[Solved] apt problem with dns

[Probzx]

Thanks.

I try both on the same VM and on another VM in the same network.

If I understand correctly, your problematic system is a VM? If so, what is the host system? Does this host have a firewall? Any unusual network features?
Same for your problematic system. Firewall? "Unusual" network features? (like dnsmasq or bind9)
Do you remember when this first happened? Do you have any memories of an event that you could connect to this? (Any changes in your system? A crash? A full file system?)
Have you checked the logs for clues?
Sorry to ask far-fetched questions (since your network seems OK), but it's better to check.

I have some more tests. Could you please post the output of

Code: Select all

#> dpkg --verify

Code: Select all

$> apt policy ca-certificates

Code: Select all

$> md5sum /etc/apt/trusted.gpg{,.d/*}

Code: Select all

$> ls -ld /tmp/ /var/tmp/

Code: Select all

$> df -h; df -i

Code: Select all

#> apt-get check

Code: Select all

#> apt -o "Acquire::ForceIPv4=1" update

Code: Select all

#> apt -o "Acquire::ForceIPv6=1" update

Code: Select all

$> mkdir /tmp/aptdwnldtest/; cd /tmp/aptdwnldtest/
$> apt -o "Debug::Acquire::https=1" -o "Debug::Acquire::http=1" -o "Debug::Acquire::ftp=1" download hello
$> wget https://deb.debian.org/debian/pool/main/h/hello/hello_2.10-3_amd64.deb
$> rm /tmp/aptdwnldtest/*      ### <-- because apt does not attempt a new download if the file exists

Is aptitude installed? If so, is its behaviour the same?

Code: Select all

#> aptitude update

Hello,
Thanks for your help.

The problematic system is a guest Debian virtual machine hosted on a esx hypervisor.
The VM is ont a specific network (DMZ) with other VM. Most of the virtual machines are LAMP server.
I don't use firewall on guest system such ufw.

Here is the output of the different command you ask me.

1 - dpkg --verify

Code: Select all

missing   c /etc/apache2/sites-available/000-default.conf
missing   c /etc/apache2/sites-available/default-ssl.conf
missing     /var/www/html
??5?????? c /etc/sudoers

2 - apt policy ca-certificates

Code: Select all

ca-certificates-java:
  Installé : (aucun)
  Candidat : (aucun)
 Table de version :
ca-certificates:
  Installé : 20230311
  Candidat : 20230311
 Table de version :
 *** 20230311 100
        100 /var/lib/dpkg/status

3 - md5sum /etc/apt/trusted.gpg{,.d/*}

Code: Select all

md5sum: /etc/apt/trusted.gpg: Aucun fichier ou dossier de ce type
55eec060916a9d4a0db7560ab4d7bdce  /etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc
bec0a1224f667bcd1e231b874db9bc4f  /etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc
fac2ec9faba2c2d82c70a6e2805c5b79  /etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc
1f30ce1ba8532d523017acb1a69c106a  /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.asc
9fbe7b0d8ebb38e240aeec6b0830ac7b  /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.asc
85a4c0e5c747a38509b33562d4c950be  /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.asc
10178cd8ac882d2d436857bd0f0bf5ad  /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.asc
8b60b0a24ecff63128cffbb055451931  /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.asc
49a2e1a5cc1922728aea81e00604f9d8  /etc/apt/trusted.gpg.d/debian-archive-buster-stable.asc

4 - ls -ld /tmp/ /var/tmp/

Code: Select all

drwxrwxrwt 11 root root 4096  7 févr. 17:44 /tmp/
drwxrwxrwt  5 root sudo 4096  7 févr. 17:39 /var/tmp/

5 - df -h; df -i

Code: Select all

Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur
udev               3,9G       0  3,9G   0% /dev
tmpfs              795M    624K  794M   1% /run
/dev/sda1           48G    4,0G   42G   9% /
tmpfs              3,9G       0  3,9G   0% /dev/shm
tmpfs              5,0M       0  5,0M   0% /run/lock
tmpfs              795M       0  795M   0% /run/user/0
Sys. de fichiers  Inœuds IUtil.  ILibre IUti% Monté sur
udev             1010808    360 1010448    1% /dev
tmpfs            1016465    571 1015894    1% /run
/dev/sda1        3219456 125844 3093612    4% /
tmpfs            1016465      1 1016464    1% /dev/shm
tmpfs            1016465      3 1016462    1% /run/lock
tmpfs             203293     21  203272    1% /run/user/0

6 - apt-get check

Code: Select all

Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances... Fait
Lecture des informations d'état... Fait

7 - apt -o "Acquire::ForceIPv4=1" update

Code: Select all

Ign:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Ign:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Ign:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Err:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
  Temporary failure resolving 'ftp.u-strasbg.fr'
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://ftp.u-strasbg.fr/debian/dists/bookworm/InRelease  Temporary failure resolving 'ftp.u-strasbg.fr'
W: Some index files failed to download. They have been ignored, or old ones used instead.

8 - apt -o "Acquire::ForceIPv6=1" update

Code: Select all

Ign:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Ign:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Ign:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Err:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
  Temporary failure resolving 'ftp.u-strasbg.fr'
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://ftp.u-strasbg.fr/debian/dists/bookworm/InRelease  Temporary failure resolving 'ftp.u-strasbg.fr'
W: Some index files failed to download. They have been ignored, or old ones used instead.

9 - apt -o "Debug::Acquire::https=1" -o "Debug::Acquire::http=1" -o "Debug::Acquire::ftp=1" download hello

Code: Select all

E: Unable to locate package hello

10 - The wget work without any problem.

[fabien]

Hello, thanks,
I start with some missing elements that I can't interpret for sure as negative answers to my questions

Do you remember when this first happened? Do you have any memories of an event that you could connect to this? (Any changes in your system? A crash? A full file system?)
Have you checked the logs for clues?
[...]
Is aptitude installed? If so, is its behaviour the same?

Code: Select all

#> aptitude update

What is the output of (important: as user, not root)

Code: Select all

$> LANG="C" ls -la /var/lib/apt/*

Code: Select all

$> mawk 'BEGIN{FS=":"} NR==FNR{if (/_apt/){print $1,$3,$4; uid=$3}} NR!=FNR{if ($3==uid){print $3"="$1}}' /etc/passwd{,}

Code: Select all

$> md5sum /var/lib/dpkg/info/ca-certificates*

Code: Select all

$> LANG="C" ls -l /etc/ca-certificates.conf

Code: Select all

$>  cat /etc/ca-certificates.conf

Code: Select all

$> md5sum /etc/ssl/certs/ca-certificates.crt

Edit: forgot the important part below:

Code: Select all

#> update-ca-certificates -v       ### as root this one. Please post the output.

Code: Select all

$> md5sum /etc/ssl/certs/ca-certificates.crt      ### again

Code: Select all

$> LANG="C" ls -la /etc/ssl/

Code: Select all

$> LANG="C" ls -l /etc/ssl/certs/

Code: Select all

$> LANG="C" ls -lL /etc/ssl/certs/

Code: Select all

$> LANG="C" ls -ld /usr/share/ca-certificates/mozilla/

10 - The wget work without any problem.

Did you test as user, not root?

Code: Select all

$> mkdir /tmp/aptdwnldtest/; cd /tmp/aptdwnldtest/
$> LANG="C" wget https://deb.debian.org/debian/pool/main/h/hello/hello_2.10-3_amd64.deb

(please paste the output)

What about

Code: Select all

#> LANG="C" apt -o "APT::Sandbox::User=root" update

?

[Aki]

Hello @Probzx,

Can you please send also an *exact binary copy* of your /etc/apt/sources.list ? You can do it with the following commands:

Code: Select all

gzip -k /etc/apt/sources.list

Then, you can attach the file sources.list.gz to the next message.

Can you send exact binary copies of some files used by gethostbyname() function ?

Code: Select all

tar zcvf gethostbyname.tar.gz /etc/host.conf /etc/hosts /etc/nsswitch.conf

Then, you can attach the file gethostbyname.tar.gz to the next message

Is systemd-resoved installed or not ? You can check with the following command:

Code: Select all

apt list systemd-resolved 

Thanks.

[Probzx]

Hello,

Sorry for the late reply.

I had to start my answer a second time because the first one didn't register correctly and I forgot to answer some questions:

- Aptitude is not installed on this server. Is it necessary to do so?
- I can't date the day when the server began to malfunction. According to the web service provider in charge of development, the problem has been present for some time (he has php errors linked to the dns, notably on the php send mail function).
- As far as I know, the only change I've made is to change the rights on certain files so that the web developer can work independently.
If I remember correctly, this is the /etc tree.
I can't remember exactly what I've done, but from the commands you're asking me to perform, I deduce that it's possible I've "broken" the rights system of certain folders and files, which could have caused this problem?

Here is the ouput of all the commands you ask me :

1 - LANG="C" ls -la /var/lib/apt/*

Code: Select all

-rwxrwxr-- 1 root sudo   279 Nov  7 11:07 /var/lib/apt/cdroms.list
-rwxrwxr-- 1 root sudo   279 Nov  7 11:07 /var/lib/apt/cdroms.list~
-rwxrwxr-- 1 root sudo     0 Feb 12 14:33 /var/lib/apt/daily_lock
-rw-r--r-- 1 root root 25280 Jan 24 10:22 /var/lib/apt/extended_states
-rwxrwxr-- 1 root sudo 12288 Nov 29 09:26 /var/lib/apt/listchanges.db

/var/lib/apt/lists:
total 16
drwxrwxr-x 4 root sudo 4096 Dec 27 11:57 .
drwxrwxr-x 5 root sudo 4096 Jan 24 10:22 ..
drwxr-xr-x 2 _apt root 4096 Nov  7 11:07 auxfiles
-rwxrwx--- 1 root sudo    0 Nov  7 11:07 lock
drwx------ 2 _apt root 4096 Feb  7 17:57 partial

/var/lib/apt/mirrors:
total 12
drwxrwxr-x 3 root sudo 4096 Nov  7 11:06 .
drwxrwxr-x 5 root sudo 4096 Jan 24 10:22 ..
drwxrwxr-x 2 root sudo 4096 May 25  2023 partial

/var/lib/apt/periodic:
total 8
drwxrwxr-x 2 root sudo 4096 May 25  2023 .
drwxrwxr-x 5 root sudo 4096 Jan 24 10:22 ..

2 - mawk 'BEGIN{FS=":"} NR==FNR{if (/_apt/){print $1,$3,$4; uid=$3}} NR!=FNR{if ($3==uid){print $3"="$1}}' /etc/passwd{,}

Code: Select all

_apt 42 65534
42=_apt

3 - md5sum /var/lib/dpkg/info/ca-certificates*

Code: Select all

ea660bfde0da4c6cb5b71a811ae7a798  /var/lib/dpkg/info/ca-certificates.config
56ebcf2d0e366df790256333922bfb0b  /var/lib/dpkg/info/ca-certificates.list
406449f381efe20991efe93daa450abd  /var/lib/dpkg/info/ca-certificates.md5sums
94223315491c9cd87ffdc08baa81ef1d  /var/lib/dpkg/info/ca-certificates.postinst
50f2c2a2769bfe70f7809f521d4c366e  /var/lib/dpkg/info/ca-certificates.postrm
6f1222a9af267c2075954f838305a005  /var/lib/dpkg/info/ca-certificates.templates
029cc48dbada58f251205111339ed436  /var/lib/dpkg/info/ca-certificates.triggers

