Package Details: tor-browser 11.0.14-1

Git Clone URL: https://aur.archlinux.org/tor-browser.git (read-only, click to copy)
Package Base: tor-browser
Description: Tor Browser Bundle: anonymous browsing using Firefox and Tor (international PKGBUILD)
Upstream URL: https://www.torproject.org/projects/torbrowser.html
Keywords: Anonymity Browser Internet Network Tor
Licenses: GPL
Submitter: grufo
Maintainer: grufo (jugs)
Last Packager: grufo
Votes: 1216
Popularity: 10.83
First Submitted: 2017-03-23 12:24 (UTC)
Last Updated: 2022-06-09 14:53 (UTC)

Required by (0)

Sources (8)

Pinned Comments

grufo commented on 2019-08-15 02:22 (UTC)

Before running makepkg, you must do this (as normal user):

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

Latest Comments

AtticFinder65536 commented on 2022-06-18 23:30 (UTC)

Hello, this needs to depend on ffmpeg4.4. Tor Browser uses the system's ffmpeg (they do not provide their own currently), so it needs to depend on an ffmpeg. And the version of Firefox it uses currently doesn't support ffmpeg 5.0, so it can't depend on ffmpeg right now, it needs to depend on ffmpeg4.4 for the time being.

Lutrim commented on 2022-05-27 08:45 (UTC)

@yar I don't see the point of the torbrowser-launcher

yar commented on 2022-05-26 16:43 (UTC)

@Lutrim there is https://archlinux.org/packages/community/any/torbrowser-launcher/

Lutrim commented on 2022-05-26 02:04 (UTC)

Why is he still at AUR? He belongs in the community repo!

intrlocutr commented on 2022-05-19 01:36 (UTC) (edited on 2022-05-19 01:44 (UTC) by intrlocutr)

I am unable to play H.264 video even after installing gst-libav and gst-plugins-good. html5test.com reports no H.264 support.

Edit: The solution was installing ffmpeg4.4

guglovich commented on 2022-04-04 20:18 (UTC)

curl: (35) OpenSSL SSL_connect: Connection broken by other party in connection to dist.torproject.org:443 ==> ERROR: Error loading 'https://dist.torproject.org/torbrowser/11.0.9/tor-browser-linux64-11.0.9_en-US.tar.xz' Interruption... -> build error: tor-browser

grufo commented on 2022-03-26 00:01 (UTC)

@whynothugo Alright. Done.

whynothugo commented on 2022-03-25 15:05 (UTC)

Can you modify the desktop file from Exec=/usr/bin/tor-browser %u to Exec=tor-browser %u?

This has no impact for most users, but allows using a wrapper in /usr/local/bin/tor-browser for users who need this (e.g.: to run tor-browser with firejail).

pentamassiv commented on 2022-03-11 02:33 (UTC)

I think changing the install location broke my keepassxc connection to the Tor Browser. Today I finally looked into it and fixed it by going to the settings > Browser Integration > Advanced and activating the option "Use a custom browser configuration location" and pasting the following path: ~/.local/opt/tor-browser/app/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts Selecting the regular "Tor Browser" does not work and it can be deselected.

whynothugo commented on 2022-02-25 20:01 (UTC)

Is there a reason this package is not included in [community]?

I know a TU has to adopt it, has there been no interest, or is it excluded for some reason?

serxxx commented on 2022-02-11 15:25 (UTC)

@grufo, tor-browser -u also reports (trimmed):

$ tor-browser -u                                                                                 ~
Found new version (11.0.2 -> 11.0.6)...
==> Making package: tor-browser 11.0.6-1 (Fri 11 Feb 2022 09:17:39 AM CST)
...
    tor-browser-linux64-11.0.6_en-US.tar.xz.asc ... Skipped
==> Verifying source file signatures with gpg...
    tor-browser-linux64-11.0.6_en-US.tar.xz ... FAILED (unknown public key E53D989A9E2D47BF)
==> ERROR: One or more PGP signatures could not be verified!

grufo commented on 2022-02-10 12:22 (UTC)

@esmailelbob Sure thing. Done.

esmailelbob commented on 2022-01-19 10:49 (UTC)

Please, can you add

StartupWMClass=Tor Browser

in .desktop file of tor browser? because i pinned it in my taskbar and now i have 2 tor browser icons (one pinned from desktop file and one the application itself running)

berturion commented on 2022-01-14 21:46 (UTC) (edited on 2022-01-14 21:46 (UTC) by berturion)

Thank you @williX gpg --keyserver keys.openpgp.org --search-keys torbrowser@torproject.org worked for me too before updating. gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org didn't work for me.

diogobaeder commented on 2022-01-09 01:20 (UTC)

After running the solution from the pinned comment (to auto-locate the key) and upgrade with yay it worked fine for me, thanks!

williX commented on 2021-12-30 18:59 (UTC) (edited on 2021-12-30 19:05 (UTC) by williX)

The pinned comment didn't work for me. I had to run gpg --keyserver keys.openpgp.org --search-keys torbrowser@torproject.org (from https://support.torproject.org/de/tbb/how-to-verify-signature/)

linux_dream commented on 2021-12-29 09:24 (UTC) (edited on 2021-12-29 09:26 (UTC) by linux_dream)

"tor-browser -u" doesn't work:

"==> Verifying source file signatures with gpg... tor-browser-linux64-11.0.3_en-US.tar.xz ... FAILED (unknown public key E53D989A9E2D47BF) ==> ERROR: One or more PGP signatures could not be verified! "

Thankfully "gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org " does.

whynothugo commented on 2021-12-26 22:45 (UTC)

Upstream has added another subkey to the same GPG key, so it needs to be pulled. The pinned command does this, and you need to run it even if you already have the key pulled locally (this is rather unintuitive, hence the clarification).

AUR helpers generally don't do this for you.

saintcore commented on 2021-12-24 20:03 (UTC)

@miku86 In case of Darkness yes, but as explained a bit below by @zethra there seems to be another problem which should affect most people updating with AUR helpers.

However you can manually update without the AUR helpers running "tor-browser -u" as normal user. See comment by @zethra for explanations.

miku86 commented on 2021-12-22 14:43 (UTC)

@Darkness

The solution is in the pinned comments.

Darkness commented on 2021-12-22 14:30 (UTC)

==> Verifying source file signatures with gpg... tor-browser-linux64-11.0.3_en-US.tar.xz ... FAILED (unknown public key E53D989A9E2D47BF) ==> ERROR: One or more PGP signatures could not be verified! -> error making: tor-browser

akurei commented on 2021-12-22 13:50 (UTC)

$ makepkg -scf
==> Making package: tor-browser 11.0.3-1 (2021-12-22T14:46:30 CET)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found tor-browser.desktop.in
  -> Found tor-browser.in
  -> Found tor-browser.png
  -> Found tor-browser.svg
  -> Downloading tor-browser-linux64-11.0.3_en-US.tar.xz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 82.2M  100 82.2M    0     0  7669k      0  0:00:10  0:00:10 --:--:-- 8467k
  -> Downloading tor-browser-linux64-11.0.3_en-US.tar.xz.asc...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   819  100   819    0     0   1705      0 --:--:-- --:--:-- --:--:--  1702
==> Validating source files with sha256sums...
    tor-browser.desktop.in ... Passed
    tor-browser.in ... Passed
    tor-browser.png ... Passed
    tor-browser.svg ... Passed
==> Validating source_x86_64 files with sha256sums...
    tor-browser-linux64-11.0.3_en-US.tar.xz ... Passed
    tor-browser-linux64-11.0.3_en-US.tar.xz.asc ... Skipped
==> Verifying source file signatures with gpg...
    tor-browser-linux64-11.0.3_en-US.tar.xz ... FAILED (unknown public key E53D989A9E2D47BF)
==> ERROR: One or more PGP signatures could not be verified!

but

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
pub   rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2025-07-21]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
uid                   [  full  ] Tor Browser Developers (signing key) <torbrowser@torproject.org>

whynothugo commented on 2021-12-14 10:16 (UTC)

The .SRCINFO file has invalid checksums, and AUR helpers (paru in my case) complain about this:

    source_i686 = https://dist.torproject.org/torbrowser/11.0.2/tor-browser-linux32-11.0.2_en-US.tar.xz
    source_i686 = https://dist.torproject.org/torbrowser/11.0.2/tor-browser-linux32-11.0.2_en-US.tar.xz.asc
    sha256sums_i686 =
    sha256sums_i686 = SKIP
    source_x86_64 = https://dist.torproject.org/torbrowser/11.0.2/tor-browser-linux64-11.0.2_en-US.tar.xz
    source_x86_64 = https://dist.torproject.org/torbrowser/11.0.2/tor-browser-linux64-11.0.2_en-US.tar.xz.asc
    sha256sums_x86_64 =
    sha256sums_x86_64 = SKIP

An empty string is not a valid value.

Running mksrcinfo fixes this.

zethra commented on 2021-12-08 19:02 (UTC)

Lines 42 and 46 of .SRCINFO are causing issues when trying to install with paru because they have a key with no value. I'm not sure why they're there. When I run makepkg --printsrcinfo those lines aren't present. Those lines where added in the most recent commit FYI.

whynothugo commented on 2021-11-26 14:19 (UTC)

Can you change the desktop file from

Exec=/usr/bin/tor-browser %u

To:

Exec=tor-browser %u

This makes using wrapper scripts or things like firejail a bit smoother, but won't change anything for the usual use-case.

grufo commented on 2021-09-10 18:32 (UTC)

@aminvakil Fair point.

aminvakil commented on 2021-09-10 11:36 (UTC)

bash is part of base. Mentioning it explicitly in depends is unnecessary imho.

https://archlinux.org/packages/core/any/base/

whynothugo commented on 2021-09-09 09:17 (UTC)

~/.local/opt/tor-browser is fine by me.

It's not completely standard, but I've also seen it around, and is basically a "per-user /opt".

Using .cache is also valid IMHO, and this case is slightly outside of what any spec or standard has explicitly considered.

A downside of ~/.local/opt is that there's no way to override it, whereas .cache is actually $XDG_CACHE_HOME.

.config is a bad choice though; that's a directory that'll frequently get backed up (or even versioned by many), and dumping all of the browser's runtime in there sounds problematic.

grufo commented on 2021-09-08 18:07 (UTC)

@class101

I don’t think it was a great idea to create opt/ inside .local since it is not a standard location

This is the old debate about the ~/.local directory...

Is ~/.local/bin standard? The XDG mentions it ("User-specific executable files may be stored in $HOME/.local/bin").

What about ~/.local/lib? The XDG does not mention it, but it is the natural result of installing a library instead of a program locally via ./configure --prefix="$HOME/.local" && make && make install – the same command that would install a program under the ~/.local/bin path mentioned by the XDG.

For me this package's natural path is ~/.local/opt: it satisfies the requirements for opt (it is completely self-contained in one single directory) and it satisfies the requirements for ~/.local (it is a user installation).

But given the huge user base of this package, I would say that the debate has just started.

Application creates their folders in

.local .config .cache

Technically we do create our folder under .local.

class101 commented on 2021-09-08 17:47 (UTC)

I don’t think it was a great idea to create opt/ inside .local since it is not a standard location, only you will use the redondant opt folder

In my opinion it is not necessary to reinvent the wheel as Steam does so badly.

Application creates their folders in

.local .config .cache

grufo commented on 2021-09-08 17:39 (UTC)

@whynothugo

That is a very good idea. I moved the user copy of Tor Browser from ~/.tor-browser to ~/.local/opt/tor-browser.

whynothugo commented on 2021-09-08 10:19 (UTC)

Is it possible to use some other directory instead of ~/.tor-browser? I'd like to move this out of the way to somewhere like ~/.cache/tor-browser.

whynothugo commented on 2021-08-19 22:15 (UTC)

any is not correct for this package, as that implies that the same package runs on all architecture. That’s not the case for this, as it includes native binaries.

tallero commented on 2021-08-19 21:10 (UTC)

Can you switch arch to any (or add pentium4)?

eora commented on 2021-08-17 18:04 (UTC) (edited on 2021-08-17 18:56 (UTC) by eora)

Any ideas why does yay freezes after :: (1/1) Parsing SRCINFO: tor-browser? makepkg freezes w/o any log.

UPD: It happens if TOR is banned in your country. If you experience the same issue use VPN.

valkmit commented on 2021-06-30 19:10 (UTC)

@henkm the pinned comment is still correct as of today.

LaughingMan commented on 2021-06-18 11:07 (UTC)

@henkm: Still works for me.

henkm commented on 2021-06-18 05:04 (UTC) (edited on 2021-06-18 05:05 (UTC) by henkm)

Regarding the pinned comment: is that still correct or is there a server problem? I get

gpg: error retrieving 'torbrowser@torproject.org' via WKD: Server indicated a failure

gpg: error reading key: Server indicated a failure

grufo commented on 2021-06-09 11:48 (UTC)

@LChris314 Very good catch, thank you! My bad while updating the old /usr/share/pixmaps to the more modern /usr/share/icons. Fixed now.

LChris314 commented on 2021-06-09 05:59 (UTC)

Looks like tor-browser.png and tor-browser.svg had their install location swapped.

class101 commented on 2021-06-07 13:46 (UTC) (edited on 2021-06-07 13:47 (UTC) by class101)

@FabioLolix

Not sure this rule applies to all packages, if tor-browser existed in the official repo, yes, but yet tor-browser does not exists in the official repo so one has to build it, maybe one day this package will be in the official repo and having it named -bin in here means nothing. The majority of peoples just want to download tor-browser, they don't really wonder if -bin or -git or whatever.

FabioLolix commented on 2021-05-16 19:17 (UTC)

This pkgbuild lacks -bin suffix as is not build from source

grufo commented on 2021-04-21 01:21 (UTC)

I have increased the $pkgrel variable.

--grufo

autumnontape commented on 2021-04-20 04:58 (UTC)

The package can be rebuilt without re-downloading the sources if you've built it before. I just did it by deleting the old tor-browser-10.0.15-1-x86_64.pkg.tar.zst and running makepkg -si, and it only takes a few seconds. makepkg and all AUR helpers I know of do this by default, so I don't think updating the pkgrel would be placing much of a burden on anyone.

Not being able to remove mozilla-common from your system when it's been removed from the repositories won't keep you from using the software, but it is a bit of a problem in itself.

grufo commented on 2021-04-19 15:45 (UTC)

I am not sure any change to pkgrel or epoch is necessary in this case. If a user has tor-browser already installed then they have no problems. If instead they were unable to install tor-browser earlier, now they will be able to install it. But if I increase pkgrel or epoch I will force an update on all the users for which tor-browser works just fine. It is a heavy package, I am not sure that would be the right thing to do.

--grufo

Marcel_K commented on 2021-04-18 13:01 (UTC) (edited on 2021-04-18 13:02 (UTC) by Marcel_K)

@Spixmaster That's wrong: that's what pkgrel is meant for. epoch should only been used when pacman thinks the version number is decreased (e.g., because of the use of alphabetical characters), but where the version actually is increased.

Spixmaster commented on 2021-04-18 12:52 (UTC)

@class101 @grufo For circumstances in which an Update is necessary withouth changing the version itself, epoch= should be used.

class101 commented on 2021-04-16 10:51 (UTC) (edited on 2021-04-16 15:15 (UTC) by class101)

Edit: Looks like 10.0.15-1 has been fixed without bumping pkgrel (bad practice imo), If you installed the buggy 10.0.15-1, to fix, unininstall tor-browser, manually delete the directory tor-browser from the cache of your favorite aur helper, (.cache/yay/ .cache/paru/ etc...) and reinstall tor-browser

Yeah running fine is one thing but not all.

But I think indeed it is no more used (or part of an optional feature in tor maybe?), technically, mozilla-common is really tiny, it is just exporting the following variable MOZ_PLUGIN_PATH

export MOZ_PLUGIN_PATH="/usr/lib/mozilla/plugins"

And on my system, /usr/lib/mozilla/plugins does not exists with tor-browser installed.

whynothugo commented on 2021-04-16 10:46 (UTC) (edited on 2021-04-16 10:46 (UTC) by whynothugo)

I doesn't seem to be necessary any more. I removed mozilla-common from the PKGBUILD depends, and it builds and runs fine.

class101 commented on 2021-04-16 10:42 (UTC) (edited on 2021-04-16 10:46 (UTC) by class101)

To fix extra/mozilla-common deleted from the extra repository

pacman -U https://archive.archlinux.org/packages/m/mozilla-common/mozilla-common-1.4-6-any.pkg.tar.zst

Unfortunately, pushing mozilla-common 1.4-6 at aur/mozilla-common is currently rejected :

remote: error: package already provided by [extra]: mozilla-common        
remote: error: hook declined to update refs/heads/master

Maybe the package is no more necessary ? I haven't checked, a workaround would be to create it under a different name like aur/mozilla-common-aur but this would be ugly, because every dependent app will still break until patched.

Anyway, a backup of the sources of the deleted extra/mozilla-common is available here

https://github.com/archlinux/svntogit-packages/tree/packages/mozilla-common/trunk

morganmay commented on 2021-04-15 23:15 (UTC)

Build of 10.0.15-1 fails due to missing dependency mozilla-common. It's not in official repositories or AUR.

mackilanu commented on 2021-03-31 11:47 (UTC)

@randomguy343 That is an issue with your AUR helper and not this package.

randomguy343 commented on 2021-03-31 10:47 (UTC) (edited on 2021-03-31 10:48 (UTC) by randomguy343)

I can't update tor-browser using a AUR helper, I get the following error.

error fetching tor-browser: fatal: No Git-Repository (or any parent directory to the mount point /) Stopping at filesystem boundaries (GIT_DISCOVERY_ACROSS_FILESYSTEM not specified).

But I can simply clone the git repository and build and install the package from there.

zoltanszabo commented on 2021-03-04 20:54 (UTC)

@jugs: Thank you for the quick action; with Tor 10.0.13 ProtonMail starts again nicely.

jugs commented on 2021-03-04 11:48 (UTC) (edited on 2021-03-04 11:48 (UTC) by jugs)

tor-browser 10.0.13 should fix the glibc issue

AntiComposite commented on 2021-02-24 03:37 (UTC)

That's caused by the same glibc problem. You can downgrade glibc, use an alpha version of tor-browser, or wait for the fix.

adoa commented on 2021-02-24 03:02 (UTC)

tor-browser refuses to play h264 videos for me. I checked html5test.com and they say that my tor-browser does not support the h264 codec. Optional dependency gst-plugins-good is still installed, tho.

It used to work fine, but stopped working a week or two ago. Did some other software update break, or does tor-browser not locate the gstreamer plugins? how do I troubleshoot this?

jugs commented on 2021-02-23 21:21 (UTC)

Thanks for the updates folks, we are tracking the issue on the tor-browser gitlab.

The easiest workaround at the moment is to downgrade to the last 2.32(-5) glibc.

Once a real solution is posted we'll ensure it lands here as well.

Thelolas commented on 2021-02-11 05:13 (UTC)

An update to this, looks like this is an issue affecting Arch users who have upgraded glibc.

https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40328

Some workarounds:

"rany has confirmed a glibc downgrade to 2.32 fixes the issue.

Another user on an arch-based distro (Manjaro 20.2.1 Nibia, Kernel: x86_64 Linux 5.10.15-1-MANJARO) reports the same issue and reports that the alpha TB fixes it."

kkk commented on 2021-02-10 06:32 (UTC)

I'd like to report a fault, same as previous two users, except on a broader scale. I can no longer view videos and even github pages are formatted and displayed incorrectly.

Thelolas commented on 2021-02-08 22:41 (UTC)

@zoltanszabo, I'm running into the exact same thing, including when I download Tor Browser from the Tor Project's website. In addition to your experience, when you navigate to beta.protonmail.com I just get a white screen. It never loads.

zoltanszabo commented on 2021-02-08 19:16 (UTC)

The latest update (2021-02-04) seems to break / be incompatible with the ProtonMail login (https://mail.protonmail.com/login): the process stays at the "Loading ProtonMail..." animation. It has been working like a charm for years. Any ideas? Thanks in advance.

nosada commented on 2021-02-06 16:39 (UTC) (edited on 2021-02-06 16:40 (UTC) by nosada)

It seems /usr/bin/tor-browser sometimes lacks read permission for users not in the file's group i.e. 0751 in chmod. Here's patch to fix it: https://gist.github.com/nosada/12b272b659cb1c2ddc4130d0bd2d003a

tthgrndr commented on 2020-10-06 02:39 (UTC)

Installed from AUR; error at verifying PGP key.

Used @grufo's command, worked straight away.

craeckie commented on 2020-09-25 11:08 (UTC)

@grufo you are right, that's easier.

For those who don't want to copy links: Create the file ~/.local/share/applications/tor-browser.desktop with this content:

[Desktop Entry] Version=1.0 Type=Application Name=Tor Browser (en-US) Exec=/usr/bin/tor-browser --allow-remote %u Icon=tor-browser Categories=Network; Comment=Anonymous browsing using Firefox and Tor

This overwrites the existing desktop-file and persists through updates.

Cerdicipe commented on 2020-09-23 20:18 (UTC) (edited on 2020-09-23 20:20 (UTC) by Cerdicipe)

Found it. I forgot my ~/bin/tor-browser script containing:

/usr/bin/tor-browser --allow-remote "$@"

Without --allow-remote, it works now.

je-vv commented on 2020-09-23 20:09 (UTC)

@MrG0z, that doesn't happen to me, if that helps...

Cerdicipe commented on 2020-09-23 20:04 (UTC)

It's weird. Since the update to 10.0-1, starting "tor-browser" starts my usual Firefox version.

grufo commented on 2020-09-22 03:52 (UTC)

@craeckie

If --allow-remote is disabled by default there is a reason… Btw, you don't need to add --allow-remote to the script, you can pass any argument to it and they will be redirected to the browser.

