When I download the source tarball with paru, it always fails with a timeout; when I download it with Firefox, it succeeds. Is this a problem with curl options?
Search Criteria
Package Details: mullvad-browser-bin 14.0-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/mullvad-browser-bin.git (read-only, click to copy) |
---|---|
Package Base: | mullvad-browser-bin |
Description: | Privacy-focused web browser developed by Mullvad VPN and the Tor Project |
Upstream URL: | https://mullvad.net/en/browser |
Keywords: | browser firefox mullvad privacy private |
Licenses: | MPL-2.0, GPL-3.0-or-later |
Conflicts: | mullvad-browser |
Provides: | mullvad-browser |
Submitter: | tarball |
Maintainer: | tarball |
Last Packager: | tarball |
Votes: | 44 |
Popularity: | 5.05 |
First Submitted: | 2023-04-03 14:58 (UTC) |
Last Updated: | 2024-11-18 17:45 (UTC) |
Dependencies (38)
- alsa-lib
- at-spi2-core (at-spi2-core-gitAUR)
- bash (bash-devel-static-gitAUR, bash-devel-gitAUR, busybox-coreutilsAUR, bash-gitAUR)
- cairo (cairo-gitAUR)
- dbus (dbus-gitAUR, dbus-selinuxAUR)
- dbus-glib
- fontconfig (fontconfig-gitAUR, fontconfig-ubuntuAUR)
- freetype2 (freetype2-qdoledAUR, freetype2-macosAUR, freetype2-gitAUR)
- gcc-libs (gcc-libs-gitAUR, gccrs-libs-gitAUR, gcc11-libsAUR, gcc-libs-snapshotAUR)
- gdk-pixbuf2 (gdk-pixbuf2-gitAUR)
- glib2 (glib2-gitAUR, glib2-selinuxAUR, glib2-patched-thumbnailerAUR)
- glibc (glibc-gitAUR, glibc-linux4AUR, glibc-eacAUR, glibc-eac-binAUR, glibc-eac-rocoAUR)
- gtk3 (gtk3-no_deadkeys_underlineAUR, gtk3-classicAUR, gtk3-classic-xfceAUR, gtk3-patched-filechooser-icon-viewAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR)
- libx11 (libx11-gitAUR)
- libxcb (libxcb-gitAUR)
- libxcomposite
- libxcursor
- libxdamage
- libxext (libxext-gitAUR)
- libxfixes
- libxi (libxi-gitAUR)
- libxrandr (libxrandr-gitAUR)
- libxrender
- libxss
- libxt
- libxtst
- mime-types (mailcap)
- nspr (nspr-hgAUR)
- nss (nss-hgAUR)
- pango (pango-gitAUR)
- ttf-font (neuropol-ttfAUR, ttf-win7-fontsAUR, ttf-ms-win8AUR, ttf-ms-win8-arabicAUR, ttf-ms-win8-hebrewAUR, ttf-ms-win8-seaAUR, ttf-ms-win8-indicAUR, ttf-ms-win8-japaneseAUR, ttf-ms-win8-koreanAUR, ttf-ms-win8-zh_cnAUR, ttf-ms-win8-zh_twAUR, ttf-ms-win8-thaiAUR, ttf-ms-win8-otherAUR, ttf-kidsAUR, ttf-liberation-sans-narrowAUR, ttf-cavafy-scriptAUR, ttf-ms-fontsAUR, ttf-dejavu-ibAUR, ttf-zeldaAUR, ttf-oxygenAUR, ttf-oxygen-gfAUR, ttf-share-gfAUR, ttf-gostAUR, otf-inconsolata-dzAUR, ttf-d2codingAUR, ttf-agaveAUR, ttf-caracteresAUR, ttf-cuprumAUR, ttf-autour-oneAUR, ttf-impallari-milongaAUR, ttf-impallari-miltonianAUR, ttf-clarity-cityAUR, ttf-ms-win10AUR, ttf-ms-win10-japaneseAUR, ttf-ms-win10-koreanAUR, ttf-ms-win10-seaAUR, ttf-ms-win10-thaiAUR, ttf-ms-win10-zh_cnAUR, ttf-ms-win10-zh_twAUR, ttf-ms-win10-otherAUR, ttf-win10AUR, ttf-ms-win10-cdnAUR, ttf-bmonoAUR, ttf-pt-astra-factAUR, ttf-weblysleekuiAUR, ttf-pt-astra-sansAUR, ttf-pt-astra-serifAUR, ttf-pt-sansAUR, ttf-pt-serifAUR, ttf-pt-monoAUR, ttf-pt-root_uiAUR, ttf-xo-fontsAUR, noto-fonts-liteAUR, ttf-paratypeAUR, ttf-plemoljp-binAUR, ttf-dejavu-emojilessAUR, noto-fonts-variable-liteAUR, ttf-lucida-fontsAUR, ttf-plemoljpAUR, ttf-juiseeAUR, ttf-ms-win10-autoAUR, ttf-karlaAUR, noto-fonts-latin-greek-cyrillicAUR, apple-fontsAUR, ttf-noto-sans-vfAUR, ttf-noto-serif-vfAUR, ttf-noto-sans-mono-vfAUR, ttf-ms-win11AUR, ttf-ms-win11-japaneseAUR, ttf-ms-win11-koreanAUR, ttf-ms-win11-seaAUR, ttf-ms-win11-thaiAUR, ttf-ms-win11-zh_cnAUR, ttf-ms-win11-zh_twAUR, ttf-ms-win11-otherAUR, ttf-ms-win11-autoAUR, gnu-free-fonts, noto-fonts, ttf-bitstream-vera, ttf-croscore, ttf-dejavu, ttf-droid, ttf-ibm-plex, ttf-input, ttf-input-nerd, ttf-liberation)
- hunspell-en_US (hunspell-en_us) (optional) – Spell checking, American English
- libnotify (libnotify-gitAUR) (optional) – Notification integration
- networkmanager (networkmanager-gitAUR, networkmanager-iwdAUR) (optional) – Location detection via available WiFi networks
- speech-dispatcher (speech-dispatcher-gitAUR) (optional) – Text-to-Speech
- xdg-desktop-portal (xdg-desktop-portal-gitAUR) (optional) – Screensharing with Wayland
Required by (0)
Sources (4)
<deleted-account> commented on 2023-11-06 11:28 (UTC)
PortableAlgebra commented on 2023-07-10 07:48 (UTC)
If you're getting the PGP/GPG error, just refer directly to Mullvad's website for the command to run for the current signing key. Slug's comment is probably fine too, but I prefer using the method from Mullvad.
