Offline for a few years... update needed!

Hi!

My Librem15 has been offline for 3 years. I just tried to apt-get update, and I got a bunch of "Permission denied"s and “Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification.

Apparently, I’ve been very out of the loop, and hadn’t heard that PureOS8 green was replaced by PureOS9 amber almost the same amount of time ago.

I found the following advice in the Stuck on PureOS8 green thread:

As to how upgrade from green to amber, this requires manually editing /etc/apt/sources.list and replacing all references to “green” with “amber”.

Sounded simple enough. Thanks @Dwaff! :slight_smile: I went ahead and changed “green” to “amber” in the sources.list file using this command that I tracked down elsewhere:
sudo nano /etc/apt/sources.list

So, now things look like this:
cat /etc/apt/sources.list
deb https://repo.pureos.net/pureos/ amber main
deb https://repo.puri.sm/pureos amber main

cat /etc/*-release
DISTRIB_ID=PureOS
DISTRIB_RELEASE=8
DISTRIB_CODENAME=green
DISTRIB_DESCRIPTION=“PureOS GNU/Linux 8”
ID=pureos
NAME=PureOS
PRETTY_NAME=PureOS
VERSION_ID=8
VERSION_CODENAME=green
HOME_URL=“https://pureos.net/
SUPPORT_URL=“https://puri.sm/faq/#faq-pureosandsoftware
BUG_REPORT_URL=“https://tracker.pureos.net/

That doesn’t seem right, does it?
Why is it hanging onto the old OS info?
Am I missing some crucial step?

Thanks!

Updating, I would guess.

Haha, yes, just tried to do an apt-get update and an update in Software, but got this derailment:
apt-get update
E: Type ‘“deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list
E: The list of sources could not be read.

I had tried to install the Brave browser previously using @Caliga’s instructions, but must’ve fumbled somewhere. Not sure how to correct this:
Type ‘“deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list
:frowning:

The devil lies in details.
First, the certifiates for https transport are not there anymore - they expired. So the update will fail. The simplest thing to do about it is to temporarily replace https with http in the /etc/apt/sources.list (and hope that nobody is out to get you while you are exposing yourself to the mitm attacks this way).

Then do one update from Software, and then revert back to https in the sources.list.

However, 3 years is a long time. Amber is not a latest release anymore.
What I would do would be to back up my data, and install Byzantium from scratch.

4 Likes

Thanks (again), @Dwaff!
I think I will first try your http suggestion and see how it goes.
With regards to jumping ahead to Byzantium, I was uncertain if it’s ok protocol to leapfrog an OS version (i.e., Amber in this case). Plus, it seems that folks are still encountering issues with Byzantium, no?
Appreciate your thoughtful thoroughness!

This is the best release for your laptop and the one that you are about to install while the rest of us live in Summer of 2022. Secondly and only way (up to my current thought) to keep (in the meantime) your PureOS Amber is to go back to deb https://repo.pureos.net/pureos/ ... and read/follow this post: Apt-key error can't apt-get update.

1 Like

True but, technically speaking, signed content is safe to download over an insecure channel. That assumes of course that the important pieces of PureOS (needed to get the certificates up to date at least) are indeed signed.

2 Likes

Ok, I followed the http suggestion from@Dwaff, and Software now says it’s up to date despite these 2 pop-up alerts…

Unable to get list of updates:
failed to refresh cache: E: Type ‘"deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list

Unable to download updates from"extensions.gnome.org": failed to download https://extensions.gnome.org//static/extensions.json: SSL handshake failed

When I ran cat /etc/-release* , it still lists PureOS8 green. :slightly_frowning_face:

Plus, as additional proof of failure, when I actually open Software, it only lists stuff from dl.flathub.org (which I erroneously added a long while ago, and haven’t figured out how to remove, sigh!).

So, I’m now trying to install Byzantium (as @Dwaff and @Quarnero advised).
Does this simply involve editing the etc/apt/sources.list from green to byzantium? Or does “from scratch” entail some other process (besides backing up my system)?

Regardless, I haven’t been able to proceed with anything due to this issue:
E: Type ‘“deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list
E: The list of sources could not be read.

I don’t know how to remove these offending entries:
cat /etc/apt/sources.list /etc/apt/sources.list.d/*

deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/stable main”
deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com/stable main”

@Caliga, could you please help me out? I thought I followed your Brave installation instructions correctly, but must’ve blundered.

Thanks, everyone!

Sounds as if that file just has a character glitch in it. However you need to quote your text with backquotes if pasting into the forum. Otherwise I don’t trust that we are seeing what you are seeing. Or give us a screen shot of the top of that file.

Typically any apt source in the subdirectory (sources.list.d) is non-critical. You can delete the file and the error will go away and the computer will still boot (but of course then Brave won’t update any more).

To be clear … the first character on every line in an apt source file is either the hash character (for a comment) or the d character of deb. Is that what you have??

1 Like

Thanks for your help!