--grufo

ragouel commented on 2020-08-22 22:17 (UTC)

PKGBUILD is broken

craeckie commented on 2020-07-20 16:51 (UTC)

@WhyNotHugo It's true, that opening links is a liability. But copy-pasting link doesn't change that even a bit. In the case of accidentially opening a link, most users will likely just use a normal browser, if "Tor doesn't work". In that case the actual IP is revealed, which imo is a much bigger liability.

Are there any other effects of enabling --allow-remote?

whynothugo commented on 2020-07-01 16:32 (UTC)

That patch seems a bit of a security liability. If I click on a link on some desktop app (say, an IM client), it could trigger Tor to open that link.

That allows crossing my non-tor IP with my in-tor session.

I'd rather link had to by copy-pasted into Tor explicitly, TBH.

craeckie commented on 2020-07-01 14:24 (UTC)

Hi, currently it's not possible for me to open links in the browser. After adding %u to the desktop file and --allow-remote to tor-browser.sh, it works.

Here's the patch:

diff --git a/PKGBUILD b/PKGBUILD
index 74a0f29..4ba6b34 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -87,9 +87,9 @@ source=("${pkgname}.desktop"
 # No need for `makepkg -g`: the following sha256sums¸don't need to be updated #
 # with each release, everything is done automatically! Leave them like this!  #
 ###############################################################################
-sha256sums=('9ee0a4672e2d0835ffb94bcf26e17b56432030496a9cdf019b70c96083c24340'
+sha256sums=('d88d35a3ff1a431a927869be503b6a32f2767b87206d7de254e358a00975e97e'
             'f25ccf68b47f5eb14c6fec0664c74f30ea9c6c58d42fc6abac3b64670aaa3152'
-            '89118837e6db1d7b089e0067a6430e9a1a8602a64e00b7ea94382abfb0d3e502')
+            'cabfaf0485cd44dfb216dcf9aa10f98beac46064a908f02c3414c3650bc73628')
 sha256sums_i686=($(_dist_checksum "${_tag_i686}")
                  'SKIP')
 sha256sums_x86_64=($(_dist_checksum "${_tag_x86_64}")
diff --git a/tor-browser.desktop b/tor-browser.desktop
index aca8d11..b6a81a4 100644
--- a/tor-browser.desktop
+++ b/tor-browser.desktop
@@ -2,7 +2,7 @@
 Version=1.0
 Type=Application
 Name=Tor Browser (__REPL_LANGUAGE__)
-Exec=/usr/bin/tor-browser
+Exec=/usr/bin/tor-browser %u
 Icon=tor-browser
 Categories=Network;
 Comment=Anonymous browsing using Firefox and Tor
diff --git a/tor-browser.sh b/tor-browser.sh
index 2ca37f2..7b11862 100755
--- a/tor-browser.sh
+++ b/tor-browser.sh
@@ -192,5 +192,5 @@ else
 fi

 # start tor-browser
-"${_TB_APP_DIR_}/Browser/start-tor-browser" "${args[@]}"
+"${_TB_APP_DIR_}/Browser/start-tor-browser" --allow-remote "${args[@]}"

grufo commented on 2020-06-18 11:57 (UTC)

@ragouel

tor-browser does not depend on the tor package.

@je-vv

Of course!

ragouel commented on 2020-06-18 04:05 (UTC)

Please add tor to depends() array.

je-vv commented on 2020-06-11 06:24 (UTC)

@cschmid, I've seen duplicated packages in AUR before, without that been a problems, but yours is a very good question.

There are subtles differences, with AUR you get to upgrade the tor-browser binary on every AUR upgrade you do. On the torbrowser launcher on the other hand, you whether automatically upgrade the binary when launching I'd guess (whenever that happens), or you do it manually, if you know when, through the torbrowser-settings launcher. Also, the torbrowser launcher from community installs a separate gnupg directory under ~/.local/share/torbrowser, which has also pro and cons (con is having yet another gnupg dir, pro would be isolating your own from the tor one, but that doesn't matter anymore if you have your own, since tor is not the only one polluted around there).

One would say that it'd be good torbrowser-launcher it's from Arch repos, but that's not exactly true, since it downloads the torbrowser binary any ways as well, not that it's built from an Arch maintainer. I personally prefer the AUR approach, since that keeps the upgrade as I regularly upgrade stuff, with aursync or the AUR helper of your choice, when I do a system upgrade. And I do use gnupg, :)

Less subtle differences are on the dependencies, I see the community package depending on several python packages, which the AUR one doesn't, while on the other hand the AUR package depends on mozilla-common plus several others whereas the community package doesn't. Some of those deal with gpg and launching BTW. In that regard I like the AUR choice better. Finally I don't see the apparmor optional dependency on the AUR package, but definitely not a must, and can be added to the AUR package as well.

All that applies as long as @grufo keeps maintaining tor-browser.

@grufo, are you still maintaining tor-browser, even though the community package exists? In my case at least, I'd rather stick with the AUR package. Thanks !

C_Schmidpeter commented on 2020-05-25 08:36 (UTC)

Having torbrowser-launcher in extra, does this package still have use cases / features that are not in torbrowser-launcher yet?

aminvakil commented on 2020-04-26 12:59 (UTC) (edited on 2020-04-26 13:06 (UTC) by aminvakil)

@pnuker

I don't know why is that but the best thing that comes to my mind is to try changing your mirror in /etc/pacman.d/mirrorlist .

Installing a package via pacman should not be a problem for an Arch User, if you have a problem with that it's fine, just go through the manual, if you couldn't make it work reading from manual it's fine too, read it again, you should be familiar with reading manuals if you're going to use Arch Linux, if you think manual is not correct or doesn't fit your needs, ask it in newbie forum in bbs.archlinux.org.

navelwritten commented on 2020-04-26 12:47 (UTC)

@aminvakil I get an error trying to install from pacman: error: target not found: torbrowser-launcher

aminvakil commented on 2020-03-12 11:06 (UTC) (edited on 2020-03-12 11:07 (UTC) by aminvakil)

@bkb

It's in community repo which is one of official repositories in Arch Linux.

https://wiki.archlinux.org/index.php/Official_repositories#community

You can install it via pacman -Suy torbrowser-launcher.

bkb commented on 2020-03-12 09:17 (UTC) (edited on 2020-03-12 09:19 (UTC) by bkb)

Okay but what about the second question

And I can click on your link but I don't find torbrowser-launcher neither on pamac or yay

commented on 2020-03-12 08:55 (UTC)

@bkb use https://www.archlinux.org/packages/community/any/torbrowser-launcher/

bkb commented on 2020-03-12 08:53 (UTC)

Why the browser is only on AUR ? It's definitively not an amateur project

And more important, why is there plenty of them and not only one ?

ZorinArch commented on 2020-01-09 10:45 (UTC)

Please update Tor new logo. Thanks

Pablo-Camara commented on 2019-12-17 14:49 (UTC) (edited on 2019-12-17 14:49 (UTC) by Pablo-Camara)

I was trying to install tor-browser using Manjaro pamac-manager, and it would get stuck "Checking for dependencies", then I followed @grufo 's comment which is pinned and recommends to run:

gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

After that I was able to install tor-browser normally through pamac-manager of Manjaro.

Thanks @grufo .

wknapik commented on 2019-12-11 18:32 (UTC)

@grufo ah, I forgot I had TORBROWSER_PKGLANG in my ~/.zshrc. The value en_US used to work. Changing it to en-US sorted it out. Maybe replacing "_" with "-" in that variable would also make sense. Thanks.

grufo commented on 2019-12-10 19:49 (UTC)

@wknapik

All the PKGBUILD does is launching:

locale | grep LANG | cut -d= -f2 | cut -d. -f1 | sed s/_/\-/

If that results in a unexisting language it will download by default the en-US version (with a hyphen).

However, if you specify manually a TORBROWSER_PKGLANG environment variable, the PKGBUILD trusts you and skips all checks. That means that the only case where makepkg can complain about an unexisting en_US package (with an underscore) happens when you pass a TORBROWSER_PKGLANG=en_US environment variable to it (instead of TORBROWSER_PKGLANG=en-US).

--grufo

wknapik commented on 2019-12-10 17:46 (UTC)

curl: (22) The requested URL returned error: 404 Not Found
==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/9.0.2/tor-browser-linux64-9.0.2_en_US.tar.xz

The correct url contains en-US, rather than en_US: https://dist.torproject.org/torbrowser/9.0.2/tor-browser-linux64-9.0.2_en-US.tar.xz

aminvakil commented on 2019-11-07 11:56 (UTC) (edited on 2019-11-07 11:56 (UTC) by aminvakil)

@Ucak I have this problem too, so I decided to create an AUR package which uses tor service to download sources, you just have to make sure tor service is up and working.

Please give me feedback on this package, Thanks.

https://aur.archlinux.org/packages/tor-browser-behind-tor

Ucak commented on 2019-11-03 17:02 (UTC) (edited on 2019-11-03 17:02 (UTC) by Ucak)

There are countries which internet is ~broken~ censored, so they (including me) can not use that upstream link (https://www.torproject.org/projects/torbrowser.html). There was a github link for downloading it, a mirror. I think it was this https://github.com/TheTorProject/gettorbrowser but i am not sure. It may be a good idea to use the github link for this or creating a new aur package.

TJM commented on 2019-10-31 07:55 (UTC) (edited on 2019-10-31 07:56 (UTC) by TJM)

Also, I'm getting the following error from the error log of tor-browser:

10/31/19, 07:42:58.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
10/31/19, 07:43:09.390 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
10/31/19, 07:43:09.390 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
10/31/19, 07:43:09.390 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 
10/31/19, 07:43:09.390 [NOTICE] Opening Socks listener on 127.0.0.1:9050 
10/31/19, 07:43:09.391 [WARN] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running? 
10/31/19, 07:43:09.391 [WARN] Controller gave us config lines that didn't validate: Failed to bind one of the listener ports.

I have no idea why it tries to bind 9050 ¯_(ツ)_/¯

okasha commented on 2019-10-30 12:16 (UTC)

can someone help?!

I get:

==> ERROR: Integrity checks (sha256) differ in size from the source array.

how i can solve this

zeofig commented on 2019-10-30 07:53 (UTC)

Should gtk3 be a dependency? I was left mildly confused when tor-browser failed silently on a fresh install, until I tried --debug.

TJM commented on 2019-10-27 21:19 (UTC) (edited on 2019-10-27 21:22 (UTC) by TJM)

@aminvakil I stopped tor and launched tor-browser. However, it seems that the latest tor-browser has started a tor instance which occupies 127.0.0.1:9050

[tjm@ArchPad ~]$ ss -tnpl | grep 9050
LISTEN  0        128                     127.0.0.1:9050           0.0.0.0:*      users:(("tor",pid=57285,fd=6))                                                 
[tjm@ArchPad ~]$ ps -alxq 57285
F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0  1000   57285   57229  20   0  43828 32916 -      S    ?          0:00 /home/tjm/.tor-browser/app/Browser/TorBrowser/Tor/tor --default
[tjm@ArchPad ~]$ ps -alxq 57229
F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
4  1000   57229   57218  20   0 2837732 211840 -    Sl   ?          0:04 ./firefox.real --class Tor Browser -profile TorBrowser/Data/Bro
[tjm@ArchPad ~]$ ps -alxq 57218
F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0  1000   57218   57217  20   0  19856  3208 -      S    ?          0:00 bash /home/tjm/.tor-browser/app/Browser/start-tor-browser
[tjm@ArchPad ~]$ ps -alxq 57217
F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0  1000   57217   57214  20   0  19856  3424 -      S    ?          0:00 bash /usr/bin/tor-browser
[tjm@ArchPad ~]$ ps -alxq 57214
F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0  1000   57214       1  20   0  19724  2568 -      S    ?          0:00 /bin/bash
[tjm@ArchPad ~]$ 

gancho commented on 2019-10-26 17:29 (UTC)

@grufo, thank you for all the effort packaging the browser!

grufo commented on 2019-10-25 21:34 (UTC)

@gancho Good catch! Fixed.

--grufo

gancho commented on 2019-10-25 19:56 (UTC)

@grufo Unfortunately using the --dir argument this way is not working - there is an error at line 167 that the directory is not existing.

The variables TB_APP_DIR, TB_LOG_FILE and TB_VER_FILE must be set after the for loop, because there the value of TB_HOME_DIR is modified to use provided --dir argument. Later at line 166 the TB_APP_DIR directory is created

grufo commented on 2019-10-25 01:18 (UTC)

@gancho

Yes, it is possible. But the question is: Why?

You can always do:

tor-browser --dir=/tmp/tb

--grufo

okasha commented on 2019-10-24 22:47 (UTC) (edited on 2019-10-30 12:15 (UTC) by okasha)

I get:

==> ERROR: Integrity checks (sha256) differ in size from the source array.

how i can solve this

aminvakil commented on 2019-10-24 13:16 (UTC)

@TJM I'm using the latest tor version (Tor version 0.4.1.6.) and latest tor-browser from this AUR and it's ok, tor-browser using 9150 port and tor service using 9050 port.

I suggest you stop tor serivce using sudo systemctl stop tor, open tor-browser and try these commands:

telnet 127.0.0.1 9050 telnet 127.0.0.1 9150

To make sure if tor-browser is malfunctioning.

TJM commented on 2019-10-23 21:29 (UTC)

For somehow it starts trying to listen on 9050 rather than 9150, which conflicts the system tor, after the recent upgrade. I went through the UI of the tor-browser. However, I didn't find anything that can configure the binding port or disable the build-in tor relay of the latest tor-browser. Any ideas?

gancho commented on 2019-10-23 20:06 (UTC) (edited on 2019-10-23 20:07 (UTC) by gancho)

@grufo Is it possible to modify tor-browser.sh to allow starting the browser in a directory like /tmp/tb for instance?

All you need to do is:

  1. move the "other constants and variables" block down after the "for arg; do" loop

  2. move the line TB_HOME_DIR=~/".${TB_PKGNAME}" just before the for loop

grufo commented on 2019-10-22 22:30 (UTC)

@Serial

Fixed! Thanks!

@jugs

I had left this note in the PKGBUILD:

# No need for `makepkg -g`: the following sha256sums¸don't need to be updated
# with each release, everything is done automatically! Leave them like this!

Serial commented on 2019-10-22 21:53 (UTC)

Note: I could only update through the update provided by the browser, according to the image link below:

https://imgur.com/dAZedlV

Serial commented on 2019-10-22 21:28 (UTC)

Today's update has the following error message below:

Building tor-browser ... ==> Creating the package: tor-browser 9.0-1 (Tue 22 Oct 2019 18:24:44 -03) ==> Checking runtime dependencies ... ==> Checking build time dependencies ... ==> Getting fonts ...    -> Found tor-browser.desktop    -> Found tor-browser.png    -> Found tor-browser.sh    -> Found tor-browser-linux64-9.0_en.tar.xz    -> Found tor-browser-linux64-9.0_en.tar.xz.asc ==> Validating source files with sha256sums ...      tor-browser.desktop ... passed      tor-browser.png ... Passed      tor-browser.sh ... passed ==> Validating source_x86_64 files with sha256sums ...      tor-browser-linux64-9.0_en.tar.xz ... FAILED      tor-browser-linux64-9.0_en.tar.xz.asc ... ignored ==> ERROR: One or more files failed the validity check!

grufo commented on 2019-09-04 05:05 (UTC)

@BrLi Good catch! Merged :)

BrLi commented on 2019-09-04 03:54 (UTC)

if you really want checksums to work, please consider use this: https://pastebin.com/qRAZdkrn

d_fajardo commented on 2019-09-01 06:33 (UTC)

I am unable to install the package. The suggested gpg is not working and I just get timed out.

grufo commented on 2019-08-21 21:25 (UTC)

@makeworld

If you mean adding the gpg command to the PKGBUILD, then the answer is no. A signature is something that must be added only once, and the user must be able to control it manually.

--grufo

makeworld commented on 2019-08-20 21:48 (UTC)

@grufo could that line be added to the PKGBUILD in lieu of the key attempting to be added now?

grufo commented on 2019-08-15 02:27 (UTC)

@DDoSolitary Done! Thank you!

grufo commented on 2019-08-15 02:22 (UTC)

Before running makepkg, you must do this (as normal user):

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

DDoSolitary commented on 2019-08-13 06:49 (UTC)

The release signing key has been poisoned on the SKS key servers, so the recommended way of fetching the key is gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org, according to https://support.torproject.org/#how-to-verify-signature.

@grufo Please update your pinned comment accordingly.

je-vv commented on 2019-07-21 22:20 (UTC) (edited on 2019-07-21 22:21 (UTC) by je-vv)

An alternative gpg public key will be required (with corresponding signature files as well). Not sure if any of the other keys for tor-browser devs:

https://2019.www.torproject.org/docs/signing-keys.html.en

Can be used, with new asc files... I also had to get rid of another old key from Tor and another one from Enigmail...

account commented on 2019-07-10 14:11 (UTC) (edited on 2019-07-10 14:11 (UTC) by account)

My gpg --list-keys is still sub-second.

Should we delete the Tor browser cert

pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

?

l0b0 commented on 2019-07-10 09:21 (UTC)

The Tor browser key seems to have been spammed (https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f) - there were 121,244 signatures on it before I deleted it from pubkeys and saved 10 MB! Considering gpg --list-keys went from a few minutes to about a single second after deleting it's likely that this key will cause massive slow-down for people trying to validate the installation.

grufo commented on 2019-07-05 00:04 (UTC)

@barkley128 There is nothing to fix, the PKGBUILD does not contain any information about PGP servers. These you have to provide yourself, and if a server does not work, all you have to do is to search for another server.

-- grufo

barkley128 commented on 2019-07-04 08:32 (UTC) (edited on 2019-07-04 09:41 (UTC) by barkley128)

Can't you fix some key issue? Tried the latest methods in comments. The pgp.mit.edu site doesn't work. The full key import doesn't work. Please fix the package, or reupload the key to some working key server. Found one! This one imported nicely: gpg --keyserver pgp.surfnet.nl --recv-keys 0x4E2C6E8793298290

grufo commented on 2019-06-22 15:37 (UTC)

@abdulhakeem

Yes, apparently someone has requested the merging of all the tor-browser-* packages with tor-browser. However I have just made jugs from tor-browser-en co-maintainer of this package.

--grufo

account commented on 2019-06-22 13:24 (UTC) (edited on 2019-06-22 13:27 (UTC) by account)

Same problem. I've done

gpg --recv-keys EB774491D9FF06E2

with output:

gpg: key 4E2C6E8793298290: 2 duplicate signatures removed
gpg: key 4E2C6E8793298290: 306 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 2 signatures reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys 0x4E2C6E8793298290

with output:

gpg: key 4E2C6E8793298290: 2 duplicate signatures removed
gpg: key 4E2C6E8793298290: 292 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 2 signatures reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

and still get the bad sig error:

==> Verifying source file signatures with gpg...
    tor-browser-linux64-8.5.2_en-US.tar.xz ... FAILED (bad signature from public key EB774491D9FF06E2)
==> ERROR: One or more PGP signatures could not be verified!

LA-MJ commented on 2019-06-21 20:37 (UTC) (edited on 2019-06-21 20:38 (UTC) by LA-MJ)

just running gpg --recv-key EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 should be enough

P.S. Do not ever use short key IDs

yurikoles commented on 2019-06-21 07:46 (UTC)

@flash872, please also include output of gpg

flash872 commented on 2019-06-21 00:28 (UTC) (edited on 2019-06-21 16:30 (UTC) by flash872)

Notwithstanding the pinned gpg --keyserver instructions (which I've run exactly as instructed, but got a "no keyserver available" error), I'm still getting the following errors:

tor-browser-linux64-8.5.2_en-US.tar.xz ... FAILED (bad signature from public key EB774491D9FF06E2) ==> ERROR: One or more PGP signatures could not be verified!

I've also run gpg --recv-keys EB774491D9FF06E2 and gpg --keyserver --recv-keys 0x4E2C6E8793298290

@yurikoles, here is the output of gpg:

gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys 0x4E2C6E8793298290 gpg: key 4E2C6E8793298290: 2 duplicate signatures removed gpg: key 4E2C6E8793298290: 292 signatures not checked due to missing keys gpg: key 4E2C6E8793298290: 2 signatures reordered gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" not changed gpg: Total number processed: 1 gpg: unchanged: 1

gpg --recv-keys EB774491D9FF06E2 gpg: key 4E2C6E8793298290: 2 duplicate signatures removed gpg: key 4E2C6E8793298290: 306 signatures not checked due to missing keys gpg: key 4E2C6E8793298290: 2 signatures reordered gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" not changed gpg: Total number processed: 1 gpg: unchanged: 1

gpg --recv-keys 0x4E2C6E8793298290 gpg: key 4E2C6E8793298290: 2 duplicate signatures removed gpg: key 4E2C6E8793298290: 306 signatures not checked due to missing keys gpg: key 4E2C6E8793298290: 2 signatures reordered gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) torbrowser@torproject.org" not changed gpg: Total number processed: 1 gpg: unchanged: 1

What am I doing wrong? TIA for any assistance.

abdulhakeem commented on 2019-06-20 03:18 (UTC) (edited on 2019-06-20 03:18 (UTC) by abdulhakeem)

Nice so now there's just this one package instead of separate ones for each language? ie no more tor-browser-en

z3ntu commented on 2019-05-30 10:02 (UTC)

@yar @jugs: Could you replace the gtk2 dependency on the package with gtk3 as @r381581 has written before?

bholu9837 commented on 2019-05-29 00:54 (UTC)

If you are getting makepkg error, run this first. gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290

yurikoles commented on 2019-05-22 16:22 (UTC)

@grufo icon is outdated

aluizioneto commented on 2019-05-08 13:11 (UTC)

How do I verify PGP signatures for this package?

