My Librem15 has been offline for 3 years. I just tried to apt-get update, and I got a bunch of "Permission denied"s and “Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification.”
Apparently, I’ve been very out of the loop, and hadn’t heard that PureOS8 green was replaced by PureOS9 amber almost the same amount of time ago.
As to how upgrade from green to amber, this requires manually editing /etc/apt/sources.list and replacing all references to “green” with “amber”.
Sounded simple enough. Thanks @Dwaff! I went ahead and changed “green” to “amber” in the sources.list file using this command that I tracked down elsewhere:
sudo nano /etc/apt/sources.list
Haha, yes, just tried to do an apt-get update and an update in Software, but got this derailment:
apt-get update
E: Type ‘“deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list
E: The list of sources could not be read.
I had tried to install the Brave browser previously using @Caliga’s instructions, but must’ve fumbled somewhere. Not sure how to correct this:
Type ‘“deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list
The devil lies in details.
First, the certifiates for https transport are not there anymore - they expired. So the update will fail. The simplest thing to do about it is to temporarily replace https with http in the /etc/apt/sources.list (and hope that nobody is out to get you while you are exposing yourself to the mitm attacks this way).
Then do one update from Software, and then revert back to https in the sources.list.
However, 3 years is a long time. Amber is not a latest release anymore.
What I would do would be to back up my data, and install Byzantium from scratch.
Thanks (again), @Dwaff!
I think I will first try your http suggestion and see how it goes.
With regards to jumping ahead to Byzantium, I was uncertain if it’s ok protocol to leapfrog an OS version (i.e., Amber in this case). Plus, it seems that folks are still encountering issues with Byzantium, no?
Appreciate your thoughtful thoroughness!
This is the best release for your laptop and the one that you are about to install while the rest of us live in Summer of 2022. Secondly and only way (up to my current thought) to keep (in the meantime) your PureOS Amber is to go back to debhttps://repo.pureos.net/pureos/ ... and read/follow this post: Apt-key error can't apt-get update.
True but, technically speaking, signed content is safe to download over an insecure channel. That assumes of course that the important pieces of PureOS (needed to get the certificates up to date at least) are indeed signed.
Ok, I followed the http suggestion from@Dwaff, and Software now says it’s up to date despite these 2 pop-up alerts…
Unable to get list of updates:
failed to refresh cache: E: Type ‘"deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list
When I ran cat /etc/-release* , it still lists PureOS8 green.
Plus, as additional proof of failure, when I actually open Software, it only lists stuff from dl.flathub.org (which I erroneously added a long while ago, and haven’t figured out how to remove, sigh!).
So, I’m now trying to install Byzantium (as @Dwaff and @Quarnero advised).
Does this simply involve editing the etc/apt/sources.list from green to byzantium? Or does “from scratch” entail some other process (besides backing up my system)?
Regardless, I haven’t been able to proceed with anything due to this issue: E: Type ‘“deb’ is not known on line 1 in source list /etc/apt/sources.list.d/brave-browser-release.list E: The list of sources could not be read.
I don’t know how to remove these offending entries: cat /etc/apt/sources.list /etc/apt/sources.list.d/*
Sounds as if that file just has a character glitch in it. However you need to quote your text with backquotes if pasting into the forum. Otherwise I don’t trust that we are seeing what you are seeing. Or give us a screen shot of the top of that file.
Typically any apt source in the subdirectory (sources.list.d) is non-critical. You can delete the file and the error will go away and the computer will still boot (but of course then Brave won’t update any more).
To be clear … the first character on every line in an apt source file is either the hash character (for a comment) or the d character of deb. Is that what you have??
I can’t seem to delete or edit that file nor the brave-browser-release.list.save file that has the same quotation mark problem.
Right-clicking doesn’t give me a “move to trash” option and when I open them, they say “read only”.
So, I assume that I need to do this as root in Terminal, but can’t recall how. Sorry if this is a no-brainer, but I’m a step-above-noob in Linux with a foggy memory.
Yes. You need to edit the file (or delete the file) as root. For many commands, by prefixing the command with sudo you will execute the command as root.
I think you’ve understood the issue. This can be a problem when giving instructions in a forum. The person who gave you those instructions enclosed the text in quote marks but did not intend the quote marks themselves to go into the file.
If Brave didn’t ever get installed, due to the erroneous quote marks, then just delete the file as root, do all the operating system upgrades, and then attempt to install Brave after the upgrade.
Just a remark: https://pureos.net/download/
Has instructions on upgrade, but apparently you’re still on green?
Not so sure this will go smoothly.
As @irvinewade said, first remove the brave file.
Then backup your full home diectory, e.g.
cp -a /home/poorme /media/myexternaldrive
Then, drop to a real (non-graphical) terminal, e.g. with Ctrl+Alt+F3 and attempt the upgrade. If it goes wrong or you rather want a clean install, follow normal installation procedure after that.
Finally, restore your home. Best way to do that is, again, on a real terminal, copy back your backup, then rename the current profile and swap in the backup. Reboot.
sudo cp -a /media/mydrive/poorme /home/poorme.temp
sudo mv /home/poorme /home/poorme.old
sudo mv /home/poorme.temp /home/poorme
ls -lah /home/ # check if poorme is owned by poorme. If not, use chown poorme:poorme
reboot
I’ve successfully removed the problematic files with sudo rm, but sudo apt update resulted in this:
~$ sudo apt update
Ign:1 https://repo.puri.sm/pureos amber InRelease
Err:2 https://repo.puri.sm/pureos amber Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 138.201.228.45 443]
Ign:3 https://repo.pureos.net/pureos amber InRelease
Err:4 https://repo.pureos.net/pureos amber Release
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 138.201.228.45 443]
Reading package lists… Done
E: The repository ‘https://repo.puri.sm/pureos amber Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository ‘https://repo.pureos.net/pureos amber Release’ does not have a Release file.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Sorry, @irvinewade, I don’t know how to quote my text with backquotes. Can you please advise?
It seems I should now go with @Dwaff’s suggestion…
@Caliga, thanks for your helpful guidance in this similar direction. I just want to make sure that I understand your instructions before I proceed, so…
I should plug in an external drive, then replace all instances of “poorme” with my own user name, and “myexternaldrive” with the name of the external drive, yes?
I appreciate your added warning. I’ll be the guinea pig, haha!
The following is approximately the documentation for the features supported by the forum software in the subcategory of Markdown. https://commonmark.org/help/
Look at the last two features (those involving the backquote character).
The forum software is complicated though because it allows you to mix and match features from Markdown, features from BBCode and features from HTML (and with generally incomplete documentation).
I’ve read through that post a few times, but am not quite sure if I understand how it pertains to my situation. Isn’t the issue in my case an expired certificate and not a missing gpg or apt-key error?
I checked /etc/apt/trusted.gpg.d and a file named pureos-archive-keyring.gpg is definitely in there.
When I ran apt list pureos-archive-keyring, it said Listing... Done pureos-archive-keyring/now 2016.09 all [installed,local]
So, is 2016.09 the date of its creation? I.e., is it old and in need of replacement by following your instructions to sudo apt reinstall pureos-archive-keyring, etc?
Or should I instead try the temporarily “switch https to http” workaround that @irvinewade and @Dwaff both suggested?
Or simply jump to a clean install of Byzantium as per the advising of @Dwaff, @Gavaudan and @Caliga?