Package Details: tor-browser-bin 14.0.2-1

Git Clone URL: https://aur.archlinux.org/tor-browser-bin.git (read-only, click to copy)
Package Base: tor-browser-bin
Description: Tor Browser Bundle: anonymous browsing using Firefox and Tor
Upstream URL: https://www.torproject.org/projects/torbrowser.html
Licenses: MPL-2.0
Conflicts: tor-browser
Provides: tor-browser
Submitter: FabioLolix
Maintainer: grufo (jugs)
Last Packager: grufo
Votes: 1282
Popularity: 1.76
First Submitted: 2023-09-24 17:45 (UTC)
Last Updated: 2024-11-17 05:13 (UTC)

Pinned Comments

grufo commented on 2019-08-15 02:22 (UTC)

Before running makepkg, you must do this (as normal user):

$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

Latest Comments

« First ‹ Previous 1 .. 64 65 66 67 68 69 70 71 72 73 74 .. 77 Next › Last »

DaveCode commented on 2013-07-02 06:11 (UTC)

Arch Linux finally verifies packages, but AUR not so much, because "makepkg does not use pacman's keyring" https://wiki.archlinux.org/index.php/Makepkg#Signature_checking Most folks have no GPG keys. Makepkg should use pacman-key. It doesn't. Key import and signing ain't enough. You need to fiddle an obscure app you probably don't use, and if you do, mix personal keys with pacman keys. Or else, rely on makepkg's willingness to build crypto regardless of signature. Yay Arch security design...

DaveCode commented on 2013-07-02 05:37 (UTC)

@Maxr The key is signed but I caught the bug. Why does /usr/bin/makepkg line 1282 call "gpg" not "pacman-key"? Pacman-key validates the tarball: $ pacman-key --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc ==> Checking tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc ... gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659 gpg: Good signature from "Erinn Clark <erinn@torproject.org>" gpg: aka "Erinn Clark <erinn@debian.org>" gpg: aka "Erinn Clark <erinn@double-helix.org>" $ gpg --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659 gpg: Can't check signature: No public key

Maxr commented on 2013-06-29 11:34 (UTC)

optdeps updated. Thanks for the hint. @DaveCode: Did you sign the imported key? Maybe have a look at https://wiki.archlinux.org/index.php/Pacman-key#Adding_Unofficial_keys for details. Signature verifying works for me.

DaveCode commented on 2013-06-29 01:22 (UTC)

I did crypto keys right, but get source tarball validation errors (i686). # pacman-key --recv-keys 0x63FEE659 # pacman-key --finger "Erinn Clark" My fingerprint output matches https://www.torproject.org/docs/verifying-signatures.html.en 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659 So key import worked. Now the validation bug, http://troll.ws/paste/97d7981a The stuff at far upper right is shell prompt, ignore. Look for FAILED in output. Inspecting the mystery key with # pacman-key --list-keys 0x416F061063FEE659 # pacman-key --finger 0x416F061063FEE659 shows Erinn and the same fingerprint as during import, all fine. Also visit http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x416F061063FEE659 So validation should have worked. Yet I also wonder why, when it failed, I had to use Ctrl-C to stop installation, maybe another problem...it should have stopped itself.

kjslag commented on 2013-06-28 21:42 (UTC)

In the optional dependencies, I think "kdialog" is supposed to be "kdebase-kdialog". thanks!

Maxr commented on 2013-06-23 09:11 (UTC)

Thanks for the input. As far as I get it, the present state is not that far away from your suggestion (in fact just one additional number in the pkgrel). Nevertheless I'll try it with the next release. I am still hopeful that they will return to syncronized versioning in the future.

DaveCode commented on 2013-06-22 00:24 (UTC)

@Maxr If I follow you, then on i686, pacman -Qi will now list package 2.3.25_9-1 but contain upstream's 2.3.25_8 code, so pacman will be wrong on i686. If upstream is not synchronizing then don't even try. Use 2.3.25-<AURBuild> numbering to subsume their mess. Your <AURBuild> number can mean different upstream tarballs under the hood. Pacman will report the correct version to the best resolution possible for this multiarch package. The other way to go is two packages in AUR, one for each CPU arch. I couldn't speculate which design would be easier. Thanks!

Maxr commented on 2013-06-20 12:01 (UTC)

Package updated (did not bump pkgrel however, because x64 ppl don't need to update at all). Hopefully i686 is working now. Please test and report any problems ;-) I will have a look into this dbus-glib-thing ASAP. @DaveCode dash-8 / dash-9 mess is correct. Upstream did release different versions for different archs, unfortunately. Signature checking should work providing you have the key available (you have to download it manually).

DrZingo commented on 2013-06-20 11:41 (UTC)

@Maxr I tried the original tarball from Tor. I had to remove my packages I installed afterwards (firefox, thunar, tumbler) and their deps. I traced it down to dbus-glib was missing. Without it I get the same error again. I don't know if it should be a dependency. I'm not running any other 'required by' package.

« First ‹ Previous 1 .. 64 65 66 67 68 69 70 71 72 73 74 .. 77 Next › Last »