When running makepkg -si:

==> Verifying source file signatures with gpg... tor-browser-linux64-8.0.8_en-US.tar.xz ... FAILED (unknown public key EB774491D9FF06E2) ==> ERROR: One or more PGP signatures could not be verified!

hexvalid commented on 2019-05-06 08:22 (UTC)

I aggree @ahmed_master23

We can't get file from dist.torproject.org at tor blocked countries. Can you add alternative URL like GitHub?

Tharbad commented on 2019-04-22 16:26 (UTC)

Firedox is also a dependency. Or maybe just some of its dependencies.

yar commented on 2019-03-22 21:10 (UTC)

@rodneyck I'm not able to reproduce this error. Please try in a chroot.

rodneyck commented on 2019-03-21 15:29 (UTC)

Getting validation errors on the latest update...

==> Validating source files with md5sums... tor-browser-linux64-8.0.7_en-US.tar.xz ... FAILED tor-browser-linux64-8.0.7_en-US.tar.xz.asc ... Skipped tor-browser-en.desktop ... Passed tor-browser-en.png ... Passed tor-browser-en.sh ... Passed ==> ERROR: One or more files did not pass the validity check!

ahmed_master23 commented on 2019-02-17 15:35 (UTC)

could you add other sources like github for people that have tor blocked and another one for people that have github blocked if there was a timeout error like https://github.com/TheTorProject/gettorbrowser/releases/download/v8.0.2/tor-browser-linux64-8.0.2_en-US.tar.xz

Plexcon commented on 2019-02-14 15:53 (UTC)


gpg --keyserver keys.mozilla.org --recv-keys 0x4E2C6E8793298290 gpg --recv-keys 2E1AC68ED40814E0 gpg --recv-keys D1483FA6C3C07136 && yaourt -S tor-browser-es gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys 0x4E2C6E8793298290 gpg: recepción del servidor de claves fallida: No hay ningún servidor de claves disponible

==> Verificando las firmas de las fuentes con gpg... tor-browser-linux64-8.0.6_es-ES.tar.xz ... HA FALLADO (Firma viciada en relación con la clave pública EB774491D9FF06E2) ==> ERROR: ¡No se ha podido verificar alguna de las firmas PGP!

iyanmv commented on 2019-02-04 17:10 (UTC)

@yar @jugs: It would be nice if you could answer to @caleb and @nTia89 questions. I also don't understand the reason to use three different hashes so iff there is one, I'd love to know it. Otherwise, just delete the extra hashes.

commented on 2019-01-31 16:27 (UTC)

https://aur.archlinux.org/tor-browser-de.git

404 - Seite nicht gefunden

Die angeforderte Seite existiert leider nicht.

r381581 commented on 2019-01-29 10:36 (UTC)

tor-browser 8 is based on firefox60, which uses the Photon UI and is gtk3+ only. For me, tor-browser works fine without gtk2 installed. So, the gtk2 dependency should be removed and a gtk3 dependency added.

karhu commented on 2018-12-18 09:07 (UTC)

Thanks @atnanasi,

It works after to get the keys with the second one command. The first one doesn't work.

rokoucha commented on 2018-12-15 12:20 (UTC) (edited on 2018-12-15 12:21 (UTC) by rokoucha)

@karhu I have not signed to this package but this tarball has signed by The Tor Project.

If you don't have The Tor Project's PGP key, you need to receive keys.

gpg --recv-keys '8738A680B84B3031A630F2DB416F061063FEE659'

gpg --recv-keys 'EF6E286DDA85EA2A4BA7DE684E2C6E8793298290'

karhu commented on 2018-12-15 09:57 (UTC) (edited on 2018-12-15 09:59 (UTC) by karhu)

New version 8.0.3 same thing with the key.

And always :

gpg --search-keys ys2000pro@gmail.com gpg: data source: https://[2001:67c:26b4::98:0]:443 gpg: error searching keyserver: Pas de données gpg: échec de recherche au sein du serveur de clefs : Pas de données

Please @atnanasi, could you answer ?

yar commented on 2018-11-17 18:30 (UTC)

@l0b0 it's a git repo, so just mirror it somewhere and ask me to pull from it :)

l0b0 commented on 2018-11-16 08:40 (UTC)

I'd like to fix some shellcheck issues in tor-browser-en.sh. How do I submit a patch to a file which is not part of upstream?

erkin commented on 2018-10-27 03:12 (UTC)

Turkish ISPs block torproject.org, meaning it's not possible to build the package.

kevung commented on 2018-10-26 14:53 (UTC)

Hello everybody, I have the same issue as "zilvervos commented on 2018-03-19 16:02" when I try yaourt -S tor-browser:

% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (51) SSL: no alternative certificate subject name matches target host name 'dist.torproject.org' ==> ERREUR : Erreur lors du téléchargement de https://dist.torproject.org/torbrowser/8.0.3/tor-browser-linux64-8.0.3_en-US.tar.xz Abandon… ==> ERREUR : Makepkg n'a pas pu construire tor-browser. ==> Relancer la compilation de tor-browser ? [o/N] ==> ----------------------------------------------

I tried to replace 8.0.3 into 8.0.3.1 in PKGBUILD without success. I did also gpg --keyserver pool.sks-keyservers.net --recv-keys EB774491D9FF06E2 as adviced by yar.

Does anybody encounter the same issue? Take care

karhu commented on 2018-10-13 08:18 (UTC) (edited on 2018-10-13 08:18 (UTC) by karhu)

Nouvelle version : 8.0.2-1 du 3/10/2018 est toujours le même problème de clé. New version : 8.0.2-1 2018/10/03 and always the same problem with the key.

dakataca commented on 2018-10-11 21:09 (UTC) (edited on 2018-10-11 23:51 (UTC) by dakataca)

unalinea

otralinea

gsi commented on 2018-10-05 05:12 (UTC)

Apparently gtk3 is required.

If it is not installed, tor-browser just doesn't start. The command exits with code 255 with no further output given. If the provided "firefox" executable is run directly, we get:

XPCOMGlueLoad error for file /home/gsi/.tor-browser/app/Browser/libmozgtk.so:
libgtk-3.so.0: cannot open shared object file: No such file or directory Couldn't load XPCOM.

teke commented on 2018-09-30 10:34 (UTC)

@karhu Bonjour, même problème que toi. Pourtant la clé est bien dans le trousseau de pacman-key... je ne comprends pas.

icemodding commented on 2018-09-25 18:32 (UTC)

guys, the fix it's simple!

==> Verificando las firmas de las fuentes con gpg... tor-browser-linux64-8.0.1_en-US.tar.xz ... HA FALLADO (clave pública desconocida EB774491D9FF06E2) ==> ERROR: ¡No se ha podido verificar alguna de las firmas PGP!

$ gpg --recv-keys EB774491D9FF06E2

fixed! :-)

grufo commented on 2018-09-23 00:02 (UTC)

@jadenPete

Good point. Fixed. Thanks!

beardedlinuxgeek commented on 2018-09-22 18:08 (UTC)

Just use keyserver.ubuntu.com if pgp.mit.edu is down

karhu commented on 2018-09-21 17:49 (UTC)

==> Vérification des signatures des fichiers sources grâce à gpg… tor-browser-linux64-8.0_fr.tar.xz ... ÉCHEC (Clé publique inconnue EB774491D9FF06E2) ==> ERREUR : Une ou plusieurs signatures PGP n’ont pas pu être vérifiées. ==> ERREUR : Makepkg n'a pas pu construire tor-browser-fr.

jadenPete commented on 2018-09-18 04:18 (UTC)

Icon should be just tor-browser, not the full path. Otherwise, icon themes will not work.

eguillot commented on 2018-09-17 09:54 (UTC)

[newbie comment] add the key as simple user, not for the root user (no sudo...) The command that finally worked for me: $ gpg --recv-keys EB774491D9FF06E2 (no need to specify the key server)

Vrakfall commented on 2018-09-14 11:25 (UTC) (edited on 2018-09-14 11:26 (UTC) by Vrakfall)

Trying to get the new gpg key always returns gpg: keyserver receive failed: No data for me...

Yondan commented on 2018-09-14 10:45 (UTC)

La mise à jour 8.0.1 plante : Mise à jour de tor-browser-fr (7.5.5-1 -> 8.0-1)... Erreur: tor-browser-fr: l’extraction de /opt/tor-browser-fr/tor-browser-linux64-8.0_fr.tar.xz a échoué (Lzma library error: Corrupted input data) Erreur: tor-browser-fr: des erreurs sont survenues pendant la mise à jour de tor-browser-fr

migrev commented on 2018-09-13 11:58 (UTC)

Where are merging this package into tor-browser-es-es. Should happen anytime now.

glagola commented on 2018-09-12 08:06 (UTC)

Error during update: tor-browser-linux64-8.0_ru.tar.xz ... FAILED (unknown public key EB774491D9FF06E2)

cml commented on 2018-09-10 18:21 (UTC)

I had the same problem as mcnesium but on Arch, so it's not specific to derivatives.

francesco_dem commented on 2018-09-07 10:24 (UTC)

Ciao Alessio, stesso problema delle firme GPG. gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0 non risolve il problema.

Pryka commented on 2018-09-06 19:49 (UTC)

@LaughingMan

No I didn't. Still don't understand why people using Arch derivatives ask for help here intend on their own IRC/Forums etc.

yar commented on 2018-09-06 16:57 (UTC) (edited on 2018-09-06 16:58 (UTC) by yar)

An updated history of relevant keys for my own benefit (and maybe others):

1) 8738A680B84B3031A630F2DB:416F0610:63FEE659 Erinn Clark's personal key - 4.0.3 [2015-01-14] and earlier were signed by this

2) EF6E286DDA85EA2A4BA7DE68:4E2C6E87:93298290 A master key created on 2014-12-15 for the purpose of signing other Tor Browser Developer keys

3) BA1EE421BBB45263180E1FC7:2E1AC68E:D40814E0 signed by #2, 4.0.4 [2015-02-25] through 6.0.8 [2016-12-13] were signed by this

4) A4300A6BC93C0877A4451486:D1483FA6:C3C07136 signed by #2, 6.5 [2017-01-24] through 7.5.6 [2018-06-26] were signed by this

5) 110775B5D101FB36BC6C911B:EB774491:D9FF06E2 signed by #2, 8.0 [2018-09-05] is signed by this

LaughingMan commented on 2018-09-06 08:49 (UTC)

@mcnesium: This package preserves your profile across updates. Deleting/renaming ~/.tor-browser and starting from a clean slate fixed the problem for me.

@Pryka: Looks like you missed your stated goal...

Pryka commented on 2018-09-06 08:11 (UTC)

@mcnesium I don't want to sound like prick but... AUR - ARCH user repository. Why anyone here should care about Manjaro issues?

mcnesium commented on 2018-09-06 08:07 (UTC) (edited on 2018-09-06 08:52 (UTC) by mcnesium)

After upgrading to 8.0-1 on Manjaro Linux, Tor Browser is no longer able to connect. The Tor Network Settings window will not appear on startup, neither it shows up on selecting it shows up on selecting the entry in the Torbutton menu. Nor does any other menu entry do anything… :(

/edit: deleting ~/.tor-browser fixed this. Thx @LaughingMan

jugs commented on 2018-09-05 17:41 (UTC) (edited on 2018-09-05 17:46 (UTC) by jugs)

New signing key for 8.0+:

gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290

See the torproject blog post regarding the 8.0 release for key info.

Joel commented on 2018-09-02 14:21 (UTC)

curl: (22) The requested URL returned error: 404 Not Found

sipo commented on 2018-09-01 09:48 (UTC) (edited on 2018-09-01 10:17 (UTC) by sipo)

@arlion-dev : bonjour, la version est pour l'instant "périmé". Version actuelle 7.5.6 : https://dist.torproject.org/torbrowser/7.5.6/tor-browser-linux64-7.5.6_fr.tar.xz

arlion-dev commented on 2018-08-23 15:03 (UTC)

L'adresse du téléchargement semble être un lien mort, j'ai l'erreur suivante :

curl: (22) The requested URL returned error: 404 Not Found ==> ERREUR : Erreur lors du téléchargement de https://dist.torproject.org/torbrowser/7.5.5/tor-browser-linux64-7.5.5_fr.tar.xz

nRoof commented on 2018-07-07 16:50 (UTC) (edited on 2018-07-07 20:56 (UTC) by nRoof)

  1. Does anybody have H.264 video working? I tried to install both optional dependencies from the PKGBUILD (gst-libav and gst-plugins-good), but no luck. This can be checked in multiple ways, for example: https://www.quirksmode.org/html5/tests/video.html (H.264 clip cannot be played); https://www.youtube.com/html5 (H.264 and MSE & H.264 are listed as not supported); about:support in address bar -> Graphics shows "Hardware H264 Decoding: No; Failed to create H264 decoder". When I unpack the same binary distribution, that PKGBUILD downloads, in latest Debian, the same videos work fine. Update: never mind, was able to fix it by installing ffmpeg-compat-57 from AUR.
  2. Isn't it more correct to name this package "tor-browser-bin"? This has been already mentioned in the very first comment from @TrialnError. Or, instead, is it planned to build it from source any time soon?

alerque commented on 2018-07-07 11:00 (UTC)

I seriously came here to ask the same thing as @nTia89 — what is the deal with using three hash functions? This is just silly antics that make it harder to manage manually, clutter the diff history, and all without providing any benefit. One of the SHA mechanisms is sufficient, if that doesn't completely solve the problem adding another one is not going to solve the problem, much less adding MD5. Please revert 5df1ca8a986e and use just GPG signature validation plus one set of SHA512 checksums.

nTia89 commented on 2018-06-24 10:26 (UTC)

@yar Why do you use three hash functions (md5sums, sha256sums and sha512sums)?

wchouser3 commented on 2018-06-23 22:41 (UTC)

@grufo and @capncrisco..thank you. I see it's written in the pkgbuild now (unless I missed it before)

capncrisco commented on 2018-05-09 11:53 (UTC)

Before running makepkg, you must do this:

gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136

crypt.ix commented on 2018-05-07 08:31 (UTC)

gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

This worked for me. @grufo's comment did not.

ZJaume commented on 2018-05-03 18:25 (UTC)

When /home is mounted with 'noexec' option tor browser fails to execute, I think it's because the executable is placed in /home. Would it be a way to install on '/'? I don't know if installing tor-browser at '/' could open a new security flaw

anniezpw commented on 2018-05-02 21:23 (UTC)

@pirxel

run it without "--keyserver hkp://pgp.mit.edu:11371" as that address:port is currently unreachable.

pirxel commented on 2018-04-30 10:49 (UTC)

$ gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136 gpg: keyserver receive failed: No data

sorry guys but this is not helping, any idea what to do with this?

zilvervos commented on 2018-03-19 16:02 (UTC) (edited on 2018-03-21 10:21 (UTC) by zilvervos)

I cannot build tor-browser-en

Downloading the source files fails:

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dist.torproject.org:443 ==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/7.5.2/tor-browser-linux64-7.5.2_en-US.tar.xz Aborting...

[update 21-03] Problem seems to have solved itself.

wchouser3 commented on 2018-03-17 19:42 (UTC)

what is the pgp key? the package won't install

comeandtakeit commented on 2018-03-16 04:06 (UTC)

Pinned keyserver seems to be down. Try this:

gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136

rokoucha commented on 2018-03-15 01:23 (UTC)

Thanks for comment.I fixed checksum.

Neros commented on 2018-03-14 16:50 (UTC)

I can't update it, the signature is wrong. It should be:

sha256sums_x86_64=('a2487b8154b54d6f8cd8a64fad3573a2f5763bcf43fde8473b8e27633645a524' 'SKIP')

instead (I don't know about i686).

papa6 commented on 2018-02-22 13:28 (UTC) (edited on 2018-02-22 13:49 (UTC) by papa6)

Bonjour, De grosses difficultés rencontrées avec gpg --keyserver pgp.mit.edu --recv-keys D1483FA6C3C07136 qui ne marchait pas, ni avec des alternatives.

La solution complète trouvée : pacman-key -r D1483FA6C3C07136

pacman-key --edit-key D1483FA6C3C07136

là, on arrive sous gpg : gpg> lsign

gpg> trust

(niveau de confiance : 3)

gpg> save

Source : https://wiki.archlinux.fr/Pacman-key#Installation_manuelle

RidingLuck commented on 2018-02-19 16:38 (UTC) (edited on 2018-02-19 16:39 (UTC) by RidingLuck)

update key

gpg --recv-keys D1483FA6C3C07136 && yaourt -S tor-browser-es

<hr>

Llave Actualizada

gpg --recv-keys D1483FA6C3C07136 && yaourt -S tor-browser-es

ratcheer commented on 2018-01-25 15:32 (UTC)

I downloaded, updated the keys, and ran "makepkg -sri" on this package. I cannot find the updated browser on my system.

If I run "./tor-browser/tor-browser_en-US/Browser/start-tor-browser", it runs version 6.0.8. If I run "./.tor-browser-en/INSTALL/Browser/start-tor-browser", it runs version 6.5.1.

Where is version 7.5 supposed to be? The find command finds no other instances of file start-tor-browser. Thank you.

TiborB commented on 2017-12-17 21:13 (UTC)

Hi, when trying to fetch gpg keys I am getting an unclear error:

$gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 gpg: keyserver receive failed: Invalid argument

What should I do?

freeboson commented on 2017-12-11 04:00 (UTC) (edited on 2017-12-11 04:01 (UTC) by freeboson)

Hi,

In tor-browser-en.sh, please change the order in which the TB* vars are set and the args are parsed. You should only set TB_HOME_DIR and TB_REFRESH defaults before parsing args.

Edit: sorry, don't know how to escape italicizing _'s.

andrew-wja commented on 2017-11-10 20:32 (UTC)

This package is broken in many different AUR helpers at the moment because of an error with the SSL certificate for torproject.org (see below). Is there any workaround for this? ==> Building and installing package ==> Making package: tor-browser 7.0.9-1 (Fri Nov 10 20:30:54 GMT 2017) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found tor-browser.desktop -> Found tor-browser.png -> Found tor-browser.sh -> Downloading tor-browser-linux64-7.0.9_en-US.tar.xz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dist.torproject.org:443 ==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/7.0.9/tor-browser-linux64-7.0.9_en-US.tar.xz

grufo commented on 2017-11-03 14:01 (UTC)

@LaughingMan tor-browser and tor-browser-en-us do that. @yar, @jugs We should think to merge tor-browser-en and tor-browser-en-us. Please have a look at the source of the various tor-browser* I mantain. I revised the package's bash script and made it more portable. Would you like to be co-mantainers of tor-browser-en-us?

fennectech commented on 2017-10-28 23:40 (UTC)

if only yaourt was capable of doing this by itself.

grufo commented on 2017-10-21 02:15 (UTC)

@Marcel_K Thank you for the clarification. I will remove the `pre_install()` message in the next days. Regarding the md5sums, this is an umbrella PKGBUILD, which selects the package source in function of the language of the machine. I really cannot mantain an array of md5sums/SHA256 for each language and update it with each release.

Marcel_K commented on 2017-10-20 23:47 (UTC) (edited on 2017-10-20 23:48 (UTC) by Marcel_K)

BTW, it is *not* a good idea to skip checksumming of source files, like you do now in md5sums_(i686|x86_64). Only (automatically) set the checksum of signature files to SKIP. A better hashing algorithm like SHA256 is also nice, unless the source of the files provide MD5 checksums, which isn't the case, as far as I can see within a few seconds.

Marcel_K commented on 2017-10-20 23:43 (UTC)

Yes, signature checking of the source files (using the signature files downloaded due to their presence in the sources array) is done during makepkg. You can install signed packages, like the ones from the official repos, but those keys are in the pacman keyring and installed automatically (with a slight hiccup, like a few days ago, when I tried to update my system but pacman-keyring wasn't update in time). See https://wiki.archlinux.org/index.php/Pacman/Package_signing There also exist user repositories with pre-built packages that can be signed: https://wiki.archlinux.org/index.php/Unofficial_user_repositories In short: do not compile a package yourself and then send it to someone using an insecure method like regular email.

grufo commented on 2017-10-20 23:25 (UTC)

@Marcel_K I am not enough a pacman expert to give an answer, therefore I will ask you a question. Imagine you have not imported the PGP keys and I did. Now imagine that I build the tor-browser package and I email it to you (the built pacman package). My question is: will you be able to install it?

Marcel_K commented on 2017-10-20 23:15 (UTC)

But the .install files are only run using pacman, which is too late. The message makepkg outputs should be enough, IMHO. Or create a pinned comment about the import of the PGP key, linking to https://wiki.archlinux.org/index.php/Makepkg#Signature_checking

grufo commented on 2017-10-20 22:20 (UTC)

@Marcel_K You are right, but unfortunately there is not a `pre_validate()` function available for .install files, the earliest function available is `pre_install()`. And to print messages via PKGBUILD before validation in my opinion is not a good practice. Maybe this could be a proposal for Arch developers regarding the .install files (either a `pre_validate()` function or a `fail_validate()` function that is triggered only when validation fails).

Marcel_K commented on 2017-10-20 22:01 (UTC)

The message about signature verification is useless in the install file as you should already have built and installed the package before seeing it.

LaughingMan commented on 2017-10-20 17:09 (UTC) (edited on 2017-10-20 17:10 (UTC) by LaughingMan)

@yar @jugs Could you please make it so the profile doesn't get deleted on every update? The tor-browser package was already fixed. You need to preserve the folder ~/.tor-browser-en/INSTALL/Browser/TorBrowser/Data/Browser

grufo commented on 2017-09-29 21:29 (UTC)

@acidicX I knew it! Thank you for the suggestion! :)

acidicX commented on 2017-09-29 20:21 (UTC)

@grufo works like a charm! Thank you!

