Hello
I can’t seem to update the Tor browser in whonix-ws-16
template (13.0.9 → 13.0.10). It always fails at signature verification. It says the key has expired.
However, I can update the browser in a disposable whonix-ws-16-dvm
session - the browser does it automatically.
I have always updated the whonix-ws-16
template before I attempt using the Tor Browser Downloader
tool EDIT: via the Qubes Updater tool, whether it is indicated (i.e. a tick in the box) or not. (Inspired by
previous discussions here).
I just don’t know how to fix this. Why aren’t keys being updated with a template update? (Supplementary question - how is it working via Tor browser in a disposable whonix-ws-16-dvm
instance?)
Error output follows:
ERROR: Digital signature (GPG) could NOT be verified.
Tor Browser update failed! Try again later.
gpg_bash_lib_output_alright_status: false
gpg_bash_lib_output_failure:
gpg_bash_lib_output_diagnostic_message:
gpg_bash_lib_internal_gpg_verify_status_fd_file: /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keybox '/var/cache/tb-binary/.cache/tb/gpgtmpdir/pubring.kbx' created
gpg: /var/cache/tb-binary/.cache/tb/gpgtmpdir/trustdb.gpg: trustdb created
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) " imported
gpg: Total number processed: 1
gpg: imported: 1
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Tue 20 Feb 2024 12:22:18 PM UTC
gpg: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) " [ultimate]
gpg: Note: This key has expired!
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5 4901 E53D 989A 9E2D 47BF
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] NEWSIG
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] SIG_ID Dv6ryFYw4jPrC0jxlQEdvXbm4tE 2024-02-20 1708431738
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] EXPKEYSIG E53D989A9E2D47BF Tor Browser Developers (signing key)
[GNUPG:] VALIDSIG 613188FC5BE2176E3ED54901E53D989A9E2D47BF 2024-02-20 1708431738 0 4 0 1 10 00 EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23