Update LinuxCNC 2.9.5 on debian 13
- anli
-
Topic Author
- Offline
- Junior Member
-
Less
More
- Posts: 25
- Thank you received: 1
20 Sep 2025 17:27 #335212
by anli
Update LinuxCNC 2.9.5 on debian 13 was created by anli
Hi,
I used Debian 12 LinuxCNC image to install LinuxCNC. Afterwards I updated to Debian 13 as shown here in the forum because I needed the newer drivers for display and network because I use an Asus NUC 15 pro. However, I can't upgrade to the new 2.9.5 release using apt:
I ran linuxcnc-install.sh as described in linuxcnc.org/docs/stable/html/getting-st...th_preempt_rt_kernel
How can I update to the latest release? Thanks for your help in advance!
I used Debian 12 LinuxCNC image to install LinuxCNC. Afterwards I updated to Debian 13 as shown here in the forum because I needed the newer drivers for display and network because I use an Asus NUC 15 pro. However, I can't upgrade to the new 2.9.5 release using apt:
root@linuxcnc:/home/anli# apt update
OK:1 http://security.debian.org/debian-security trixie-security InRelease
OK:2 http://deb.debian.org/debian trixie InRelease
OK:3 http://deb.debian.org/debian trixie-updates InRelease
OK:4 http://download.opensuse.org/repositories/science:/EtherLab/Debian_12 ./ InRelease
OK:5 https://repository.qtpyvcp.com/apt develop InRelease
OK:6 https://dl.google.com/linux/chrome/deb stable InRelease
Holen:7 https://www.linuxcnc.org bookworm InRelease [31,1 kB]
Fehl:7 https://www.linuxcnc.org bookworm InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound: Policy rejected asymmetric algorithm because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Warnung: http://download.opensuse.org/repositories/science:/EtherLab/Debian_12/./InRelease: Policy will reject signature within a year, see --audit for details
Warnung: OpenPGP-Signaturüberprüfung fehlgeschlagen: https://www.linuxcnc.org bookworm InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound: Policy rejected asymmetric algorithm because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Fehler: Das Depot »https://www.linuxcnc.org bookworm InRelease« ist nicht signiert.
Hinweis: Eine Aktualisierung von solch einem Depot kann nicht auf eine sichere Art durchgeführt werden, daher ist es standardmäßig deaktiviert.
Hinweis: Weitere Details zur Erzeugung von Paketdepots sowie zu deren Benutzerkonfiguration finden Sie in der Handbuchseite apt-secure(8).
I ran linuxcnc-install.sh as described in linuxcnc.org/docs/stable/html/getting-st...th_preempt_rt_kernel
How can I update to the latest release? Thanks for your help in advance!
Please Log in or Create an account to join the conversation.
- michaeln
- Offline
- Junior Member
-
Less
More
- Posts: 30
- Thank you received: 7
20 Sep 2025 18:38 #335215
by michaeln
Replied by michaeln on topic Update LinuxCNC 2.9.5 on debian 13
Please Log in or Create an account to join the conversation.
- anli
-
Topic Author
- Offline
- Junior Member
-
Less
More
- Posts: 25
- Thank you received: 1
20 Sep 2025 20:47 #335221
by anli
Replied by anli on topic Update LinuxCNC 2.9.5 on debian 13
Yes, I used that thread to do the upgrade. I reinstalled linuxcnc once again, which seems to have fixed the first issue, but now I run into the next one, please see the attachment.
Please Log in or Create an account to join the conversation.
- PCW
-
- Away
- Moderator
-
Less
More
- Posts: 18997
- Thank you received: 5279
20 Sep 2025 21:29 #335224
by PCW
Replied by PCW on topic Update LinuxCNC 2.9.5 on debian 13
Looks like the latency is worse than Debian 12 (if Debian 12 was working)
What does:
sudo chrt 99 ping -i .001 -c 60000 -q [card_ip_address]
report ?
Where [card_ip_address] is the ip address of the 7I76E
(the command will run for 1 minute and then print statistics)
What does:
sudo chrt 99 ping -i .001 -c 60000 -q [card_ip_address]
report ?
Where [card_ip_address] is the ip address of the 7I76E
(the command will run for 1 minute and then print statistics)
Please Log in or Create an account to join the conversation.
- unknown
- Offline
- Platinum Member
-
Less
More
- Posts: 608
- Thank you received: 204
20 Sep 2025 22:15 #335225
by unknown
Replied by unknown on topic Update LinuxCNC 2.9.5 on debian 13
One thing I would check is the kernel command line options, did your previous install have any isolated cores ?
Unless the grub config files have not been modified manual editing is required for any extra options.
If the above is not the issue the Debian supplied kernel may require an in depth look at the config.
Or I maybe just barking up the wrong tree and be completely wrong, my apologies if that is the case.
Unless the grub config files have not been modified manual editing is required for any extra options.
