Clearsigned file isn't valid msg for my Librem 5

DrTechnical · February 25, 2025, 12:06am

When I try to use apt update in the L5 terminal, I get the “Clearsigned file isn’t valid.” msg.

Any guidance on how to cure this?

FranklyFlawless · February 25, 2025, 12:40am

Print the full command and output.

irvinewade · February 25, 2025, 3:55am

… and in addition confirm what sources you have configured i.e. check /etc/apt/sources.list and /etc/apt/sources.list.d/

… and is network access otherwise working normally?

Moldybook · February 25, 2025, 6:35am

When I type apt upgrade it will often say access denied w: something or other so I type sudo apt upgrade and it just does it. That sudo thing is nice because it skips all the other things I commanded it to block in the past and just does what I’m currently asking it to do.

DrTechnical · February 25, 2025, 7:35pm

The command was: sudo apt update
The error was:
Get:1 Index of /pureos/ byzantium InRelease [7,124 B]
Err:1 Index of /pureos/ byzantium InRelease
Clearsigned file isn’t valid, got ‘NO SPLIT’ (does the network require authentication?)

The same msg appears for all the other libraries.

My network is operating normally. My phone processed update from the PureOS store recently with no problems.

DrTechnical · February 25, 2025, 7:55pm

I found a solution.
The /etc/apt/source.list file had only http URL’s. When I changed them to https, the update and upgrade commands work as expected.
What I don’t understand is how those URL’s got changed to the insecure ones. I did not edit the file prior to today.
Did the insecure URL’s used to be the functional ones?

irvinewade · February 25, 2025, 10:01pm

No.

In fact, I would go further … you can read in this forum some posts, from time to time, going back some years, about updates failing because Purism didn’t roll over the certificate in time, which is obviously only an issue if customers are using https: rather than http: - so I think you can assume that enough customers (if not all customers) are using the https: version, such that a complaint appears in the forum fairly quickly if there is a certificate problem.

If you want to look more closely then

a) confirm the date of last reflash and what version it was (NB: could be ‘never’ if you have not reflashed since receiving the phone, in which case other ‘history’ details would be needed)

b) confirm whether you have ever edited that file subsequent to the reflash

c) check the modification date on the file against “expectations”

d) compare file against backup (if available) / original disk image (if available).

Here’s what my copy looks like

deb https://repo.pureos.net/pureos byzantium main
deb https://repo.pureos.net/pureos byzantium-updates main
deb https://repo.pureos.net/pureos byzantium-security main

and the date on the file matches the date that I reflashed to byzantium at least to month and year.

Moldybook · February 25, 2025, 10:37pm

Pretty smart.