Clearsigned file isn't valid msg for my Librem 5

When I try to use apt update in the L5 terminal, I get the “Clearsigned file isn’t valid.” msg.

Any guidance on how to cure this?

1 Like

Print the full command and output.

… and in addition confirm what sources you have configured i.e. check /etc/apt/sources.list and /etc/apt/sources.list.d/

… and is network access otherwise working normally?

1 Like

When I type apt upgrade it will often say access denied w: something or other so I type sudo apt upgrade and it just does it. That sudo thing is nice because it skips all the other things I commanded it to block in the past and just does what I’m currently asking it to do.

1 Like

The command was: sudo apt update
The error was:
Get:1 Index of /pureos/ byzantium InRelease [7,124 B]
Err:1 Index of /pureos/ byzantium InRelease
Clearsigned file isn’t valid, got ‘NO SPLIT’ (does the network require authentication?)

The same msg appears for all the other libraries.

My network is operating normally. My phone processed update from the PureOS store recently with no problems.

1 Like

I found a solution.
The /etc/apt/source.list file had only http URL’s. When I changed them to https, the update and upgrade commands work as expected.
What I don’t understand is how those URL’s got changed to the insecure ones. I did not edit the file prior to today.
Did the insecure URL’s used to be the functional ones?

3 Likes

No.

In fact, I would go further … you can read in this forum some posts, from time to time, going back some years, about updates failing because Purism didn’t roll over the certificate in time, which is obviously only an issue if customers are using https: rather than http: - so I think you can assume that enough customers (if not all customers) are using the https: version, such that a complaint appears in the forum fairly quickly if there is a certificate problem.

If you want to look more closely then

a) confirm the date of last reflash and what version it was (NB: could be ‘never’ if you have not reflashed since receiving the phone, in which case other ‘history’ details would be needed)

b) confirm whether you have ever edited that file subsequent to the reflash

c) check the modification date on the file against “expectations”

d) compare file against backup (if available) / original disk image (if available).

Here’s what my copy looks like

deb https://repo.pureos.net/pureos byzantium main
deb https://repo.pureos.net/pureos byzantium-updates main
deb https://repo.pureos.net/pureos byzantium-security main

and the date on the file matches the date that I reflashed to byzantium at least to month and year.

2 Likes

Pretty smart.

1 Like

Is there a way to rebuild the certificates on my Librem 5?

1 Like

Are you now trying to solve a different problem or is the original problem not solved??

1 Like

The original problem was not solved. I have verified that my Librem 5 date and time are set correctly, so I am at a loss to figure out why “sudo apt update” does not want to connect to the HTTPS versions of the repositories that I verified are the same as yours.

1 Like

You can test what a system thinks of a certificate by e.g.
dropping https://repo.pureos.net/pureos
in a web browser and navigating around directories.

You can also wget a file to see what the system thinks of a certificate e.g.

wget -O dummy.deb https://repo.pureos.net/pureos/pool/main/f/firefox-esr/firefox-esr-l10n-en-gb_128.8.0esr-1~deb12u1_all.deb

which for me gives output including
Connecting to repo.pureos.net (repo.pureos.net)|49.13.57.135|:443... connected.

Note port 443, and there was no complaint about the certificate.

1 Like