4 - LANG="C" ls -l /etc/ca-certificates.conf

Code: Select all

-rwxrwx--- 1 root root 5989 Nov  7 11:09 /etc/ca-certificates.conf

5 - cat /etc/ca-certificates.conf

Code: Select all

# This file lists certificates that you wish to use or to ignore to be
# installed in /etc/ssl/certs.
# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.
#
# This is autogenerated by dpkg-reconfigure ca-certificates.
# Certificates should be installed under /usr/share/ca-certificates
# and files with extension '.crt' is recognized as available certs.
#
# line begins with # is comment.
# line begins with ! is certificate filename to be deselected.
#
mozilla/ACCVRAIZ1.crt
mozilla/AC_RAIZ_FNMT-RCM.crt
mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
mozilla/Actalis_Authentication_Root_CA.crt
mozilla/AffirmTrust_Commercial.crt
mozilla/AffirmTrust_Networking.crt
mozilla/AffirmTrust_Premium.crt
mozilla/AffirmTrust_Premium_ECC.crt
mozilla/Amazon_Root_CA_1.crt
mozilla/Amazon_Root_CA_2.crt
mozilla/Amazon_Root_CA_3.crt
mozilla/Amazon_Root_CA_4.crt
mozilla/ANF_Secure_Server_Root_CA.crt
mozilla/Atos_TrustedRoot_2011.crt
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.crt
mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
mozilla/Baltimore_CyberTrust_Root.crt
mozilla/Buypass_Class_2_Root_CA.crt
mozilla/Buypass_Class_3_Root_CA.crt
mozilla/CA_Disig_Root_R2.crt
mozilla/Certainly_Root_E1.crt
mozilla/Certainly_Root_R1.crt
mozilla/Certigna.crt
mozilla/Certigna_Root_CA.crt
mozilla/certSIGN_ROOT_CA.crt
mozilla/certSIGN_Root_CA_G2.crt
mozilla/Certum_EC-384_CA.crt
mozilla/Certum_Trusted_Network_CA_2.crt
mozilla/Certum_Trusted_Network_CA.crt
mozilla/Certum_Trusted_Root_CA.crt
mozilla/CFCA_EV_ROOT.crt
mozilla/Comodo_AAA_Services_root.crt
mozilla/COMODO_Certification_Authority.crt
mozilla/COMODO_ECC_Certification_Authority.crt
mozilla/COMODO_RSA_Certification_Authority.crt
mozilla/DigiCert_Assured_ID_Root_CA.crt
mozilla/DigiCert_Assured_ID_Root_G2.crt
mozilla/DigiCert_Assured_ID_Root_G3.crt
mozilla/DigiCert_Global_Root_CA.crt
mozilla/DigiCert_Global_Root_G2.crt
mozilla/DigiCert_Global_Root_G3.crt
mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt
mozilla/DigiCert_TLS_RSA4096_Root_G5.crt
mozilla/DigiCert_Trusted_Root_G4.crt
mozilla/D-TRUST_BR_Root_CA_1_2020.crt
mozilla/D-TRUST_EV_Root_CA_1_2020.crt
mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
mozilla/emSign_ECC_Root_CA_-_C3.crt
mozilla/emSign_ECC_Root_CA_-_G3.crt
mozilla/emSign_Root_CA_-_C1.crt
mozilla/emSign_Root_CA_-_G1.crt
mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
mozilla/Entrust_Root_Certification_Authority.crt
mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
mozilla/Entrust_Root_Certification_Authority_-_G2.crt
mozilla/Entrust_Root_Certification_Authority_-_G4.crt
mozilla/ePKI_Root_Certification_Authority.crt
mozilla/e-Szigno_Root_CA_2017.crt
mozilla/E-Tugra_Certification_Authority.crt
mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt
mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt
mozilla/GDCA_TrustAUTH_R5_ROOT.crt
mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
mozilla/GlobalSign_Root_CA.crt
mozilla/GlobalSign_Root_CA_-_R3.crt
mozilla/GlobalSign_Root_CA_-_R6.crt
mozilla/GlobalSign_Root_E46.crt
mozilla/GlobalSign_Root_R46.crt
mozilla/GLOBALTRUST_2020.crt
mozilla/Go_Daddy_Class_2_CA.crt
mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
mozilla/GTS_Root_R1.crt
mozilla/GTS_Root_R2.crt
mozilla/GTS_Root_R3.crt
mozilla/GTS_Root_R4.crt
mozilla/HARICA_TLS_ECC_Root_CA_2021.crt
mozilla/HARICA_TLS_RSA_Root_CA_2021.crt
mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
mozilla/HiPKI_Root_CA_-_G1.crt
mozilla/Hongkong_Post_Root_CA_1.crt
mozilla/Hongkong_Post_Root_CA_3.crt
mozilla/IdenTrust_Commercial_Root_CA_1.crt
mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
mozilla/ISRG_Root_X1.crt
mozilla/ISRG_Root_X2.crt
mozilla/Izenpe.com.crt
mozilla/Microsec_e-Szigno_Root_CA_2009.crt
mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
mozilla/NAVER_Global_Root_Certification_Authority.crt
mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
mozilla/QuoVadis_Root_CA_1_G3.crt
mozilla/QuoVadis_Root_CA_2.crt
mozilla/QuoVadis_Root_CA_2_G3.crt
mozilla/QuoVadis_Root_CA_3.crt
mozilla/QuoVadis_Root_CA_3_G3.crt
mozilla/Secure_Global_CA.crt
mozilla/SecureSign_RootCA11.crt
mozilla/SecureTrust_CA.crt
mozilla/Security_Communication_ECC_RootCA1.crt
mozilla/Security_Communication_RootCA2.crt
mozilla/Security_Communication_RootCA3.crt
mozilla/Security_Communication_Root_CA.crt
mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
mozilla/SSL.com_Root_Certification_Authority_ECC.crt
mozilla/SSL.com_Root_Certification_Authority_RSA.crt
mozilla/Starfield_Class_2_CA.crt
mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
mozilla/SwissSign_Gold_CA_-_G2.crt
mozilla/SwissSign_Silver_CA_-_G2.crt
mozilla/SZAFIR_ROOT_CA2.crt
mozilla/Telia_Root_CA_v2.crt
mozilla/TeliaSonera_Root_CA_v1.crt
mozilla/TrustCor_ECA-1.crt
mozilla/TrustCor_RootCert_CA-1.crt
mozilla/TrustCor_RootCert_CA-2.crt
mozilla/Trustwave_Global_Certification_Authority.crt
mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt
mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt
mozilla/T-TeleSec_GlobalRoot_Class_2.crt
mozilla/T-TeleSec_GlobalRoot_Class_3.crt
mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
mozilla/TunTrust_Root_CA.crt
mozilla/TWCA_Global_Root_CA.crt
mozilla/TWCA_Root_Certification_Authority.crt
mozilla/UCA_Extended_Validation_Root.crt
mozilla/UCA_Global_G2_Root.crt
mozilla/USERTrust_ECC_Certification_Authority.crt
mozilla/USERTrust_RSA_Certification_Authority.crt
mozilla/vTrus_ECC_Root_CA.crt
mozilla/vTrus_Root_CA.crt
mozilla/XRamp_Global_CA_Root.crt

6 - md5sum /etc/ssl/certs/ca-certificates.crt

Code: Select all

0ad530386be2c646e5fb261472b49724  /etc/ssl/certs/ca-certificates.crt

7 - update-ca-certificates -v

Code: Select all

Command not available

8 - LANG="C" ls -la /etc/ssl/

Code: Select all

total 60
drwxrwx---  4 root root  4096 Nov 29 16:13 .
drwxrwx--- 88 root root  4096 Jan 24 09:56 ..
drwxrwx---  2 root root 20480 Nov 30 15:24 certs
-rwxrwx---  1 root root  2354 Nov 17 09:34 ecodeau23-24.crt
-rwxrwx---  1 root root  1707 Nov 16 15:06 ecodeau23-24.key
-rwxrwx---  1 root root  2354 Nov 17 09:34 ecodeau23-24.pem
-rwxrwx---  1 root root 12332 Oct 23 19:52 openssl.cnf
drwxrwx---  2 root root  4096 Nov  7 14:20 private

