Update LinuxCNC 2.9.5 on debian 13
- anli
- 
				 Topic Author Topic Author
- Offline
- Junior Member
- 
				  
		Less
		More
		
			
	
		- Posts: 25
- Thank you received: 1
			
	
						20 Sep 2025 17:27				#335212
		by anli
	
	
		
			
	
			
			 		
													
	
				Update LinuxCNC 2.9.5 on debian 13 was created by anli			
			
				Hi,
I used Debian 12 LinuxCNC image to install LinuxCNC. Afterwards I updated to Debian 13 as shown here in the forum because I needed the newer drivers for display and network because I use an Asus NUC 15 pro. However, I can't upgrade to the new 2.9.5 release using apt:
I ran linuxcnc-install.sh as described in linuxcnc.org/docs/stable/html/getting-st...th_preempt_rt_kernel
How can I update to the latest release? Thanks for your help in advance!
					I used Debian 12 LinuxCNC image to install LinuxCNC. Afterwards I updated to Debian 13 as shown here in the forum because I needed the newer drivers for display and network because I use an Asus NUC 15 pro. However, I can't upgrade to the new 2.9.5 release using apt:
root@linuxcnc:/home/anli# apt update
OK:1 http://security.debian.org/debian-security trixie-security InRelease
OK:2 http://deb.debian.org/debian trixie InRelease                                                                                                          
OK:3 http://deb.debian.org/debian trixie-updates InRelease                                                                                                  
OK:4 http://download.opensuse.org/repositories/science:/EtherLab/Debian_12 ./ InRelease                                                                     
OK:5 https://repository.qtpyvcp.com/apt develop InRelease                                                                                                   
OK:6 https://dl.google.com/linux/chrome/deb stable InRelease                                         
Holen:7 https://www.linuxcnc.org bookworm InRelease [31,1 kB]                
Fehl:7 https://www.linuxcnc.org bookworm InRelease
  Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound:            Policy rejected asymmetric algorithm   because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Warnung: http://download.opensuse.org/repositories/science:/EtherLab/Debian_12/./InRelease: Policy will reject signature within a year, see --audit for details
Warnung: OpenPGP-Signaturüberprüfung fehlgeschlagen: https://www.linuxcnc.org bookworm InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound:            Policy rejected asymmetric algorithm   because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Fehler: Das Depot »https://www.linuxcnc.org bookworm InRelease« ist nicht signiert.
Hinweis: Eine Aktualisierung von solch einem Depot kann nicht auf eine sichere Art durchgeführt werden, daher ist es standardmäßig deaktiviert.
Hinweis: Weitere Details zur Erzeugung von Paketdepots sowie zu deren Benutzerkonfiguration finden Sie in der Handbuchseite apt-secure(8).I ran linuxcnc-install.sh as described in linuxcnc.org/docs/stable/html/getting-st...th_preempt_rt_kernel
How can I update to the latest release? Thanks for your help in advance!
Please Log in or Create an account to join the conversation.
- michaeln
- Offline
- Junior Member
- 
				  
		Less
		More
		
			
	
		- Posts: 31
- Thank you received: 7
			
	
						20 Sep 2025 18:38				#335215
		by michaeln
	
	
		
			
	
			
			 		
													
	
				Replied by michaeln on topic Update LinuxCNC 2.9.5 on debian 13			
			
					Please Log in or Create an account to join the conversation.
- anli
- 
				 Topic Author Topic Author
- Offline
- Junior Member
- 
				  
		Less
		More
		
			
	
		- Posts: 25
- Thank you received: 1
			
	
						20 Sep 2025 20:47				#335221
		by anli
	
	
		
			
	
	
			
			 		
													
	
				Replied by anli on topic Update LinuxCNC 2.9.5 on debian 13			
			
				Yes, I used that thread to do the upgrade. I reinstalled linuxcnc once again, which seems to have fixed the first issue, but now I run into the next one, please see the attachment.			
					Please Log in or Create an account to join the conversation.
- PCW
- 
				  