Denton-L commented on 2017-09-29 05:37 (UTC)

I'm currently getting this error: ==> Making package: tor-browser-en 7.0.6-1 (Fri Sep 29 01:36:10 EDT 2017) ==> Retrieving sources... -> Downloading tor-browser-linux64-7.0.6_en-US.tar.xz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 Not Found ==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/7.0.6/tor-browser-linux64-7.0.6_en-US.tar.xz

grufo commented on 2017-09-24 21:24 (UTC)

@acidicX I updated the package's script now.

grufo commented on 2017-09-18 18:53 (UTC)

@acidicX Good idea. I changed the package's script in order to preserve the folder ~/.tor-browser/app/Browser/TorBrowser/Data/Browser during each update. But unfortunately I have no internet on my computer at the moment, therefore I can upload it only in the next days. Stay tuned! :)

acidicX commented on 2017-09-18 15:53 (UTC) (edited on 2017-09-18 15:53 (UTC) by acidicX)

@grufo do you maybe have any info on that? https://bbs.archlinux.org/viewtopic.php?pid=1736811

smatts commented on 2017-09-11 00:41 (UTC)

@alogim I successfully installed it using the first Tor Browser key I could find on their website (https://www.torproject.org/docs/signing-keys.html.en): gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys 0x9329829

alogim commented on 2017-09-03 13:59 (UTC) (edited on 2017-09-03 14:00 (UTC) by alogim)

Whenever I run gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136 I get gpg: keyserver receive failed: No keyserver available

yar commented on 2017-08-26 00:27 (UTC)

The github download links are consistently out-of-date. 7.0.4 has been out for weeks and is still not on github. If you can get them to update reliably, I'll use it.

gancho commented on 2017-08-14 19:52 (UTC)

@admicos: Have you tried using "torify makepkg"?

admicos commented on 2017-08-13 16:57 (UTC)

Can you change the sources to download from GitHub? torproject.org is blocked in Turkey and manually editing the PKGBUILD is just too time consuming (for me, at least)

FabioLolix commented on 2017-08-11 10:03 (UTC)

Before running makepkg, you must do this: gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136

ExoNarcis commented on 2017-08-11 08:05 (UTC)

если пакет не собирается попробуйте gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 или gpg --keyserver ha.pool.sks-keyservers.net --recv-keys D1483FA6C3C07136

Det commented on 2017-08-10 04:03 (UTC)

with this I can visit fbi.com

grufo commented on 2017-08-08 19:37 (UTC)

Hi FabioLolix, thanks for adding me to the co-maintainer list. I just standardized the package and updated it. --grufo

migrev commented on 2017-08-08 10:51 (UTC)

@Plexcon, pues ya lo tienes. Un saludo.

grufo commented on 2017-08-08 10:13 (UTC)

@Plexcon I had left this comment in the PKGBUILD: # Before running makepkg, you must do this: # # gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136

Plexcon commented on 2017-08-08 07:43 (UTC)

tor-browser-linux64-7.0.3_es-ES.tar.xz ... HA FALLADO (clave pública desconocida D1483FA6C3C07136) ==> ERROR: ¡No se ha podido verificar alguna de las firmas PGP! Ponemos en consola: gpg --recv-keys D1483FA6C3C07136 y ya se puede instalar.

Plexcon commented on 2017-08-08 07:29 (UTC)

Hola migrev, quería solicitar la actualizacioń a tor-browser-es 7.0.3 Gracias

cocoche007 commented on 2017-07-22 23:57 (UTC)

gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 didn't work gpg --keyserver ha.pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 works for me

Omar007 commented on 2017-06-13 14:05 (UTC)

Improvement Suggestion: Make use of the XDG Base Directories. Make it unpack to "${XDG_DATA_HOME}/tor-browser-en" instead of "~/.tor-browser-en". (if "${XDG_DATA_HOME}" is not set, it should default to "~/.local/share") Maybe you could even use "${XDG_CACHE_HOME}" (default to "~/.cache") instead of "${XDG_DATA_HOME}" since deleting the directory is no problem; it is created if it doesn't exist. See also: https://wiki.archlinux.org/index.php/XDG_Base_Directory_support PS. Maybe you could even group the data for the tor-browser packages by moving the language to a sub-directory; "tor-browser/${LANG}" as opposed to "tor-browser-${LANG}".

FabioLolix commented on 2017-06-11 19:07 (UTC)

Ciao Alessio, adotterei questo pkgbuild volentieri

gbr commented on 2017-06-08 18:12 (UTC)

I think you should update the "Icon" section in the .desktop file. Since you're pointing to an absolute path, people who use a custom icon theme won't get the proper icon. Changing it to: Icon=REPL_NAME should be enough.

grufo commented on 2017-05-23 18:04 (UTC)

@brando56894 I had left this comment in the PKGBUILD: # Before running makepkg, you must do this: # # gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136

brando56894 commented on 2017-05-23 14:18 (UTC)

Still having issues with package verification: ==> Validating source files with md5sums... tor-browser.desktop ... Passed tor-browser.install ... Passed tor-browser.png ... Passed tor-browser.sh ... Passed ==> Validating source_x86_64 files with md5sums... tor-browser-linux64-6.5.2_en-US.tar.xz ... Skipped tor-browser-linux64-6.5.2_en-US.tar.xz.asc ... Skipped ==> Verifying source file signatures with gpg... tor-browser-linux64-6.5.2_en-US.tar.xz ... FAILED (unknown public key D1483FA6C3C07136) ==> ERROR: One or more PGP signatures could not be verified! ==> ERROR: Makepkg was unable to build tor-browser.

sabe commented on 2017-05-13 15:08 (UTC)

As mentioned the gpg errors are an issue with default versions of gnupg in most linux distros, specifically a dns resolution issue. If you cannot be bothered downgrading your gnupg package then just ping the keyserver and use it's ip instead of its url.

rokoucha commented on 2017-05-09 13:03 (UTC)

Sorry for late. I updated it to 6.5.2. If you don't have the PGP key, you need to receive keys. gpg --recv-keys '8738A680B84B3031A630F2DB416F061063FEE659' gpg --recv-keys 'EF6E286DDA85EA2A4BA7DE684E2C6E8793298290'

xingxuanma commented on 2017-05-08 03:53 (UTC)

这个包没有人维护了吗?

Mark1 commented on 2017-05-07 14:31 (UTC)

THE BEST BROWSER EVER !!

dml commented on 2017-05-05 06:25 (UTC)

у меня настройки каждый раз слетают после обновления из aur.

grufo commented on 2017-05-01 05:46 (UTC)

@TrialnError Perfect then! Thanks for your help! -- grufo

TrialnError commented on 2017-04-30 02:48 (UTC)

*cough*Yes*cough* ;) Seems to be working and looking good (at least for me)

grufo commented on 2017-04-30 02:06 (UTC)

@TrialnError > But noextract needs to be changed (again) *cough* You mean… like I had done before? O:) https://aur.archlinux.org/cgit/aur.git/commit/?h=tor-browser&id=f5d6633c35189d484f660213fc6a1a0fe3fab175 > Changing it to Done! :) One last check?

TrialnError commented on 2017-04-29 19:35 (UTC)

Looking good. But noextract needs to be changed (again) *cough*. I assumed it has an architecture specific flag (and most of the other tor-browser PKGBUILDs are doing the same thing). But after testing it, it extracted the source package. Changing it to noextract=("${pkgname}-${_idstr64}-${pkgver}_${_language}.tar.xz" "${pkgname}-${_idstr32}-${pkgver}_${_language}.tar.xz") yielded the expected result and didn't error out, as I didn't have the 32bit package locally

Plexcon commented on 2017-04-26 12:11 (UTC)

Muchas gracias. Saludos

migrev commented on 2017-04-26 12:04 (UTC)

@Plexcon: ¡A sus órdenes! Actualizado a 6.5.2. Saludos.

Plexcon commented on 2017-04-26 09:15 (UTC)

Actualización 6.5.2-1, please.

grufo commented on 2017-04-24 23:57 (UTC)

@TrialnError Thanks! I think now it should be fine. Could you please have a look at the PKGBUILD?

TrialnError commented on 2017-04-24 17:36 (UTC)

No? Those releases are signed with a pgp key (therefore the validpgpkeys entry). The filename itself is the same + an added .sig/.asc (see https://gist.github.com/Narrat/0fc7efa2db50309201640c8261551eed#file-01_32bit_build-patch-L93 ). If the checksum entry is set to SKIP (as it is usually done for sigfiles), it would download the source and its respective signature file and use the validpgpkeys entry to check if the downloaded file is valid (you only need this key in your local gnupg keyring, else it will fail with an error message). No need to keep a massive source/checksum entry?

grufo commented on 2017-04-23 21:55 (UTC)

@TrialnError Thanks for your contribution. Now I added both architectures (32 and 64 bit). The problem with signatures however is that this is a language-agnostic PKGBUILD, and therefore there would be needed as many signatures as the languages are, or am I wrong?

TrialnError commented on 2017-04-10 22:50 (UTC)

My proposal for changes would look like this https://gist.github.com/Narrat/0fc7efa2db50309201640c8261551eed

grufo commented on 2017-04-10 19:36 (UTC)

@TrialnError > Still imo the source check via the provided signature files should be done + providing the 32bit version. Yes, you are right about nearly all your points. I released this PKGBUILD after seeing the mess with the language specific packages, and based the PKGBUILD on one of them in order to simplify the mess. The real problem is that I don't have time for writing down an array of md5sums + dealing with the signature files. But if you want to help I will be happy to use your contributions!

TrialnError commented on 2017-04-10 00:56 (UTC) (edited on 2017-04-10 01:26 (UTC) by TrialnError)

What does it make different from tor-browser-bin? In general? Imo the naming scheme isn't fitting, as this is still the binary version and not compiled from source. And with the use of architecture specific PKGBUILD variables (source_i686, noextract_i686 and else) it could also provide the i686 version. Another point is the signature checking you mention in the pre_install section of the install file. Those key-ids could be added to the PKGBUILD (validpgpkeys) and the respective signature files to the source, to do the checking while creating the package (and removing the pre_install comment) Edit: What a mess with the tor-browser packages. Didn't saw the language specific versions. And tor-browser-bin has its own problems. I see now, this is a case of one PKGBUILD for all (like the descriptions states). Still imo the source check via the provided signature files should be done + providing the 32bit version.

Plexcon commented on 2017-04-02 15:52 (UTC)

Muchas gracias por la actualización. "tor-browser-linux64-6.5.1_es-ES.tar.xz ... HA FALLADO (clave pública desconocida D1483FA6C3C07136) ==> ERROR: ¡Una o más firmas PGP no pudieron ser verificadas!" Instalado correctamente gracias a la key que menciona Bitl0rd: gpg --recv-keys 2E1AC68ED40814E0 Poner en terminal antes de instalar

migrev commented on 2017-03-20 11:13 (UTC)

Actualizado a la 6.5.1

ant commented on 2017-02-22 11:46 (UTC)

yar: for beginners I with to add that the gpg command must be run as the same user compiling the package, not as root.

Plexcon commented on 2017-02-13 18:58 (UTC)

tor-browser-en 6.5-1 trabaja correctamente en Manjaro KDE Edition (16.10.3)

kuklofon commented on 2017-02-08 13:35 (UTC)

Спасибо дорогой товарищ!

liljaylj commented on 2017-02-06 12:31 (UTC)

Hello, could you please change source url to those provided by GitHub (for x86_64: https://github.com/TheTorProject/gettorbrowser/releases/download/v6.5/tor-browser-linux64-6.5_en-US.tar.xz), because dist.torproject.org domain is blocked here in Kazakhstan. Thanks

teke commented on 2017-02-02 16:35 (UTC)

@smonff Merci > pgp.mit.edu/pks/lookup?search=D1483FA6C3C07136 Me renvoyait "No results found" Peut être car c'est une sous clé? Les clés sont visible ici: https://www.torproject.org/docs/signing-keys.html.en L'ajout de la clé a réglé le problème.

smonff commented on 2017-02-02 11:39 (UTC)

Bonjour @teke gpg --keyserver pgp.mit.edu --recv-keys D1483FA6C3C07136

teke commented on 2017-01-30 16:44 (UTC)

Bonjour, > ==> Vérification des signatures des fichiers sources grâce à gpg... > tor-browser-linux64-6.5_fr.tar.xz ... ÉCHEC (Clef publique inconnue D1483FA6C3C07136) Le truc qui m'inquiète, c'est que la clé D1483FA6C3C07136 est inconnue des serveur de clé...

Mark1 commented on 2017-01-29 17:32 (UTC)

For the GPL license just copy that on your terminal: gpg --recv-keys 0x4E2C6E8793298290

Mark1 commented on 2017-01-29 17:31 (UTC)

NICE ! ! ! 10/10

now-im commented on 2017-01-29 17:01 (UTC) (edited on 2017-01-29 18:24 (UTC) by now-im)

@yar I got two work-around 1. As gnupg is failing to download the public key it can be done manually by this command: curl "https://pgp.mit.edu/pks/lookup?op=get&search=0x4E2C6E8793298290" -o - | gpg --import 2. Gpg key verification can be skipped by replacing a pkgbuild line which is not recommended as tor is a very crucial piece of software. The line is: validpgpkeys=('EF6E286DDA85EA2A4BA7DE684E2C6E8793298290' 'SKIP') Process 1 is safe, 2 is risky and totally your choice. Peace!

xuiqzy commented on 2017-01-27 15:23 (UTC)

@beroal Sorry, I confused the fingerprints with the keys itself. Now i understand it and have no problem with this packagebuild :) Still, it would be nice if there would be a mechanism in makepkg to embed the whole key or at least instruct it to download it...

kyak commented on 2017-01-27 05:05 (UTC)

@kerberizer good for you, but i was using 2.1.17-4 at that time. It contained incorrect patch, and so didn't work. In fact, it was silently fixed without a version bump: https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/gnupg&id=fff9ea5d38f76133a9ed5c38bc7dcf35591d33f6 Anyway, thanks for your feedback. The command from pinned message should work now for everyone running the latest gnupg.

kerberizer commented on 2017-01-26 16:00 (UTC)

@kyak: $ pacman -Q gnupg gnupg 2.1.18-1 $ killall dirmngr dirmngr: no process found $ killall gnome-keyring-daemon $ mv ~/.gnupg{,.tmp} $ gpg -k gpg: directory '/home/<redacted>/.gnupg' created gpg: new configuration file '/home/<redacted>/.gnupg/dirmngr.conf' created gpg: new configuration file '/home/<redacted>/.gnupg/gpg.conf' created gpg: keybox '/home/<redacted>/.gnupg/pubring.kbx' created gpg: /home/<redacted>/.gnupg/trustdb.gpg: trustdb created $ gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 $ makepkg -cCs ==> Making package: tor-browser-en 6.5-1 (Thu 26 Jan 17:53:58 EET 2017) (...snip...) ==> Finished making: tor-browser-en 6.5-1 (Thu 26 Jan 17:54:14 EET 2017) Please let me know if there are other tests or information that might help you find the cause of the problem you encounter.

kyak commented on 2017-01-26 15:35 (UTC)

@kerberizer obviously, you've already had the needed gpg key imported while running an older version of gnupg. Try (re)moving the ~/.gnupg directory, killing dirmngr (or rebooting) and have a lot of "fun" with the latest gnupg. What bothers me most is that people are not able to read even two comments back and try downgrading gnupg and then reporting back if it worked or not. There are two types of commenters here: 1) It works for me, fix your problem and 2) It doesn't work for me, and i can't read.

kerberizer commented on 2017-01-26 13:16 (UTC)

Just to note that I've never had any issues with this package. I know this isn't too helpful for those who do face problems, but at least it's an indication that the source of the problems is something system and/or network-specific, and not the package itself.

tscs37 commented on 2017-01-26 07:22 (UTC)

The GPG command specified in the comments does not work. gpg will fail with "no key server available"

kyak commented on 2017-01-25 18:55 (UTC)

Downgrading to gnupg-2.1.16-2 and running gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 has helped. What a crappy piece of software.. Can't even handle itself.

kyak commented on 2017-01-25 18:14 (UTC)

Weird. First time running: gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 Returns: gpg: keyserver receive failed: No such file or directory Second time running: gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 Returns: gpg: keyserver receive failed: No keyserver available This is consistent. After killing dirmngr, i get "No such file or directory". All other times, i get "No keyserver available". I tried various other keyservers with the same results.

yar commented on 2017-01-25 17:25 (UTC)

@slav what error messages did you get?

z3ntu commented on 2017-01-25 11:43 (UTC)

@Maintainer: The package kdebase-kdialog was renamed to just kdialog recently.

slav commented on 2017-01-25 10:15 (UTC)

Unfortunately gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 didn't resolved issue however insecure command: makepkg --skippgpcheck let me make packages and manually install them

yar commented on 2017-01-25 09:14 (UTC) (edited on 2018-09-06 16:52 (UTC) by yar)

Before running makepkg, you must do this:

gpg --keyserver pool.sks-keyservers.net --recv-keys EB774491D9FF06E2

See below for details.

yar commented on 2017-01-25 09:12 (UTC)

A headache indeed. First of all, let's review all the relevant keys: 1) 8738A680B84B3031A630F2DB:416F0610:63FEE659 Erinn Clark's personal key - 4.0.3 [2015-01-14] and earlier were signed by this 2) EF6E286DDA85EA2A4BA7DE68:4E2C6E87:93298290 A master key created on 2014-12-15 for the purpose of signing other Tor Browser Developer keys 3) BA1EE421BBB45263180E1FC7:2E1AC68E:D40814E0 signed by #2, 4.0.4 [2015-02-25] through 6.0.8 [2016-12-13] were signed by this 4) A4300A6BC93C0877A4451486:D1483FA6:C3C07136 signed by #2, 6.5 [2017-01-24, today] is signed by this Second of all, look at the makepkg source code: https://git.archlinux.org/pacman.git/tree/scripts/libmakepkg/integrity/verify_signature.sh.in#n64 * If the signer of the .asc file is not known by your build user's gpg keyring, your error message will be: "unknown public key" * If validgpgkeys doesn't exist and the key isn't *TRUSTED* by your build user's gpg keyring, your error message will be: "the public key %s is not trusted" * If validgpgkeys exists and the *MASTER KEY* isn't listed there, your error message will be: "invalid public key" * Again, it checks against the *MASTER KEY*. Listing the subkey does nothing. See line 239: "If the file was signed with a subkey, arg10 contains the fingerprint of the primary key" Note that makepkg has no code for retrieving signatures. It relies on you to --recv-key on your own. The validgpgkeys code doesn't even execute until makepkg has queried your build user's gpg keyring. So no matter what you need to --recv-key, which only downloads the key and does not imply that you fully trust it (for that you would run --edit-key). Validgpgkeys is used in lieue of fully trusting the key, but you still need to download it yourself. If you don't want to interact with GPG on your own, then run makepkg --skippgpcheck. There is no other way. tl;dr you have to run this: gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136

thinhakapete commented on 2017-01-24 09:37 (UTC)

@Alpha I got this too. Such a headache!!

now-im commented on 2017-01-19 17:13 (UTC)

Such a headache! gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0 simply doesn't work. please update package build. All this people having trouble and the available key in comment feedback this message, gpg: keyserver receive failed: No keyserver available

beroal commented on 2017-01-19 12:32 (UTC)

@fightcookie: The Arch wiki recommends embedding key *fingerprints*. "validpgpkeys" exists in PKGBUILD of this package. So I don't understand what you don't like about this package.

xuiqzy commented on 2017-01-19 11:31 (UTC)

If one adds the keys needed to verify this package (the ones you said we should add manually) to the keyring, these are used for all packages, rather than only for this package, if they are in the validpgpkeys array in the PKGBUILD. The Arch wiki recommends embedding the pgp keys in the PKGBUILD, too ( https://wiki.archlinux.org/index.php/PKGBUILD#validpgpkeys )

beroal commented on 2017-01-15 10:33 (UTC)

@fightcookie: When "then"? Which "these keys"?

xuiqzy commented on 2017-01-14 23:11 (UTC)

but then we would trust these keys for all packages? isn't the validpgpkeys array in the pkgbuild exactly the right way of verifying only this package, as currently there are keys in there, too!? (but only the wrong ones) (see pkgbuild arch wiki) optimal would be a mechanism for knowing when the pgp key for only this package changes...

beroal commented on 2017-01-14 07:00 (UTC) (edited on 2017-01-14 07:01 (UTC) by beroal)

@ratcheer: See my comment under "All comments."

ratcheer commented on 2017-01-12 20:00 (UTC)

I also get this problem with the AUR package: tor-browser-linux64-6.0.8_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0)

xuiqzy commented on 2017-01-06 02:11 (UTC)

Can you please change the validpgpkeys to the correct ones since the current ones are not the ones the paackage is signed with? https://wiki.archlinux.org/index.php/PKGBUILD#validpgpkeys

pigmonkey commented on 2017-01-05 04:23 (UTC)

You may have a MITM. For me dist.torproject.org has a valid certificate from DigiCert. Extended validation: No Signature: SHA-256/RSA Key: 2048 bits RSA Common name: *.torproject.org Issued to: The Tor Project, Inc. Issued by: DigiCert Inc www.digicert.com Validity: 4/14/2016 -- 5/29/2019 Fingerprint: 34:10:F9:2B:0C:7E:EC:81:86:EE:B3:F8:FC:B0:EC:01:DD:CD:90:FB:7F:0C:ED:17:FC:B9:A9:08:70:0C:6A:42

marcin commented on 2017-01-05 04:12 (UTC)

Curl ssl certificate problem: curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz Aborting... ==> ERROR: Makepkg was unable to build tor-browser-en. ==> Restart building tor-browser-en ? [y/N] ==> --------------------------------------- This seems to be torproject fault. Even manual going to https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz in a chrome/chromium results in Privacy error.

indunil commented on 2016-12-15 02:14 (UTC) (edited on 2016-12-15 02:15 (UTC) by indunil)

Hey Guys, I'm having an issue on the tor update. "Failure while downloading https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz Aborting..." -> Downloading tor-browser-linux64-6.0.8_en-US.tar.xz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. ==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz Aborting... ==> ERROR: Makepkg was unable to build tor-browser-en. ==> Restart building tor-browser-en ? [y/N] Please help

iskenderoguz commented on 2016-11-26 19:15 (UTC)

How can I install offline tor package ?