9 - LANG="C" ls -l /etc/ssl/certs/

Code: Select all

total 604
lrwxrwxrwx 1 root root     23 Nov  7 11:09  002c0b4f.0 -> GlobalSign_Root_R46.pem
lrwxrwxrwx 1 root root     45 Nov  7 11:09  02265526.0 -> Entrust_Root_Certification_Authority_-_G2.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  062cdee6.0 -> GlobalSign_Root_CA_-_R3.pem
lrwxrwxrwx 1 root root     25 Nov  7 11:09  064e0aa9.0 -> QuoVadis_Root_CA_2_G3.pem
lrwxrwxrwx 1 root root     50 Nov  7 11:09  06dc52d5.0 -> SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  08063a00.0 -> Security_Communication_RootCA3.pem
lrwxrwxrwx 1 root root     54 Nov  7 11:09  09789157.0 -> Starfield_Services_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     15 Nov  7 11:09  0a775a30.0 -> GTS_Root_R3.pem
lrwxrwxrwx 1 root root     16 Nov  7 11:09  0b1b94ef.0 -> CFCA_EV_ROOT.pem
lrwxrwxrwx 1 root root     16 Nov  7 11:09  0b9bc432.0 -> ISRG_Root_X2.pem
lrwxrwxrwx 1 root root     44 Nov  7 11:09  0bf05006.0 -> SSL.com_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root     32 Nov  7 11:09  0f5dc4f3.0 -> UCA_Extended_Validation_Root.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  0f6fa695.0 -> GDCA_TrustAUTH_R5_ROOT.pem
lrwxrwxrwx 1 root root     15 Nov  7 11:09  1001acf7.0 -> GTS_Root_R1.pem
lrwxrwxrwx 1 root root     46 Nov  7 11:09  106f3e4d.0 -> Entrust_Root_Certification_Authority_-_EC1.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  14bc7599.0 -> emSign_ECC_Root_CA_-_G3.pem
lrwxrwxrwx 1 root root     23 Nov  7 11:09  18856ac4.0 -> SecureSign_RootCA11.pem
lrwxrwxrwx 1 root root     31 Nov  7 11:09  1d3472b9.0 -> GlobalSign_ECC_Root_CA_-_R5.pem
lrwxrwxrwx 1 root root     37 Nov  7 11:09  1e08bfd1.0 -> IdenTrust_Public_Sector_Root_CA_1.pem
lrwxrwxrwx 1 root root     32 Nov  7 11:09  1e09d511.0 -> T-TeleSec_GlobalRoot_Class_2.pem
lrwxrwxrwx 1 root root     38 Nov  7 11:09  244b5494.0 -> DigiCert_High_Assurance_EV_Root_CA.pem
lrwxrwxrwx 1 root root     23 Nov  7 11:09  2923b3f9.0 -> emSign_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  2ae6433e.0 -> CA_Disig_Root_R2.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  2b349938.0 -> AffirmTrust_Commercial.pem
lrwxrwxrwx 1 root root     59 Nov  7 11:09  32888f65.0 -> Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  3513523f.0 -> DigiCert_Global_Root_CA.pem
lrwxrwxrwx 1 root root     33 Nov 30 15:24  39d60b1a.0 -> /etc/mail/tls/sendmail-server.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  3bde41ac.0 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
lrwxrwxrwx 1 root root     63 Nov  7 11:09  3bde41ac.1 -> Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  3e44d2f7.0 -> TrustCor_RootCert_CA-2.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  3e45d192.0 -> Hongkong_Post_Root_CA_1.pem
lrwxrwxrwx 1 root root     45 Nov  7 11:09  3fb36b73.0 -> NAVER_Global_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     31 Nov  7 11:09  40193066.0 -> Certum_Trusted_Network_CA_2.pem
lrwxrwxrwx 1 root root     16 Nov  7 11:09  4042bcee.0 -> ISRG_Root_X1.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  40547a79.0 -> COMODO_Certification_Authority.pem
lrwxrwxrwx 1 root root     23 Nov  7 11:09  406c9bb1.0 -> emSign_Root_CA_-_C1.pem
lrwxrwxrwx 1 root root     29 Nov  7 11:09  48bec511.0 -> Certum_Trusted_Network_CA.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  4b718d9b.0 -> emSign_ECC_Root_CA_-_C3.pem
lrwxrwxrwx 1 root root     45 Nov  7 11:09  4bfab552.0 -> Starfield_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  4f316efb.0 -> SwissSign_Gold_CA_-_G2.pem
lrwxrwxrwx 1 root root     35 Nov  7 11:09  5273a94c.0 -> E-Tugra_Certification_Authority.pem
lrwxrwxrwx 1 root root     32 Nov  7 11:09  5443e9e3.0 -> T-TeleSec_GlobalRoot_Class_3.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  54657681.0 -> Buypass_Class_2_Root_CA.pem
lrwxrwxrwx 1 root root     28 Nov  7 11:09  57bcb2da.0 -> SwissSign_Silver_CA_-_G2.pem
lrwxrwxrwx 1 root root     38 Nov  7 11:09  5860aaa6.0 -> Security_Communication_ECC_RootCA1.pem
lrwxrwxrwx 1 root root     29 Nov  7 11:09  5931b5bc.0 -> D-TRUST_EV_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root     33 Nov  7 11:09  5a7722fb.0 -> E-Tugra_Global_Root_CA_ECC_v3.pem
lrwxrwxrwx 1 root root     22 Nov  7 11:09  5ad8a5d6.0 -> GlobalSign_Root_CA.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  5cd81ad7.0 -> TeliaSonera_Root_CA_v1.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  5d3033c5.0 -> TrustCor_RootCert_CA-1.pem
lrwxrwxrwx 1 root root     45 Nov  7 11:09  5e98733a.0 -> Entrust_Root_Certification_Authority_-_G4.pem
lrwxrwxrwx 1 root root     23 Nov  7 11:09  5f15c80c.0 -> TWCA_Global_Root_CA.pem
lrwxrwxrwx 1 root root     21 Nov  7 14:20  5f1c8db4.0 -> ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root     23 Nov  7 11:09  5f618aec.0 -> certSIGN_Root_CA_G2.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  607986c7.0 -> DigiCert_Global_Root_G2.pem
lrwxrwxrwx 1 root root     15 Nov  7 11:09  626dceaf.0 -> GTS_Root_R2.pem
lrwxrwxrwx 1 root root     29 Nov  7 11:09  653b494a.0 -> Baltimore_CyberTrust_Root.pem
lrwxrwxrwx 1 root root     33 Nov  7 11:09  66445960.0 -> E-Tugra_Global_Root_CA_RSA_v3.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  68dd7389.0 -> Hongkong_Post_Root_CA_3.pem
lrwxrwxrwx 1 root root     40 Nov  7 11:09  6b99d060.0 -> Entrust_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  6d41d539.0 -> Amazon_Root_CA_2.pem
lrwxrwxrwx 1 root root     44 Nov  7 11:09  6fa5da56.0 -> SSL.com_Root_Certification_Authority_RSA.pem
lrwxrwxrwx 1 root root     24 Nov  7 11:09  706f604c.0 -> XRamp_Global_CA_Root.pem
lrwxrwxrwx 1 root root     25 Nov  7 11:09  749e9e03.0 -> QuoVadis_Root_CA_1_G3.pem
lrwxrwxrwx 1 root root     28 Nov  7 11:09  75d1b2ed.0 -> DigiCert_Trusted_Root_G4.pem
lrwxrwxrwx 1 root root     22 Nov  7 11:09  76faf6c0.0 -> QuoVadis_Root_CA_3.pem
lrwxrwxrwx 1 root root     63 Nov  7 11:09  7719f463.0 -> Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx 1 root root     35 Nov  7 11:09  773e07ad.0 -> OISTE_WISeKey_Global_Root_GC_CA.pem
lrwxrwxrwx 1 root root     17 Nov  7 11:09  7a3adc42.0 -> vTrus_Root_CA.pem
lrwxrwxrwx 1 root root     21 Nov  7 11:09  7a780d93.0 -> Certainly_Root_R1.pem
lrwxrwxrwx 1 root root     18 Nov  7 11:09  7aaf71c0.0 -> TrustCor_ECA-1.pem
lrwxrwxrwx 1 root root     31 Nov  7 11:09  7f3d5d1d.0 -> DigiCert_Assured_ID_Root_G3.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  8160b96c.0 -> Microsec_e-Szigno_Root_CA_2009.pem
lrwxrwxrwx 1 root root     21 Nov  7 11:09  8508e720.0 -> Certainly_Root_E1.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  8cb5ee0f.0 -> Amazon_Root_CA_3.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  8d86cdd1.0 -> certSIGN_ROOT_CA.pem
lrwxrwxrwx 1 root root     49 Nov  7 11:09  8d89cda1.0 -> Microsoft_ECC_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  8f103249.0 -> Telia_Root_CA_v2.pem
lrwxrwxrwx 1 root root     22 Nov  7 11:09  90c5a3c8.0 -> HiPKI_Root_CA_-_G1.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  930ac5d2.0 -> Actalis_Authentication_Root_CA.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  93bc0acc.0 -> AffirmTrust_Networking.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  9482e63a.0 -> Certum_EC-384_CA.pem
lrwxrwxrwx 1 root root     33 Nov  7 11:09  9846683b.0 -> DigiCert_TLS_ECC_P384_Root_G5.pem
lrwxrwxrwx 1 root root     48 Nov  7 11:09  988a38cb.0 -> 'NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.pem'
lrwxrwxrwx 1 root root     53 Nov  7 11:09  9b5697b0.0 -> Trustwave_Global_ECC_P256_Certification_Authority.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  9c8dfbd4.0 -> AffirmTrust_Premium_ECC.pem
lrwxrwxrwx 1 root root     31 Nov  7 11:09  9d04f354.0 -> DigiCert_Assured_ID_Root_G2.pem
lrwxrwxrwx 1 root root     29 Nov  7 11:09  9ef4a08a.0 -> D-TRUST_BR_Root_CA_1_2020.pem
lrwxrwxrwx 1 root root     31 Nov  7 11:09  9f727ac7.0 -> HARICA_TLS_RSA_Root_CA_2021.pem
lrwxrwxrwx 1 root root     48 Nov  7 11:09  ACCVRAIZ1.pem -> /usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  AC_RAIZ_FNMT-RCM.pem -> /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
lrwxrwxrwx 1 root root     74 Nov  7 11:09  AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem -> /usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt
lrwxrwxrwx 1 root root     64 Nov  7 11:09  ANF_Secure_Server_Root_CA.pem -> /usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  Actalis_Authentication_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  AffirmTrust_Commercial.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  AffirmTrust_Networking.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  AffirmTrust_Premium.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  AffirmTrust_Premium_ECC.pem -> /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Amazon_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Amazon_Root_CA_2.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Amazon_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Amazon_Root_CA_4.pem -> /usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
lrwxrwxrwx 1 root root     60 Nov  7 11:09  Atos_TrustedRoot_2011.pem -> /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
lrwxrwxrwx 1 root root     96 Nov  7 11:09  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem -> /usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
lrwxrwxrwx 1 root root     98 Nov  7 11:09  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem -> /usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.crt
lrwxrwxrwx 1 root root     64 Nov  7 11:09  Baltimore_CyberTrust_Root.pem -> /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  Buypass_Class_2_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  Buypass_Class_3_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  CA_Disig_Root_R2.pem -> /usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
lrwxrwxrwx 1 root root     51 Nov  7 11:09  CFCA_EV_ROOT.pem -> /usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  COMODO_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 Nov  7 11:09  COMODO_ECC_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     73 Nov  7 11:09  COMODO_RSA_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     56 Nov  7 11:09  Certainly_Root_E1.pem -> /usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt
lrwxrwxrwx 1 root root     56 Nov  7 11:09  Certainly_Root_R1.pem -> /usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt
lrwxrwxrwx 1 root root     47 Nov  7 11:09  Certigna.pem -> /usr/share/ca-certificates/mozilla/Certigna.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Certigna_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Certum_EC-384_CA.pem -> /usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt
lrwxrwxrwx 1 root root     64 Nov  7 11:09  Certum_Trusted_Network_CA.pem -> /usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  Certum_Trusted_Network_CA_2.pem -> /usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  Certum_Trusted_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt
lrwxrwxrwx 1 root root     63 Nov  7 11:09  Comodo_AAA_Services_root.pem -> /usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
lrwxrwxrwx 1 root root     64 Nov  7 11:09  D-TRUST_BR_Root_CA_1_2020.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt
lrwxrwxrwx 1 root root     64 Nov  7 11:09  D-TRUST_EV_Root_CA_1_2020.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  D-TRUST_Root_Class_3_CA_2_2009.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
lrwxrwxrwx 1 root root     72 Nov  7 11:09  D-TRUST_Root_Class_3_CA_2_EV_2009.pem -> /usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  DigiCert_Assured_ID_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  DigiCert_Assured_ID_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  DigiCert_Assured_ID_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  DigiCert_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  DigiCert_Global_Root_G2.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  DigiCert_Global_Root_G3.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
lrwxrwxrwx 1 root root     73 Nov  7 11:09  DigiCert_High_Assurance_EV_Root_CA.pem -> /usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
lrwxrwxrwx 1 root root     68 Nov  7 11:09  DigiCert_TLS_ECC_P384_Root_G5.pem -> /usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt
lrwxrwxrwx 1 root root     67 Nov  7 11:09  DigiCert_TLS_RSA4096_Root_G5.pem -> /usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt
lrwxrwxrwx 1 root root     63 Nov  7 11:09  DigiCert_Trusted_Root_G4.pem -> /usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
lrwxrwxrwx 1 root root     70 Nov  7 11:09  E-Tugra_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
lrwxrwxrwx 1 root root     68 Nov  7 11:09  E-Tugra_Global_Root_CA_ECC_v3.pem -> /usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt
lrwxrwxrwx 1 root root     68 Nov  7 11:09  E-Tugra_Global_Root_CA_RSA_v3.pem -> /usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt
lrwxrwxrwx 1 root root     80 Nov  7 11:09  Entrust.net_Premium_2048_Secure_Server_CA.pem -> /usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
lrwxrwxrwx 1 root root     75 Nov  7 11:09  Entrust_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     81 Nov  7 11:09  Entrust_Root_Certification_Authority_-_EC1.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
lrwxrwxrwx 1 root root     80 Nov  7 11:09  Entrust_Root_Certification_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
lrwxrwxrwx 1 root root     80 Nov  7 11:09  Entrust_Root_Certification_Authority_-_G4.pem -> /usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  GDCA_TrustAUTH_R5_ROOT.pem -> /usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  GLOBALTRUST_2020.pem -> /usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt
lrwxrwxrwx 1 root root     50 Nov  7 11:09  GTS_Root_R1.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R1.crt
lrwxrwxrwx 1 root root     50 Nov  7 11:09  GTS_Root_R2.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R2.crt
lrwxrwxrwx 1 root root     50 Nov  7 11:09  GTS_Root_R3.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R3.crt