- Away
- Moderator
- 
				  
		Less
		More
		
			
	
		- Posts: 17371
- Thank you received: 5064
			
	
						20 Sep 2025 21:29				#335224
		by PCW
	
	
		
			
	
			
			 		
													
	
				Replied by PCW on topic Update LinuxCNC 2.9.5 on debian 13			
			
				Looks like the latency is worse than Debian 12 (if Debian 12 was working)
What does:
sudo chrt 99 ping -i .001 -c 60000 -q [card_ip_address]
report ?
Where [card_ip_address] is the ip address of the 7I76E
(the command will run for 1 minute and then print statistics)
					What does:
sudo chrt 99 ping -i .001 -c 60000 -q [card_ip_address]
report ?
Where [card_ip_address] is the ip address of the 7I76E
(the command will run for 1 minute and then print statistics)
Please Log in or Create an account to join the conversation.
- unknown
- Offline
- Platinum Member
- 
				  
		Less
		More
		
			
	
		- Posts: 717
- Thank you received: 236
			
	
						20 Sep 2025 22:15				#335225
		by unknown
	
	
		
			
	
			
			 		
													
	
				Replied by unknown on topic Update LinuxCNC 2.9.5 on debian 13			
			
				One thing I would check is the kernel command line options, did your previous install have any isolated cores ?
Unless the grub config files have not been modified manual editing is required for any extra options.
If the above is not the issue the Debian supplied kernel may require an in depth look at the config.
Or I maybe just barking up the wrong tree and be completely wrong, my apologies if that is the case.
					Unless the grub config files have not been modified manual editing is required for any extra options.
If the above is not the issue the Debian supplied kernel may require an in depth look at the config.
Or I maybe just barking up the wrong tree and be completely wrong, my apologies if that is the case.
Please Log in or Create an account to join the conversation.
- anli
- 
				 Topic Author Topic Author
- Offline
- Junior Member
- 
				  
		Less
		More
		
			
	
		- Posts: 25
- Thank you received: 1
			
	
						21 Sep 2025 11:06				#335240
		by anli
	
	
		
			
				I managed to get it up and running. First I disabled
However, some errors remain:I'll try to fix these - however if anybody has a quick idea what needs to be done to fix them your help is always appreciated 
Thank you so far for your quick help to get the machine up and running again!
					
	
			
			 		
													
	
				Replied by anli on topic Update LinuxCNC 2.9.5 on debian 13			
			reportssudo chrt 99 ping -i .001 -c 60000 -q [card_ip_address]
anli@linuxcnc:~$ sudo chrt 99 ping -i .001 -c 60000 -q 192.168.1.121
[sudo] Passwort für anli: 
PING 192.168.1.121 (192.168.1.121) 56(84) bytes of data.
--- 192.168.1.121 ping statistics ---
60000 packets transmitted, 60000 received, 0% packet loss, time 59999ms
rtt min/avg/max/mdev = 0.045/0.054/0.750/0.013 ms- Secure boot
- Intel SpeedStep
- PCIe ASPM
- TurboBoost
However, some errors remain:
2:52:38.591 WARNING Config: mousetweaks GSettings schema not found, mousetweaks integration disabled.
[GladeVCP.QTVCP.QT_ISTAT][WARNING]  INI Parsing Error, No DEFAULT_SPINDLE_0_SPEED Entry in DISPLAY, Using: 200 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING]  INI Parsing Error, No MIN_SPINDLE_0_SPEED Entry in DISPLAY, Using: 100 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING]  INI Parsing Error, No MAX_SPINDLE_0_SPEED Entry in DISPLAY, Using: 2500 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING]  INI Parsing Error, No MAX_SPINDLE_0_OVERRIDE Entry in DISPLAY, Using: 1 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING]  INI Parsing Error, No MIN_SPINDLE_0_OVERRIDE Entry in DISPLAY, Using: 0.5 (qt_istat.py:532)
[Gmoccapy.GMOCCAPY.GETINIINFO][WARNING]  Wrong entry [DISPLAY] CYCLE_TIME in INI File! Will use gmoccapy default 150 (getiniinfo.py:56)
58720259
hm2/hm2_7i76e.0: Smart Serial port 0: DoIt not cleared from previous servo thread. Servo thread rate probably too fast. This message will not be repeated, but the hm2_7i76e.0.sserial.0.fault-count pin will indicate if this is happening frequently.
hm2/hm2_7i76e.0: Smart Serial port 0: DoIt not cleared from previous servo thread. Servo thread rate probably too fast. This message will not be repeated, but the hm2_7i76e.0.sserial.0.fault-count pin will indicate if this is happening frequently.
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/gladevcp/hal_widgets.py", line 361, in <lambda>
    lambda p: self.set_text(self.text_template % p.value))
                            ~~~~~~~~~~~~~~~~~~~^~~~~~~~~
Thank you so far for your quick help to get the machine up and running again!
Please Log in or Create an account to join the conversation.
- PCW
- 
				  