RubenKelevra commented on 2016-11-17 03:42 (UTC)

Please do not mess around with gpg-keyrings of the users with bloody scripting. AUR-Helper should just implement a semiautomatic function for this.

yar commented on 2016-11-16 02:12 (UTC)

Calling gpg from the build script would be a careless hack at best. makepkg should have better error messages and AUR should recognize the validpgpkeys value and give clear instructions when it's non-empty. Ideally every package should be using validpgpkeys and every user should know how to handle it.

aereaux commented on 2016-11-15 23:27 (UTC)

@jugs @itsme, I definitely think it's a bad idea to do that. I don't want a script adding keys to my keyring, that should be an action I do deliberately myself.

jugs commented on 2016-11-15 23:21 (UTC)

@itsme, I'm not sure if we should automate the key retrieval, what do you think @yar?

itsme commented on 2016-11-15 17:30 (UTC)

please, add 'gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0' to PKGBUILD

pille1842 commented on 2016-10-27 15:54 (UTC)

lino16, you need to import the PGP key first, then sign it locally. Run this command: gpg --recv-keys 93298290 You can find this key ID here: https://www.torproject.org/docs/signing-keys.html.en After that, run: gpg --edit-key 93298290 And enter: lsign Then save it with: save After that, you can install the package.

lino16 commented on 2016-10-09 20:46 (UTC) (edited on 2016-10-09 20:51 (UTC) by lino16)

tor-browser-linux64-6.0.5_de.tar.xz ... FEHLGESCHLAGEN (Unbekannter öffentlicher Schlüssel 2E1AC68ED40814E0) ==> FEHLER: Eine oder mehrere PGP-Signaturen konnten nicht überprüft werden! ==> FEHLER:Makepkg konnte tor-browser-de nicht erstellen. I have imported key by: gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0 This is the message now: tor-browser-linux64-6.0.5_de.tar.xz ... FEHLGESCHLAGEN ==> FEHLER: Eine oder mehrere PGP-Signaturen konnten nicht überprüft werden! ==> FEHLER:Makepkg konnte tor-browser-de nicht erstellen.

HeavyRain commented on 2016-09-30 21:06 (UTC)

Sorry for the delay in updating to version 6.0.5!

choman commented on 2016-09-19 19:29 (UTC)

if files do not exist in the update and restore functions; such as search.json the copy errors out and the script exits. recommend a "|| :" after the cp commands or a file exist check prior to cp.

ewtoombs commented on 2016-09-19 09:11 (UTC) (edited on 2016-09-19 09:13 (UTC) by ewtoombs)

Also, I just tested tor-browser-en on arguments with spaces, and it seems to have been fixed, which is what the bug report claims as well. Our script's help text should probably be modified accordingly.

ewtoombs commented on 2016-09-19 09:02 (UTC)

I found a problem. The package's tor-browser-hardened.sh isn't passing the arguments to Browser/start-tor-browser right. This line is the problem: cd $INSTALL_DIRECTORY/Browser && ./start-tor-browser --class Tor\ Browser "${args[@]}" start-tor-browser stops processing switches at the first unknown switch, which is --class, which was meant for firefox. This fixes that problem: cd $INSTALL_DIRECTORY/Browser && ./start-tor-browser "${args[@]}" --class Tor\ Browser That got the tor switches working again, particularly --verbose / --debug. If for some reason --class needs to come before the user-specified firefox arguments, you'll still have a problem with my fix. I just tested it on a URL, though, and it seems to work ok.

Joel commented on 2016-08-27 16:39 (UTC)

curl: (22) The requested URL returned error: 404 Not Found

beroal commented on 2016-08-20 09:52 (UTC)

If building the package fails with the message "unknown public key", run a command "gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0" under the same user you build the package. Bump.

mwb commented on 2016-08-19 12:55 (UTC) (edited on 2016-08-19 12:59 (UTC) by mwb)

@n2i @owenthewizard I have the same problem. Even after rebuilding trustdb. Verifying source file signatures with gpg... tor-browser-linux64-6.0.4_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0) owen, can you please explain your last comment? I am Arch newbie. Thanks! edit: I was able to fix this using command from @erkexzcx 's comment

n2i commented on 2016-08-17 09:59 (UTC)

@codingman: Have you try to re-build your gpg trustdb yet?

owenthewizard commented on 2016-08-16 22:56 (UTC)

@codingman Make sure you import the tor project signing key, EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

codingman commented on 2016-08-11 16:33 (UTC)

Hi, getting an "unknown public key" error when makepkg attempts to build the browser bundle.

yar commented on 2016-07-28 22:35 (UTC)

Sorry for the backlog of feature requests, everyone. I'm not able to implement anything beyond package updates right now, but I'd welcome new co-maintainers. Thanks.

raingloom commented on 2016-07-21 20:50 (UTC)

I am getting integrity check errors. Can't investigate now.

OblivioVItae commented on 2016-06-01 07:10 (UTC)

Спасибо большое "автору" за поддержку tor-browser-ru на AUR!)

robertfoster commented on 2016-05-02 20:41 (UTC) (edited on 2016-05-02 20:45 (UTC) by robertfoster)

In order to allow customizations with icons themes, could you change Icons entry in .desktop file as follow? Icon=tor-browser-en You need to copy icon in /usr/share/pixmaps Could you answer or give signals of life? It doesn't require too much time to do such a little change Greetings and cordiality

toruser commented on 2016-04-27 09:07 (UTC)

Please add the following line to 'tor-browser-en.sh' in function 'update()': setfattr -n user.pax.flags -v m "${INSTALL_DIRECTORY}/Browser/firefox" Else people using 'linux-grsec' can't use it. Thanks.

erkexzcx commented on 2016-04-17 06:22 (UTC)

Up $ gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0

robertfoster commented on 2016-04-07 13:19 (UTC)

In order to allow customizations with icons themes, could you change Icons entry in .desktop file as follow? Icon=tor-browser-en You need to copy icon in /usr/share/pixmaps

dmp1ce commented on 2016-03-27 02:15 (UTC)

@donny, I understand it works now. I just think rm is potentially dangerous to have in the script. What if the developer accidentally spells the variable wrong one day? That probably won't happen, but it would be very bad if it did.

Archeon commented on 2016-03-27 01:55 (UTC)

gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0 Worked great for me. Thanks again, ian_x86.

donny commented on 2016-03-25 21:06 (UTC)

dmp1ce: look again, the global variable $INSTALL_DIRECTORY is defined on line 83, the update() function is called on line 106.

dmp1ce commented on 2016-03-12 19:28 (UTC)

There is a line in the update() function which concerns me. The line is "rm -rf $INSTALL_DIRECTORY/*". If for whatever reason "$INSTALL_DIRECTORY" is not set, users are going to have a bad day. Do you think a check to see if "$INSTALL_DIRECTORY" is set would be a good idea? Or maybe not have the "rm -rf" at all and just override files with the tar extraction? It is too bad that the Tor Bundle cannot be installed directly into /opt and the profile user data picked up from ~/. It didn't look like that was possible with the way the Tor Bundle is setup.

wcasanova commented on 2016-03-10 18:22 (UTC)

update key $ gpg --recv-keys 2E1AC68ED40814E0

Krieger commented on 2016-02-27 02:30 (UTC)

Executing this: gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0 worked, thanks ian_x86.

ian_x86 commented on 2016-02-24 03:07 (UTC)

Problems with error signature? try this : gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0

dmp1ce commented on 2016-02-01 23:44 (UTC)

I'm sure this has been asked before, but how can I make settings changes to the tor-browser-en and have them persist to new updates? I want to change the hidpi settings and add a few bookmarks.

mystified1234 commented on 2016-01-12 14:07 (UTC)

hi guys, found a work around for tor-browser-en. install through packer. I use manjaro and currently I'm testing aapricity. through user $ yaourt -S packer ownloading packer PKGBUILD from AUR... x .AURINFO x .SRCINFO x PKGBUILD after installing packer packer -S tor-browser-en Aur Targets (1): tor-browser-en Pacman Targets (1): mime-types should now work.. the other option is to download & extract the app from torproject to desktop both the folder "browser" and start-tor-browser.desktop. then dbl click this file and run as executable file. this always works for me regardless of distro, but not as clean looking as installing through packer. cheers

blueish4 commented on 2015-12-24 19:15 (UTC)

@Matheus You need to add the tor developer's key, see the comments below. Try: gpg --keyserver pgp.mit.edu --recv-keys 2E1AC68ED40814E0

Matheus commented on 2015-12-24 06:15 (UTC)

This appearing a mistake that one or more signatures could not be verified.

toketin commented on 2015-12-21 22:03 (UTC)

Ok, the gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0 command fixes the problem, probably @alexiobash you should add it on PKGBUILD directlty. Thanks!

TingPing commented on 2015-12-21 16:41 (UTC) (edited on 2015-12-21 16:41 (UTC) by TingPing)

The desktop file shouldn't reference a full path for the icon as this breaks icon themes. It should just be set to 'tor-browser-en'.

petruschka commented on 2015-11-20 05:49 (UTC)

@SofianeSadi, worked! Like a charm... Thank you!!! Must go RTFgnupgM ;)

SofianeSadi commented on 2015-11-20 03:22 (UTC)

@petruschka this is a problem related to gnupg. Add this to your ~/.gnupg/gpg.conf: keyserver-options debug keyserver hkp://pgp.mit.edu Then try again: gpg --recv-keys 2E1AC68ED40814E0 It should work.

tastyminerals commented on 2015-11-19 21:46 (UTC)

jesus christ, this thread became a PGP nightmare...

petruschka commented on 2015-11-19 00:12 (UTC)

Greetings, I'm having the same problem: ==> Verifying source file signatures with gpg... tor-browser-linux64-5.0.4_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0) ==> ERROR: One or more PGP signatures could not be verified! ==> ERROR: Makepkg was unable to build tor-browser-en. Also, $ gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0 gpg: keyserver receive failed: No keyserver available Apologies, I'm very new to all this security stuff and don't yet really understand how keys work so help is much appreciated! Pointers to how this stuff works too! ;) Thanks in advance!

crabvk commented on 2015-11-11 21:13 (UTC)

@rugaliz, just look below what Krawuzl says

rugaliz commented on 2015-11-11 21:09 (UTC)

I get an error: ==> Verifying source file signatures with gpg... tor-browser-linux64-5.0.4_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0) ==> ERROR: One or more PGP signatures could not be verified! ==> ERROR: Makepkg was unable to build tor-browser-en.

securitybreach commented on 2015-11-06 19:52 (UTC)

Can someone upload the updated PKGBUILD as I can't get it to work even after changing the PKGBUILD to your diff?

crabvk commented on 2015-11-04 19:24 (UTC)

@HeavyRain Yes. The problem was incorrect hash sum and it's already solved https://aur.archlinux.org/cgit/aur.git/commit/?h=tor-browser-en&id=baeedb876ad6352a21ff4317de8d3251a0c2dd66

HeavyRain commented on 2015-11-04 19:09 (UTC)

@aizuon @vyachkonovalov Have you imported their gpg key (2E1AC68ED40814E0)?

aizuon commented on 2015-11-04 18:44 (UTC)

@vyachkonovalov having the same issue

crabvk commented on 2015-11-04 18:38 (UTC)

==> Validating source files with sha256sums... tor-browser-linux64-5.0.4_en-US.tar.xz ... FAILED tor-browser-linux64-5.0.4_en-US.tar.xz.asc ... Skipped ==> ERROR: One or more files did not pass the validity check!

Krawuzl commented on 2015-10-23 21:10 (UTC)

Thanx for the tip about the gpg key. It took me a while until it worked, because I always added the key as root. `$ gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0` NO SUDO! ;)

quarkup commented on 2015-10-22 09:01 (UTC)

Bonjour, J'ai le même "problème" avec i3 mais il peut être résolu en faisant deux fois : mod+maj+espace

commented on 2015-10-02 09:40 (UTC)

eolien: Aucune idée, ce doit être un problème inhérent à I3, je n'ai pas ce problème avec Xmonad.

eoli3n commented on 2015-10-02 09:27 (UTC)

Salut, Pourquoi sous i3 le navigateur veux pas s'afficher en plein ecran ?

commented on 2015-10-01 21:35 (UTC)

Change: tor-browser-es 5.0.2-1 --> tor-browser-es 5.0.3-1

beroal commented on 2015-09-24 15:06 (UTC)

TBB's attempts to install its own update annoy me. Is there a way to disable them and leave just the notification?

ouraur commented on 2015-09-17 00:49 (UTC)

Using the 'fte' bridge fails because the '.tor-browser-en/INSTALL/Browser/TorBrowser/Tor/PluggableTransports/fteproxy.bin' file uses '#!/usr/bin/env python', which expects python2, not python3.

natedog commented on 2015-08-29 01:27 (UTC)

Misunderstood, clearly didn't understand how keys work well enough, works now, thanks for the help!

dbedrenko commented on 2015-08-26 17:20 (UTC)

To import their key run: `$ gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0`

HeavyRain commented on 2015-08-25 08:16 (UTC)

@natedog: Please see my last comment, directly underneath yours...

natedog commented on 2015-08-25 02:58 (UTC)

==> Verifying source file signatures with gpg... tor-browser-linux64-5.0.1_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0) ==> ERROR: One or more PGP signatures could not be verified!

HeavyRain commented on 2015-08-22 17:57 (UTC)

@EgidioCaprino: Does it not say which signature? Try importing their public gpg key (2E1AC68ED40814E0).

EgidioCaprino commented on 2015-08-22 17:52 (UTC)

It does not build. ==> ERROR: One or more PGP signatures could not be verified! ==> ERROR: Makepkg was unable to build tor-browser-en.

iskenderoguz commented on 2015-08-16 20:50 (UTC)

I get "(35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol" error.

toruser commented on 2015-07-22 19:04 (UTC)

I had to disable MPROTECT using the following command to get the program working. I don't know if that is desirable though. # setfattr -n user.pax.flags -v m .tor-browser-en/INSTALL/Browser/firefox Please refer to `man paxctl` for basic information about attribute "m" and to the following link for further information about different attribute types and else: https://wiki.gentoo.org/wiki/Hardened/PaX_Quickstart#Controlling_PaX

toruser commented on 2015-07-17 17:46 (UTC)

journald catches two related messages, I don't know if that one about libGL is fatal though. Jul 17 17:16:06 toruser kernel: grsec: denied RWX mprotect of /usr/lib/nvidia/libGL.so.352.21 by /home/toruser/.tor-browser-en/INSTALL/Browser/firefox[firefox:896] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:884] uid/euid:1000/1000 gid/egid:1000/1000 Jul 17 17:16:07 toruser kernel: grsec: denied RWX mmap of <anonymous mapping> by /home/toruser/.tor-browser-en/INSTALL/Browser/firefox[firefox:896] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:884] uid/euid:1000/1000 gid/egid:1000/1000

toruser commented on 2015-07-17 13:02 (UTC)

Tor-Browser does not launch on my system. There is no crash or exception message. Are there any known bugs when using linux-grsec (maybe in combination with nvidia-grsec as video driver)?

HeavyRain commented on 2015-07-16 12:25 (UTC)

You have to import the gpg key: gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0

manuelschneid3r commented on 2015-07-16 12:21 (UTC)

tor-browser-linux64-4.5.3_de.tar.xz ... FEHLGESCHLAGEN (Unbekannter öffentlicher Schlüssel 2E1AC68ED40814E0) ==> FEHLER: Eine oder mehrere PGP-Signaturen konnten nicht überprüft werden! ==> FEHLER:Makepkg konnte tor-browser-de nicht erstellen.

Squirrel_Man91 commented on 2015-07-07 17:28 (UTC)

For anyone having an issue with PGP Signatures, try gpg --keyserver pgp.mit.edu --recv-keys 2E1AC68ED40814E0 Looks like Blazer78's post is no longer working (no route to host)

kyak commented on 2015-07-04 12:53 (UTC)

@beroal You should really be running some aur helper. I'm running pacaur, and got used to to 'pacaur -Syu' instead of 'pacman -Syu'. This will keep you up to date without maintainer having to post update comments.

beroal commented on 2015-07-04 12:36 (UTC)

I have a suggestion. @yar, would you post a comment here when you update the package so we will receive email notifications? Out-of-date Tor Browser is pretty annoying, so I can't update it once in a month or like that, I check this page several times before the package is updated because Tor Browser nags me.

francesco_dem commented on 2015-05-29 17:25 (UTC)

@alexiobash: Thanks! I fixed it

alexiobash commented on 2015-05-29 09:55 (UTC)

@francesco_dem run this command: gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0 more info: https://aur.archlinux.org/packages/tor-browser-en/

francesco_dem commented on 2015-05-29 06:46 (UTC)

Ciao Alexiobash, non riesco ad aggiornare alla versione 4.5.1-1, ti riporto il messaggio di errore: ERRORE: Una o più firme PGP non possono essere verificate! ==> ERRORE: Makepkg non è riuscito a compilare tor-browser-it.

kete commented on 2015-05-25 22:38 (UTC)

Is it possible to open external links in this browser? When I try, the browser tries to start from scratch, and it can't do that. Then, the attempted process gives an error message and stops. The first instance keeps running.

idomeneo1 commented on 2015-05-23 20:41 (UTC)

That's it - I loaded this on a new computer and only redid the pkgbuild, assuming the other files were the same...

yar commented on 2015-05-23 19:55 (UTC)

idomeneo1: Are you sure you're using the newest tarball? c2303d.. is the sha256sum from 3 versions ago.

aurelieng commented on 2015-05-13 06:28 (UTC)

4.5.1 is out :)

Blazer78 commented on 2015-05-12 09:04 (UTC)

Do it to import official Tor's Developer Keys: gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0 Then update all: yaourt -Syua Bye

bouhappy commented on 2015-05-03 16:23 (UTC)

The key requested is the last key listed in: https://www.torproject.org/docs/signing-keys.html.en

bouhappy commented on 2015-05-03 16:18 (UTC)

For PGP signature issue: $ gpg --recv-keys 0x4E2C6E8793298290 Done. Later you can delete your key: $ gpg --list-keys

Crashlog commented on 2015-05-01 20:17 (UTC)

Is checking the wiki really too much to ask for? https://wiki.archlinux.org/index.php/Makepkg#Signature_checking

tastyminerals commented on 2015-05-01 20:10 (UTC)

For all those who have the same issue do please download the package from www.torproject.org and don't waste you time.

student975 commented on 2015-05-01 20:05 (UTC)

I have got the same issue as tastyminerals. After reading comments I have imported and signed the key ("pacman-key -r" and "pacman-key --lsign-key", and verified). The error still exists. It seems, some step still was missed. Hint?

OmeGa commented on 2015-05-01 07:56 (UTC)

@scan: Thanks, I didn't even notice that.

commented on 2015-05-01 04:16 (UTC)

Fix: tor-browser-es.sh 57c57 < [[ -f $INSTALL_DIRECTORY/start-tor-browser ]] && echo $VERSION > $VERSION_FILE --- > [[ -f $INSTALL_DIRECTORY/start-tor-browser.desktop ]] && echo $VERSION > $VERSION_FILE 105c105 < cd $INSTALL_DIRECTORY && './start-tor-browser' --- > cd $INSTALL_DIRECTORY && './start-tor-browser.desktop'

whynothugo commented on 2015-04-29 10:07 (UTC)

@archaurwiki's advice is just as bad as tecnopado. *never* add a trust of level 5 to someone unless you've verified their key in person. Adding trust of 5 to a key you find in comments in the AUR means that whomever owns that key now has a huge influence in your gpg web-of-trust. And you're not really sure who that owner is.

syl commented on 2015-04-26 09:47 (UTC)

@mountpeaks: you better learn respect of each other. yar is doing good for longtime. All you need has already been discussed within the comment a while ago. Look for the history!

tastyminerals commented on 2015-04-26 09:08 (UTC)

@beroal: Maybe I should also teach the maintainer how to maintain AUR packages?

beroal commented on 2015-04-26 08:18 (UTC)

@mountpeaks: Learn about PGP, read previous comments.

tastyminerals commented on 2015-04-26 07:37 (UTC)

Please fix this for Christ's sake tor-browser-linux64-4.0.8_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0) ==> ERROR: One or more PGP signatures could not be verified!

commented on 2015-04-26 04:54 (UTC)

@tecnopado's comment should be deleted if possible

commented on 2015-04-14 22:01 (UTC)

Because the desktop file's path is hardcoded this package doesn't work with custom icon themes. Maybe it should be changed to just "Icon=REPL_NAME.png"?

conley commented on 2015-04-11 18:12 (UTC)

No worries yar, you're doing good.

yar commented on 2015-04-09 19:19 (UTC)

@archaurwiki The last out-of-date flag was wrong, but by mistake I forgot to clear it, so there was no way for me to get a notification the next time. Sorry about that, won't happen again.

commented on 2015-04-09 18:24 (UTC)

@yar: Hi, if you can't maintain this package in a timely manner will you please abandon it for someone else to take care of? Thanks.