lrwxrwxrwx 1 root root     50 Nov  7 11:09  GTS_Root_R4.pem -> /usr/share/ca-certificates/mozilla/GTS_Root_R4.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  GlobalSign_ECC_Root_CA_-_R4.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  GlobalSign_ECC_Root_CA_-_R5.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
lrwxrwxrwx 1 root root     57 Nov  7 11:09  GlobalSign_Root_CA.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  GlobalSign_Root_CA_-_R3.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  GlobalSign_Root_CA_-_R6.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  GlobalSign_Root_E46.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  GlobalSign_Root_R46.pem -> /usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  Go_Daddy_Class_2_CA.pem -> /usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
lrwxrwxrwx 1 root root     79 Nov  7 11:09  Go_Daddy_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  HARICA_TLS_ECC_Root_CA_2021.pem -> /usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt
lrwxrwxrwx 1 root root     66 Nov  7 11:09  HARICA_TLS_RSA_Root_CA_2021.pem -> /usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt
lrwxrwxrwx 1 root root     98 Nov  7 11:09  Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx 1 root root     94 Nov  7 11:09  Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
lrwxrwxrwx 1 root root     57 Nov  7 11:09  HiPKI_Root_CA_-_G1.pem -> /usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  Hongkong_Post_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  Hongkong_Post_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt
lrwxrwxrwx 1 root root     51 Nov  7 11:09  ISRG_Root_X1.pem -> /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
lrwxrwxrwx 1 root root     51 Nov  7 11:09  ISRG_Root_X2.pem -> /usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  IdenTrust_Commercial_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
lrwxrwxrwx 1 root root     72 Nov  7 11:09  IdenTrust_Public_Sector_Root_CA_1.pem -> /usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
lrwxrwxrwx 1 root root     49 Nov  7 11:09  Izenpe.com.pem -> /usr/share/ca-certificates/mozilla/Izenpe.com.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  Microsec_e-Szigno_Root_CA_2009.pem -> /usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
lrwxrwxrwx 1 root root     84 Nov  7 11:09  Microsoft_ECC_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root     84 Nov  7 11:09  Microsoft_RSA_Root_Certificate_Authority_2017.pem -> /usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt
lrwxrwxrwx 1 root root     80 Nov  7 11:09  NAVER_Global_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     83 Nov  7 11:09 'NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.pem' -> '/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.crt'
lrwxrwxrwx 1 root root     70 Nov  7 11:09  OISTE_WISeKey_Global_Root_GB_CA.pem -> /usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
lrwxrwxrwx 1 root root     70 Nov  7 11:09  OISTE_WISeKey_Global_Root_GC_CA.pem -> /usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
lrwxrwxrwx 1 root root     60 Nov  7 11:09  QuoVadis_Root_CA_1_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
lrwxrwxrwx 1 root root     57 Nov  7 11:09  QuoVadis_Root_CA_2.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
lrwxrwxrwx 1 root root     60 Nov  7 11:09  QuoVadis_Root_CA_2_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
lrwxrwxrwx 1 root root     57 Nov  7 11:09  QuoVadis_Root_CA_3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
lrwxrwxrwx 1 root root     60 Nov  7 11:09  QuoVadis_Root_CA_3_G3.pem -> /usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
lrwxrwxrwx 1 root root     82 Nov  7 11:09  SSL.com_EV_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     85 Nov  7 11:09  SSL.com_EV_Root_Certification_Authority_RSA_R2.pem -> /usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
lrwxrwxrwx 1 root root     79 Nov  7 11:09  SSL.com_Root_Certification_Authority_ECC.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
lrwxrwxrwx 1 root root     79 Nov  7 11:09  SSL.com_Root_Certification_Authority_RSA.pem -> /usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
lrwxrwxrwx 1 root root     54 Nov  7 11:09  SZAFIR_ROOT_CA2.pem -> /usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  SecureSign_RootCA11.pem -> /usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt
lrwxrwxrwx 1 root root     53 Nov  7 11:09  SecureTrust_CA.pem -> /usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Secure_Global_CA.pem -> /usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
lrwxrwxrwx 1 root root     73 Nov  7 11:09  Security_Communication_ECC_RootCA1.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  Security_Communication_RootCA2.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  Security_Communication_RootCA3.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_RootCA3.crt
lrwxrwxrwx 1 root root     69 Nov  7 11:09  Security_Communication_Root_CA.pem -> /usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
lrwxrwxrwx 1 root root     59 Nov  7 11:09  Starfield_Class_2_CA.pem -> /usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
lrwxrwxrwx 1 root root     80 Nov  7 11:09  Starfield_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     89 Nov  7 11:09  Starfield_Services_Root_Certificate_Authority_-_G2.pem -> /usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  SwissSign_Gold_CA_-_G2.pem -> /usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
lrwxrwxrwx 1 root root     63 Nov  7 11:09  SwissSign_Silver_CA_-_G2.pem -> /usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
lrwxrwxrwx 1 root root     67 Nov  7 11:09  T-TeleSec_GlobalRoot_Class_2.pem -> /usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
lrwxrwxrwx 1 root root     67 Nov  7 11:09  T-TeleSec_GlobalRoot_Class_3.pem -> /usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
lrwxrwxrwx 1 root root     84 Nov  7 11:09  TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem -> /usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  TWCA_Global_Root_CA.pem -> /usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
lrwxrwxrwx 1 root root     72 Nov  7 11:09  TWCA_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  TeliaSonera_Root_CA_v1.pem -> /usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  Telia_Root_CA_v2.pem -> /usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt
lrwxrwxrwx 1 root root     53 Nov  7 11:09  TrustCor_ECA-1.pem -> /usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  TrustCor_RootCert_CA-1.pem -> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
lrwxrwxrwx 1 root root     61 Nov  7 11:09  TrustCor_RootCert_CA-2.pem -> /usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
lrwxrwxrwx 1 root root     79 Nov  7 11:09  Trustwave_Global_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt
lrwxrwxrwx 1 root root     88 Nov  7 11:09  Trustwave_Global_ECC_P256_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt
lrwxrwxrwx 1 root root     88 Nov  7 11:09  Trustwave_Global_ECC_P384_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt
lrwxrwxrwx 1 root root     55 Nov  7 11:09  TunTrust_Root_CA.pem -> /usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt
lrwxrwxrwx 1 root root     67 Nov  7 11:09  UCA_Extended_Validation_Root.pem -> /usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt
lrwxrwxrwx 1 root root     57 Nov  7 11:09  UCA_Global_G2_Root.pem -> /usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt
lrwxrwxrwx 1 root root     76 Nov  7 11:09  USERTrust_ECC_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
lrwxrwxrwx 1 root root     76 Nov  7 11:09  USERTrust_RSA_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
lrwxrwxrwx 1 root root     59 Nov  7 11:09  XRamp_Global_CA_Root.pem -> /usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
lrwxrwxrwx 1 root root     15 Nov  7 11:09  a3418fda.0 -> GTS_Root_R4.pem
lrwxrwxrwx 1 root root     13 Nov  7 11:09  a94d09e5.0 -> ACCVRAIZ1.pem
lrwxrwxrwx 1 root root     45 Nov  7 11:09  aee5f10d.0 -> Entrust.net_Premium_2048_Secure_Server_CA.pem
lrwxrwxrwx 1 root root     31 Nov  7 11:09  b0e59380.0 -> GlobalSign_ECC_Root_CA_-_R4.pem
lrwxrwxrwx 1 root root     31 Nov  7 11:09  b1159c4c.0 -> DigiCert_Assured_ID_Root_CA.pem
lrwxrwxrwx 1 root root     29 Nov  7 11:09  b433981b.0 -> ANF_Secure_Server_Root_CA.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  b66938e9.0 -> Secure_Global_CA.pem
lrwxrwxrwx 1 root root     23 Nov  7 11:09  b727005e.0 -> AffirmTrust_Premium.pem
lrwxrwxrwx 1 root root     37 Nov  7 11:09  b7a5b843.0 -> TWCA_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     39 Nov  7 11:09  b81b93f0.0 -> AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
lrwxrwxrwx 1 root root     49 Nov  7 11:09  bf53fb88.0 -> Microsoft_RSA_Root_Certificate_Authority_2017.pem
lrwxrwxrwx 1 root root     22 Nov  7 11:09  c01eb047.0 -> UCA_Global_G2_Root.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  c28a8a30.0 -> D-TRUST_Root_Class_3_CA_2_2009.pem
-rwxrwx--- 1 root root 213777 Nov  7 11:09  ca-certificates.crt
lrwxrwxrwx 1 root root     37 Nov  7 11:09  ca6e4ad9.0 -> ePKI_Root_Certification_Authority.pem
lrwxrwxrwx 1 root root     44 Nov  7 11:09  cbf06781.0 -> Go_Daddy_Root_Certificate_Authority_-_G2.pem
lrwxrwxrwx 1 root root     14 Nov  7 11:09  cc450945.0 -> Izenpe.com.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  cd58d51e.0 -> Security_Communication_RootCA2.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  cd8c0d63.0 -> AC_RAIZ_FNMT-RCM.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  ce5e74ef.0 -> Amazon_Root_CA_1.pem
lrwxrwxrwx 1 root root     55 Nov  7 11:09  certSIGN_ROOT_CA.pem -> /usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  certSIGN_Root_CA_G2.pem -> /usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt
lrwxrwxrwx 1 root root     37 Nov  7 11:09  d4dae3dd.0 -> D-TRUST_Root_Class_3_CA_2_EV_2009.pem
lrwxrwxrwx 1 root root     32 Nov  7 11:09  d52c538d.0 -> DigiCert_TLS_RSA4096_Root_G5.pem
lrwxrwxrwx 1 root root     38 Nov  7 11:09  d6325660.0 -> COMODO_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root     33 Nov 30 15:24  d683602d.0 -> /etc/mail/tls/sendmail-client.crt
lrwxrwxrwx 1 root root     22 Nov  7 11:09  d7e8dc79.0 -> QuoVadis_Root_CA_2.pem
lrwxrwxrwx 1 root root     53 Nov  7 11:09  d887a5bb.0 -> Trustwave_Global_ECC_P384_Certification_Authority.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  dc4d6a89.0 -> GlobalSign_Root_CA_-_R6.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  dd8e9d41.0 -> DigiCert_Global_Root_G3.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  de6d66f3.0 -> Amazon_Root_CA_4.pem
lrwxrwxrwx 1 root root     60 Nov  7 11:09  e-Szigno_Root_CA_2017.pem -> /usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt
lrwxrwxrwx 1 root root     12 Nov  7 11:09  e113c810.0 -> Certigna.pem
lrwxrwxrwx 1 root root     25 Nov  7 11:09  e18bfb83.0 -> QuoVadis_Root_CA_3_G3.pem
lrwxrwxrwx 1 root root     26 Nov  7 11:09  e35234b1.0 -> Certum_Trusted_Root_CA.pem
lrwxrwxrwx 1 root root     25 Nov  7 11:09  e36a6752.0 -> Atos_TrustedRoot_2011.pem
lrwxrwxrwx 1 root root     35 Nov  7 11:09  e73d606e.0 -> OISTE_WISeKey_Global_Root_GB_CA.pem
lrwxrwxrwx 1 root root     25 Nov  7 11:09  e868b802.0 -> e-Szigno_Root_CA_2017.pem
lrwxrwxrwx 1 root root     27 Nov  7 11:09  e8de2f56.0 -> Buypass_Class_3_Root_CA.pem
lrwxrwxrwx 1 root root     72 Nov  7 11:09  ePKI_Root_Certification_Authority.pem -> /usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
lrwxrwxrwx 1 root root     31 Nov  7 11:09  ecccd8db.0 -> HARICA_TLS_ECC_Root_CA_2021.pem
lrwxrwxrwx 1 root root     21 Nov  7 11:09  ed858448.0 -> vTrus_ECC_Root_CA.pem
lrwxrwxrwx 1 root root     28 Nov  7 11:09  ee64a828.0 -> Comodo_AAA_Services_root.pem
lrwxrwxrwx 1 root root     38 Nov  7 11:09  eed8c118.0 -> COMODO_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  ef954a4e.0 -> IdenTrust_Commercial_Root_CA_1.pem
lrwxrwxrwx 1 root root     62 Nov  7 11:09  emSign_ECC_Root_CA_-_C3.pem -> /usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt
lrwxrwxrwx 1 root root     62 Nov  7 11:09  emSign_ECC_Root_CA_-_G3.pem -> /usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  emSign_Root_CA_-_C1.pem -> /usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt
lrwxrwxrwx 1 root root     58 Nov  7 11:09  emSign_Root_CA_-_G1.pem -> /usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt
lrwxrwxrwx 1 root root     23 Nov  7 11:09  f081611a.0 -> Go_Daddy_Class_2_CA.pem
lrwxrwxrwx 1 root root     47 Nov  7 11:09  f0c70a8d.0 -> SSL.com_EV_Root_Certification_Authority_ECC.pem
lrwxrwxrwx 1 root root     44 Nov  7 11:09  f249de83.0 -> Trustwave_Global_Certification_Authority.pem
lrwxrwxrwx 1 root root     41 Nov  7 11:09  f30dd6ad.0 -> USERTrust_ECC_Certification_Authority.pem
lrwxrwxrwx 1 root root     34 Nov  7 11:09  f3377b1b.0 -> Security_Communication_Root_CA.pem
lrwxrwxrwx 1 root root     24 Nov  7 11:09  f387163d.0 -> Starfield_Class_2_CA.pem
lrwxrwxrwx 1 root root     18 Nov  7 11:09  f39fc864.0 -> SecureTrust_CA.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  f51bb24c.0 -> Certigna_Root_CA.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  fa5da96b.0 -> GLOBALTRUST_2020.pem
lrwxrwxrwx 1 root root     41 Nov  7 11:09  fc5a8f99.0 -> USERTrust_RSA_Certification_Authority.pem
lrwxrwxrwx 1 root root     20 Nov  7 11:09  fd64f3fc.0 -> TunTrust_Root_CA.pem
lrwxrwxrwx 1 root root     19 Nov  7 11:09  fe8a2cd8.0 -> SZAFIR_ROOT_CA2.pem
lrwxrwxrwx 1 root root     23 Nov  7 11:09  feffd413.0 -> GlobalSign_Root_E46.pem
lrwxrwxrwx 1 root root     49 Nov  7 11:09  ff34af3f.0 -> TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
-rwxrwx--- 1 root root   1123 Nov  7 14:20  ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root     56 Nov  7 11:09  vTrus_ECC_Root_CA.pem -> /usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt
lrwxrwxrwx 1 root root     52 Nov  7 11:09  vTrus_Root_CA.pem -> /usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt

[Probzx]

This is the second part, my message was too long :

10 - LANG="C" ls -lL /etc/ssl/certs/

Code: Select all

total 1348
-rw-r--r-- 1 root root   1915 Mar 11  2023  002c0b4f.0
-rw-r--r-- 1 root root   1533 Mar 11  2023  02265526.0
-rw-r--r-- 1 root root   1229 Mar 11  2023  062cdee6.0
-rw-r--r-- 1 root root   1923 Mar 11  2023  064e0aa9.0
-rw-r--r-- 1 root root   2114 Mar 11  2023  06dc52d5.0
-rw-r--r-- 1 root root   1968 Mar 11  2023  08063a00.0
-rw-r--r-- 1 root root   1424 Mar 11  2023  09789157.0
-rw-r--r-- 1 root root    765 Mar 11  2023  0a775a30.0
-rw-r--r-- 1 root root   1984 Mar 11  2023  0b1b94ef.0
-rw-r--r-- 1 root root    790 Mar 11  2023  0b9bc432.0
-rw-r--r-- 1 root root    944 Mar 11  2023  0bf05006.0
-rw-r--r-- 1 root root   1915 Mar 11  2023  0f5dc4f3.0
-rw-r--r-- 1 root root   1980 Mar 11  2023  0f6fa695.0
-rw-r--r-- 1 root root   1911 Mar 11  2023  1001acf7.0
-rw-r--r-- 1 root root   1090 Mar 11  2023  106f3e4d.0
-rw-r--r-- 1 root root    859 Mar 11  2023  14bc7599.0
-rw-r--r-- 1 root root   1249 Mar 11  2023  18856ac4.0
-rw-r--r-- 1 root root    794 Mar 11  2023  1d3472b9.0
-rw-r--r-- 1 root root   1931 Mar 11  2023  1e08bfd1.0
-rw-r--r-- 1 root root   1367 Mar 11  2023  1e09d511.0
-rw-r--r-- 1 root root   1367 Mar 11  2023  244b5494.0
-rw-r--r-- 1 root root   1302 Mar 11  2023  2923b3f9.0
-rw-r--r-- 1 root root   1935 Mar 11  2023  2ae6433e.0
-rw-r--r-- 1 root root   1204 Mar 11  2023  2b349938.0
-rw-r--r-- 1 root root   2155 Mar 11  2023  32888f65.0
-rw-r--r-- 1 root root   1338 Mar 11  2023  3513523f.0
-rwxrwx--- 1 root root   1245 Nov 30 15:24  39d60b1a.0
-rw-r--r-- 1 root root   2167 Mar 11  2023  3bde41ac.0
-rw-r--r-- 1 root root   2167 Mar 11  2023  3bde41ac.1
-rw-r--r-- 1 root root   2204 Mar 11  2023  3e44d2f7.0
-rw-r--r-- 1 root root   1168 Mar 11  2023  3e45d192.0
-rw-r--r-- 1 root root   2013 Mar 11  2023  3fb36b73.0
-rw-r--r-- 1 root root   2078 Mar 11  2023  40193066.0
-rw-r--r-- 1 root root   1939 Mar 11  2023  4042bcee.0
-rw-r--r-- 1 root root   1489 Mar 11  2023  40547a79.0
-rw-r--r-- 1 root root   1257 Mar 11  2023  406c9bb1.0
-rw-r--r-- 1 root root   1354 Mar 11  2023  48bec511.0
-rw-r--r-- 1 root root    814 Mar 11  2023  4b718d9b.0
-rw-r--r-- 1 root root   1399 Mar 11  2023  4bfab552.0
-rw-r--r-- 1 root root   2045 Mar 11  2023  4f316efb.0
-rw-r--r-- 1 root root   2244 Mar 11  2023  5273a94c.0
-rw-r--r-- 1 root root   1367 Mar 11  2023  5443e9e3.0
-rw-r--r-- 1 root root   1915 Mar 11  2023  54657681.0
-rw-r--r-- 1 root root   2049 Mar 11  2023  57bcb2da.0
-rw-r--r-- 1 root root    830 Mar 11  2023  5860aaa6.0
-rw-r--r-- 1 root root   1050 Mar 11  2023  5931b5bc.0
-rw-r--r-- 1 root root    977 Mar 11  2023  5a7722fb.0
-rw-r--r-- 1 root root   1261 Mar 11  2023  5ad8a5d6.0
-rw-r--r-- 1 root root   1870 Mar 11  2023  5cd81ad7.0
-rw-r--r-- 1 root root   1513 Mar 11  2023  5d3033c5.0
-rw-r--r-- 1 root root   2244 Mar 11  2023  5e98733a.0
-rw-r--r-- 1 root root   1883 Mar 11  2023  5f15c80c.0
-rwxrwx--- 1 root root   1123 Nov  7 14:20  5f1c8db4.0
-rw-r--r-- 1 root root   1891 Mar 11  2023  5f618aec.0
-rw-r--r-- 1 root root   1294 Mar 11  2023  607986c7.0
-rw-r--r-- 1 root root   1911 Mar 11  2023  626dceaf.0
-rw-r--r-- 1 root root   1261 Mar 11  2023  653b494a.0
-rw-r--r-- 1 root root   2122 Mar 11  2023  66445960.0
-rw-r--r-- 1 root root   2074 Mar 11  2023  68dd7389.0
-rw-r--r-- 1 root root   1643 Mar 11  2023  6b99d060.0
-rw-r--r-- 1 root root   1883 Mar 11  2023  6d41d539.0
-rw-r--r-- 1 root root   2094 Mar 11  2023  6fa5da56.0
-rw-r--r-- 1 root root   1513 Mar 11  2023  706f604c.0
-rw-r--r-- 1 root root   1923 Mar 11  2023  749e9e03.0
-rw-r--r-- 1 root root   1988 Mar 11  2023  75d1b2ed.0
-rw-r--r-- 1 root root   2354 Mar 11  2023  76faf6c0.0
-rw-r--r-- 1 root root   1017 Mar 11  2023  7719f463.0
-rw-r--r-- 1 root root    895 Mar 11  2023  773e07ad.0
-rw-r--r-- 1 root root   1911 Mar 11  2023  7a3adc42.0
-rw-r--r-- 1 root root   1891 Mar 11  2023  7a780d93.0
-rw-r--r-- 1 root root   1493 Mar 11  2023  7aaf71c0.0
-rw-r--r-- 1 root root    851 Mar 11  2023  7f3d5d1d.0
-rw-r--r-- 1 root root   1460 Mar 11  2023  8160b96c.0
-rw-r--r-- 1 root root    741 Mar 11  2023  8508e720.0
-rw-r--r-- 1 root root    656 Mar 11  2023  8cb5ee0f.0
-rw-r--r-- 1 root root   1176 Mar 11  2023  8d86cdd1.0
-rw-r--r-- 1 root root    875 Mar 11  2023  8d89cda1.0
-rw-r--r-- 1 root root   1952 Mar 11  2023  8f103249.0
-rw-r--r-- 1 root root   1939 Mar 11  2023  90c5a3c8.0
-rw-r--r-- 1 root root   2049 Mar 11  2023  930ac5d2.0
-rw-r--r-- 1 root root   1204 Mar 11  2023  93bc0acc.0
-rw-r--r-- 1 root root    891 Mar 11  2023  9482e63a.0
-rw-r--r-- 1 root root    790 Mar 11  2023  9846683b.0
-rw-r--r-- 1 root root   1476 Mar 11  2023  988a38cb.0
-rw-r--r-- 1 root root    883 Mar 11  2023  9b5697b0.0
-rw-r--r-- 1 root root    753 Mar 11  2023  9c8dfbd4.0
-rw-r--r-- 1 root root   1306 Mar 11  2023  9d04f354.0
-rw-r--r-- 1 root root   1050 Mar 11  2023  9ef4a08a.0
-rw-r--r-- 1 root root   2017 Mar 11  2023  9f727ac7.0
-rw-r--r-- 1 root root   2772 Mar 11  2023  ACCVRAIZ1.pem
-rw-r--r-- 1 root root   1972 Mar 11  2023  AC_RAIZ_FNMT-RCM.pem
-rw-r--r-- 1 root root    904 Mar 11  2023  AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem
-rw-r--r-- 1 root root   2118 Mar 11  2023  ANF_Secure_Server_Root_CA.pem
-rw-r--r-- 1 root root   2049 Mar 11  2023  Actalis_Authentication_Root_CA.pem
-rw-r--r-- 1 root root   1204 Mar 11  2023  AffirmTrust_Commercial.pem
-rw-r--r-- 1 root root   1204 Mar 11  2023  AffirmTrust_Networking.pem
-rw-r--r-- 1 root root   1891 Mar 11  2023  AffirmTrust_Premium.pem
-rw-r--r-- 1 root root    753 Mar 11  2023  AffirmTrust_Premium_ECC.pem
-rw-r--r-- 1 root root   1188 Mar 11  2023  Amazon_Root_CA_1.pem
-rw-r--r-- 1 root root   1883 Mar 11  2023  Amazon_Root_CA_2.pem
-rw-r--r-- 1 root root    656 Mar 11  2023  Amazon_Root_CA_3.pem
-rw-r--r-- 1 root root    737 Mar 11  2023  Amazon_Root_CA_4.pem
-rw-r--r-- 1 root root   1261 Mar 11  2023  Atos_TrustedRoot_2011.pem
-rw-r--r-- 1 root root   2167 Mar 11  2023  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
-rw-r--r-- 1 root root   2167 Mar 11  2023  Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.pem
-rw-r--r-- 1 root root   1261 Mar 11  2023  Baltimore_CyberTrust_Root.pem
-rw-r--r-- 1 root root   1915 Mar 11  2023  Buypass_Class_2_Root_CA.pem
-rw-r--r-- 1 root root   1915 Mar 11  2023  Buypass_Class_3_Root_CA.pem
-rw-r--r-- 1 root root   1935 Mar 11  2023  CA_Disig_Root_R2.pem
-rw-r--r-- 1 root root   1984 Mar 11  2023  CFCA_EV_ROOT.pem
-rw-r--r-- 1 root root   1489 Mar 11  2023  COMODO_Certification_Authority.pem
-rw-r--r-- 1 root root    940 Mar 11  2023  COMODO_ECC_Certification_Authority.pem
-rw-r--r-- 1 root root   2086 Mar 11  2023  COMODO_RSA_Certification_Authority.pem
-rw-r--r-- 1 root root    741 Mar 11  2023  Certainly_Root_E1.pem
-rw-r--r-- 1 root root   1891 Mar 11  2023  Certainly_Root_R1.pem
-rw-r--r-- 1 root root   1330 Mar 11  2023  Certigna.pem
-rw-r--r-- 1 root root   2264 Mar 11  2023  Certigna_Root_CA.pem
-rw-r--r-- 1 root root    891 Mar 11  2023  Certum_EC-384_CA.pem
-rw-r--r-- 1 root root   1354 Mar 11  2023  Certum_Trusted_Network_CA.pem
-rw-r--r-- 1 root root   2078 Mar 11  2023  Certum_Trusted_Network_CA_2.pem
-rw-r--r-- 1 root root   2053 Mar 11  2023  Certum_Trusted_Root_CA.pem
-rw-r--r-- 1 root root   1517 Mar 11  2023  Comodo_AAA_Services_root.pem
-rw-r--r-- 1 root root   1050 Mar 11  2023  D-TRUST_BR_Root_CA_1_2020.pem
-rw-r--r-- 1 root root   1050 Mar 11  2023  D-TRUST_EV_Root_CA_1_2020.pem
-rw-r--r-- 1 root root   1517 Mar 11  2023  D-TRUST_Root_Class_3_CA_2_2009.pem
-rw-r--r-- 1 root root   1537 Mar 11  2023  D-TRUST_Root_Class_3_CA_2_EV_2009.pem
-rw-r--r-- 1 root root   1350 Mar 11  2023  DigiCert_Assured_ID_Root_CA.pem
-rw-r--r-- 1 root root   1306 Mar 11  2023  DigiCert_Assured_ID_Root_G2.pem
-rw-r--r-- 1 root root    851 Mar 11  2023  DigiCert_Assured_ID_Root_G3.pem
-rw-r--r-- 1 root root   1338 Mar 11  2023  DigiCert_Global_Root_CA.pem
-rw-r--r-- 1 root root   1294 Mar 11  2023  DigiCert_Global_Root_G2.pem
-rw-r--r-- 1 root root    839 Mar 11  2023  DigiCert_Global_Root_G3.pem
-rw-r--r-- 1 root root   1367 Mar 11  2023  DigiCert_High_Assurance_EV_Root_CA.pem
-rw-r--r-- 1 root root    790 Mar 11  2023  DigiCert_TLS_ECC_P384_Root_G5.pem
-rw-r--r-- 1 root root   1931 Mar 11  2023  DigiCert_TLS_RSA4096_Root_G5.pem
-rw-r--r-- 1 root root   1988 Mar 11  2023  DigiCert_Trusted_Root_G4.pem
-rw-r--r-- 1 root root   2244 Mar 11  2023  E-Tugra_Certification_Authority.pem
-rw-r--r-- 1 root root    977 Mar 11  2023  E-Tugra_Global_Root_CA_ECC_v3.pem
-rw-r--r-- 1 root root   2122 Mar 11  2023  E-Tugra_Global_Root_CA_RSA_v3.pem
-rw-r--r-- 1 root root   1505 Mar 11  2023  Entrust.net_Premium_2048_Secure_Server_CA.pem
-rw-r--r-- 1 root root   1643 Mar 11  2023  Entrust_Root_Certification_Authority.pem
-rw-r--r-- 1 root root   1090 Mar 11  2023  Entrust_Root_Certification_Authority_-_EC1.pem
-rw-r--r-- 1 root root   1533 Mar 11  2023  Entrust_Root_Certification_Authority_-_G2.pem
-rw-r--r-- 1 root root   2244 Mar 11  2023  Entrust_Root_Certification_Authority_-_G4.pem
-rw-r--r-- 1 root root   1980 Mar 11  2023  GDCA_TrustAUTH_R5_ROOT.pem
-rw-r--r-- 1 root root   1972 Mar 11  2023  GLOBALTRUST_2020.pem
-rw-r--r-- 1 root root   1911 Mar 11  2023  GTS_Root_R1.pem
-rw-r--r-- 1 root root   1911 Mar 11  2023  GTS_Root_R2.pem
-rw-r--r-- 1 root root    765 Mar 11  2023  GTS_Root_R3.pem
-rw-r--r-- 1 root root    765 Mar 11  2023  GTS_Root_R4.pem
-rw-r--r-- 1 root root    704 Mar 11  2023  GlobalSign_ECC_Root_CA_-_R4.pem
-rw-r--r-- 1 root root    794 Mar 11  2023  GlobalSign_ECC_Root_CA_-_R5.pem
-rw-r--r-- 1 root root   1261 Mar 11  2023  GlobalSign_Root_CA.pem
-rw-r--r-- 1 root root   1229 Mar 11  2023  GlobalSign_Root_CA_-_R3.pem
-rw-r--r-- 1 root root   1972 Mar 11  2023  GlobalSign_Root_CA_-_R6.pem
-rw-r--r-- 1 root root    769 Mar 11  2023  GlobalSign_Root_E46.pem
-rw-r--r-- 1 root root   1915 Mar 11  2023  GlobalSign_Root_R46.pem
-rw-r--r-- 1 root root   1448 Mar 11  2023  Go_Daddy_Class_2_CA.pem
-rw-r--r-- 1 root root   1367 Mar 11  2023  Go_Daddy_Root_Certificate_Authority_-_G2.pem
-rw-r--r-- 1 root root    867 Mar 11  2023  HARICA_TLS_ECC_Root_CA_2021.pem
-rw-r--r-- 1 root root   2017 Mar 11  2023  HARICA_TLS_RSA_Root_CA_2021.pem
-rw-r--r-- 1 root root   1017 Mar 11  2023  Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
-rw-r--r-- 1 root root   2155 Mar 11  2023  Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
-rw-r--r-- 1 root root   1939 Mar 11  2023  HiPKI_Root_CA_-_G1.pem
-rw-r--r-- 1 root root   1168 Mar 11  2023  Hongkong_Post_Root_CA_1.pem
-rw-r--r-- 1 root root   2074 Mar 11  2023  Hongkong_Post_Root_CA_3.pem
-rw-r--r-- 1 root root   1939 Mar 11  2023  ISRG_Root_X1.pem
-rw-r--r-- 1 root root    790 Mar 11  2023  ISRG_Root_X2.pem
-rw-r--r-- 1 root root   1923 Mar 11  2023  IdenTrust_Commercial_Root_CA_1.pem
-rw-r--r-- 1 root root   1931 Mar 11  2023  IdenTrust_Public_Sector_Root_CA_1.pem
-rw-r--r-- 1 root root   2122 Mar 11  2023  Izenpe.com.pem
-rw-r--r-- 1 root root   1460 Mar 11  2023  Microsec_e-Szigno_Root_CA_2009.pem
-rw-r--r-- 1 root root    875 Mar 11  2023  Microsoft_ECC_Root_Certificate_Authority_2017.pem
-rw-r--r-- 1 root root   2021 Mar 11  2023  Microsoft_RSA_Root_Certificate_Authority_2017.pem
-rw-r--r-- 1 root root   2013 Mar 11  2023  NAVER_Global_Root_Certification_Authority.pem
-rw-r--r-- 1 root root   1476 Mar 11  2023 'NetLock_Arany_=Class_Gold=_F'$'\305\221''tan'$'\303\272''s'$'\303\255''tv'$'\303\241''ny.pem'
-rw-r--r-- 1 root root   1346 Mar 11  2023  OISTE_WISeKey_Global_Root_GB_CA.pem
-rw-r--r-- 1 root root    895 Mar 11  2023  OISTE_WISeKey_Global_Root_GC_CA.pem
-rw-r--r-- 1 root root   1923 Mar 11  2023  QuoVadis_Root_CA_1_G3.pem
-rw-r--r-- 1 root root   2041 Mar 11  2023  QuoVadis_Root_CA_2.pem
-rw-r--r-- 1 root root   1923 Mar 11  2023  QuoVadis_Root_CA_2_G3.pem
-rw-r--r-- 1 root root   2354 Mar 11  2023  QuoVadis_Root_CA_3.pem
-rw-r--r-- 1 root root   1923 Mar 11  2023  QuoVadis_Root_CA_3_G3.pem
-rw-r--r-- 1 root root    956 Mar 11  2023  SSL.com_EV_Root_Certification_Authority_ECC.pem
-rw-r--r-- 1 root root   2114 Mar 11  2023  SSL.com_EV_Root_Certification_Authority_RSA_R2.pem
-rw-r--r-- 1 root root    944 Mar 11  2023  SSL.com_Root_Certification_Authority_ECC.pem
-rw-r--r-- 1 root root   2094 Mar 11  2023  SSL.com_Root_Certification_Authority_RSA.pem
-rw-r--r-- 1 root root   1257 Mar 11  2023  SZAFIR_ROOT_CA2.pem
-rw-r--r-- 1 root root   1249 Mar 11  2023  SecureSign_RootCA11.pem
-rw-r--r-- 1 root root   1350 Mar 11  2023  SecureTrust_CA.pem
-rw-r--r-- 1 root root   1354 Mar 11  2023  Secure_Global_CA.pem
-rw-r--r-- 1 root root    830 Mar 11  2023  Security_Communication_ECC_RootCA1.pem
-rw-r--r-- 1 root root   1261 Mar 11  2023  Security_Communication_RootCA2.pem
-rw-r--r-- 1 root root   1968 Mar 11  2023  Security_Communication_RootCA3.pem
-rw-r--r-- 1 root root   1224 Mar 11  2023  Security_Communication_Root_CA.pem
-rw-r--r-- 1 root root   1468 Mar 11  2023  Starfield_Class_2_CA.pem
-rw-r--r-- 1 root root   1399 Mar 11  2023  Starfield_Root_Certificate_Authority_-_G2.pem
-rw-r--r-- 1 root root   1424 Mar 11  2023  Starfield_Services_Root_Certificate_Authority_-_G2.pem
-rw-r--r-- 1 root root   2045 Mar 11  2023  SwissSign_Gold_CA_-_G2.pem
-rw-r--r-- 1 root root   2049 Mar 11  2023  SwissSign_Silver_CA_-_G2.pem
-rw-r--r-- 1 root root   1367 Mar 11  2023  T-TeleSec_GlobalRoot_Class_2.pem
-rw-r--r-- 1 root root   1367 Mar 11  2023  T-TeleSec_GlobalRoot_Class_3.pem
-rw-r--r-- 1 root root   1582 Mar 11  2023  TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem
-rw-r--r-- 1 root root   1883 Mar 11  2023  TWCA_Global_Root_CA.pem
-rw-r--r-- 1 root root   1269 Mar 11  2023  TWCA_Root_Certification_Authority.pem
-rw-r--r-- 1 root root   1870 Mar 11  2023  TeliaSonera_Root_CA_v1.pem
-rw-r--r-- 1 root root   1952 Mar 11  2023  Telia_Root_CA_v2.pem
-rw-r--r-- 1 root root   1493 Mar 11  2023  TrustCor_ECA-1.pem
-rw-r--r-- 1 root root   1513 Mar 11  2023  TrustCor_RootCert_CA-1.pem
-rw-r--r-- 1 root root   2204 Mar 11  2023  TrustCor_RootCert_CA-2.pem
-rw-r--r-- 1 root root   2090 Mar 11  2023  Trustwave_Global_Certification_Authority.pem
-rw-r--r-- 1 root root    883 Mar 11  2023  Trustwave_Global_ECC_P256_Certification_Authority.pem
-rw-r--r-- 1 root root    969 Mar 11  2023  Trustwave_Global_ECC_P384_Certification_Authority.pem
-rw-r--r-- 1 root root   2037 Mar 11  2023  TunTrust_Root_CA.pem
-rw-r--r-- 1 root root   1915 Mar 11  2023  UCA_Extended_Validation_Root.pem
-rw-r--r-- 1 root root   1891 Mar 11  2023  UCA_Global_G2_Root.pem
-rw-r--r-- 1 root root    948 Mar 11  2023  USERTrust_ECC_Certification_Authority.pem
-rw-r--r-- 1 root root   2094 Mar 11  2023  USERTrust_RSA_Certification_Authority.pem
-rw-r--r-- 1 root root   1513 Mar 11  2023  XRamp_Global_CA_Root.pem
-rw-r--r-- 1 root root    765 Mar 11  2023  a3418fda.0
-rw-r--r-- 1 root root   2772 Mar 11  2023  a94d09e5.0
-rw-r--r-- 1 root root   1505 Mar 11  2023  aee5f10d.0
-rw-r--r-- 1 root root    704 Mar 11  2023  b0e59380.0
-rw-r--r-- 1 root root   1350 Mar 11  2023  b1159c4c.0
-rw-r--r-- 1 root root   2118 Mar 11  2023  b433981b.0
-rw-r--r-- 1 root root   1354 Mar 11  2023  b66938e9.0
-rw-r--r-- 1 root root   1891 Mar 11  2023  b727005e.0
-rw-r--r-- 1 root root   1269 Mar 11  2023  b7a5b843.0
-rw-r--r-- 1 root root    904 Mar 11  2023  b81b93f0.0
-rw-r--r-- 1 root root   2021 Mar 11  2023  bf53fb88.0
-rw-r--r-- 1 root root   1891 Mar 11  2023  c01eb047.0
-rw-r--r-- 1 root root   1517 Mar 11  2023  c28a8a30.0
-rwxrwx--- 1 root root 213777 Nov  7 11:09  ca-certificates.crt
-rw-r--r-- 1 root root   2033 Mar 11  2023  ca6e4ad9.0
-rw-r--r-- 1 root root   1367 Mar 11  2023  cbf06781.0
-rw-r--r-- 1 root root   2122 Mar 11  2023  cc450945.0
-rw-r--r-- 1 root root   1261 Mar 11  2023  cd58d51e.0
-rw-r--r-- 1 root root   1972 Mar 11  2023  cd8c0d63.0
-rw-r--r-- 1 root root   1188 Mar 11  2023  ce5e74ef.0
-rw-r--r-- 1 root root   1176 Mar 11  2023  certSIGN_ROOT_CA.pem
-rw-r--r-- 1 root root   1891 Mar 11  2023  certSIGN_Root_CA_G2.pem
-rw-r--r-- 1 root root   1537 Mar 11  2023  d4dae3dd.0
-rw-r--r-- 1 root root   1931 Mar 11  2023  d52c538d.0
-rw-r--r-- 1 root root   2086 Mar 11  2023  d6325660.0
-rwxrwx--- 1 root root   1245 Nov 30 15:24  d683602d.0
-rw-r--r-- 1 root root   2041 Mar 11  2023  d7e8dc79.0
-rw-r--r-- 1 root root    969 Mar 11  2023  d887a5bb.0
-rw-r--r-- 1 root root   1972 Mar 11  2023  dc4d6a89.0
-rw-r--r-- 1 root root    839 Mar 11  2023  dd8e9d41.0
-rw-r--r-- 1 root root    737 Mar 11  2023  de6d66f3.0
-rw-r--r-- 1 root root    843 Mar 11  2023  e-Szigno_Root_CA_2017.pem
-rw-r--r-- 1 root root   1330 Mar 11  2023  e113c810.0
-rw-r--r-- 1 root root   1923 Mar 11  2023  e18bfb83.0
-rw-r--r-- 1 root root   2053 Mar 11  2023  e35234b1.0
-rw-r--r-- 1 root root   1261 Mar 11  2023  e36a6752.0
-rw-r--r-- 1 root root   1346 Mar 11  2023  e73d606e.0
-rw-r--r-- 1 root root    843 Mar 11  2023  e868b802.0
-rw-r--r-- 1 root root   1915 Mar 11  2023  e8de2f56.0
-rw-r--r-- 1 root root   2033 Mar 11  2023  ePKI_Root_Certification_Authority.pem
-rw-r--r-- 1 root root    867 Mar 11  2023  ecccd8db.0
-rw-r--r-- 1 root root    774 Mar 11  2023  ed858448.0
-rw-r--r-- 1 root root   1517 Mar 11  2023  ee64a828.0
-rw-r--r-- 1 root root    940 Mar 11  2023  eed8c118.0
-rw-r--r-- 1 root root   1923 Mar 11  2023  ef954a4e.0
-rw-r--r-- 1 root root    814 Mar 11  2023  emSign_ECC_Root_CA_-_C3.pem
-rw-r--r-- 1 root root    859 Mar 11  2023  emSign_ECC_Root_CA_-_G3.pem
-rw-r--r-- 1 root root   1257 Mar 11  2023  emSign_Root_CA_-_C1.pem
-rw-r--r-- 1 root root   1302 Mar 11  2023  emSign_Root_CA_-_G1.pem
-rw-r--r-- 1 root root   1448 Mar 11  2023  f081611a.0
-rw-r--r-- 1 root root    956 Mar 11  2023  f0c70a8d.0
-rw-r--r-- 1 root root   2090 Mar 11  2023  f249de83.0
-rw-r--r-- 1 root root    948 Mar 11  2023  f30dd6ad.0
-rw-r--r-- 1 root root   1224 Mar 11  2023  f3377b1b.0
-rw-r--r-- 1 root root   1468 Mar 11  2023  f387163d.0
-rw-r--r-- 1 root root   1350 Mar 11  2023  f39fc864.0
-rw-r--r-- 1 root root   2264 Mar 11  2023  f51bb24c.0
-rw-r--r-- 1 root root   1972 Mar 11  2023  fa5da96b.0
-rw-r--r-- 1 root root   2094 Mar 11  2023  fc5a8f99.0
-rw-r--r-- 1 root root   2037 Mar 11  2023  fd64f3fc.0
-rw-r--r-- 1 root root   1257 Mar 11  2023  fe8a2cd8.0
-rw-r--r-- 1 root root    769 Mar 11  2023  feffd413.0
-rw-r--r-- 1 root root   1582 Mar 11  2023  ff34af3f.0
-rwxrwx--- 1 root root   1123 Nov  7 14:20  ssl-cert-snakeoil.pem
-rw-r--r-- 1 root root    774 Mar 11  2023  vTrus_ECC_Root_CA.pem
-rw-r--r-- 1 root root   1911 Mar 11  2023  vTrus_Root_CA.pem