- Away
- Moderator
- 
				  
		Less
		More
		
			
	
		- Posts: 17371
- Thank you received: 5064
			
	
						21 Sep 2025 16:19				#335243
		by PCW
	
	
		
			
	
	
		
			
			 		
													
	
				Replied by PCW on topic Update LinuxCNC 2.9.5 on debian 13			
			
				The SmartSerial is also a latency related issue
Pinning the Ethernet IRQ to the top processor in conjunction with isolcpus=LastCPU
can also help a lot (LastCPU =3 for a 4 core processor)
This script can do this temporarily:
 
			
					Pinning the Ethernet IRQ to the top processor in conjunction with isolcpus=LastCPU
can also help a lot (LastCPU =3 for a 4 core processor)
This script can do this temporarily:
Attachments:
Please Log in or Create an account to join the conversation.
- anli
- 
				 Topic Author Topic Author
- Offline
- Junior Member
- 
				  
		Less
		More
		
			
	
		- Posts: 25
- Thank you received: 1
			
	
						27 Sep 2025 09:51				#335483
		by anli
	
	
		
			
	
			
			 		
													
	
				Replied by anli on topic Update LinuxCNC 2.9.5 on debian 13			
			
				Thank you, I managed to get the machine up and running now.
I fixed the errors in the ini and the glade file (wrong labels).
However, if I try to update to LinuxCNC via, I receive the following error:Stating that the repo is not signed.
This is my linuxcnc.list:The key lives in /usr/share/keyrings/linuxcnc.gpg
What am I doing wrong here?
					I fixed the errors in the ini and the glade file (wrong labels).
However, if I try to update to LinuxCNC via
apt updateroot@linuxcnc:/etc/apt/sources.list.d# apt update
OK:1 http://security.debian.org/debian-security trixie-security InRelease
OK:2 http://deb.debian.org/debian trixie InRelease                                                                                                                                 
OK:3 http://download.opensuse.org/repositories/science:/EtherLab/Debian_12 ./ InRelease                                                                                            
OK:4 http://deb.debian.org/debian trixie-updates InRelease                                                                                                                         
OK:5 https://tvd-packages.tradingview.com/ubuntu/stable jammy InRelease                                                                                                            
OK:6 https://repository.qtpyvcp.com/apt develop InRelease                                                                                                                          
OK:7 https://dl.google.com/linux/chrome/deb stable InRelease                                                                                                                       
OK:8 https://packages.microsoft.com/repos/code stable InRelease                                      
Holen:9 https://www.linuxcnc.org trixie InRelease [31,1 kB]                 
Fehl:9 https://www.linuxcnc.org trixie InRelease
  Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound:            Policy rejected asymmetric algorithm   because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Warnung: http://download.opensuse.org/repositories/science:/EtherLab/Debian_12/./InRelease: Policy will reject signature within a year, see --audit for details
Warnung: OpenPGP-Signaturüberprüfung fehlgeschlagen: https://www.linuxcnc.org trixie InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound:            Policy rejected asymmetric algorithm   because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Fehler: Das Depot »https://www.linuxcnc.org trixie InRelease« ist nicht signiert.
Hinweis: Eine Aktualisierung von solch einem Depot kann nicht auf eine sichere Art durchgeführt werden, daher ist es standardmäßig deaktiviert.
Hinweis: Weitere Details zur Erzeugung von Paketdepots sowie zu deren Benutzerkonfiguration finden Sie in der Handbuchseite apt-secure(8).This is my linuxcnc.list:
deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/linuxcnc.gpg] https://www.linuxcnc.org/ trixie base 2.9-uspace 2.9-rt
deb-src [arch=amd64,arm64 signed-by=/usr/share/keyrings/linuxcnc.gpg] https://www.linuxcnc.org/ trixie base 2.9-uspace 2.9-rtWhat am I doing wrong here?
Please Log in or Create an account to join the conversation.
- andypugh
- 
				  