Marcel_K commented on 2015-04-01 22:10 (UTC)

Instead of 2 and 3, you can simply run updpkgsums and the checksums will be updated. However, it's always a good habit to check those with the ones provided upstream. In *this* case, the signature is also checked, but checksum checking is useless when calculating them yourselves after downloading.

thinking-aloud commented on 2015-04-01 20:06 (UTC)

you can easily do the changes yourself: pkgver='4.0.6' 1. download: https://dist.torproject.org/torbrowser/4.0.6/tor-browser-linux64-4.0.6_en-US.tar.xz and https://dist.torproject.org/torbrowser/4.0.6/tor-browser-linux64-4.0.6_en-US.tar.xz.asc 2. generate checksum run "sha256sum <filename>" on both files 3. Insert the keys in line 27 and 28 If you trust me (I wouldn't trust me) you can skip Step 1 and 2 and use the keys here: d954510bf812f624945bdba8e1c37e23573de89e2f159d7c89a3e3589a765559 67653aecfab4e9e0f6d0d2f534e5fabe24a6373c1149add2679fcad5ee195c72

commented on 2015-03-24 18:04 (UTC)

@tecnopado: that is a horrible hack. NEVER skip gpgcheck for something as sensitive as Tor or TBB. Anyone reading this: do NOT use @tecnopado's advice. In addition to @blackhole's advice you can also $ gpg --edit-key 0x4E2C6E8793298290 gpg> trust <select option 5 to fully trust (this assumes that you have met the keyholder in person and can guarantee it is from that person)> gpg> save

pcxz commented on 2015-03-23 16:32 (UTC)

@blackhole Thx work ok.

edvinonan commented on 2015-03-17 19:07 (UTC)

usa este comando, a mi tambien me paso lo mismo. gpg --keyserver keys.mozilla.org --recv-keys 0x4E2C6E8793298290

tecnopado commented on 2015-03-10 14:36 (UTC)

for the issue whit pgp key i've solved by "the noobs/lazy way" .. yaourt -G tor-browser-en → /tmp/yaourt-tmp-<USERNAME>/aur-tor-browser-en/ → makepkg -si --skippgpcheck

MagicAndWires commented on 2015-03-03 21:41 (UTC)

To add to blackholes comment, you can verify the key fingerprint against https://www.torproject.org/docs/signing-keys.html.en to make sure you've got the right one.

blackhole commented on 2015-02-25 23:02 (UTC)

As USER: gpg --keyserver pgp.mit.edu --recv-keys 0x4E2C6E8793298290 you can verify with: gpg --fingerprint 0x4E2C6E8793298290

dzen commented on 2015-02-24 20:29 (UTC)

work for me 1)unpack tarball 2)gpg --keyserver pool.sks-keyservers.net --recv-keys 416F061063FEE659 3)makepkg -i

fosnss commented on 2015-02-16 06:51 (UTC)

How to fix: tor-browser-linux64-4.0.3_it.tar.xz ... FAILED (the public key 8738A680B84B3031A630F2DB416F061063FEE659 is not trusted) To verify signatures for packages https://www.torproject.org/docs/verifying-signatures.html.en

fosnss commented on 2015-02-16 06:45 (UTC)

Para verificar la firma de las fuentes con gpg puedes seguir las instrucciones aquí: https://www.torproject.org/docs/verifying-signatures.html.en

beroal commented on 2015-02-10 22:05 (UTC)

For example, I don't use Privoxy.

ernie4chan commented on 2015-02-10 20:54 (UTC)

Hey, there! Two question: 1) How to change GUI and fonts to match desktop settings? 2) Do I have to install Privoxy? Tks.

Marcel_K commented on 2015-02-10 17:04 (UTC)

Import the key as normal user (the one with which you run makepkg).

djringjr commented on 2015-02-10 16:45 (UTC)

Same problem, I don't know why I have added the key. Perhaps when I reboot? tor-browser-linux32-4.0.3_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659) # pacman-key -r 416F061063FEE659 --keyserver pgp.mit.edu gpg: key 63FEE659: "Erinn Clark <erinn@torproject.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 Very odd!

alexiobash commented on 2015-02-09 19:06 (UTC)

@p91paul when create pkg i've this error https://aur.archlinux.org/packages/tor-browser-en/

alexiobash commented on 2015-02-09 18:49 (UTC)

when run mkaurball: tor-browser-linux64-4.0.3_it.tar.xz ... FAILED (the public key 8738A680B84B3031A630F2DB416F061063FEE659 is not trusted) i'v just run pacman-key -r 416F061063FEE659 --keyserver pgp.mit.edu and gpg --recv-keys 416F061063FEE659

p91paul commented on 2015-02-09 14:54 (UTC)

4.0.3 is out, and 4.0.2 links are broken

melodie commented on 2015-01-25 06:09 (UTC)

Merci ! :)

ashaman-crypto commented on 2015-01-24 10:56 (UTC)

While installing with yaourt, adding the PGP key to the user's keyring did not help. What did the trick for me was running pacman-key -r 416F061063FEE659 --keyserver pgp.mit.edu

OmeGa commented on 2015-01-24 01:03 (UTC)

@GregoD: $ gpg --recv-keys 416F061063FEE659

GregoD commented on 2015-01-24 00:40 (UTC)

==> Verificando las firmas de las fuentes con gpg... tor-browser-linux64-4.0.3_es-ES.tar.xz ... HA FALLADO (clave pública desconocida 416F061063FEE659) ==> ERROR: ¡Una o más firmas PGP no pudieron ser verificadas! ==> ERROR: Makepkg no ha podido compilar tor-browser-es.

commented on 2015-01-19 23:04 (UTC)

La procédure pour linux et mac est identique, ici, vous utilisez juste un autre serveur de clef ;) Si vous le voulez, vous pourriez même utiliser : gpg --keyserver pgp.mit.edu --recv-keys 416F061063FEE659 ou encore plus simple : gpg --recv-keys 416F061063FEE659

commented on 2015-01-19 22:37 (UTC)

Bonjour, je n'ai pas tout compris non plus, mais apparemment, la nouvelle version de pacman aurait ajouté des contraintes point de vue sécurité (ce qui est bien !). Et ici, comme il s'agit d'un package AUR, la clef de la mainteneuse Erinn Clark n'est pas ajoutée automatiquement dans le porte-clef de pacman, celui-ci ne contenant que celles des TU et des devs officiels. Il faut ajouter celle-ci à la main via la commande (trouvée sur la page https://www.torproject.org/docs/verifying-signatures.html.en) : gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x416F061063FEE659 Je me suis sans doute mal exprimé quand j'ai répondu à Mélodie (l'anglais n'étant pas mon point fort) : lorsque makepkg trouve un fichier .asc dont le nom est identique au paquet téléchargé, il vérifie automatiquement que celui-ci passe bien via GnuPG. (vous pouvez vous reporter à la section "Mac Os X" de la page mentionnée ci-dessus) Également, comme indiqué sur la page, et pour encore renforcer la sécurité, les sha256sum sont aussi contrôlés (dans mon commentaire anglais, j'ai oublié un mot, je voulais mettre "this is not the ONLY way security is ensured...") Les clefs sont donc belles et bien vérifiées automatiquement, vous n'avez pas à vous en occuper ;-) Bien à vous, acaccia

teke commented on 2015-01-19 21:54 (UTC)

Bonjour, Problème avec la vérification des signatures. Pendant longtemps les mises à jour ont fonctionnés sans problèmes, mais ce n'est plus le cas. J'ai le même soucis que Mélodie ci-dessous. En fait, si j'ai bien compris la précédure, il faut vérifier à la main les sommes du paquet à chaques mises à jour. Si c'est bien ça, l'installation par AUR n'est absolument pas sure et il vaut mieux le faire à la main. Je me trompe? N'est-il pas possible de faire vérifier les clés par le système normal de Arch? Bonne semaine à tous.

francescortiz commented on 2015-01-19 11:45 (UTC)

To fix the problem I created a keyserver with kleopatra

syl commented on 2015-01-18 11:50 (UTC)

try: gpg --keyserver pgp.mit.edu --recv-keys 416F061063FEE659

francescortiz commented on 2015-01-18 10:50 (UTC)

Runinng "gpg --recv-keys 416F061063FEE659" I get: gpg: keyserver receive failed: No keyserver available

rufus1987 commented on 2015-01-17 17:51 (UTC)

For fix PGP error just run first gpg --recv-keys 416F061063FEE659 without sudo and than install/update

gdea73 commented on 2015-01-16 23:48 (UTC)

==> Verifying source file signatures with gpg... tor-browser-linux64-4.0.3_en-US.tar.xz ... FAILED ==> ERROR: One or more PGP signatures could not be verified! I'm still getting this error in Packer, after adding the 0x63FEE659 key AND adding "keyring /etc/pacman.d/gnupg/pubring.gpg" to ~/.gnupg/gpg.conf. What gives?

JoZ3 commented on 2015-01-15 11:52 (UTC)

Error: unable to stat 'tor-browser-linux64-4.0.3_es-ES.tar.xz': No such file or directory

commented on 2015-01-14 22:55 (UTC)

==> Validando las fuentes con sha1sums... tor-browser-es.desktop ... Aprobado tor-browser-es.png ... Aprobado tor-browser-es.sh ... Aprobado ==> Validando las fuentes con sha1sums... tor-browser-linux64-4.0.3_es-ES.tar.xz ... Aprobado tor-browser-linux64-4.0.3_es-ES.tar.xz.asc ... Omitido ==> Verificando las firmas de las fuentes con gpg... tor-browser-linux64-4.0.3_es-ES.tar.xz ... HA FALLADO (clave pública desconocida 416F061063FEE659) ==> ERROR: ¡Una o más firmas PGP no pudieron ser verificadas! ==> ERROR: Makepkg no ha podido compilar tor-browser-es. ==> ¿Reiniciar la compilación de tor-browser-es? [s/N] ==> -------------------------------------------------- ==>

syl commented on 2015-01-14 09:18 (UTC)

Will tor-browser be moved into the community repository one day?

iskenderoguz commented on 2015-01-05 22:12 (UTC)

@Marcel_K, your answer works. thank you

Marcel_K commented on 2015-01-05 17:20 (UTC)

Choose another keyserver: gpg --keyserver pgp.mit.edu --recv-keys 0x63FEE659

edward_81 commented on 2015-01-05 14:35 (UTC)

> gpg --recv-keys 0x63FEE659 > gpg: keyserver receive failed: No keyserver available How I can fix this? I try to search but him totally lost.

mudrii commented on 2015-01-05 11:54 (UTC)

No fix for the issue ?

palasso commented on 2015-01-02 09:58 (UTC)

@yar I did some cleanup in the PKGBUILD http://pastie.org/private/emg2wzh9whwhfn9jes89jq It doesn't use anymore _pkgarch, _realpkgver, _realpkgver_i686 and instead uses a new feature from pacman 4.2. I'm not sure what was the use of _realpkgver_i686. Also fixed indentation. I noticed that in tor-browser-en.sh, line 27: PKGARCH="REPL_ARCH" isn't being used anywhere. I also noticed that tor-browser-en.sh extracts the (installed from pacman) tar.xz from /opt/$pkgname to home at first run while there are rm -rf commands in $pkgname.install for when updating/removing. It's a hacky solution. Why isn't the extraction and packaging of files left on makepkg so that it'll be properly installed by pacman?

Marcel_K commented on 2015-01-01 23:17 (UTC)

Indeed. To be clear: the Arch Linux keyring and your local keyring have nothing in common, you should not add keys of AUR packages to the Arch keyring, unless you want to install packages signed by that user. When issuing makepkg, your local keyring is checked, not the Arch one.

blackhole commented on 2015-01-01 21:53 (UTC)

It seem solved now. I had to run gpg --recv-keys 0x63FEE659 as USER!

blackhole commented on 2015-01-01 21:48 (UTC)

I don'have a ~/.gnupg/gpg.conf. I have added it with "keyring /etc/pacman.d/gnupg/pubring.gpg" inside The output of gpg --list-keys /root/.gnupg/pubring.gpg ------------------------ pub rsa2048/63FEE659 2003-10-16 uid [ unknown] Erinn Clark <erinn@torproject.org> uid [ unknown] Erinn Clark <erinn@debian.org> uid [ unknown] Erinn Clark <erinn@double-helix.org> sub rsa2048/EB399FD7 2003-10-16 but I cannot install this package

kylebofh commented on 2015-01-01 21:43 (UTC)

Perfectly installed after issuing gpg --recv-keys 0x63FEE659 and adding the line keyring /etc/pacman.d/gnupg/pubring.gpg to ~/.gnupg/gpg.conf as Minbari mentioned earlier.

AnbuBlack commented on 2015-01-01 16:20 (UTC)

Do you have: keyring /etc/pacman.d/gnupg/pubring.gpg in ~/.gnupg/gpg.conf?! See more at: https://wiki.archlinux.org/index.php/Makepkg#Signature_checking

blackhole commented on 2015-01-01 15:01 (UTC)

Not in my case

AnbuBlack commented on 2015-01-01 12:55 (UTC)

gpg --recv-keys 0x63FEE659 - Solve the problem.

beroal commented on 2014-12-31 19:49 (UTC)

@tumbler: Well, you need to trust that key. An explanation https://bbs.archlinux.org/viewtopic.php?pid=1488772#p1488772 .

Marcel_K commented on 2014-12-31 19:36 (UTC)

@yar: Add validpgpkeys=('8738A680B84B3031A630F2DB416F061063FEE659') to PKGBUILD.

tumbler commented on 2014-12-31 18:51 (UTC)

if i add the public key with $ gpg --recv-keys 416F061063FEE659 .. i get this message of error: ==> Verifying source file signatures with gpg... tor-browser-linux64-4.0.2_en-US.tar.xz ... FAILED (the public key 8738A680B84B3031A630F2DB416F061063FEE659 is not trusted)

beroal commented on 2014-12-31 17:32 (UTC)

@tumbler: see https://wiki.archlinux.org/index.php/Tor#Web_browsing

tumbler commented on 2014-12-31 16:46 (UTC)

while compiling it responds: FAILED (unknown public key 416F061063FEE659) how to fix it?

commented on 2014-11-28 13:29 (UTC)

Failure to download, seems ISP is blocking tor page. Users should use different nameservers.

lockheed commented on 2014-11-10 06:55 (UTC)

This is what I get since about two weeks: ==> ERROR: Failure while downloading tor-browser-linux64-4.0.1_en-US.tar.xz Aborting...

nariox commented on 2014-11-01 16:17 (UTC)

Just in case, I was also having problems with SSL. Even after signing the certs. My problems was that I was using a custom DNS (OpenDNS), which was blocking requests to the tor-project.

roysc commented on 2014-10-24 20:41 (UTC)

WRT the unknown public key, the package is signed by Erinn Clark. Verify here: https://github.com/vinc3nt/tor-browser-installer/blob/master/README.mkd http://pgp.mit.edu:11371/pks/lookup?search=+0x63FEE659&op=index You just need to import the key to avoid the warning.

rach commented on 2014-10-18 15:19 (UTC)

the newest icon is not onion anymore and looks better imo, wish you could use it the package :)

Marcel_K commented on 2014-10-18 15:14 (UTC)

@zzatkin: Just read earlier comments before posting, your issue is there already.

sekret commented on 2014-10-17 18:46 (UTC)

Looks like now it's not possible anymore to send links to tor-browser, right? Or can anyone give me a hint?

zzatkin commented on 2014-10-17 08:10 (UTC)

tor-browser-linux64-4.0_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659) ...

Anty commented on 2014-09-26 19:19 (UTC)

hi, The requested URL /dist/torbrowser/3.6.5/tor-browser-linux64-3.6.5_fr.tar.xz was not found on this server. 3.6.5 is not available, now is 3.6.6 correct pkgbuild :)

yar commented on 2014-09-26 04:27 (UTC)

It works for me. If it's breaking for anybody else, please let me know how so I can fix it. Thanks!

fx101 commented on 2014-09-26 03:18 (UTC)

This is now out of data (and broken). Update to version 3.6.6

qwerty12 commented on 2014-08-29 13:07 (UTC)

Dirty hack that should allow you to keep the majority of your profile (bookmarks and extensions, at least) when updating: http://slexy.org/view/s2RQIMTuFp You'll need customizepkg-scripting installed (and an AUR helper that makes use of it). To those of you (if anyone) considering using this, it goes without saying that you'll possibly make yourself more identifiable by using a previous profile and extra extensions atop the TBB.

Marcel_K commented on 2014-07-31 17:56 (UTC)

Just add the public key to your private keyring, like so: $ gpg --recv-keys 416F061063FEE659

rbellamy commented on 2014-07-31 16:40 (UTC)

==> Verifying source file signatures with gpg... tor-browser-linux64-3.6.3_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659)

odp commented on 2014-07-22 10:29 (UTC)

#makepkg Verifying source file signatures with gpg... tor-browser-linux64-3.6.2_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659) ==> WARNING: Warnings have occurred while verifying the signatures. Please make sure you really trust them. #sudo pacman -U tor-browser-linux64-3.6.2_en-US.tar.xz loading packages... error: missing package metadata in tor-browser-linux64-3.6.2_en-US.tar.xz error: 'tor-browser-linux64-3.6.2_en-US.tar.xz': invalid or corrupted package

commented on 2014-06-16 19:47 (UTC)

Hi Mélodie, First of all, I’m deeply sorry to answer this late, your message went to my spam folder for an unknown reason… Actually, this is a really good question. The signature is not checked this way for tor-browsers packages, please read this very interesting page coming from TorProject website: https://www.torproject.org/docs/verifying-signatures.html.en So as you can see, signatures are provided in ".asc" file, but this is not the way security is ensured by the PKGBUILD. Here, Tor Browser is controlled via its sha256sum (https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification) Sha256sum are found there: https://www.torproject.org/dist/torbrowser/ (click on the version you want - at this moment, "3.6.2" - , then on "sha256sums.txt") Then, your humble servant copy/paste them to the PKGBUILD, run the program "mkaurball" and submit it to AUR. For your namcap's remarks: - "any" isn’t right here: you can only have 32 or 64 bit package on tor website, - we do not want to update MIME types' database for tor-browser, - same as previous answer. I hope I've clearly answered your questions. Regards, acaccia

melodie commented on 2014-06-14 12:01 (UTC)

Hi, I get: "==> Verifying source file signatures with gpg... tor-browser-linux64-3.6.2_fr.tar.xz ... FAILED (unknown public key 416F061063FEE659) " It seems this message has not appeared in the comments since a while. What can I do to fix it? Else, the namcap check command shows: ***** tor-browser-fr W: No ELF files and not an "any" package tor-browser-fr E: Mime type handler found. Add "update-desktop-database -q" to the install file tor-browser-fr E: Dependency desktop-file-utils detected and not included (needed for update-desktop-database) ***** I'll be waiting for answers here, especially regarding the unknown public key message. Regards, Mélodie

deusstultus commented on 2014-06-11 18:36 (UTC)

The dependencies list is incomplete. Browser aspect requires additional libraries to be installed on the machine. From firefox (Note this is 30.0 not ESR on which TBB is built): http://www.mozilla.org/en-US/firefox/30.0/system-requirements/ I'm getting additional flags indicating dependencies as built on alsa, etc. as well, recommend cloning dependencies from extra/firefox package.

GordonGR commented on 2014-06-11 10:45 (UTC)

I'm sure there's a sense of the word “normal” that applies to such a situation. Somewhere… Thank you.

beroal commented on 2014-06-11 10:32 (UTC)

“My whole browser profile is gone.” This is normal.

GordonGR commented on 2014-06-11 10:26 (UTC)

Hello again. I updated the package today and my whole browser profile is gone (bookmarks, plugins etc). Is this normal behaviour, a bug or have I done anything wrong?

yar commented on 2014-05-29 23:29 (UTC)

@GordonGR tor-browser-en now passes arbitrary args to firefox. To use -new-tab you must also remove the "-no-remote" argument from ~/.tor-browser-en/start-tor-browser. This will also decrease your anonymity... @computerwhiz1 thanks! I patched our launch script to do it automatically, but I used "Tor-Browser" because their script breaks on spaces. Bug report here: https://trac.torproject.org/projects/tor/ticket/12161 And for the record, I'm a woman. It's her, not him.

beroal commented on 2014-05-28 10:24 (UTC)

A tip. Tor Browser Bundle version>3 (I guess) does not work with an external tor daemon (e. g. the package "tor" from the official repositories). The error is "Could not bind to 127.0.0.1:9150: Address already in use. Is Tor already running?". If you want to, remove the file "$HOME/.tor-browser-$LANG/INSTALL/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi" after upgrading TBB.

GordonGR commented on 2014-05-24 18:38 (UTC)

Hello Yar. Thanks for maintaining this. Is there something similar to "tor-browser-en -newtab http://www.something.org", so I can put it in xfce control centre?

computerwhiz1 commented on 2014-05-23 04:37 (UTC)

You can add '--class "Tor Browser" to line 230 in the file '~/.tor-browser-en/start-tor-browser' in order to get the browser to run as its own application rather than calling its self firefox under GNOME 3. I have emailed the maintainer to let him know about this and explaining in better detail what I mean.

zyni42 commented on 2014-05-09 21:18 (UTC)

You're right, Marcel_K, thank you very much. :-) I used autocomplete (tab) in console, and didn't check the estimated filename.