11 - LANG="C" ls -ld /usr/share/ca-certificates/mozilla/

Code: Select all

drwxr-xr-x 2 root root 12288 Nov  7 11:09 /usr/share/ca-certificates/mozilla/

12 - WGET test as non-root user :

Code: Select all

inovagora@deb12fnccrecodeau:/tmp/aptdwnldtest$ sudo LANG="C" wget https://deb.debian.org/debian/pool/main/h/hello/hello_2.10-3_amd64.deb
--2024-02-12 16:35:11--  https://deb.debian.org/debian/pool/main/h/hello/hello_2.10-3_amd64.deb
Resolving deb.debian.org (deb.debian.org)... 199.232.170.132, 2a04:4e42:6a::644
Connecting to deb.debian.org (deb.debian.org)|199.232.170.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 53080 (52K) [application/vnd.debian.binary-package]
Saving to: 'hello_2.10-3_amd64.deb'

hello_2.10-3_amd64.deb                                      100%[========================================================================================================================================>]  51.84K  --.-KB/s    in 0.001s

2024-02-12 16:35:11 (38.6 MB/s) - 'hello_2.10-3_amd64.deb' saved [53080/53080][*]

13 - LANG="C" apt -o "APT::Sandbox::User=root" update

Code: Select all

inovagora@deb12fnccrecodeau:/tmp/aptdwnldtest$ LANG="C" sudo apt -o "APT::Sandbox::User=root" update
Hit:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
55 packages can be upgraded. Run 'apt list --upgradable' to see them.
N: Repository 'Debian bookworm' changed its 'firmware component' value from 'non-free' to 'non-free-firmware'
N: More information about this can be found online in the Release notes at: https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html#non-free-split

14 - Here is the extract binary copy of /etc/apt/sources.list :

Code: Select all

https://we.tl/t-LbTK1XjZSH

15 - The gethostbyname.tar.gz

Code: Select all

https://we.tl/t-96mUq4OiZ1

16 - systemd -resolved is installed

Code: Select all

Listing... Done
systemd-resolved/stable 252.22-1~deb12u1 amd64

I hope I've given you all the information you need.
Many thanks for your help.

[fabien]

Hello @Probzx, I'll do a full answer this evening. There are things in what you sent.

[fabien]

- Aptitude is not installed on this server. Is it necessary to do so?

It was just an additional test, probably unimportant.

- I can't date the day when the server began to malfunction. According to the web service provider in charge of development, the problem has been present for some time (he has php errors linked to the dns, notably on the php send mail function).
- As far as I know, the only change I've made is to change the rights on certain files so that the web developer can work independently.
If I remember correctly, this is the /etc tree.
I can't remember exactly what I've done, but from the commands you're asking me to perform, I deduce that it's possible I've "broken" the rights system of certain folders and files, which could have caused this problem?

Very probably.

1 - LANG="C" ls -la /var/lib/apt/*

Code: Select all

-rwxrwxr-- 1 root sudo   279 Nov  7 11:07 /var/lib/apt/cdroms.list
-rwxrwxr-- 1 root sudo   279 Nov  7 11:07 /var/lib/apt/cdroms.list~
-rwxrwxr-- 1 root sudo     0 Feb 12 14:33 /var/lib/apt/daily_lock
-rw-r--r-- 1 root root 25280 Jan 24 10:22 /var/lib/apt/extended_states
-rwxrwxr-- 1 root sudo 12288 Nov 29 09:26 /var/lib/apt/listchanges.db

/var/lib/apt/lists:
total 16
drwxrwxr-x 4 root sudo 4096 Dec 27 11:57 .
drwxrwxr-x 5 root sudo 4096 Jan 24 10:22 ..
drwxr-xr-x 2 _apt root 4096 Nov  7 11:07 auxfiles
-rwxrwx--- 1 root sudo    0 Nov  7 11:07 lock
drwx------ 2 _apt root 4096 Feb  7 17:57 partial

/var/lib/apt/mirrors:
total 12
drwxrwxr-x 3 root sudo 4096 Nov  7 11:06 .
drwxrwxr-x 5 root sudo 4096 Jan 24 10:22 ..
drwxrwxr-x 2 root sudo 4096 May 25  2023 partial

/var/lib/apt/periodic:
total 8
drwxrwxr-x 2 root sudo 4096 May 25  2023 .
drwxrwxr-x 5 root sudo 4096 Jan 24 10:22 ..

I don't think the sudo group can be a problem in itself, changing the rights can sometimes be a problem when applications check them. Compare to a functional system if there are still problems. I would definitely remove the execute bit on /var/lib/apt/lists/lock

2 - mawk 'BEGIN{FS=":"} NR==FNR{if (/_apt/){print $1,$3,$4; uid=$3}} NR!=FNR{if ($3==uid){print $3"="$1}}' /etc/passwd{,}

Code: Select all

_apt 42 65534
42=_apt

OK

3 - md5sum /var/lib/dpkg/info/ca-certificates*

Code: Select all

ea660bfde0da4c6cb5b71a811ae7a798  /var/lib/dpkg/info/ca-certificates.config
56ebcf2d0e366df790256333922bfb0b  /var/lib/dpkg/info/ca-certificates.list
406449f381efe20991efe93daa450abd  /var/lib/dpkg/info/ca-certificates.md5sums
94223315491c9cd87ffdc08baa81ef1d  /var/lib/dpkg/info/ca-certificates.postinst
50f2c2a2769bfe70f7809f521d4c366e  /var/lib/dpkg/info/ca-certificates.postrm
6f1222a9af267c2075954f838305a005  /var/lib/dpkg/info/ca-certificates.templates
029cc48dbada58f251205111339ed436  /var/lib/dpkg/info/ca-certificates.triggers

OK

4 - LANG="C" ls -l /etc/ca-certificates.conf

Code: Select all

-rwxrwx--- 1 root root 5989 Nov  7 11:09 /etc/ca-certificates.conf

IMPORTANT: should be world readable, normally -rw-r--r--

5 - cat /etc/ca-certificates.conf

Probably correct.

6 - md5sum /etc/ssl/certs/ca-certificates.crt

Code: Select all

0ad530386be2c646e5fb261472b49724  /etc/ssl/certs/ca-certificates.crt

7 - update-ca-certificates -v

Code: Select all

Command not available

Must be run as root.

8 - LANG="C" ls -la /etc/ssl/

Code: Select all

total 60
drwxrwx---  4 root root  4096 Nov 29 16:13 .
drwxrwx--- 88 root root  4096 Jan 24 09:56 ..
drwxrwx---  2 root root 20480 Nov 30 15:24 certs
-rwxrwx---  1 root root  2354 Nov 17 09:34 ecodeau23-24.crt
-rwxrwx---  1 root root  1707 Nov 16 15:06 ecodeau23-24.key
-rwxrwx---  1 root root  2354 Nov 17 09:34 ecodeau23-24.pem
-rwxrwx---  1 root root 12332 Oct 23 19:52 openssl.cnf
drwxrwx---  2 root root  4096 Nov  7 14:20 private

IMPORTANT: should be world readable (except private). Normally:

Code: Select all

drwxr-xr-x  4 root root  4096 Jan 19 12:44 .
drwxr-xr-x 72 root root  4096 Feb 13 01:47 ..
drwxr-xr-x  2 root root 16384 Jan 19 12:44 certs
-rw-r--r--  1 root root 12332 Oct 23 19:52 openssl.cnf
drwx------  2 root root  4096 Oct 23 19:52 private

9 - LANG="C" ls -l /etc/ssl/certs/

Code: Select all

[...]
-rwxrwx--- 1 root root 213777 Nov  7 11:09  ca-certificates.crt
[...]
-rwxrwx--- 1 root root   1123 Nov  7 14:20  ssl-cert-snakeoil.pem

IMPORTANT: should be world readable, normally -rw-r--r--

[fabien]

10 - LANG="C" ls -lL /etc/ssl/certs/

Code: Select all

[...]
-rwxrwx--- 1 root root   1245 Nov 30 15:24  39d60b1a.0
[...]
-rwxrwx--- 1 root root   1123 Nov  7 14:20  5f1c8db4.0
[...]
-rwxrwx--- 1 root root 213777 Nov  7 11:09  ca-certificates.crt
[...]
-rwxrwx--- 1 root root   1245 Nov 30 15:24  d683602d.0
[...]
-rwxrwx--- 1 root root   1123 Nov  7 14:20  ssl-cert-snakeoil.pem

IMPORTANT: should be world readable, normally -rw-r--r--

11 - LANG="C" ls -ld /usr/share/ca-certificates/mozilla/

Code: Select all

drwxr-xr-x 2 root root 12288 Nov  7 11:09 /usr/share/ca-certificates/mozilla/

OK

12 - WGET test as non-root user :

OK

13 - LANG="C" apt -o "APT::Sandbox::User=root" update

Code: Select all

inovagora@deb12fnccrecodeau:/tmp/aptdwnldtest$ LANG="C" sudo apt -o "APT::Sandbox::User=root" update
Hit:1 http://ftp.u-strasbg.fr/debian bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
55 packages can be upgraded. Run 'apt list --upgradable' to see them.
N: Repository 'Debian bookworm' changed its 'firmware component' value from 'non-free' to 'non-free-firmware'
N: More information about this can be found online in the Release notes at: https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html#non-free-split

Runs as root, shows it's a rights issue.

14 - Here is the extract binary copy of /etc/apt/sources.list :

Code: Select all

https://we.tl/t-LbTK1XjZSH

15 - The gethostbyname.tar.gz

Code: Select all

https://we.tl/t-96mUq4OiZ1

OK

16 - systemd -resolved is installed

Code: Select all

Listing... Done
systemd-resolved/stable 252.22-1~deb12u1 amd64

The priority is to correct the rights in /etc/

[Aki]

[..]
- I can't date the day when the server began to malfunction. According to the web service provider in charge of development, the problem has been present for some time (he has php errors linked to the dns, notably on the php send mail function).
- As far as I know, the only change I've made is to change the rights on certain files so that the web developer can work independently. If I remember correctly, this is the /etc tree.
I can't remember exactly what I've done, but from the commands you're asking me to perform, I deduce that it's possible I've "broken" the rights system of certain folders and files, which could have caused this problem?
[..]

It would have been useful to have this information in advance.

The priority is to correct the rights in /etc/

I agree with @fabien.

For example, you have disabled read permission for the "others" group in /etc/nsswitch.conf (used by the gethostbyname function). From the gethostbyname.tar.gz you sent in previous post:

Code: Select all

$ tar tvf gethostbyname.tar.gz 
[..]
-rwxrwx--- root/root       526 2023-11-07 11:09 etc/nsswitch.conf

It should be:

Code: Select all

$ ls /etc/nsswitch.conf -la
-rw-r--r-- 1 root root 564 10 Nov 23.06 /etc/nsswitch.conf

[fabien]

For example, you have disabled read permission for the "others" group in /etc/nsswitch.conf

I saw it, then checked the files themselves, and then forgot about it. Whether it was way too late or if I'm getting old, I don't know. Thanks @Aki! (as always)

I missed this too

12 - WGET test as non-root user :

Code: Select all

inovagora@deb12fnccrecodeau:/tmp/aptdwnldtest$ sudo LANG="C" wget https://deb.debian.org/debian/pool/main/h/hello/hello_2.10-3_amd64.deb

sudo?

[Probzx]

Hello,

Thanks for your help.
I should have made the connection earlier and let you know, this modification seems to have caused a lot of damage.
I've followed your recommendations, and it seems that the changes we've made have been a step in the right direction.