Here’s a screenshot of the alert…
screenshot062622

And here’s one of my etc/apt folder…

And one of the opened brave-browser-release.list file…

I can’t seem to delete or edit that file nor the brave-browser-release.list.save file that has the same quotation mark problem.

Right-clicking doesn’t give me a “move to trash” option and when I open them, they say “read only”.

So, I assume that I need to do this as root in Terminal, but can’t recall how. Sorry if this is a no-brainer, but I’m a step-above-noob in Linux with a foggy memory. :confused:

You can either do it in the terminal with

sudo nano /etc/apt/sources.list

Or run it in gedit, just replace “nano” with “gedit” above.

1 Like

As @irvinewade kindly recommended in his post, please remove following:
sudo rm /etc/apt/sources.list.d/*
sudo apt update

Optionally:
sudo rm /etc/apt/sources.list.save*
sudo apt update

1 Like

The previous posts basically covered it but

Yes. You need to edit the file (or delete the file) as root. For many commands, by prefixing the command with sudo you will execute the command as root.

I think you’ve understood the issue. This can be a problem when giving instructions in a forum. The person who gave you those instructions enclosed the text in quote marks but did not intend the quote marks themselves to go into the file.

If Brave didn’t ever get installed, due to the erroneous quote marks, then just delete the file as root, do all the operating system upgrades, and then attempt to install Brave after the upgrade.

2 Likes

Just a remark:
https://pureos.net/download/
Has instructions on upgrade, but apparently you’re still on green?
Not so sure this will go smoothly.
As @irvinewade said, first remove the brave file.
Then backup your full home diectory, e.g.

cp -a /home/poorme /media/myexternaldrive

Then, drop to a real (non-graphical) terminal, e.g. with Ctrl+Alt+F3 and attempt the upgrade. If it goes wrong or you rather want a clean install, follow normal installation procedure after that.
Finally, restore your home. Best way to do that is, again, on a real terminal, copy back your backup, then rename the current profile and swap in the backup. Reboot.

sudo cp -a /media/mydrive/poorme /home/poorme.temp
sudo mv /home/poorme /home/poorme.old
sudo mv /home/poorme.temp /home/poorme
ls -lah /home/ # check if poorme is owned by poorme. If not, use chown poorme:poorme
reboot

Warning. Didn’t test the above :upside_down_face:

Thanks everyone!

I’ve successfully removed the problematic files with sudo rm, but sudo apt update resulted in this:

~$ sudo apt update
Ign:1 https://repo.puri.sm/pureos amber InRelease
Err:2 https://repo.puri.sm/pureos amber Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 138.201.228.45 443]
Ign:3 https://repo.pureos.net/pureos amber InRelease
Err:4 https://repo.pureos.net/pureos amber Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 138.201.228.45 443]
Reading package lists… Done
E: The repository ‘https://repo.puri.sm/pureos amber Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository ‘https://repo.pureos.net/pureos amber Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Sorry, @irvinewade, I don’t know how to quote my text with backquotes. :slightly_frowning_face: Can you please advise?

It seems I should now go with @Dwaff’s suggestion…

@Caliga, thanks for your helpful guidance in this similar direction. I just want to make sure that I understand your instructions before I proceed, so…
I should plug in an external drive, then replace all instances of “poorme” with my own user name, and “myexternaldrive” with the name of the external drive, yes?

I appreciate your added warning. I’ll be the guinea pig, haha! :woozy_face:

1 Like

Good move! Therefore reminding here to:

Temporary workaround: Librem 5 will not update with wifi

The following is approximately the documentation for the features supported by the forum software in the subcategory of Markdown. https://commonmark.org/help/

Look at the last two features (those involving the backquote character).

The forum software is complicated though because it allows you to mix and match features from Markdown, features from BBCode and features from HTML (and with generally incomplete documentation).

More comprehensive discussion: https://meta.discourse.org/t/post-format-reference-documentation/19197

1 Like

Yes. If you open your external drive in the file browser and then press Ctrl+L (location) it should show you the exact path in the address bar.

Oh, and of course I assumed all your important data is in your home directory. That’s usually the case.

1 Like

Thanks, @Quarnero!

I’ve read through that post a few times, but am not quite sure if I understand how it pertains to my situation. Isn’t the issue in my case an expired certificate and not a missing gpg or apt-key error?

I checked /etc/apt/trusted.gpg.d and a file named pureos-archive-keyring.gpg is definitely in there.
When I ran apt list pureos-archive-keyring, it said
Listing... Done pureos-archive-keyring/now 2016.09 all [installed,local]

So, is 2016.09 the date of its creation? I.e., is it old and in need of replacement by following your instructions to sudo apt reinstall pureos-archive-keyring, etc?

Or should I instead try the temporarily “switch https to http” workaround that @irvinewade and @Dwaff both suggested?

Or simply jump to a clean install of Byzantium as per the advising of @Dwaff, @Gavaudan and @Caliga?

1 Like