Marcel_K commented on 2014-05-09 12:01 (UTC)

After packaging the package file is called tor-browser-en-3.6.1-1-x86_64.pkg.tar.xz (or something like that). You're trying to install the original source file you downloaded.

zyni42 commented on 2014-05-09 07:46 (UTC)

makepkg worked like a charm, but I can't install created package: $ sudo pacman -U tor-browser-linux64-3.6.1_en-US.tar.xz loading packages... error: missing package metadata in tor-browser-linux64-3.6.1_en-US.tar.xz error: 'tor-browser-linux64-3.6.1_en-US.tar.xz': invalid or corrupted package I don't know which metadata is missing, as the package generation worked without errors (except one warning): -> Found tor-browser-en.desktop -> Found tor-browser-en.png -> Found tor-browser-en.sh ==> Validating source files with sha256sums... tor-browser-linux64-3.6.1_en-US.tar.xz ... Passed tor-browser-linux64-3.6.1_en-US.tar.xz.asc ... Passed tor-browser-en.desktop ... Passed tor-browser-en.png ... Passed tor-browser-en.sh ... Passed ==> Verifying source file signatures with gpg... tor-browser-linux64-3.6.1_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659) ==> WARNING: Warnings have occurred while verifying the signatures. Please make sure you really trust them. ==> Extracting sources... ==> Entering fakeroot environment... ==> Starting package()... ==> Tidying install... -> Purging unwanted files... -> Removing libtool files... -> Removing static library files... -> Compressing man and info pages... -> Stripping unneeded symbols from binaries and libraries... ==> Creating package "tor-browser-en"... -> Generating .PKGINFO file... -> Adding install file... -> Generating .MTREE file... -> Compressing package... ==> Leaving fakeroot environment. ==> Finished making: tor-browser-en 3.6.1-1 (Fre Mai 9 09:18:26 CEST 2014) Any suggestions?

skorgon commented on 2014-05-09 02:59 (UTC)

Am I the only one seeing this problem: ==> Validating source files with sha256sums... tor-browser-linux64-3.6.1_en-US.tar.xz ... Passed tor-browser-linux64-3.6.1_en-US.tar.xz.asc ... Passed tor-browser-en.desktop ... Passed tor-browser-en.png ... Passed tor-browser-en.sh ... Passed ==> Verifying source file signatures with gpg... tor-browser-linux64-3.6.1_en-US.tar.xz ... Passed ==> Extracting sources... ==> Entering fakeroot environment... ==> Starting package()... install: cannot stat ‘tor-browser-linux64-3.6.1_en-US.tar.xz’: No such file or directory ==> ERROR: A failure occurred in package(). Aborting... ==> ERROR: Makepkg was unable to build tor-browser-en. It's easily resolved by creating an appropriate symlink in $srcdir manually, since the file is correctly downloaded, but I suspect that should happen automatically.

commented on 2014-05-07 20:44 (UTC)

@hamgom95: thanks :-) package updated : 3.6.1

hamgom95 commented on 2014-05-07 20:10 (UTC)

new tor version is 3.6.1 version 3.6 is NOT on the servers anymore just have to change pkgver's and sha256sums's

hamgom95 commented on 2014-05-07 20:10 (UTC)

new tor version is 3.6.1 version 3.6 is NOT on the servers anymore just have to change pkgver's and sha256sums's

dmp1ce commented on 2014-05-02 05:50 (UTC)

The torrc file I was looking for was in "~/.tor-browser-en/INSTALL/Data/Tor"

dmp1ce commented on 2014-05-02 03:00 (UTC)

How do you go about modifying the torrc once this package is installed?

jswagner commented on 2014-04-30 22:56 (UTC)

This occurred on today's update. The package was still built and installed, but this should probably be sorted out. -- ==> Verifying source file signatures with gpg... tor-browser-linux64-3.6_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659) ==> WARNING: Warnings have occurred while verifying the signatures. Please make sure you really trust them.

poincare commented on 2014-04-30 11:31 (UTC)

Hello. I gwet the following error when trying to install: ==> Building and installing package ==> Making package: tor-browser-en 3.5.4-1 (Wed Apr 30 07:29:41 EDT 2014) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Downloading tor-browser-linux64-3.5.4_en-US.tar.xz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 Not Found Is there some way to update this to the current version of torbrowser (as listed on the tor project site)? Thanks.

gim commented on 2014-04-13 18:58 (UTC)

gpg --recv-keys 416F061063FEE659 Did the trick to me

yar commented on 2014-03-21 17:18 (UTC)

@Ba7a7chy Erinn Clark usually builds TBB packages. If you trust her key, run this: $ sudo pacman-key --recv-keys 0x416F061063FEE659 To trust inside a chroot, run something like this: $ sudo arch-nspawn /var/lib/archbuild/blahblah/root pacman-key --recv-keys 0x416F061063FEE659 Tor project devs list their keys here: https://www.torproject.org/docs/signing-keys.html.en https://www.torproject.org/docs/verifying-signatures.html.en

bararchy commented on 2014-03-21 08:34 (UTC)

==> Verifying source file signatures with gpg... tor-browser-linux64-3.5.3_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659) ==> WARNING: Warnings have occurred while verifying the signatures. Please make sure you really trust them.

yar commented on 2014-02-19 19:17 (UTC)

Sorry I wasn't clear before - I will NOT abandon this package. If I or anyone else creates a source version it should simply be called "tor-browser." I absolutely agree with the value of a binary package and will continue using it myself, since the binaries are GPG signed. The value in a source PKGBUILD will be for developers, not all the users of this package.

EscapedNull commented on 2014-02-19 17:32 (UTC)

Nothing4You, the only problem I see with that idea is that everyone already using this package will have to uninstall it and install tor-browser-en-bin to continue using it, otherwise they will be silently switched to compiling from source. kyak, that's unfortunate.

Nothing4You commented on 2014-02-19 15:36 (UTC)

There could also get created tor-browser-en-bin, the -bin suffix for binary sources is much more common than -src for builds from source.

beroal commented on 2014-02-19 15:26 (UTC)

“AUR is source only” Well, if there are a compiled file, I use it in AUR PKGBUILD. Sometimes it is the only option.

kyak commented on 2014-02-19 15:22 (UTC)

EscapedNull, updating doesn't take a few minutes to compile because i choose to clean up my build directory (automatically by pacman AUR helper) and don't plan to change this behaviour.

EscapedNull commented on 2014-02-19 14:29 (UTC)

kyak, fair enough. But as I said, updating from a previous version should only take a few minutes to compile in most cases, provided you're using a persistent build directory. Creating tor-browser-en-src is also an option, but that's up to yar. As a side note: you don't have to check their site for updates. Torbutton automatically checks and warns you when there's an update available. beroal, that's true for the official repos, but the AUR is source only (or it is supposed to be). This is one of the only packages I've seen that breaks that rule. I'm guessing it wouldn't be much harder to implement deterministic builds in official packages than in the AUR. If deterministic builds are the future, who is to say that TUs won't adopt the same process? But I'm not even thinking that far into the future; I'm only suggesting deterministic builds for this particular package at this point.

kyak commented on 2014-02-19 04:19 (UTC)

EscapedNull, let me explain what convenience is from my point of view. Running pacaur -Syu and having the latest tor-browser installed in seconds, that's what it is. Not having to check their site for updates and manually downloading and extracting the tarball, as you suggested.

beroal commented on 2014-02-19 00:05 (UTC)

Well, this is a guaranteed fork. ArchLinux is a binary distribution.

EscapedNull commented on 2014-02-18 21:23 (UTC)

kyak, I don't see what you're crying about over there. You do realize you can download a tarball of the binaries from torproject.org, don't you? Just extract and run. If you want convenience, why are you bothering with makepkg at all? Have you read Mike Perry's blog posts about the hows and whys of deterministic builds? PS: You only have to do a full-compile once, after that you only compile what's been updated. @yar I like the idea. I'm sure Mike would love it if you could put something like that together, too. I don't know enough about Gitian to attempt to take on something like that myself, but if you're serious about it, keep us updated and I'll contribute where I can. Bonus points if you can generalize it outside of Tor (i.e. Bitcoin, or anything else that uses Gitian), but it might be a good idea to start small and work up.

kyak commented on 2014-02-18 05:38 (UTC)

I hope you are kidding. Create tor-browser-en-src or something and implement your perverted ideas overthere. Save the users convenience of being able to upgrade fast and furious, without 1.5 hours of compiling.

yar commented on 2014-02-18 00:04 (UTC)

@EscapedNull @ThePacman I agree about compiling from source, and having just adopted this package I'm planning on making that happen soon. Gitian (Tor's deterministic build process) requires a VM with very precise setup. The process is so similar to Arch's devtools/makechrootpkg that I wonder if we shouldn't aim bigger and create a general infrastructure for Arch Linux to lead the entire FOSS community in deterministic building! Once containers and CONFIG_USER_NS are more mature and trusted, it could be the default and replace insecure makepkg. :)

EscapedNull commented on 2014-02-17 01:41 (UTC)

ThePacman, I'd consider attempting to create a package that compiles from source if there was a demand for it, but compiling Tor Browser on my Intel i3 took about an hour and a half, and probably half a dozen dependencies. Even then, that's just the browser. No Tor, Torbutton, Tor Launcher, Noscript, start-tor-browser, etc. I just don't know if anybody would use it. If I could get the Tor Project's deterministic build system down, however, that might be worth making a package for.

Almin commented on 2014-02-15 17:17 (UTC)

Got it working on 64bit by changing pkgver='3.5.2' _realpkgver='3.5.2' _realpkgver_i686='3.5.2' to pkgver='3.5.2.1' _realpkgver='3.5.2.1' _realpkgver_i686='3.5.2.1' and sha256sums from if [[ "$CARCH" == 'x86_64' ]]; then sha256sums=('b6880821cee958affef0aa851beca6bf4b52ab127fce9be9d6cd3721fdf9ffe8' 'f5be2e04e4b256a261bdd2daaef15f64d3a24b989864a743a1c93ff6a40cef58') ...to if [[ "$CARCH" == 'x86_64' ]]; then sha256sums=('853262207b9dbad6fecadc1e9d24df4e07d5fda0ef9e8cdca83be59a17d2206e' '238d08e090f4b8a7454f212fbc65c5e325ba31cbd3be7b50a368dc3ea382a206') I didn't look it up for 32bit and therefore those sha256sums are the ones of the old versions and therefore incorrect! They should not work! But if you can't wait on 64bit I posted my version of it on pastebin: http://pastebin.com/pknfkXNR

Almin commented on 2014-02-15 16:51 (UTC)

confirm...additional .1 behind 3.5.2 (now 3.5.2.1), also checksum missing. Flag as out-dated?

Roach2010 commented on 2014-02-15 15:31 (UTC)

The source has moved to https://www.torproject.org/dist/torbrowser/3.5.2.1/tor-browser-linux64-3.5.2.1_en-US.tar.xz

obb commented on 2014-02-15 15:31 (UTC)

The PKGBUILD contains wrong version numbers. It should be '3.5.2.1' instead of '3.5.2'. As a consequence I get a '404 - not found' error from curl. Also check if the SHA256-sums are right.

Maxr commented on 2014-02-13 06:17 (UTC)

Works fine for me, no problem.

wolfjb commented on 2014-02-13 04:44 (UTC)

FYI: Build fails with: ==> Retrieving sources... -> Downloading tor-browser-linux64-3.5.2_en-US.tar.xz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (51) SSL: no alternative certificate subject name matches target host name 'www.torproject.org' ==> ERROR: Failure while downloading tor-browser-linux64-3.5.2_en-US.tar.xz Aborting...

EscapedNull commented on 2014-01-16 13:53 (UTC)

Actually, there were only two packages that I had to manually install. Arguably they should be set as dependencies, but over all it wasn't hard to install. dbus-glib gtk2 beroal, you're probably right about installing "firefox" first. I just wanted to keep it as minimal as possible. This package has my vote.

beroal commented on 2014-01-15 21:30 (UTC)

EscapedNull, IMHO, the workaround is to install "firefox" before.

EscapedNull commented on 2014-01-15 16:16 (UTC)

Built, packaged, and installed, and it still has unfulfilled dependencies? XPCOMGlueLoad error for file ...libxul.so libdbus-glib-1.so.2: cannot open shared object file: No such file or directory. Couldn't load XPCOM. Tor Browser exited abnormally. Exit code 255. I installed dbus-glib, and just got a different missing shared object. Something tells me I could sit here all night installing dependencies one by one and still not make a dent. I understand dependencies are necessary, but why doesn't makepkg/pacman recognize them as such at build/install time? Or are they supposed to be in ~/.tor-browser-en/INSTALL/Browser/ with some of the other shared objects? Am I missing something? Will vote for it if I can get it working in a reasonable amount of time. Otherwise, my suggestion is to have these handled by pacman in some manner.

commented on 2013-12-21 01:22 (UTC)

Maxr: Thanks for updating it so quickly. Cheers

commented on 2013-12-20 02:06 (UTC)

Mise à jour : version 3.5

ZaZam commented on 2013-12-20 01:04 (UTC)

Tor Browser 3.5 has been released https://blog.torproject.org/blog/tor-browser-bundle-35-released

commented on 2013-12-09 17:31 (UTC)

Mise à jour : * les systèmes i686 restent en version 2.3.25_15 * les systèmes x86_64 passent en version 2.3.25_16

Maxr commented on 2013-11-02 15:58 (UTC)

> FAILED (unknown public key 416F061063FEE659) ^^^^^^^^^^^^^^^^^^ Please see posts below for instructions how to get the public key.

gim commented on 2013-11-02 15:53 (UTC)

==> Verifying source file signatures with gpg... tor-browser-gnu-linux-x86_64-2.3.25-14-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659) ==> WARNING: Warnings have occurred while verifying the signatures. Please make sure you really trust them. Why is that?

commented on 2013-11-02 10:09 (UTC)

Mise à jour : version 2.3.25-14

Maxr commented on 2013-10-29 16:38 (UTC)

Is there someone who would like to take care of this package? I don't have spare time right now and want to disown it, but would love to know it to be well looked after. If there is someone, please contact me.

ernie4chan commented on 2013-10-28 14:41 (UTC)

Great work! Just having a problem, while changing the style to QtCurve inside the start-tor-browser script, the bundle fails to start up (only QtCurve, the rests are ok). However if I run "./App/vidalia --datadir Data/Vidalia/ -Style QtCurve" on the command shell, it starts up perfectly.

ThePacman commented on 2013-10-14 16:53 (UTC)

Could this be changed to actually compile the package from source, instead of just packaging the precompiled binaries? I understand the convenience aspect of having it download precompiled binaries, but since the user's "building" the package anyway, there wouldn't be any additional steps (except maybe a few build dependencies, but makepkg -s --asdeps handles that.) Anyway, this is just a suggestion; you don't *have* to implement it if you don't want to.

plmosqueda commented on 2013-10-01 00:21 (UTC)

Thats nice. really good package OmeGa, with page version i was not be able to watch youtube.Thank you. AUR has everything thanks to all mantainers XDD

msx commented on 2013-09-22 08:13 (UTC)

Thank you very much for this package.

commented on 2013-09-21 07:28 (UTC)

Mise à jour à la dernière version en date : version 2.3.25-13

commented on 2013-09-08 04:00 (UTC)

I had to install firefox for this package to work. Maybe some dependency or path are wrong. Thanks Maxr :)

commented on 2013-08-18 19:57 (UTC)

pas de soucis, je me modifiais souvent le PKGBUILD pour rester à jour, autant en faire profiter les autres :-)

commented on 2013-08-18 19:55 (UTC)

Merci acaccia d'avoir pris la suite, je n'avais plus le temps de gérer tout ça X)

commented on 2013-08-18 19:52 (UTC)

Mise à jour à la version 2.3.25-12

DaveCode commented on 2013-08-13 01:37 (UTC)

To Maxr: Bookmarks matter to users, but not to privacy, as they aren't transmitted. Overwriting torrc means routing changes which can matter a LOT. The Tails distro is complaining about this very issue in TBB and trying to work around it. Vidalia, well...appearance settings don't even take...aside from other brokenness. Tor Project is folding Vidalia into their browser. See 3.0 alpha release. So it's pointless trying to fix, I guess. To Boskote: Thanks for the interest and help. Key signing has more to do with makepkg than pacaur. Still it'd be nice if pacaur would bail on fail. Your remark on -m lost me. If the download won't validate, there's no point building a package from it. On the wiki I'd advise sudo pacman-key --recv-keys 0x63FEE659 sudo echo "GNUPGHOME=/etc/pacman.d/gnupg" >> /etc/makepkg.conf with explanation that makepkg will now use pacman keyrings as it should, rather than personal e-mail keyrings. A special AUR keyring package for Tor Project might help. In core repo lives archlinux-keyring, for example. A similar package could become a dep for tor-browser. Then the keyring packager could monitor all the subtleness plus personnel or key changes at Tor Project. A separate package then nicely separates concerns from TBB proper. GnuPG should already be a dep for tor-browser. That flag with a Tor Project keyring package dep would encapsulate the whole mess, I expect.

Boskote commented on 2013-08-12 09:14 (UTC)

Based on this discussion, I have updated the wiki page for Tor with more recent information about the Tor Browser Bundle, including a tip on how to add the tor dev signing keys to gpg for signature verification through makepkg: https://wiki.archlinux.org/index.php/Tor#Web_browsing DaveCode, Hopefully the update to the .install file for this package, and on the Tor wiki page, will make the signature verification process less confusing. I'm also a pacaur user, and I just noticed the pacaur -m option. To build but not install. This gives an opportunity to --recv-keys the required key (and rebuild to verify) before installing the package. I agree that support for signature verification could be developed further as a feature of an AUR helper (if it isn't already). I'm thinking of starting a thread about it on the forums. If I do I'll let you know.

Maxr commented on 2013-08-10 06:20 (UTC)

In fact I consider the complete rewrite of ~/.tor-browser-en as a privacy feature. Nevertheless, I will have a look into this in two weeks after my vacation. The closing misbehaviour persists since AFAIK the start of this package. No idea why. I do not think it is really a problem. Feel free to investigate if you want to.

DaveCode commented on 2013-08-09 22:22 (UTC)

1. App closure is misbehaved - Vidalia stays open - fails to obey tor-browser-en/INSTALL/Docs/README-TorBrowserBundle "To exit, close Firefox. Vidalia will automatically clean up and exit." 2. Package updates wrongly overwrite customized torrc, vidalia.conf, and prefs.js (use *.pacnew for updated files). 3. To Boskote: Put it the other way. Personal keyrings are for personal keys. So dropping AUR keys in personal rings is wrong. There is vastly more justification/rationale to have AUR keys mixed with dev packager keys. I think we're just looking at a default situation that has fallen out of previous inertia. Nobody sat down and thought about it. Any dev intentions causing this situation should change -- I see none -- though I haven't looked beyond my last post. A keyring can serve more than one need. AUR/Arch packages are close relatives, neighbors; all their keys belong on the same ring. If devs want separation, then they should create an AUR keyring just for AUR packages, as they made a package keyring for official packages. Personally the amount of research needed to understand the matter tells me it's messed up. An experienced user should not need so much effort and I wasn't alone. Lastly, and most importantly, any AUR helper tool that installs non-passing packages defeats the entire purpose. Pacaur emits a warning, but still installs, unless your fingers are really quick with Ctrl-C. I don't know about others. - thanks -

ZaZam commented on 2013-08-07 14:13 (UTC)

Thanks Boskote. I got it working.

Maxr commented on 2013-08-07 08:17 (UTC)

Thanks for explanation. Just to clarify: It should be possible to use any browser with tor (providing you do the proxy configuration right). However, there are many ways to miss some important privacy/security related options when not using the builtin fixes provided by Torbutton (see https://www.torproject.org/torbutton/) which is only available within TBB, unfortunately.

Boskote commented on 2013-08-07 07:27 (UTC)

The tor project no longer supports using tor through any browser other than the tor browser bundle, including regular firefox (TBB uses a patched version of firefox ESR): https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser The standalone tor and vidalia packages still exist "for use by experts and relay operators". ZaZam, you can use Tor Browser from the TBB with your already installed versions of tor and vidalia with a simple change to the ~/.tor-browser-en/INSTALL/start-tor-browser script: https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers#UseTorBrowserwithalocallyinstalledTorVidaliaNIXONLY However, as Maxr explained in his comment on 2012-03-11, the contents of ~/.tor-browser-en get rewritten with the first call of TBB after each update. So you may need to redo the change to the start-browser-script with every update of the package.

Maxr commented on 2013-08-07 06:30 (UTC)

The package is distributed by the tor team as is for all those who don't want to install 3 software packages and configure them to work together. If you do not need the whole package, why don't you just install firefox in addition to your tor setup?

ZaZam commented on 2013-08-06 21:09 (UTC)

Could this be made to use tor and vidalia packages from the Arch repository? I have those packages already installed for running a Tor relay. I don't see the point of having them installed twice. And I don't see why this all has to be in a single package.

Maxr commented on 2013-08-04 16:31 (UTC)

Thanks for the hint, .install file is up to date now (didn't bump pkgrel).

Boskote commented on 2013-08-03 05:26 (UTC)

Maxr, From what DaveCode is saying, I think the command in the pre_install message should be changed from "pacman-key -r <keyid>"to "gpg --recv-keys <keyid>". Because the default for makepkg is to use the ~/.gnupg keyring. DaveCode, I agreed with you until I read that the keyring for pacman-key is intended for signatures of Arch developers for official packages, which makes sense: https://bbs.archlinux.org/viewtopic.php?pid=1297793#p1297793 Verifying source signatures for AUR builds is really different. There should be better info on the AUR wiki page about possibly needing to use gpg --recv-keys <keyid> in order to verify signed source.

DaveCode commented on 2013-07-02 06:11 (UTC)

Arch Linux finally verifies packages, but AUR not so much, because "makepkg does not use pacman's keyring" https://wiki.archlinux.org/index.php/Makepkg#Signature_checking Most folks have no GPG keys. Makepkg should use pacman-key. It doesn't. Key import and signing ain't enough. You need to fiddle an obscure app you probably don't use, and if you do, mix personal keys with pacman keys. Or else, rely on makepkg's willingness to build crypto regardless of signature. Yay Arch security design...

DaveCode commented on 2013-07-02 05:37 (UTC)

@Maxr The key is signed but I caught the bug. Why does /usr/bin/makepkg line 1282 call "gpg" not "pacman-key"? Pacman-key validates the tarball: $ pacman-key --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc ==> Checking tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc ... gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659 gpg: Good signature from "Erinn Clark <erinn@torproject.org>" gpg: aka "Erinn Clark <erinn@debian.org>" gpg: aka "Erinn Clark <erinn@double-helix.org>" $ gpg --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659 gpg: Can't check signature: No public key

Maxr commented on 2013-06-29 11:34 (UTC)

optdeps updated. Thanks for the hint. @DaveCode: Did you sign the imported key? Maybe have a look at https://wiki.archlinux.org/index.php/Pacman-key#Adding_Unofficial_keys for details. Signature verifying works for me.

