Package Details: tor-browser-bin 14.0.6-1

Git Clone URL: https://aur.archlinux.org/tor-browser-bin.git (read-only, click to copy)
Package Base: tor-browser-bin
Description: Tor Browser Bundle: anonymous browsing using Firefox and Tor
Upstream URL: https://www.torproject.org/projects/torbrowser.html
Licenses: MPL-2.0
Conflicts: tor-browser
Provides: tor-browser
Submitter: FabioLolix
Maintainer: grufo (jugs)
Last Packager: jugs
Votes: 1289
Popularity: 5.99
First Submitted: 2023-09-24 17:45 (UTC)
Last Updated: 2025-02-09 21:27 (UTC)

Pinned Comments

grufo commented on 2019-08-15 02:22 (UTC)

Before running makepkg, you must do this (as normal user):

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

Latest Comments

1 2 3 4 5 6 .. 77 Next › Last »

tucho commented on 2025-02-08 21:15 (UTC)

@grufo and @jugs, I suggest changing _urlbase from "https://dist.torproject.org/torbrowser/${pkgver}" to "https://archive.torproject.org/tor-package-archive/torbrowser/${pkgver}". That way we can still install the package while you work on releasing a new version.

Elrondo46 commented on 2025-02-08 16:50 (UTC)

Hi

Can I co-maintain the package to update it faster when there is a more recent version?

m93 commented on 2025-01-20 18:21 (UTC)

For me it worked after:

gpg --keyserver hkps://keys.openpgp.org --recv-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

then:

yay -S tor-browser

Daedalus24 commented on 2025-01-16 12:49 (UTC) (edited on 2025-01-21 06:48 (UTC) by Daedalus24)

The command $ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

returns gpg: error retrieving 'torbrowser@torproject.org' via WKD: General error gpg: error reading key: General error

I was able to download the gpg key using

$gpg --keyserver keys.openpgp.org --recv-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

Any attempt to install the package $ paru -S tor-browser(-bin)

fails with

ERROR: sha256sums does not allow empty values.

rafaelff commented on 2024-10-02 10:08 (UTC)

When you get ==> ERROR : sha256sums does not allow empty values., there is a chance a new tor-browser version released.

Try accessing the tarball URL (example, for 13.5.5 it is https://dist.torproject.org/torbrowser/13.5.5/); if you get "Not Found" error, then please flag the package as out of date.

richard_mt commented on 2024-10-02 06:56 (UTC) (edited on 2024-10-02 07:07 (UTC) by richard_mt)

I hit this error:

$ makepkg -si
==> ERREUR : sha256sums does not allow empty values.
==> ERREUR : sha256sums does not allow empty values.

I think this is due to CARCH not being set properly on my system, but I don't know how to fix it

My bad, it was simply due to the download file 13.5.5 not being available anymore on the server.

kysh commented on 2024-10-01 21:18 (UTC) (edited on 2024-10-01 21:23 (UTC) by kysh)

makepkg -s fails with

==> ERROR: sha256sums does not allow empty values.
==> ERROR: sha256sums does not allow empty values.

while

tor-browser -u says

Everything is up to date (current version: 13.5.4).

The browser itself on the "About" menu says its 

13.5.6 (based on Mozilla Firefox 115.16.0esr)

Guess the browser updated itself sans AUR

nisavid commented on 2024-09-26 17:16 (UTC)

TL;DR: If you're still encountering

    tor-browser-linux-x86_64-13.5.3.tar.xz ... FAILED (unknown public key 157432CF78A65729)

then run this before building the package:

$ gpg --auto-key-locate nodefault,wkd,keyserver --keyserver hkps://keys.openpgp.org --locate-keys torbrowser@torproject.org

The key-retrieval command suggested by @grufo was insufficient for me.

I retrieved the key from WKD:

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2025-07-21]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07

But the package build still failed:

$ makepkg -i
⋮
==> Verifying source file signatures with gpg...
    tor-browser-linux-x86_64-13.5.4.tar.xz ... FAILED (unknown public key 157432CF78A65729)
==> ERROR: One or more PGP signatures could not be verified!

Notice that the missing key was indeed not retrieved:

$ gpg --list-keys torbrowser@torproject.org                         
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2025-07-21]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07

Retrieving the missing key from the OpenPGP keyserver did the trick, obtaining a subkey of the key retrieved from WKD:

$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 157432CF78A65729

pub  rsa4096/4E2C6E8793298290  created: 2014-12-15  expires: 2027-07-15
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290

     Tor Browser Developers (signing key) <torbrowser@torproject.org>

Do you want to import this key? (y/N) y
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 3 new signatures
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 1 new subkey
gpg: Total number processed: 1
gpg:            new subkeys: 1
gpg:         new signatures: 3

$ gpg --list-keys torbrowser@torproject.org                    
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2027-07-15]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07 
sub   rsa4096/157432CF78A65729 2024-07-15 [S] [expires: 2026-10-26]

After this, the package build succeeded.

Note that the subkey was available on the OpenPGP keyserver but not on the Ubuntu keyserver.

In retrospect, I could've retrieved both keys with one command. This is what I'd recommend running in lieu of the gpg command suggested by @grufo:

$ gpg --auto-key-locate nodefault,wkd,keyserver --keyserver hkps://keys.openpgp.org --locate-keys torbrowser@torproject.org
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2027-07-15]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07 
sub   rsa4096/157432CF78A65729 2024-07-15 [S] [expires: 2026-10-26]

leuko commented on 2024-09-24 16:51 (UTC) (edited on 2024-09-24 17:09 (UTC) by leuko)

@ewtoombs, you probably: 1. did not import the GPG key. Try the pinned comment. 2. are trying to download behind a firewall that blocks the Tor site.

1 2 3 4 5 6 .. 77 Next › Last »