Package Details: tor-browser 8.5.4-1

Git Clone URL: https://aur.archlinux.org/tor-browser.git (read-only)
Package Base: tor-browser
Description: Tor Browser Bundle: anonymous browsing using Firefox and Tor (international PKGBUILD)
Upstream URL: https://www.torproject.org/projects/torbrowser.html
Keywords: Anonymity Browser Internet Network Tor
Licenses: GPL
Submitter: grufo
Maintainer: grufo (jugs)
Last Packager: jugs
Votes: 1015
Popularity: 19.999509
First Submitted: 2017-03-23 12:24
Last Updated: 2019-07-09 21:32

Pinned Comments

grufo commented on 2018-09-23 00:13

Before running makepkg, you must do this (as normal user):

$ gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys 0x4E2C6E8793298290

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

Latest Comments

1 2 3 4 5 6 ... Next › Last »

je-vv commented on 2019-07-21 22:20

An alternative gpg public key will be required (with corresponding signature files as well). Not sure if any of the other keys for tor-browser devs:

https://2019.www.torproject.org/docs/signing-keys.html.en

Can be used, with new asc files... I also had to get rid of another old key from Tor and another one from Enigmail...

account commented on 2019-07-10 14:11

My gpg --list-keys is still sub-second.

Should we delete the Tor browser cert

pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

?

l0b0 commented on 2019-07-10 09:21

The Tor browser key seems to have been spammed (https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f) - there were 121,244 signatures on it before I deleted it from pubkeys and saved 10 MB! Considering gpg --list-keys went from a few minutes to about a single second after deleting it's likely that this key will cause massive slow-down for people trying to validate the installation.

grufo commented on 2019-07-05 00:04

@barkley128 There is nothing to fix, the PKGBUILD does not contain any information about PGP servers. These you have to provide yourself, and if a server does not work, all you have to do is to search for another server.

-- grufo

barkley128 commented on 2019-07-04 08:32

Can't you fix some key issue? Tried the latest methods in comments. The pgp.mit.edu site doesn't work. The full key import doesn't work. Please fix the package, or reupload the key to some working key server. Found one! This one imported nicely: gpg --keyserver pgp.surfnet.nl --recv-keys 0x4E2C6E8793298290

grufo commented on 2019-06-22 15:37

@abdulhakeem

Yes, apparently someone has requested the merging of all the tor-browser-* packages with tor-browser. However I have just made jugs from tor-browser-en co-maintainer of this package.

--grufo

account commented on 2019-06-22 13:24

Same problem. I've done

gpg --recv-keys EB774491D9FF06E2

with output:

gpg: key 4E2C6E8793298290: 2 duplicate signatures removed
gpg: key 4E2C6E8793298290: 306 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 2 signatures reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys 0x4E2C6E8793298290

with output:

gpg: key 4E2C6E8793298290: 2 duplicate signatures removed
gpg: key 4E2C6E8793298290: 292 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 2 signatures reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

and still get the bad sig error:

==> Verifying source file signatures with gpg...
    tor-browser-linux64-8.5.2_en-US.tar.xz ... FAILED (bad signature from public key EB774491D9FF06E2)
==> ERROR: One or more PGP signatures could not be verified!

LA-MJ commented on 2019-06-21 20:37

just running gpg --recv-key EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 should be enough

P.S. Do not ever use short key IDs

yurikoles commented on 2019-06-21 07:46

@flash872, please also include output of gpg

flash872 commented on 2019-06-21 00:28

Notwithstanding the pinned gpg --keyserver instructions (which I've run exactly as instructed, but got a "no keyserver available" error), I'm still getting the following errors:

tor-browser-linux64-8.5.2_en-US.tar.xz ... FAILED (bad signature from public key EB774491D9FF06E2) ==> ERROR: One or more PGP signatures could not be verified!

I've also run gpg --recv-keys EB774491D9FF06E2 and gpg --keyserver --recv-keys 0x4E2C6E8793298290

@yurikoles, here is the output of gpg:

gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys 0x4E2C6E8793298290 gpg: key 4E2C6E8793298290: 2 duplicate signatures removed gpg: key 4E2C6E8793298290: 292 signatures not checked due to missing keys gpg: key 4E2C6E8793298290: 2 signatures reordered gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" not changed gpg: Total number processed: 1 gpg: unchanged: 1

gpg --recv-keys EB774491D9FF06E2 gpg: key 4E2C6E8793298290: 2 duplicate signatures removed gpg: key 4E2C6E8793298290: 306 signatures not checked due to missing keys gpg: key 4E2C6E8793298290: 2 signatures reordered gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" not changed gpg: Total number processed: 1 gpg: unchanged: 1

gpg --recv-keys 0x4E2C6E8793298290 gpg: key 4E2C6E8793298290: 2 duplicate signatures removed gpg: key 4E2C6E8793298290: 306 signatures not checked due to missing keys gpg: key 4E2C6E8793298290: 2 signatures reordered gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" not changed gpg: Total number processed: 1 gpg: unchanged: 1

What am I doing wrong? TIA for any assistance.