DaveCode commented on 2013-06-29 01:22 (UTC)

I did crypto keys right, but get source tarball validation errors (i686). # pacman-key --recv-keys 0x63FEE659 # pacman-key --finger "Erinn Clark" My fingerprint output matches https://www.torproject.org/docs/verifying-signatures.html.en 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659 So key import worked. Now the validation bug, http://troll.ws/paste/97d7981a The stuff at far upper right is shell prompt, ignore. Look for FAILED in output. Inspecting the mystery key with # pacman-key --list-keys 0x416F061063FEE659 # pacman-key --finger 0x416F061063FEE659 shows Erinn and the same fingerprint as during import, all fine. Also visit http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x416F061063FEE659 So validation should have worked. Yet I also wonder why, when it failed, I had to use Ctrl-C to stop installation, maybe another problem...it should have stopped itself.

kjslag commented on 2013-06-28 21:42 (UTC)

In the optional dependencies, I think "kdialog" is supposed to be "kdebase-kdialog". thanks!

Maxr commented on 2013-06-23 09:11 (UTC)

Thanks for the input. As far as I get it, the present state is not that far away from your suggestion (in fact just one additional number in the pkgrel). Nevertheless I'll try it with the next release. I am still hopeful that they will return to syncronized versioning in the future.

DaveCode commented on 2013-06-22 00:24 (UTC)

@Maxr If I follow you, then on i686, pacman -Qi will now list package 2.3.25_9-1 but contain upstream's 2.3.25_8 code, so pacman will be wrong on i686. If upstream is not synchronizing then don't even try. Use 2.3.25-<AURBuild> numbering to subsume their mess. Your <AURBuild> number can mean different upstream tarballs under the hood. Pacman will report the correct version to the best resolution possible for this multiarch package. The other way to go is two packages in AUR, one for each CPU arch. I couldn't speculate which design would be easier. Thanks!

Maxr commented on 2013-06-20 12:01 (UTC)

Package updated (did not bump pkgrel however, because x64 ppl don't need to update at all). Hopefully i686 is working now. Please test and report any problems ;-) I will have a look into this dbus-glib-thing ASAP. @DaveCode dash-8 / dash-9 mess is correct. Upstream did release different versions for different archs, unfortunately. Signature checking should work providing you have the key available (you have to download it manually).

DrZingo commented on 2013-06-20 11:41 (UTC)

@Maxr I tried the original tarball from Tor. I had to remove my packages I installed afterwards (firefox, thunar, tumbler) and their deps. I traced it down to dbus-glib was missing. Without it I get the same error again. I don't know if it should be a dependency. I'm not running any other 'required by' package.

tiberiousr commented on 2013-06-19 16:38 (UTC)

This fixes the pkgbuild for i686: package() { cd "${srcdir}" sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.sh sed -i "s/REPL_VERSION/${_realpkgver}/g" ${pkgname}.sh sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.sh sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.desktop sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.desktop sed -i "s/REPL_COMMENT/${pkgdesc}/g" ${pkgname}.desktop install -Dm 644 ${pkgname}.desktop ${pkgdir}/usr/share/applications/${pkgname}.desktop install -Dm 644 ${pkgname}.png ${pkgdir}/usr/share/pixmaps/${pkgname}.png install -Dm 755 ${pkgname}.sh ${pkgdir}/usr/bin/${pkgname} if [[ "$CARCH" == 'x86_64' ]]; then install -Dm 644 tor-browser-gnu-linux-${CARCH}-${_realpkgver}-dev-${_language}.tar.gz \ ${pkgdir}/opt/${pkgname}/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz else install -Dm 644 tor-browser-gnu-linux-${CARCH}-${_real_pkgver_i686}-dev-${_language}.tar.gz \ ${pkgdir}/opt/${pkgname}/tor-browser-gnu-linux-${CARCH}-${_real_pkgver_i686}-${_language}.tar.gz fi }

aiguofer commented on 2013-06-19 02:30 (UTC)

Well, updated to the new version and still can't type into it. I can't even hit the "enter" key. Any ideas of debugging I can do? I tried running from command line but no useful info pops up.

DaveCode commented on 2013-06-19 01:45 (UTC)

> someone using i686 please test http://troll.ws/paste/217ae075 1. Fetches dash-8 not dash-9 tarball on 686? 2. Unknown key? How did prior dash-8 build then? 3. PS Thanks for maintenance.

Maxr commented on 2013-06-18 18:06 (UTC)

Package upgrade. There are different versions for i686 and x64, unfortunately (old 2.3.25-8 for i686). x64 works for me, someone using i686 please test. @granted: Would you please download the oiginal tor-browser tarball & try wether the problem persists when just using this "vanilla" package?

DrZingo commented on 2013-06-18 00:37 (UTC)

I installed firefox and it launched when it should. But this seems like a security flaw to me. It seems to use the bundled browser, BUT instead of using the libraries that it comes with, it uses the libraries from the separate installed firefox. Is this a flaw in this package or should it be reported upstream?

Spakman commented on 2013-06-17 08:04 (UTC)

I was also hitting the problem where I couldn't type into the Tor Firefox browser. Strangely, the problem disappeared as quickly as it came yesterday (no immediately obvious change caused this). I'm using xmonad.

DrZingo commented on 2013-06-16 13:42 (UTC)

The browser won't launch after successful connect to Tor. When trying to launch the bundled firefox manually I get the following: It seems like the bundled browser can't use the libraries in the home-folder. XPCOMGlueLoad error for file /home/granted/.tor-browser-en/INSTALL/App/Firefox/libxpcom.so: libxul.so: cannot open shared object file: No such file or directory Couldn't load XPCOM. Any idea how to solve this? (I don't have FF installed seperately)

Maxr commented on 2013-06-11 20:07 (UTC)

You need to import the public key first (see posts below).

kralibes commented on 2013-06-11 18:13 (UTC)

tor-browser-en 2.3.25_8-1 No valid gpg signatures? Error text (german): ==> Überprüfe Signaturen der Quell-Dateien mit gpg... tor-browser-gnu-linux-x86_64-2.3.25-8-dev-en-US.tar.gz ... FEHLGESCHLAGEN ==> FEHLER: Eine oder mehrere PGP-Signaturen konnten nicht überprüft werden. ==> ERROR: Makepkg was unable to build tor-browser-en.

aiguofer commented on 2013-06-10 19:12 (UTC)

I'm using GNOME 3.8 stock, so I suppose it's using Mutter.

Maxr commented on 2013-06-04 20:19 (UTC)

I'm sorry, I can not reproduce your problem. Which window manager do you use?

aiguofer commented on 2013-05-27 18:42 (UTC)

I'm having a strange problem where I can't type into tor browser, anyone else encounter this? Key shortcuts work fine, it's only typing into the address bar, text boxes, and search bar that doesn't work. Any clue?

commented on 2013-05-09 12:14 (UTC)

Retrait de la dépendance java-runtime qui n'était pas nécessaire

commented on 2013-05-09 12:13 (UTC)

Mis à jour à la version 2.3.25-6 (Désolé pour le temps mis, j'était absent pendant plusieurs mois)

Wilco commented on 2013-04-26 08:03 (UTC)

I've removed the java dependency from the PKGBUILD. It builds and runs fine without it. Maybe the dependency should be made optional for people that don't want to install Java?

zoe commented on 2013-04-19 08:25 (UTC)

La version 2.3.25-6 est sortie ---> flagged "out-of-date" J'installe la version anglaise qui est à jour.

moebius_eye commented on 2013-03-09 02:37 (UTC)

Pourquoi java-runtime est dans les dépendances? Le paquet fonctionne tout à fait sans.

Maxr commented on 2013-02-22 12:16 (UTC)

I did not encounter any loading problems anymore with the vanilla package and therefore removed the "hotfix".

Maxr commented on 2013-02-19 19:13 (UTC)

Did you maybe try to start tor-browser as another user using su? In fact I don't think this error is tor-browser related, does it occur in other situations too? Which window manager are you using?

urbanomad64 commented on 2013-02-12 17:24 (UTC)

I keep getting this error: tor-browser-en Launching Tor Browser Bundle for Linux in /home/user/.tor-browser-en/INSTALL Qt: Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed.

Maxr commented on 2013-02-10 07:44 (UTC)

Didn't test prior releasing unfortunately... I modified the pkgbuild to apply your fix, divansantana. Works for me now. Also corrected the messed up version thing... I'm going to report it upstream later today. Will post the link.

smfsh commented on 2013-02-10 03:04 (UTC)

Tor wont bootstrap beyond 10% without divansantana's recommended fix to comment out line 206. Looks like it works fine after that though.

divansantana commented on 2013-02-09 23:27 (UTC)

I couldn't for the life of me get this to work right. Figured out I had to comment out line 206 of start-tor-browser for everything to work on Arch. Than line: export LD_LIBRARY_PATH which is previously set in the script to LD_LIBRARY_PATH="${HOME}/Lib" Anyway hope this helps someone else. Anyone know why this is the case? Also a new security update it out.

commented on 2012-12-29 16:12 (UTC)

Mis à jour à la version 2.3.25-1

commented on 2012-10-30 20:32 (UTC)

Mis à jour à la version 2.2.39-5

commented on 2012-10-25 15:52 (UTC)

Mis à jour à la version 2.2.39-4

Maxr commented on 2012-10-25 09:48 (UTC)

The problem is, hyphens are not allowed in pkgver. I can't tell why but I had in mind to use 'rc' instead of '-'. According to the (current) packaging guidelines a simple underscore is the way to go. I will do so on the upcoming release...

vnoel commented on 2012-10-24 08:23 (UTC)

Hi, I may be wrong, but… are you sure these are release candidate? I think the last number is just a distribution number, while the firt three are those of tor…

commented on 2012-10-17 18:35 (UTC)

Mis à jour à la version 2.2.39-3

Maxr commented on 2012-10-10 05:40 (UTC)

For me, pacman -Ss java-runtime returns: extra/jre7-openjdk 7.u7_2.3.2-2 extra/jre7-openjdk-headless 7.u7_2.3.2-2 extra/openjdk6 6.b24_1.11.4-1 [installed] One of them installed will provide java-runtime. I changed dependency from java-environment to java-runtime just some months ago. According to https://wiki.archlinux.org/index.php/Java_Package_Guidelines#Dependencies , java-runtime should do the job as far as I know. Please feel free to correct me if I'm wrong.

jsteel commented on 2012-10-09 20:24 (UTC)

I think it should be java-environment.

kozaki commented on 2012-10-09 19:47 (UTC)

Ooops, sudden issue with the java-runtime dependency: Dependency `java-runtime' of `tor-browser-en' does not exist. also clicking on the link over here: We couldn't find any packages matching your query. Try searching again using different criteria, or try searching the AUR to see if the package can be found there. Thank you for maintaining this package; use it on a machine at works where it works well.

Maxr commented on 2012-10-07 12:04 (UTC)

updated.

MisterAnderson commented on 2012-10-04 14:28 (UTC)

Working PKGBUILD: (version number is probably wrong) # Maintainer: Max Roder <maxroder@web.de> # To port this PKGBUILD to another language of tor-browser you # have to change $pkgname, $_language, $pkgdesc and $url in PKGBUILD # AND (!) the first line in the .install file! pkgname='tor-browser-en' pkgver='2.2.39_rc1' _realpkgver='2.2.39-1-dev' _language='en-US' pkgrel='1' pkgdesc='Anonymous browsing using firefox and tor' url='https://www.torproject.org/projects/torbrowser.html.en' arch=('x86_64' 'i686') license=('GPL') depends=('java-runtime') optdepends=('zenity: simple dialog boxes' 'kdialog: KDE dialog boxes' 'notify-send: Gnome dialog boxes') install="${pkgname}.install" source=("https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz" "https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz.asc" "${pkgname}.desktop" "${pkgname}.png" "${pkgname}.sh") if [[ "$CARCH" == 'x86_64' ]]; then sha256sums=('1ae9cbb1db592539f24229de9a42d37587673d20174715c488273b1f573d3f1c' '263b494fa3ca2e3513f0e25bb5d0b9aadc4d00c1ac0e0413b28e6af66fdeef76') else sha256sums=('54dc765fe8423a2058e0043a7a421e45853fba14489974bb5ea0f06787767615' '72eb8a8af44ad7c6dd84b68619386ed614dc6c553621ad6de376e76b7ffc710b') fi sha256sums+=('2217f011197329019ae3d282d95623e0230f8f7a3a604290744280530cf1698a' '17fc2f5784d080233aca16e788d62ab6fe3e57cf781b123cfe32767de97d6d3b' '7fc947b8ae1483c5abb4545f6e26b315ff1fb16eb7ae8837f7afb10a9277383b') noextract=("tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz") package() { cd "${srcdir}" sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.sh sed -i "s/REPL_VERSION/${_realpkgver}/g" ${pkgname}.sh sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.sh sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.desktop sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.desktop sed -i "s/REPL_COMMENT/${pkgdesc}/g" ${pkgname}.desktop install -Dm 644 ${pkgname}.desktop ${pkgdir}/usr/share/applications/${pkgname}.desktop install -Dm 644 ${pkgname}.png ${pkgdir}/usr/share/pixmaps/${pkgname}.png install -Dm 755 ${pkgname}.sh ${pkgdir}/usr/bin/${pkgname} install -Dm 644 tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz ${pkgdir}/opt/${pkgname}/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz } # vim:set ts=2 sw=2 et:

Maxr commented on 2012-09-24 02:48 (UTC)

Sorry, on vacation. Will update in little more than a week.

vladimir1922 commented on 2012-09-23 18:30 (UTC)

This package is becoming very outdated. I know it is a bit annoying how frecuently they release a new version, but it is something important...

Maxr commented on 2012-08-29 15:23 (UTC)

Key importing instructions are included now (this change is not important so I did not increase pkgrel)

commented on 2012-08-19 11:24 (UTC)

@Maxr sorry about spamming :) Problem solved, thanks! Just import Erinn Clark's key (found on https://www.torproject.org/docs/signing-keys.html.en), using # pacman-key -r <keyid> and then run env GNUPGHOME=/etc/pacman.d/gnupg makepkg -s on the directory where the PKGBUILD is.

Maxr commented on 2012-08-19 09:56 (UTC)

You have to import the public key first (see posts below).

commented on 2012-08-19 09:16 (UTC)

I am getting a message: ==> Verifying source file signatures with gpg... tor-browser-gnu-linux-x86_64-2.2.38-1-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659) ==> WARNING: Warnings have occurred while verifying the signatures. Please make sure you really trust them. Is there any way I can include the verification of the signature in the PKGBUILD?

dartfira commented on 2012-08-01 08:05 (UTC)

With last update it works correctly for me.

Maxr commented on 2012-07-13 06:01 (UTC)

Already wondered why I couldn't start tbb ... well, as it seems you have to compile tbb to use the patch. This pkgbuild uses the binary version, so no way ATM.

commented on 2012-07-13 02:29 (UTC)

patch https://trac.torproject.org/projects/tor/attachment/ticket/6340/0001-Disables-the-ELF-hack-as-a-workaround-for-6340.patch

android_808 commented on 2012-06-10 19:00 (UTC)

Its a problem with makepkg. https://bugs.archlinux.org/task/28825 Try: env GNUPGHOME=/etc/pacman.d/gnupg makepkg -s

Maxr commented on 2012-06-08 15:34 (UTC)

Sorry, I can not reproduce this here right now. Please double check key importing and try it again.

blackhole commented on 2012-06-05 09:07 (UTC)

tor-browser-gnu-linux-x86_64-2.2.35-12-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659) I have made this: pacman-key -r 416F061063FEE659 pacman-key -f 416F061063FEE659 and I have veryfied signatures pacman-key pacman-key --lsign-key 63FEE659 (with the number 416F061063FEE659 is not working) ==> Updating trust database... However,if I try to install the package I receive the same message about unknown public key 416F061063FEE659

Maxr commented on 2012-06-03 09:51 (UTC)

Changed dep from java-environment to java-runtime (did not increase the pkgrel, though). Please let me know if there are any problems.

Maxr commented on 2012-05-28 11:06 (UTC)

Hm, maybe, will investigate on that later this week...

lahwaacz commented on 2012-05-22 19:12 (UTC)

should it not depend on java-runtime instead of java-environment?

jpate commented on 2012-05-08 18:27 (UTC)

you need to add the key to your keyring: https://wiki.archlinux.org/index.php/Pacman-key as mentioned a couple comments down, you can check the key fingerprint at https://www.torproject.org/docs/signing-keys.html.en

Maxr commented on 2012-05-08 18:27 (UTC)

Mh, I would say you are in need of the appropriate public key. Download & import it. In fact, signature checking works providing that you have the key available.

mmm commented on 2012-05-08 18:18 (UTC)

the signature feature would be nice for this package, yet now i get Verifying source file signatures with gpg... tor-browser-gnu-linux-i686-2.2.35-11-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659) ==> WARNING: Warnings have occurred while verifying the signatures. Please make sure you really trust them.

commented on 2012-05-04 17:34 (UTC)

I get a 404 when downloading the package because all of the packages here (https://www.torproject.org/dist/torbrowser/linux/) are 2.2.35-11. Flagged as out-of-date.

jpate commented on 2012-03-19 15:48 (UTC)

perfect! thank you :)

Maxr commented on 2012-03-19 15:46 (UTC)

Have a look at this page: https://www.torproject.org/docs/signing-keys.html.en

jpate commented on 2012-03-19 10:12 (UTC)

Given the nature of this package, it would be nice to be able to verify the public key fingerprint somewhere besides the PGP keyserver. I see the name associated with the public key "Erinn Clark" is one of the "core people" on the Tor project website, but there's no PGP fingerprint there that I can see.

Maxr commented on 2012-03-11 15:53 (UTC)

Package update: To improve security, the PKGBUILD will not install tor-browser to /opt/ anymore. Instead, it will just put the .tar.gz archive in /opt/tor-browser-en/. The included wrapper script will extract it to the user's home directory upon first call. This way, no temporary files will be stored world-readable in /opt but in the users home directory. Everytime tor-browser gets updated, the wrapper script should automatically update the per-user copy when it's called the first time after package installation. No user action should be required. Please test and report any issues.

teek commented on 2012-03-08 12:16 (UTC)

Ah, you're right, that was the first mirror, tought it was the one that should work. It works now, thanx, great work.

Maxr commented on 2012-03-08 10:42 (UTC)

> mirrors.kernel.org [...] I don't think this is related to tor-browser. You should check your pacman mirror.

teek commented on 2012-03-08 09:03 (UTC)

It is unable to downoad all dependencies... ==> Building and installing package ==> Install or build missing dependencies for tor-browser-en: Password: resolving dependencies... warning: dependency cycle detected: warning: rhino will be installed before its jre7-openjdk dependency looking for inter-conflicts... Targets (6): ca-certificates-java-20120225-1 jre7-openjdk-7.b147_2.1-3 jre7-openjdk-headless-7.b147_2.1-3 rhino-1.7R3-1 xdg-utils-1.1.0rc1-3 jdk7-openjdk-7.b147_2.1-3 Total Download Size: 0.99 MiB Total Installed Size: 135.53 MiB Proceed with installation? [Y/n] :: Retrieving packages from extra... error: failed retrieving file 'rhino-1.7R3-1-any.pkg.tar.xz' from mirrors.kernel.org : Given file does not exist error: failed retrieving file 'rhino-1.7R3-1-any.pkg.tar.xz' from mirrors.kernel.org : The requested URL returned error: 404 warning: failed to retrieve some files from extra error: failed to commit transaction (download library error) Errors occurred, no packages were upgraded. ==> Restart building tor-browser-en ? [y/N] ==> --------------------------------------- ==> ==> WARNING: Following packages have not been installed: tor-browser-en

Maxr commented on 2012-03-03 14:23 (UTC)

changed pkgbuild.

joshirio commented on 2012-03-03 14:07 (UTC)

Please remove xulrunner as dep, it is not needed, since the PKGBUILD downloads the binary from torproject. Xulrunner is causing trouble lately with eclipse (conflict). I'm running it without xulrunner and everything works fine.

ethail commented on 2012-03-03 13:18 (UTC)

xulrunner is not a run-time dep, thus it should be marked as makedepends

Maxr commented on 2012-02-20 19:43 (UTC)

upstream seems to update daily...

sud_crow commented on 2012-02-20 19:21 (UTC)

2.2.35-7.2 is out with a bugfix for Linux

Maxr commented on 2012-01-06 08:06 (UTC)

Updated.

commented on 2012-01-05 20:36 (UTC)

current version should be 2.2.35-4

Maxr commented on 2011-11-25 08:09 (UTC)

Unfortunately, upon upgrading there will probably be a "conflicting files" error. Please try pacman -f to solve that.

MatejLach commented on 2011-10-23 10:37 (UTC)

Thanks! Now it's great! Notes: 'To start, you may fire tor-browser-en in the terminal.' - Sure you can, but for a user with DE this isn't practical at times, because I have quick access to my most often used programs from desktop and this is quicker for me than using CL, but if you do not have desktop (as you do) of course you have to use CL, so I can now see why you haven't included shortcuts in your first PKGBUILD. Anyway, Thank you very much,

Maxr commented on 2011-10-22 12:05 (UTC)

To start, you may fire tor-browser-en in the terminal. I don't use a desktop, so an icon did not came to my mind until now. I just submitted an updated version which I hope will fit your needs. Please test and report.

MatejLach commented on 2011-10-21 11:53 (UTC)

I would really like to use this package, but I have a few problems with it: - Why no link to Internet category/desktop shortcut etc. is created? - Why not whole /opt/tor-browser-en folder is deleted when you do Pacman -R[s] tor-browser-en? This PKGBUILD in this stage is nothing more, than uncompressed tor-browser from Tor's website, because you still have to go to go to /opt/tor-browser-en to launch it. Now, even the fact that you can install it and manage using pacman is not very good, because as I said earlier not the whole thing gets automatically removed from your system after you remove it using pacman. Apart from that, great package and keep it up, when it will be updated to my expecations I will definatelly install it. Thanks, P.S. This is MY personal view, for others this may work 'as is'.