and thought you wanted to upgrade to Trisquel 10 rather than 9.0.1. As lanun wrote, you need not do anything (and should therefore ignore what I wrote below) but regular updates to have Trisquel 9.0.1. Sorry!

'sudo sed -i s/flidas/etiona/ /etc/apt/sources.list && sudo apt update && sudo apt full-upgrade'

s/flidas/etiona/ substitutes "flidas" (Trisquel 8's code name) for "etiona" (Trisquel 9's code name). Because you currently use Trisquel 9 and Trisquel 10's code name is "nabia", here is the proper command line:
$ sudo sed -i s/etiona/nabia/ /etc/apt/sources.list && sudo apt update && sudo apt full-upgrade

Backup the user data before that: Trisquel 10 is not production-ready yet!

lanun
Desconectado
Joined: 04/01/2021

> Which would be the better/easier way to upgrade to version 9.0.1?

If you have installed Trisquel 9.0 Etiona, you should only need to keep it updated. Whatever Trisquel 9.0.1 Etiona ships with will also be udapted on a 9.0 install.

People who would wish install now had better use the new iso (Trisquel 9.0.1), in order to spare themselves a whole year of updates after install, including the critical ones mentioned in the OP.

GNUbahn
Desconectado
Joined: 02/18/2016

This is what I initially thought, but then I got this response:$ sudo apt update
[sudo] password for jcb:
Get:1 https://packages.riot.im/debian default InRelease [2.892 B]
Err:1 https://packages.riot.im/debian default InRelease
The following signatures were invalid: EXPKEYSIG C2850B265AC085BD riot.im packages <name at domain>
Ign:2 https://archive.trisquel.info/trisquel etiona InRelease
Ign:3 https://archive.trisquel.info/trisquel etiona-security InRelease
Ign:4 https://archive.trisquel.info/trisquel etiona-updates InRelease
Err:5 https://archive.trisquel.info/trisquel etiona Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Err:6 https://archive.trisquel.info/trisquel etiona-security Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Err:7 https://archive.trisquel.info/trisquel etiona-updates Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 209.51.188.51 443]
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.riot.im/debian default InRelease: The following signatures were invalid: EXPKEYSIG C2850B265AC085BD riot.im packages <name at domain>
E: The repository 'https://archive.trisquel.info/trisquel etiona Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://archive.trisquel.info/trisquel etiona-security Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://archive.trisquel.info/trisquel etiona-updates Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

... and since the update has to do with a certificate issue, I thought it might be necessary with a new installation.

Can you help me to identify the problem?

Ark74

I am a member!

Desconectado
Joined: 07/15/2009
GNUbahn
Desconectado
Joined: 02/18/2016

Thanks. Problem solved.