If the above is not the issue the Debian supplied kernel may require an in depth look at the config.
Or I maybe just barking up the wrong tree and be completely wrong, my apologies if that is the case.
Please Log in or Create an account to join the conversation.
- anli
-
Topic Author
- Offline
- Junior Member
-
Less
More
- Posts: 25
- Thank you received: 1
21 Sep 2025 11:06 #335240
by anli
I managed to get it up and running. First I disabled
However, some errors remain:I'll try to fix these - however if anybody has a quick idea what needs to be done to fix them your help is always appreciated 
Thank you so far for your quick help to get the machine up and running again!
Replied by anli on topic Update LinuxCNC 2.9.5 on debian 13
reportssudo chrt 99 ping -i .001 -c 60000 -q [card_ip_address]
anli@linuxcnc:~$ sudo chrt 99 ping -i .001 -c 60000 -q 192.168.1.121
[sudo] Passwort für anli:
PING 192.168.1.121 (192.168.1.121) 56(84) bytes of data.
--- 192.168.1.121 ping statistics ---
60000 packets transmitted, 60000 received, 0% packet loss, time 59999ms
rtt min/avg/max/mdev = 0.045/0.054/0.750/0.013 ms
- Secure boot
- Intel SpeedStep
- PCIe ASPM
- TurboBoost
However, some errors remain:
2:52:38.591 WARNING Config: mousetweaks GSettings schema not found, mousetweaks integration disabled.
[GladeVCP.QTVCP.QT_ISTAT][WARNING] INI Parsing Error, No DEFAULT_SPINDLE_0_SPEED Entry in DISPLAY, Using: 200 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING] INI Parsing Error, No MIN_SPINDLE_0_SPEED Entry in DISPLAY, Using: 100 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING] INI Parsing Error, No MAX_SPINDLE_0_SPEED Entry in DISPLAY, Using: 2500 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING] INI Parsing Error, No MAX_SPINDLE_0_OVERRIDE Entry in DISPLAY, Using: 1 (qt_istat.py:532)
[GladeVCP.QTVCP.QT_ISTAT][WARNING] INI Parsing Error, No MIN_SPINDLE_0_OVERRIDE Entry in DISPLAY, Using: 0.5 (qt_istat.py:532)
[Gmoccapy.GMOCCAPY.GETINIINFO][WARNING] Wrong entry [DISPLAY] CYCLE_TIME in INI File! Will use gmoccapy default 150 (getiniinfo.py:56)
58720259
hm2/hm2_7i76e.0: Smart Serial port 0: DoIt not cleared from previous servo thread. Servo thread rate probably too fast. This message will not be repeated, but the hm2_7i76e.0.sserial.0.fault-count pin will indicate if this is happening frequently.
hm2/hm2_7i76e.0: Smart Serial port 0: DoIt not cleared from previous servo thread. Servo thread rate probably too fast. This message will not be repeated, but the hm2_7i76e.0.sserial.0.fault-count pin will indicate if this is happening frequently.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/gladevcp/hal_widgets.py", line 361, in <lambda>
lambda p: self.set_text(self.text_template % p.value))
~~~~~~~~~~~~~~~~~~~^~~~~~~~~

Thank you so far for your quick help to get the machine up and running again!
Please Log in or Create an account to join the conversation.
- PCW
-
- Away
- Moderator
-
Less
More
- Posts: 18997
- Thank you received: 5279
21 Sep 2025 16:19 #335243
by PCW
Replied by PCW on topic Update LinuxCNC 2.9.5 on debian 13
The SmartSerial is also a latency related issue
Pinning the Ethernet IRQ to the top processor in conjunction with isolcpus=LastCPU
can also help a lot (LastCPU =3 for a 4 core processor)
This script can do this temporarily:
Pinning the Ethernet IRQ to the top processor in conjunction with isolcpus=LastCPU
can also help a lot (LastCPU =3 for a 4 core processor)
This script can do this temporarily:
Attachments:
Please Log in or Create an account to join the conversation.
- anli
-
Topic Author
- Offline
- Junior Member
-
Less
More
- Posts: 25
- Thank you received: 1
27 Sep 2025 09:51 #335483
by anli
Replied by anli on topic Update LinuxCNC 2.9.5 on debian 13
Thank you, I managed to get the machine up and running now.
I fixed the errors in the ini and the glade file (wrong labels).
However, if I try to update to LinuxCNC via, I receive the following error:Stating that the repo is not signed.
This is my linuxcnc.list:The key lives in /usr/share/keyrings/linuxcnc.gpg
What am I doing wrong here?
I fixed the errors in the ini and the glade file (wrong labels).
