Package Details: tor-browser-bin 14.5.3-1

Git Clone URL: https://aur.archlinux.org/tor-browser-bin.git (read-only, click to copy)
Package Base: tor-browser-bin
Description: Tor Browser Bundle: anonymous browsing using Firefox and Tor
Upstream URL: https://www.torproject.org/projects/torbrowser.html
Licenses: MPL-2.0
Conflicts: tor-browser
Provides: tor-browser
Submitter: FabioLolix
Maintainer: grufo (jugs)
Last Packager: jugs
Votes: 1290
Popularity: 3.66
First Submitted: 2023-09-24 17:45 (UTC)
Last Updated: 2025-05-27 18:25 (UTC)

Pinned Comments

grufo commented on 2019-08-15 02:22 (UTC)

Before running makepkg, you must do this (as normal user):

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

Latest Comments

1 2 3 4 5 6 .. 77 Next › Last »

zlima12 commented on 2025-03-20 23:57 (UTC) (edited on 2025-03-20 23:59 (UTC) by zlima12)

EDIT: I now see the comment below which has the reason.

In the latest commit, the source was changed from dist.torproject.org to archive.torproject.org; is there any particular reason to do this? It seems like archive is meant more for historical releases, while dist is what is used on the website for downloads.

aplnx commented on 2025-03-17 12:24 (UTC)

Hi! I am having the same sha256sums error despite of repeating the commands recommended in pinned message.

tucho commented on 2025-02-08 21:15 (UTC)

@grufo and @jugs, I suggest changing _urlbase from "https://dist.torproject.org/torbrowser/${pkgver}" to "https://archive.torproject.org/tor-package-archive/torbrowser/${pkgver}". That way we can still install the package while you work on releasing a new version.

Elrondo46 commented on 2025-02-08 16:50 (UTC)

Hi

Can I co-maintain the package to update it faster when there is a more recent version?

m93 commented on 2025-01-20 18:21 (UTC)

For me it worked after:

gpg --keyserver hkps://keys.openpgp.org --recv-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

then:

yay -S tor-browser

Daedalus24 commented on 2025-01-16 12:49 (UTC) (edited on 2025-01-21 06:48 (UTC) by Daedalus24)

The command $ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

returns gpg: error retrieving 'torbrowser@torproject.org' via WKD: General error gpg: error reading key: General error

I was able to download the gpg key using

$gpg --keyserver keys.openpgp.org --recv-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

Any attempt to install the package $ paru -S tor-browser(-bin)

fails with

ERROR: sha256sums does not allow empty values.

rafaelff commented on 2024-10-02 10:08 (UTC)

When you get ==> ERROR : sha256sums does not allow empty values., there is a chance a new tor-browser version released.

Try accessing the tarball URL (example, for 13.5.5 it is https://dist.torproject.org/torbrowser/13.5.5/); if you get "Not Found" error, then please flag the package as out of date.

richard_mt commented on 2024-10-02 06:56 (UTC) (edited on 2024-10-02 07:07 (UTC) by richard_mt)

I hit this error:

$ makepkg -si
==> ERREUR : sha256sums does not allow empty values.
==> ERREUR : sha256sums does not allow empty values.

I think this is due to CARCH not being set properly on my system, but I don't know how to fix it

My bad, it was simply due to the download file 13.5.5 not being available anymore on the server.

kysh commented on 2024-10-01 21:18 (UTC) (edited on 2024-10-01 21:23 (UTC) by kysh)

makepkg -s fails with

==> ERROR: sha256sums does not allow empty values.
==> ERROR: sha256sums does not allow empty values.

while

tor-browser -u says

Everything is up to date (current version: 13.5.4).

The browser itself on the "About" menu says its 

13.5.6 (based on Mozilla Firefox 115.16.0esr)

Guess the browser updated itself sans AUR

nisavid commented on 2024-09-26 17:16 (UTC)

TL;DR: If you're still encountering

    tor-browser-linux-x86_64-13.5.3.tar.xz ... FAILED (unknown public key 157432CF78A65729)

then run this before building the package:

$ gpg --auto-key-locate nodefault,wkd,keyserver --keyserver hkps://keys.openpgp.org --locate-keys torbrowser@torproject.org

The key-retrieval command suggested by @grufo was insufficient for me.

I retrieved the key from WKD:

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2025-07-21]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07

But the package build still failed:

$ makepkg -i
⋮
==> Verifying source file signatures with gpg...
    tor-browser-linux-x86_64-13.5.4.tar.xz ... FAILED (unknown public key 157432CF78A65729)
==> ERROR: One or more PGP signatures could not be verified!

Notice that the missing key was indeed not retrieved:

$ gpg --list-keys torbrowser@torproject.org                         
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2025-07-21]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07

Retrieving the missing key from the OpenPGP keyserver did the trick, obtaining a subkey of the key retrieved from WKD:

$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 157432CF78A65729

pub  rsa4096/4E2C6E8793298290  created: 2014-12-15  expires: 2027-07-15
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290

     Tor Browser Developers (signing key) <torbrowser@torproject.org>

Do you want to import this key? (y/N) y
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 3 new signatures
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 1 new subkey
gpg: Total number processed: 1
gpg:            new subkeys: 1
gpg:         new signatures: 3

$ gpg --list-keys torbrowser@torproject.org                    
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2027-07-15]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07 
sub   rsa4096/157432CF78A65729 2024-07-15 [S] [expires: 2026-10-26]

After this, the package build succeeded.

Note that the subkey was available on the OpenPGP keyserver but not on the Ubuntu keyserver.

In retrospect, I could've retrieved both keys with one command. This is what I'd recommend running in lieu of the gpg command suggested by @grufo:

$ gpg --auto-key-locate nodefault,wkd,keyserver --keyserver hkps://keys.openpgp.org --locate-keys torbrowser@torproject.org
pub   rsa4096/4E2C6E8793298290 2014-12-15 [C] [expires: 2027-07-15]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
      origin=ks last=2023-08-07 url=https://keys.openpgp.org:443
uid                 [marginal] Tor Browser Developers (signing key) <torbrowser@torproject.org>
                    kounek7zrdx745qydx6p59t9mqjpuhdf@torproject.org
                    origin=ks last=2023-08-07 
sub   rsa4096/157432CF78A65729 2024-07-15 [S] [expires: 2026-10-26]

1 2 3 4 5 6 .. 77 Next › Last »