When I try to use apt update in the L5 terminal, I get the “Clearsigned file isn’t valid.” msg.
Any guidance on how to cure this?
When I try to use apt update in the L5 terminal, I get the “Clearsigned file isn’t valid.” msg.
Any guidance on how to cure this?
Print the full command and output.
… and in addition confirm what sources you have configured i.e. check /etc/apt/sources.list
and /etc/apt/sources.list.d/
… and is network access otherwise working normally?
When I type apt upgrade
it will often say access denied w: something or other so I type sudo apt upgrade
and it just does it. That sudo thing is nice because it skips all the other things I commanded it to block in the past and just does what I’m currently asking it to do.
The command was: sudo apt update
The error was:
Get:1 Index of /pureos/ byzantium InRelease [7,124 B]
Err:1 Index of /pureos/ byzantium InRelease
Clearsigned file isn’t valid, got ‘NO SPLIT’ (does the network require authentication?)
The same msg appears for all the other libraries.
My network is operating normally. My phone processed update from the PureOS store recently with no problems.
I found a solution.
The /etc/apt/source.list file had only http URL’s. When I changed them to https, the update and upgrade commands work as expected.
What I don’t understand is how those URL’s got changed to the insecure ones. I did not edit the file prior to today.
Did the insecure URL’s used to be the functional ones?
No.
In fact, I would go further … you can read in this forum some posts, from time to time, going back some years, about updates failing because Purism didn’t roll over the certificate in time, which is obviously only an issue if customers are using https: rather than http: - so I think you can assume that enough customers (if not all customers) are using the https: version, such that a complaint appears in the forum fairly quickly if there is a certificate problem.
If you want to look more closely then
a) confirm the date of last reflash and what version it was (NB: could be ‘never’ if you have not reflashed since receiving the phone, in which case other ‘history’ details would be needed)
b) confirm whether you have ever edited that file subsequent to the reflash
c) check the modification date on the file against “expectations”
d) compare file against backup (if available) / original disk image (if available).
Here’s what my copy looks like
deb https://repo.pureos.net/pureos byzantium main
deb https://repo.pureos.net/pureos byzantium-updates main
deb https://repo.pureos.net/pureos byzantium-security main
and the date on the file matches the date that I reflashed to byzantium
at least to month and year.
Pretty smart.
Is there a way to rebuild the certificates on my Librem 5?
Are you now trying to solve a different problem or is the original problem not solved??
The original problem was not solved. I have verified that my Librem 5 date and time are set correctly, so I am at a loss to figure out why “sudo apt update” does not want to connect to the HTTPS versions of the repositories that I verified are the same as yours.
You can test what a system thinks of a certificate by e.g.
dropping https://repo.pureos.net/pureos
in a web browser and navigating around directories.
You can also wget
a file to see what the system thinks of a certificate e.g.
wget -O dummy.deb https://repo.pureos.net/pureos/pool/main/f/firefox-esr/firefox-esr-l10n-en-gb_128.8.0esr-1~deb12u1_all.deb
which for me gives output including
Connecting to repo.pureos.net (repo.pureos.net)|49.13.57.135|:443... connected.
Note port 443, and there was no complaint about the certificate.