However, if I try to update to LinuxCNC via
apt update
root@linuxcnc:/etc/apt/sources.list.d# apt update
OK:1 http://security.debian.org/debian-security trixie-security InRelease
OK:2 http://deb.debian.org/debian trixie InRelease
OK:3 http://download.opensuse.org/repositories/science:/EtherLab/Debian_12 ./ InRelease
OK:4 http://deb.debian.org/debian trixie-updates InRelease
OK:5 https://tvd-packages.tradingview.com/ubuntu/stable jammy InRelease
OK:6 https://repository.qtpyvcp.com/apt develop InRelease
OK:7 https://dl.google.com/linux/chrome/deb stable InRelease
OK:8 https://packages.microsoft.com/repos/code stable InRelease
Holen:9 https://www.linuxcnc.org trixie InRelease [31,1 kB]
Fehl:9 https://www.linuxcnc.org trixie InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound: Policy rejected asymmetric algorithm because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Warnung: http://download.opensuse.org/repositories/science:/EtherLab/Debian_12/./InRelease: Policy will reject signature within a year, see --audit for details
Warnung: OpenPGP-Signaturüberprüfung fehlgeschlagen: https://www.linuxcnc.org trixie InRelease: Sub-process /usr/bin/sqv returned an error code (1), error message is: Signing key on EEDD0D29F81DCAA0D258661F3CB9FD148F374FEF is not bound: Policy rejected asymmetric algorithm because: DSA1024 is not considered secure since 2014-02-01T00:00:00Z
Fehler: Das Depot »https://www.linuxcnc.org trixie InRelease« ist nicht signiert.
Hinweis: Eine Aktualisierung von solch einem Depot kann nicht auf eine sichere Art durchgeführt werden, daher ist es standardmäßig deaktiviert.
Hinweis: Weitere Details zur Erzeugung von Paketdepots sowie zu deren Benutzerkonfiguration finden Sie in der Handbuchseite apt-secure(8).
This is my linuxcnc.list:
deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/linuxcnc.gpg] https://www.linuxcnc.org/ trixie base 2.9-uspace 2.9-rt
deb-src [arch=amd64,arm64 signed-by=/usr/share/keyrings/linuxcnc.gpg] https://www.linuxcnc.org/ trixie base 2.9-uspace 2.9-rt
What am I doing wrong here?
Please Log in or Create an account to join the conversation.
- andypugh
-
- Offline
- Moderator
-
Less
More
- Posts: 22834
- Thank you received: 4935
28 Sep 2025 18:10 #335515
by andypugh
Replied by andypugh on topic Update LinuxCNC 2.9.5 on debian 13
You can try downloading the .deb file directly and manually installing.
(sudo apt-get install ./deb-filename )
The ./ is a clue to apt-get to look at a local file rather than on the repository.
It looks like Trixie has a more restrictive archive key policy than Bookworm, and it's going to take me some time to work that out as it's a subject I know next-to-nothing about.
www.linuxcnc.org/dists/trixie/
(sudo apt-get install ./deb-filename )
The ./ is a clue to apt-get to look at a local file rather than on the repository.
It looks like Trixie has a more restrictive archive key policy than Bookworm, and it's going to take me some time to work that out as it's a subject I know next-to-nothing about.
www.linuxcnc.org/dists/trixie/
Please Log in or Create an account to join the conversation.
- rodw
-
- Offline
- Platinum Member
-
Less
More
- Posts: 11410
- Thank you received: 3825
03 Oct 2025 11:18 #335774
by rodw
Replied by rodw on topic Update LinuxCNC 2.9.5 on debian 13
It looks like we are using a 1024 bit long key (DSA1024) which is considered insecure by Trixie.
Ref: Google AI
Debian prefers a key length of 4096 bits for RSA OpenPGP keys used for signing, although Ed25519 is now the default for new keys generated with current tools, offering even stronger security.
While 2048-bit RSA keys are still considered secure for some applications, Debian's preference for 4096-bit keys is influenced by both security considerations and the desire to reduce future migration efforts for volunteers maintaining keyrings. This aims to combine potential future migrations from 2048 to 4096 bits into a single, proactive move.
When creating a new GPG key pair for signing Debian packages, you can specify the key type and length, with 4096-bit RSA or Ed25519 being the recommended choices.
and:
A dsa1024 key refers to a Digital Signature Algorithm (DSA) key with a length of 1024 bits,
Ref: Google AI
Debian prefers a key length of 4096 bits for RSA OpenPGP keys used for signing, although Ed25519 is now the default for new keys generated with current tools, offering even stronger security.
While 2048-bit RSA keys are still considered secure for some applications, Debian's preference for 4096-bit keys is influenced by both security considerations and the desire to reduce future migration efforts for volunteers maintaining keyrings. This aims to combine potential future migrations from 2048 to 4096 bits into a single, proactive move.
When creating a new GPG key pair for signing Debian packages, you can specify the key type and length, with 4096-bit RSA or Ed25519 being the recommended choices.
and:
A dsa1024 key refers to a Digital Signature Algorithm (DSA) key with a length of 1024 bits,
The following user(s) said Thank You: tommylight
Please Log in or Create an account to join the conversation.
Time to create page: 0.153 seconds