| Git Clone URL: | https://aur.archlinux.org/mullvad-browser-bin.git (read-only, click to copy) |
|---|---|
| Package Base: | mullvad-browser-bin |
| Description: | Privacy-focused web browser developed by Mullvad VPN and the Tor Project |
| Upstream URL: | https://mullvad.net/en/browser |
| Keywords: | browser firefox mullvad privacy private |
| Licenses: | MPL-2.0, GPL-3.0-or-later |
| Conflicts: | mullvad-browser |
| Provides: | mullvad-browser |
| Submitter: | tarball |
| Maintainer: | tarball |
| Last Packager: | tarball |
| Votes: | 56 |
| Popularity: | 6.20 |
| First Submitted: | 2023-04-03 14:58 (UTC) |
| Last Updated: | 2025-04-01 16:44 (UTC) |
For those getting an error message while importing PGP keys:
gpg: keyserver receive failed: No data -> problem importing keys
From: Verifying Mullvad Browser signature
Using the following command, as root, fixed the issue:
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org(Presuming updating mullvad-browser is left up to Arch's package manager and not the browser's self updater)
You all may be interested in following https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41083 and its associated issues and MRs. With respect to ignoring the updater, the 'right' way to do this is to add a particular file in the install directory. See this comment for specifics: - https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42482#note_3019228
This will be the supported way for downstream packagers to disable the updater and manage their own updates from the 13.5 series on.
edit: looks like system-install will be enough pretty soon, see @pospeselr's comment for more info. That file is already being created by the PKGBUILD.
Thanks, I'll look into that shortly and add it if it helps.
The usual place for this is policies.json (see this nix config for an example), but I tried that (along with all the other options that have any relation to updates) and it didn't make any difference.
Disabling auto-updates (about:config > app.update.auto) fixed the UpdateInfo issue for me (so far).
After an update it does not update the file in /user/UpdateInfo/updates/.. It still shows "pending". https://github.com/mullvad/mullvad-browser/issues/229 "@foter @Giger22 Please note that the packages from the aur are community provided, and we don't offer support for it.
Could you please contact the mullvad-browser-bin maintainer and pass your comments directly to them?"
edit: GitHub releases lag behind the official CDN for about an hour, but I think it's worth it to cover the less fortunate among us (myself included).
Hmm... the browser targets the privacy-conscious audience which might not appreciate sending their requests to Microsoft.
I've been having the same problem actually, so I understand your pain completely. Mullvad's servers are partially blocked and the rest is throttled here for providing a VPN service, which forces me to use a (trusted) proxy.
Let's see if anyone else cares enough to vote for or against this.
If not, I'll probably change the URL when 13.0.9 is released (which is likely to happen in a couple of days).
The binary is signed anyway.
Could you please change the source URL to GitHub? The cdn.mullvad.net server is very poor and downloading from East Asia always fails.
When I download the source tarball with paru, it always fails with a timeout; when I download it with Firefox, it succeeds. Is this a problem with curl options?
If you're getting the PGP/GPG error, just refer directly to Mullvad's website for the command to run for the current signing key. Slug's comment is probably fine too, but I prefer using the method from Mullvad.
https://mullvad.net/en/help/verifying-mullvad-browser-signature/
Download the Tor Browser Developers signing key
The fingerprint of the code signing key is EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 and it can be downloaded from TOR:
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
I had a problem with a missing public PGP key ; trying to import it failed. It was necessary to specify a server to import the key.
I was recommended the following line to be able to import it :
gpg --keyserver hkps://keys.openpgp.org --recv-keys E53D989A9E2D47BF ✔
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) torbrowser@torproject.org" imported
gpg: Total number processed: 1
gpg: imported: 1
Pinned Comments
tarball commented on 2025-03-12 18:00 (UTC)
Please discuss bugs here before reporting them upstream, especially if they can't be reproduced with the original tarballs. Some bugs are caused by packaging issues and need to be fixed here. We can always escalate upstream if necessary.
tarball commented on 2024-06-26 08:35 (UTC)
Make sure to fetch the developers' signing key before building the package.
The official instructions are here. The link is also mentioned in the
PKGBUILD.If the site is blocked in your region, you'll have to work around it or trust me that this is what it says:
which (as of 2024-06-26) should also show this fingerprint:
If your gpg says otherwise, you may have been fed garbage.