Here is the new output of the apt update command :

Code: Select all

Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://deb.debian.org/debian bookworm-proposed-updates InRelease [59.5 kB]
Get:4 http://deb.debian.org/debian bookworm-backports InRelease [56.5 kB]
Get:5 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Err:1 http://deb.debian.org/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
Err:2 http://deb.debian.org/debian bookworm-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Err:3 http://deb.debian.org/debian bookworm-proposed-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Err:4 http://deb.debian.org/debian bookworm-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
Err:5 http://deb.debian.org/debian-security bookworm-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bookworm-proposed-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-proposed-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bookworm-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The output of LANG="C" wget https://deb.debian.org/debian/pool/main ... _amd64.deb as root user :

Code: Select all

--2024-02-13 14:41:08--  https://deb.debian.org/debian/pool/main/h/hello/hello_2.10-3_amd64.deb
Resolving deb.debian.org (deb.debian.org)... 199.232.170.132, 2a04:4e42:6a::644
Connecting to deb.debian.org (deb.debian.org)|199.232.170.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 53080 (52K) [application/vnd.debian.binary-package]
Saving to: 'hello_2.10-3_amd64.deb'

hello_2.10-3_amd64.deb                                      100%[========================================================================================================================================>]  51.84K  --.-KB/s    in 0.002s

2024-02-13 14:41:08 (29.7 MB/s) - 'hello_2.10-3_amd64.deb' saved [53080/53080]

[fabien]

Hello,

have you looked for other changes you could have made?
I would start with

Code: Select all

$> ls -Rla /etc/apt/

and compare to a working system.

If it still doesn't work, you can also post the output of

Code: Select all

#> apt -o "Debug::Acquire::gpgv=1" update

[Probzx]

Hello,

I compared the results of ls -Rla / etc/apt between the problematic server and a working server.
I've made the corrections, but it's not working yet.

Here is the oupout of apt -o "Debug::Acquire::gpgv=1" update :

Code: Select all

Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm-updates InRelease [52.1 kB]
Get:3 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB]
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.Vo5QLv /tmp/apt.data.cspCYM
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 0E98404D386FA1D9 1 8 01 1707563291 9 A7236886F3CCCAAD148A27F80E98404D386FA1D9

Got ERRSIG 0E98404D386FA1D9 !
Read: [GNUPG:] NO_PUBKEY 0E98404D386FA1D9

Got NO_PUBKEY 0E98404D386FA1D9 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 6ED0E7B82643E131 1 8 01 1707563292 9 4CB50190207B4758A3F73A796ED0E7B82643E131

Got ERRSIG 6ED0E7B82643E131 !
Read: [GNUPG:] NO_PUBKEY 6ED0E7B82643E131

Got NO_PUBKEY 6ED0E7B82643E131 !
Read: [GNUPG:] NEWSIG debian-release@lists.debian.org

Read: [GNUPG:] ERRSIG F8D2585B8783D481 22 8 01 1707563362 9 4D64FEC119C2029067D6E791F8D2585B8783D481

Got ERRSIG F8D2585B8783D481 !
Read: [GNUPG:] NO_PUBKEY F8D2585B8783D481

Got NO_PUBKEY F8D2585B8783D481 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 0E98404D386FA1D9, NO_PUBKEY 6ED0E7B82643E131, NO_PUBKEY F8D2585B8783D481
  Signed-By:
  NODATA: no
Retrying against /etc/apt/trusted.gpg
inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/trusted.gpg verify --status-fd 3 /tmp/apt.sig.UbMGnw /tmp/apt.data.y7rRt5
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 0E98404D386FA1D9 1 8 01 1707563291 9 A7236886F3CCCAAD148A27F80E98404D386FA1D9

Got ERRSIG 0E98404D386FA1D9 !
Read: [GNUPG:] NO_PUBKEY 0E98404D386FA1D9

Got NO_PUBKEY 0E98404D386FA1D9 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 6ED0E7B82643E131 1 8 01 1707563292 9 4CB50190207B4758A3F73A796ED0E7B82643E131

Got ERRSIG 6ED0E7B82643E131 !
Read: [GNUPG:] NO_PUBKEY 6ED0E7B82643E131

Got NO_PUBKEY 6ED0E7B82643E131 !
Read: [GNUPG:] NEWSIG debian-release@lists.debian.org

Read: [GNUPG:] ERRSIG F8D2585B8783D481 22 8 01 1707563362 9 4D64FEC119C2029067D6E791F8D2585B8783D481

Got ERRSIG F8D2585B8783D481 !
Read: [GNUPG:] NO_PUBKEY F8D2585B8783D481

Got NO_PUBKEY F8D2585B8783D481 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 0E98404D386FA1D9, NO_PUBKEY 6ED0E7B82643E131, NO_PUBKEY F8D2585B8783D481
  Signed-By:
  NODATA: no
Err:1 http://deb.debian.org/debian bookworm InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.AiSAjl /tmp/apt.data.uTq7Tx
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 0E98404D386FA1D9 1 8 01 1707920207 9 A7236886F3CCCAAD148A27F80E98404D386FA1D9

Got ERRSIG 0E98404D386FA1D9 !
Read: [GNUPG:] NO_PUBKEY 0E98404D386FA1D9

Got NO_PUBKEY 0E98404D386FA1D9 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 6ED0E7B82643E131 1 8 01 1707920249 9 4CB50190207B4758A3F73A796ED0E7B82643E131

Got ERRSIG 6ED0E7B82643E131 !
Read: [GNUPG:] NO_PUBKEY 6ED0E7B82643E131

Got NO_PUBKEY 6ED0E7B82643E131 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 0E98404D386FA1D9, NO_PUBKEY 6ED0E7B82643E131
  Signed-By:
  NODATA: no
Retrying against /etc/apt/trusted.gpg
inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/trusted.gpg verify --status-fd 3 /tmp/apt.sig.s1GRMR /tmp/apt.data.zk7SdE
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 0E98404D386FA1D9 1 8 01 1707920207 9 A7236886F3CCCAAD148A27F80E98404D386FA1D9

Got ERRSIG 0E98404D386FA1D9 !
Read: [GNUPG:] NO_PUBKEY 0E98404D386FA1D9

Got NO_PUBKEY 0E98404D386FA1D9 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 6ED0E7B82643E131 1 8 01 1707920249 9 4CB50190207B4758A3F73A796ED0E7B82643E131

Got ERRSIG 6ED0E7B82643E131 !
Read: [GNUPG:] NO_PUBKEY 6ED0E7B82643E131

Got NO_PUBKEY 6ED0E7B82643E131 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 0E98404D386FA1D9, NO_PUBKEY 6ED0E7B82643E131
  Signed-By:
  NODATA: no
Err:2 http://deb.debian.org/debian bookworm-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.JQG3pD /tmp/apt.data.P4a4Ik
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 54404762BBB6E853 1 8 01 1707897464 9 ED541312A33F1128F10B1C6C54404762BBB6E853

Got ERRSIG 54404762BBB6E853 !
Read: [GNUPG:] NO_PUBKEY 54404762BBB6E853

Got NO_PUBKEY 54404762BBB6E853 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG BDE6D2B9216EC7A8 1 8 01 1707897464 9 B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8

Got ERRSIG BDE6D2B9216EC7A8 !
Read: [GNUPG:] NO_PUBKEY BDE6D2B9216EC7A8

Got NO_PUBKEY BDE6D2B9216EC7A8 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 54404762BBB6E853, NO_PUBKEY BDE6D2B9216EC7A8
  Signed-By:
  NODATA: no
Retrying against /etc/apt/trusted.gpg
inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/trusted.gpg verify --status-fd 3 /tmp/apt.sig.JAKYNq /tmp/apt.data.3bnuRE
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG 54404762BBB6E853 1 8 01 1707897464 9 ED541312A33F1128F10B1C6C54404762BBB6E853

Got ERRSIG 54404762BBB6E853 !
Read: [GNUPG:] NO_PUBKEY 54404762BBB6E853

Got NO_PUBKEY 54404762BBB6E853 !
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG BDE6D2B9216EC7A8 1 8 01 1707897464 9 B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8

Got ERRSIG BDE6D2B9216EC7A8 !
Read: [GNUPG:] NO_PUBKEY BDE6D2B9216EC7A8

Got NO_PUBKEY BDE6D2B9216EC7A8 !
gpgv exited with status 2
Summary:
  Good:
  Valid:
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey: NO_PUBKEY 54404762BBB6E853, NO_PUBKEY BDE6D2B9216EC7A8
  Signed-By:
  NODATA: no
Err:3 http://security.debian.org/debian-security bookworm-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY F8D2585B8783D481
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 6ED0E7B82643E131
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.debian.org/debian-security bookworm-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54404762BBB6E853 NO_PUBKEY BDE6D2B9216EC7A8
E: The repository 'http://security.debian.org/debian-security bookworm-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I used apt-key to add missing PUBKEY but it seems like apt-key is deprecated.

[fabien]

Hello,

This worked the other day with root as the sandbox user, so it's a permissions issue.

Code: Select all

$> LANG="C" ls -Rla /etc/apt/ /var/lib/apt/

Does this

Code: Select all

#> LANG="C" apt -o "Debug::Acquire::gpgv=1" -o "Dir::Etc::TrustedParts=/usr/share/keyrings/" -o "Dir::Etc::Trusted=/dev/null" update

work?
And this

Code: Select all

$> read -d '' -ra KEYS < <(printf -- '--keyring %s ' /usr/share/keyrings/*)
$> read -d '' -ra SIGNED < <(printf -- '%s ' /var/lib/apt/lists/*_InRelease)
$> for SIGN in "${SIGNED[@]}"; do echo -e "\n>>> $SIGN $EUID"; LANG="C" gpgv -v "${KEYS[@]}" "$SIGN"; echo "$?"; done

?

[Probzx]

Hello,

Thanks for your help.

I have some difference between the /var/lib/apt/lists of the problematic server and a fresh one.

The problematic server :

Code: Select all

/var/lib/apt/lists:
total 100620
drwxr-xr-x 4 root sudo     4096 Feb 12 16:36 .
drwxr-xr-x 5 root sudo     4096 Jan 24 10:22 ..
drwxr-xr-x 2 _apt root     4096 Nov  7 11:07 auxfiles
-rw-r--r-- 1 root root   151082 Feb 10 12:17 ftp.u-strasbg.fr_debian_dists_bookworm_InRelease
-rw-r--r-- 1 root root 49974557 Feb 10 10:44 ftp.u-strasbg.fr_debian_dists_bookworm_main_binary-amd64_Packages
-rw-r--r-- 1 root root  6949579 Jun  9  2023 ftp.u-strasbg.fr_debian_dists_bookworm_main_dep11_Components-amd64.yml.gz
-rw-r--r-- 1 root root 32676603 Feb 10 10:44 ftp.u-strasbg.fr_debian_dists_bookworm_main_i18n_Translation-en
-rw-r--r-- 1 root root 13260065 Jun  2  2023 ftp.u-strasbg.fr_debian_dists_bookworm_main_i18n_Translation-fr
-rw-rw---- 1 root sudo        0 Nov  7 11:07 lock
drwx------ 2 _apt root     4096 Feb 14 17:58 partial

/var/lib/apt/lists/auxfiles:
total 8
drwxr-xr-x 2 _apt root 4096 Nov  7 11:07 .
drwxr-xr-x 4 root sudo 4096 Feb 12 16:36 ..

/var/lib/apt/lists/partial:
total 420
drwx------ 2 _apt root   4096 Feb 14 17:58 .
drwxr-xr-x 4 root sudo   4096 Feb 12 16:36 ..
-rw-r--r-- 1 root root  47951 Feb 14 08:57 deb.debian.org_debian-security_dists_bookworm-security_InRelease
-rw-r--r-- 1 root root  56452 Feb 14 15:17 deb.debian.org_debian_dists_bookworm-backports_InRelease
-rw-r--r-- 1 root root  59490 Feb 14 15:17 deb.debian.org_debian_dists_bookworm-proposed-updates_InRelease
-rw-r--r-- 1 root root  52105 Feb 14 15:17 deb.debian.org_debian_dists_bookworm-updates_InRelease
-rw-r--r-- 1 root root 151082 Feb 10 12:17 deb.debian.org_debian_dists_bookworm_InRelease
-rw-r--r-- 1 root root  47951 Feb 14 08:57 security.debian.org_debian-security_dists_bookworm-security_InRelease

The fresh server (without problem) :

Code: Select all

/var/lib/apt/lists:
total 146960
drwxr-xr-x 4 root root     4096 Feb 14 16:17 .
drwxr-xr-x 5 root root     4096 Feb  2 09:27 ..
drwxr-xr-x 2 _apt root     4096 Jan 24 12:15 auxfiles
-rw-r--r-- 1 root root    52105 Feb 14 15:17 deb.debian.org_debian_dists_bookworm-updates_InRelease
-rw-r--r-- 1 root root    66998 Dec 29 14:58 deb.debian.org_debian_dists_bookworm-updates_main_binary-amd64_Packages
-rw-r--r-- 1 root root    83585 Dec 29 14:58 deb.debian.org_debian_dists_bookworm-updates_main_i18n_Translation-en
-rw-r--r-- 1 root root   331226 Dec 29 14:58 deb.debian.org_debian_dists_bookworm-updates_main_source_Sources
-rw-r--r-- 1 root root   151082 Feb 10 12:17 deb.debian.org_debian_dists_bookworm_InRelease
-rw-r--r-- 1 root root 49974557 Feb 10 10:44 deb.debian.org_debian_dists_bookworm_main_binary-amd64_Packages
-rw-r--r-- 1 root root 32676603 Feb 10 10:44 deb.debian.org_debian_dists_bookworm_main_i18n_Translation-en
-rw-r--r-- 1 root root 13260065 Jun  2  2023 deb.debian.org_debian_dists_bookworm_main_i18n_Translation-fr
-rw-r--r-- 1 root root 50836717 Feb 10 10:44 deb.debian.org_debian_dists_bookworm_main_source_Sources
-rw-r--r-- 1 root root    27152 Dec  9 09:42 deb.debian.org_debian_dists_bookworm_non-free-firmware_binary-amd64_Packages
-rw-r--r-- 1 root root   156926 Oct  7 10:45 deb.debian.org_debian_dists_bookworm_non-free-firmware_i18n_Translation-en
-rw-r--r-- 1 root root    28930 Dec  9 09:42 deb.debian.org_debian_dists_bookworm_non-free-firmware_source_Sources
-rw-r----- 1 root root        0 Jan 24 12:15 lock
drwx------ 2 _apt root     4096 Feb 14 16:17 partial
-rw-r--r-- 1 root root    47951 Feb 14 08:57 security.debian.org_debian-security_dists_bookworm-security_InRelease
-rw-r--r-- 1 root root   859837 Feb 14 08:57 security.debian.org_debian-security_dists_bookworm-security_main_binary-amd64_Packages
-rw-r--r-- 1 root root   633131 Feb 14 07:43 security.debian.org_debian-security_dists_bookworm-security_main_i18n_Translation-en
-rw-r--r-- 1 root root  1244870 Feb 14 08:57 security.debian.org_debian-security_dists_bookworm-security_main_source_Sources
-rw-r--r-- 1 root root     1300 Nov 23 16:43 security.debian.org_debian-security_dists_bookworm-security_non-free-firmware_binary-amd64_Packages
-rw-r--r-- 1 root root      924 Sep 24 18:52 security.debian.org_debian-security_dists_bookworm-security_non-free-firmware_i18n_Translation-en
-rw-r--r-- 1 root root     1839 Nov 23 16:43 security.debian.org_debian-security_dists_bookworm-security_non-free-firmware_source_Sources

