Could this be made to use tor and vidalia packages from the Arch repository?
I have those packages already installed for running a Tor relay.
I don't see the point of having them installed twice. And I don't see why this all has to be in a single package.
Search Criteria
Package Details: tor-browser-bin 13.5-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/tor-browser-bin.git (read-only, click to copy) |
|---|---|
| Package Base: | tor-browser-bin |
| Description: | Tor Browser Bundle: anonymous browsing using Firefox and Tor |
| Upstream URL: | https://www.torproject.org/projects/torbrowser.html |
| Licenses: | MPL-2.0 |
| Conflicts: | tor-browser |
| Provides: | tor-browser |
| Submitter: | FabioLolix |
| Maintainer: | FabioLolix (grufo, jugs) |
| Last Packager: | jugs |
| Votes: | 1284 |
| Popularity: | 4.09 |
| First Submitted: | 2023-09-24 17:45 (UTC) |
| Last Updated: | 2024-06-21 13:27 (UTC) |
Dependencies (19)
- alsa-lib
- dbus-glib (dbus-glib-gitAUR)
- desktop-file-utils (desktop-file-utils-gitAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- hunspell (hunspell-gitAUR)
- icu (icu-gitAUR)
- libevent (libevent-gitAUR)
- libvpx (libvpx-full-gitAUR, libvpx-1.7AUR, libvpx-gitAUR)
- libxt
- mime-types (mailcap)
- nss (nss-hgAUR)
- sqlite (sqlite-fossilAUR)
- startup-notification
- gst-libav (gst-libav-gitAUR) (optional) – H.264 video
- gst-plugins-good (gst-plugins-good-gitAUR) (optional) – H.264 video
- kdialog (kdialog-gitAUR) (optional) – KDE dialog boxes
- libnotify (libnotify-gitAUR) (optional) – Gnome dialog boxes
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR) (optional) – PulseAudio audio driver
- zenity (qarma-gitAUR, zenity-gtk3AUR, zenity-gitAUR) (optional) – simple dialog boxes
Required by (0)
Sources (8)
- https://dist.torproject.org/torbrowser/13.5/tor-browser-linux-i686-13.5.tar.xz
- https://dist.torproject.org/torbrowser/13.5/tor-browser-linux-i686-13.5.tar.xz.asc
- https://dist.torproject.org/torbrowser/13.5/tor-browser-linux-x86_64-13.5.tar.xz
- https://dist.torproject.org/torbrowser/13.5/tor-browser-linux-x86_64-13.5.tar.xz.asc
- tor-browser.desktop.in
- tor-browser.in
- tor-browser.png
- tor-browser.svg
ZaZam commented on 2013-08-06 21:09 (UTC)
Maxr commented on 2013-08-04 16:31 (UTC)
Thanks for the hint, .install file is up to date now (didn't bump pkgrel).
Boskote commented on 2013-08-03 05:26 (UTC)
Maxr,
From what DaveCode is saying, I think the command in the pre_install message should be changed from "pacman-key -r <keyid>"to "gpg --recv-keys <keyid>". Because the default for makepkg is to use the ~/.gnupg keyring.
DaveCode,
I agreed with you until I read that the keyring for pacman-key is intended for signatures of Arch developers for official packages, which makes sense:
https://bbs.archlinux.org/viewtopic.php?pid=1297793#p1297793
Verifying source signatures for AUR builds is really different. There should be better info on the AUR wiki page about possibly needing to use gpg --recv-keys <keyid> in order to verify signed source.
DaveCode commented on 2013-07-02 06:11 (UTC)
Arch Linux finally verifies packages, but AUR not so much, because "makepkg does not use pacman's keyring"
https://wiki.archlinux.org/index.php/Makepkg#Signature_checking
Most folks have no GPG keys. Makepkg should use pacman-key. It doesn't.
Key import and signing ain't enough. You need to fiddle an obscure app you probably don't use, and if you do, mix personal keys with pacman keys.
Or else, rely on makepkg's willingness to build crypto regardless of signature.
Yay Arch security design...
DaveCode commented on 2013-07-02 05:37 (UTC)
@Maxr The key is signed but I caught the bug. Why does /usr/bin/makepkg line 1282 call "gpg" not "pacman-key"? Pacman-key validates the tarball:
$ pacman-key --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc
==> Checking tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc ...
gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark <erinn@torproject.org>"
gpg: aka "Erinn Clark <erinn@debian.org>"
gpg: aka "Erinn Clark <erinn@double-helix.org>"
$ gpg --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc
gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659
gpg: Can't check signature: No public key
Maxr commented on 2013-06-29 11:34 (UTC)
optdeps updated. Thanks for the hint.
@DaveCode: Did you sign the imported key? Maybe have a look at https://wiki.archlinux.org/index.php/Pacman-key#Adding_Unofficial_keys for details. Signature verifying works for me.
DaveCode commented on 2013-06-29 01:22 (UTC)
I did crypto keys right, but get source tarball validation errors (i686).
# pacman-key --recv-keys 0x63FEE659
# pacman-key --finger "Erinn Clark"
My fingerprint output matches
https://www.torproject.org/docs/verifying-signatures.html.en
8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659
So key import worked. Now the validation bug,
http://troll.ws/paste/97d7981a
The stuff at far upper right is shell prompt, ignore. Look for FAILED in output. Inspecting the mystery key with
# pacman-key --list-keys 0x416F061063FEE659
# pacman-key --finger 0x416F061063FEE659
shows Erinn and the same fingerprint as during import, all fine. Also visit
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x416F061063FEE659
So validation should have worked. Yet I also wonder why, when it failed, I had to use Ctrl-C to stop installation, maybe another problem...it should have stopped itself.
kjslag commented on 2013-06-28 21:42 (UTC)
In the optional dependencies, I think "kdialog" is supposed to be "kdebase-kdialog". thanks!
Pinned Comments
grufo commented on 2019-08-15 02:22 (UTC)
Before running
makepkg, you must do this (as normal user):$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.orgIf you want to update tor-browser from AUR without AUR helpers you can run in a terminal:
$ tor-browser -u