https://mullvad.net/en/help/verifying-mullvad-browser-signature/
Download the Tor Browser Developers signing key
The fingerprint of the code signing key is EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 and it can be downloaded from TOR:
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
Slug commented on 2023-06-22 16:30 (UTC) (edited on 2023-06-22 16:32 (UTC) by Slug)
I had a problem with a missing public PGP key ; trying to import it failed. It was necessary to specify a server to import the key.
I was recommended the following line to be able to import it :
gpg --keyserver hkps://keys.openpgp.org --recv-keys E53D989A9E2D47BF ✔
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) torbrowser@torproject.org" imported
gpg: Total number processed: 1
gpg: imported: 1
ZorinArch commented on 2023-04-25 04:37 (UTC)
@kaivai thank you, i fix that issue.
morganava commented on 2023-04-23 11:30 (UTC) (edited on 2023-04-23 11:32 (UTC) by morganava)
To anyone wanting to build a from-source source package, this is going to be a bit complicated but should be possible. You'll want to have a look at the tor-browser-build project on our gitlab, particularly the 'firefox' and 'browser' projects:
- https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/maint-12.0-mullvad/projects/browser
- https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/maint-12.0-mullvad/projects/firefox
Mullvad-Browser is much closer to vanilla Firefox than Tor Browser is in terms of the amount of build customization, but there are still several things that we also package in the final firefox build including (and likely not limited to):
- the allow-listed fonts
- ublock origin
- noscript
- mullvad privacy companion
To verify any built package matches the official bins fingerprint, you can use TZP: https://github.com/arkenfox/TZP
The TZP maintainer (Thorin Oakenpants) will be working closely with us over the coming months to update the site with more fingerprinting vectors and official Mullvad Browser support.
NOTE: if the official release and the source calculated release fingers prints don't match, then you will be explicitly reducing the size of the fingerprinting bucket for users of the source package (ie: they will stand out as source-package Arch users to any malicious actors willing to check, making them easier to fingerprint and track).
We update our browsers (Mullvad and Tor Browser) monthly, so any source package will need an active maintainer lest it fall behind. Historical data suggests the majority of Tor Browser users are updated within about a 1 week window (based on update ping requests) so I would assume Mullvad Browser will follow the same approximate time frame. This means the Arch package will also need to update asap to avoid users falling behind on security updates and making themselves easier to track (again by virtue of being in a smaller fingerprint bucket as fingerprints can change between browser versions).
If this work sounds interesting to anyone out there, we'd be happy to help over in #tor-browser-dev on OFTC IRC, or you can find us on the tor-dev mailing list: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev/
We would also be happy to add whomever wishes to maintain this to a list of downstream contacts whom we ping when new updates/signed tags are available!
tarball commented on 2023-04-23 11:26 (UTC)
Posted to https://aur.archlinux.org/packages/mullvad-browser
It hasn't been tested much besides basic smoke tests, so I don't recommend it over mullvad-browser-bin
.
<deleted-account> commented on 2023-04-22 15:43 (UTC)
Would it be possible for you to post a package to be built from source?
morganava commented on 2023-04-06 12:46 (UTC)
@tarball Hey, I'm the dev lead of Mullvad Browser over at the Tor Project. Can you send me/post your email so we can notify you of version updates or build changes that would affect your arch package? I can be reached at richard@torproject.org.
kaivai commented on 2023-04-06 02:41 (UTC)
ZorinArch: I think that messages is saying that on your $PATH
environment variable, there is an entry :./node_modules/.bin
which find
would like you to get rid of.
yochananmarqos commented on 2023-04-04 00:02 (UTC)
Another reason not to rename the source tarball is that it's signed and can be verified. See Verifying Mullvad Browser signature.
See my improved PKGBUILD
Pinned Comments
tarball commented on 2024-06-26 08:35 (UTC)
Make sure to fetch the developers' signing key before building the package.
The official instructions are here. The link is also mentioned in the
PKGBUILD
.If the site is blocked in your region, you'll have to work around it or trust me that this is what it says:
which (as of 2024-06-26) should also show this fingerprint:
If your gpg says otherwise, you may have been fed garbage.