The output of LANG="C" apt -o "Debug::Acquire::gpgv=1" -o "Dir::Etc::TrustedParts=/usr/share/keyrings/" -o "Dir::Etc::Trusted=/dev/null" update :

Code: Select all

root@deb12fnccrecodeau:~# LANG="C" apt -o "Debug::Acquire::gpgv=1" -o "Dir::Etc::TrustedParts=/usr/share/keyrings/" -o "Dir::Etc::Trusted=/dev/null" update
Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
Hit:2 http://deb.debian.org/debian bookworm InRelease
0% [Waiting for headers]inside VerifyGetSigners
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
0% [Working]Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.Rt4Hv8 /tmp/apt.data.K1SZ82
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] SIG_ID gbrgWwIbaPdnKETWhPrwoPUup28 2024-02-14 1707940633

Read: [GNUPG:] KEY_CONSIDERED AC530D520F2F3269F5E98313A48449044AAD5C5D 0

Read: [GNUPG:] GOODSIG 54404762BBB6E853 Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 54404762BBB6E853 !
Read: [GNUPG:] VALIDSIG ED541312A33F1128F10B1C6C54404762BBB6E853 2024-02-14 1707940633 0 4 0 1 8 01 AC530D520F2F3269F5E98313A48449044AAD5C5D

Got trusted VALIDSIG, key ID: ED541312A33F1128F10B1C6C54404762BBB6E853
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0 0

Read: [GNUPG:] SIG_ID 2Uw70BoPZE4Z1SlKDOwwvsP+92U 2024-02-14 1707940633

Read: [GNUPG:] KEY_CONSIDERED 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0 0

Read: [GNUPG:] GOODSIG BDE6D2B9216EC7A8 Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>

Got GOODSIG BDE6D2B9216EC7A8 !
Read: [GNUPG:] VALIDSIG B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8 2024-02-14 1707940633 0 4 0 1 8 01 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0

Got trusted VALIDSIG, key ID: B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8
gpgv exited with status 0
Summary:
  Good: GOODSIG 54404762BBB6E853, GOODSIG BDE6D2B9216EC7A8
  Valid: ED541312A33F1128F10B1C6C54404762BBB6E853, B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By: 05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0, AC530D520F2F3269F5E98313A48449044AAD5C5D, B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8!, ED541312A33F1128F10B1C6C54404762BBB6E853!
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.7COOXc /tmp/apt.data.FcDFfY
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID ptoid1L2K242g7wPjGKpViOtcDw 2024-02-10 1707563291

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2024-02-10 1707563291 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] SIG_ID kRbOT3wdTYDBEIGySDy9W9CEWyw 2024-02-10 1707563292

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] GOODSIG 6ED0E7B82643E131 Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>

Got GOODSIG 6ED0E7B82643E131 !
Read: [GNUPG:] VALIDSIG 4CB50190207B4758A3F73A796ED0E7B82643E131 2024-02-10 1707563292 0 4 0 1 8 01 B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8

Got trusted VALIDSIG, key ID: 4CB50190207B4758A3F73A796ED0E7B82643E131
Read: [GNUPG:] NEWSIG debian-release@lists.debian.org

Read: [GNUPG:] KEY_CONSIDERED 4D64FEC119C2029067D6E791F8D2585B8783D481 0

Read: [GNUPG:] SIG_ID n4r33ICGbLrsLd1wZLzVh1WMgLc 2024-02-10 1707563362

Read: [GNUPG:] KEY_CONSIDERED 4D64FEC119C2029067D6E791F8D2585B8783D481 0

Read: [GNUPG:] GOODSIG F8D2585B8783D481 Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>

Got GOODSIG F8D2585B8783D481 !
Read: [GNUPG:] VALIDSIG 4D64FEC119C2029067D6E791F8D2585B8783D481 2024-02-10 1707563362 0 4 0 22 8 01 4D64FEC119C2029067D6E791F8D2585B8783D481

Got trusted VALIDSIG, key ID: 4D64FEC119C2029067D6E791F8D2585B8783D481
gpgv exited with status 0
Summary:
  Good: GOODSIG 0E98404D386FA1D9, GOODSIG 6ED0E7B82643E131, GOODSIG F8D2585B8783D481
  Valid: A7236886F3CCCAAD148A27F80E98404D386FA1D9, 4CB50190207B4758A3F73A796ED0E7B82643E131, 4D64FEC119C2029067D6E791F8D2585B8783D481
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By: 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 4CB50190207B4758A3F73A796ED0E7B82643E131!, 4D64FEC119C2029067D6E791F8D2585B8783D481!, A7236886F3CCCAAD148A27F80E98404D386FA1D9!, B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
  NODATA: no
apt-key succeeded
0% [Working]inside VerifyGetSigners
Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.sv0WHb /tmp/apt.data.pL9RQs
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] SIG_ID K92eM/BcjCUZ05Q7tfw+eT+q+B8 2024-02-15 1708006914

Read: [GNUPG:] KEY_CONSIDERED 1F89983E0081FDE018F3CC9673A4F27B8DD47936 0

Read: [GNUPG:] GOODSIG 0E98404D386FA1D9 Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>

Got GOODSIG 0E98404D386FA1D9 !
Read: [GNUPG:] VALIDSIG A7236886F3CCCAAD148A27F80E98404D386FA1D9 2024-02-15 1708006914 0 4 0 1 8 01 1F89983E0081FDE018F3CC9673A4F27B8DD47936

Got trusted VALIDSIG, key ID: A7236886F3CCCAAD148A27F80E98404D386FA1D9
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] SIG_ID 5/kP94nKZfJpmWtUqXza6aykcr0 2024-02-15 1708006955

Read: [GNUPG:] KEY_CONSIDERED B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8 0

Read: [GNUPG:] GOODSIG 6ED0E7B82643E131 Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>

Got GOODSIG 6ED0E7B82643E131 !
Read: [GNUPG:] VALIDSIG 4CB50190207B4758A3F73A796ED0E7B82643E131 2024-02-15 1708006955 0 4 0 1 8 01 B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8

Got trusted VALIDSIG, key ID: 4CB50190207B4758A3F73A796ED0E7B82643E131
gpgv exited with status 0
Summary:
  Good: GOODSIG 0E98404D386FA1D9, GOODSIG 6ED0E7B82643E131
  Valid: A7236886F3CCCAAD148A27F80E98404D386FA1D9, 4CB50190207B4758A3F73A796ED0E7B82643E131
  Bad:
  Worthless:
  SoonWorthless:
  NoPubKey:
  Signed-By: 1F89983E0081FDE018F3CC9673A4F27B8DD47936, 4CB50190207B4758A3F73A796ED0E7B82643E131!, A7236886F3CCCAAD148A27F80E98404D386FA1D9!, B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
  NODATA: no
apt-key succeeded
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
60 packages can be upgraded. Run 'apt list --upgradable' to see them.

It seems to work. Do you specify a trusted key directory in order to make the apt update working into this command ?
I also try to install sendmail with apt, it work !

The output of for SIGN in "${SIGNED[@]}"; do echo -e "\n>>> $SIGN $EUID"; LANG="C" gpgv -v "${KEYS[@]}" "$SIGN"; echo "$?"; done :

Code: Select all

root@deb12fnccrecodeau:~# for SIGN in "${SIGNED[@]}"; do echo -e "\n>>> $SIGN $EUID"; LANG="C" gpgv -v "${KEYS[@]}" "$SIGN"; echo "$?"; done

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bookworm_InRelease 0
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Sat Feb 10 12:08:11 2024 CET
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat Feb 10 12:08:12 2024 CET
gpgv:                using RSA key 4CB50190207B4758A3F73A796ED0E7B82643E131
gpgv: using subkey 6ED0E7B82643E131 instead of primary key B7C5D7D6350947F8
gpgv: using subkey 6ED0E7B82643E131 instead of primary key B7C5D7D6350947F8
gpgv: Good signature from "Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Sat Feb 10 12:09:22 2024 CET
gpgv:                using EDDSA key 4D64FEC119C2029067D6E791F8D2585B8783D481
gpgv:                issuer "debian-release@lists.debian.org"
gpgv: Good signature from "Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm ed25519
0

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bookworm-updates_InRelease 0
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Thu Feb 15 15:21:54 2024 CET
gpgv:                using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: using subkey 0E98404D386FA1D9 instead of primary key 73A4F27B8DD47936
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Thu Feb 15 15:22:35 2024 CET
gpgv:                using RSA key 4CB50190207B4758A3F73A796ED0E7B82643E131
gpgv: using subkey 6ED0E7B82643E131 instead of primary key B7C5D7D6350947F8
gpgv: using subkey 6ED0E7B82643E131 instead of primary key B7C5D7D6350947F8
gpgv: Good signature from "Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
0

>>> /var/lib/apt/lists/security.debian.org_debian-security_dists_bookworm-security_InRelease 0
gpgv: armor header: Hash: SHA256
gpgv: original file name=''
gpgv: Signature made Wed Feb 14 20:57:13 2024 CET
gpgv:                using RSA key ED541312A33F1128F10B1C6C54404762BBB6E853
gpgv: using subkey 54404762BBB6E853 instead of primary key A48449044AAD5C5D
gpgv: using subkey 54404762BBB6E853 instead of primary key A48449044AAD5C5D
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
gpgv: Signature made Wed Feb 14 20:57:13 2024 CET
gpgv:                using RSA key B0CAB9266E8C3929798B3EEEBDE6D2B9216EC7A8
gpgv: using subkey BDE6D2B9216EC7A8 instead of primary key 254CF3B5AEC0A8F0
gpgv: using subkey BDE6D2B9216EC7A8 instead of primary key 254CF3B5AEC0A8F0
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>"
gpgv: textmode signature, digest algorithm SHA256, key algorithm rsa4096
0

[fabien]

Hello,

I have some difference between the /var/lib/apt/lists of the problematic server and a fresh one.

As I said before, until everything is in order, you need to work on rolling back changes and testing at every step. This is beyond the topic, but I'm not sure you've adopted the right strategy with sudo. If you want developers to be able to use apt, simply grant them the right to use apt in the sudo configuration. I haven't tested whether the changes you made to /var/lib/apt/lists/ might be a problem, but it's easy to check on a test system. I assume /etc/apt/ is OK, but I would have preferred if you posted the command result, it's hard enough to diagnose remotely, without minimal output I'm blind.

The output of LANG="C" apt -o "Debug::Acquire::gpgv=1" -o "Dir::Etc::TrustedParts=/usr/share/keyrings/" -o "Dir::Etc::Trusted=/dev/null" update :
[...]
It seems to work. Do you specify a trusted key directory in order to make the apt update working into this command ?
I also try to install sendmail with apt, it work !

Yes, the binary keys are in /usr/share/keyrings/, the "ASCII-armored" keys (asc) are in /etc/apt/trusted.gpg.d/, they all come from the debian-archive-keyring package. This reminds me of a quirk that may well apply here. Read this topic [Solved] apt GPG NO_PUBKEY -- complicated issue and test the procedure, who knows.

The output of for SIGN in "${SIGNED[@]}"; do echo -e "\n>>> $SIGN $EUID"; LANG="C" gpgv -v "${KEYS[@]}" "$SIGN"; echo "$?"; done :

Code: Select all

root@deb12fnccrecodeau:~# for SIGN in "${SIGNED[@]}"; do echo -e "\n>>> $SIGN $EUID"; LANG="C" gpgv -v "${KEYS[@]}" "$SIGN"; echo "$?"; done

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bookworm_InRelease 0

I'm not really surprised that it works as root, the test was supposed to be run as a user. When you see #> it means root, $> means user, people usually just use # and $. However, this would only have been useful if the previous test had failed, so it doesn't matter.

Keep us informed, good luck!

[Probzx]

Hello,

I have some difference between the /var/lib/apt/lists of the problematic server and a fresh one.

As I said before, until everything is in order, you need to work on rolling back changes and testing at every step. This is beyond the topic, but I'm not sure you've adopted the right strategy with sudo. If you want developers to be able to use apt, simply grant them the right to use apt in the sudo configuration. I haven't tested whether the changes you made to /var/lib/apt/lists/ might be a problem, but it's easy to check on a test system. I assume /etc/apt/ is OK, but I would have preferred if you posted the command result, it's hard enough to diagnose remotely, without minimal output I'm blind.

The output of LANG="C" apt -o "Debug::Acquire::gpgv=1" -o "Dir::Etc::TrustedParts=/usr/share/keyrings/" -o "Dir::Etc::Trusted=/dev/null" update :
[...]
It seems to work. Do you specify a trusted key directory in order to make the apt update working into this command ?
I also try to install sendmail with apt, it work !

Yes, the binary keys are in /usr/share/keyrings/, the "ASCII-armored" keys (asc) are in /etc/apt/trusted.gpg.d/, they all come from the debian-archive-keyring package. This reminds me of a quirk that may well apply here. Read this topic [Solved] apt GPG NO_PUBKEY -- complicated issue and test the procedure, who knows.

The output of for SIGN in "${SIGNED[@]}"; do echo -e "\n>>> $SIGN $EUID"; LANG="C" gpgv -v "${KEYS[@]}" "$SIGN"; echo "$?"; done :

Code: Select all

root@deb12fnccrecodeau:~# for SIGN in "${SIGNED[@]}"; do echo -e "\n>>> $SIGN $EUID"; LANG="C" gpgv -v "${KEYS[@]}" "$SIGN"; echo "$?"; done

>>> /var/lib/apt/lists/deb.debian.org_debian_dists_bookworm_InRelease 0

I'm not really surprised that it works as root, the test was supposed to be run as a user. When you see #> it means root, $> means user, people usually just use # and $. However, this would only have been useful if the previous test had failed, so it doesn't matter.

Keep us informed, good luck!

Hello,

Thank you for your feedback.

I adopted a very bad strategy for rights management, I will adopt your method for the next servers as well as this one once I have solved my errors.

I didn't mention it and didn't put it in output, but each time I used a fresh, functional server as a model and made corrections to the rights on the folders and files on the problematic server, so that they corresponded to what they should have been before the changes.
I've also corrected /var/lib/apt/lists.

I'll have a look at the topic you sent me and see if it can help me solve my problem, I'm sure I'll find some very interesting things.
Maybe I've also missed out on modifying the rights of certain files, I'll check that out too.

The good news is that thanks to you, we've been able to solve the problem with php's send mail function and thus solve a blocking problem.
I'll let you know here when I've made any progress.

[fabien]

Trial and error is the path to true knowledge, sometimes it hurts a little but in the end you win. Thanks for updating your topic!

[Probzx]

Hello,

I remove all files in /etc/apt/trusted.gpg on /root and copy all files in /usr/share/keyrings to /etc/apt/trusted.gpg.d.
Tested sudo apt update with a user and it seems to work like a charm now !

Thanks you very much for your precious help

Have a nice day

[lindi]

I remove all files in /etc/apt/trusted.gpg on /root and copy all files in /usr/share/keyrings to /etc/apt/trusted.gpg.d.

That sounds dangerous. /usr/share/keyrings/debian-archive-removed-keys.gpg includes keys that have been removed on purpose. You probably do not want to trust those?