- Offline
- Moderator
- 
				  
		Less
		More
		
			
	
		- Posts: 19677
- Thank you received: 4554
			
	
						28 Sep 2025 18:10				#335515
		by andypugh
	
	
		
			
	
			
			 		
													
	
				Replied by andypugh on topic Update LinuxCNC 2.9.5 on debian 13			
			
				You can try downloading the .deb file directly and manually installing.
(sudo apt-get install ./deb-filename )
The ./ is a clue to apt-get to look at a local file rather than on the repository.
It looks like Trixie has a more restrictive archive key policy than Bookworm, and it's going to take me some time to work that out as it's a subject I know next-to-nothing about.
www.linuxcnc.org/dists/trixie/
					(sudo apt-get install ./deb-filename )
The ./ is a clue to apt-get to look at a local file rather than on the repository.
It looks like Trixie has a more restrictive archive key policy than Bookworm, and it's going to take me some time to work that out as it's a subject I know next-to-nothing about.
www.linuxcnc.org/dists/trixie/
Please Log in or Create an account to join the conversation.
- rodw
- 
				  
- Offline
- Platinum Member
- 
				  
		Less
		More
		
			
	
		- Posts: 11460
- Thank you received: 3843
			
	
						03 Oct 2025 11:18				#335774
		by rodw
	
	
		
			
	
	
			 		
													
	
				Replied by rodw on topic Update LinuxCNC 2.9.5 on debian 13			
			
				It looks like we are using a 1024 bit long key (DSA1024) which is considered insecure by Trixie.
Ref: Google AI
Debian prefers a key length of 4096 bits for RSA OpenPGP keys used for signing, although Ed25519 is now the default for new keys generated with current tools, offering even stronger security.
While 2048-bit RSA keys are still considered secure for some applications, Debian's preference for 4096-bit keys is influenced by both security considerations and the desire to reduce future migration efforts for volunteers maintaining keyrings. This aims to combine potential future migrations from 2048 to 4096 bits into a single, proactive move.
When creating a new GPG key pair for signing Debian packages, you can specify the key type and length, with 4096-bit RSA or Ed25519 being the recommended choices.
and:
A dsa1024 key refers to a Digital Signature Algorithm (DSA) key with a length of 1024 bits,
 			
					Ref: Google AI
Debian prefers a key length of 4096 bits for RSA OpenPGP keys used for signing, although Ed25519 is now the default for new keys generated with current tools, offering even stronger security.
While 2048-bit RSA keys are still considered secure for some applications, Debian's preference for 4096-bit keys is influenced by both security considerations and the desire to reduce future migration efforts for volunteers maintaining keyrings. This aims to combine potential future migrations from 2048 to 4096 bits into a single, proactive move.
When creating a new GPG key pair for signing Debian packages, you can specify the key type and length, with 4096-bit RSA or Ed25519 being the recommended choices.
and:
A dsa1024 key refers to a Digital Signature Algorithm (DSA) key with a length of 1024 bits,
		The following user(s) said Thank You: tommylight 	
			Please Log in or Create an account to join the conversation.
		Time to create page: 0.227 seconds	
