Package Details: tor-browser-en 5.5.5-1

Git Clone URL: https://aur.archlinux.org/tor-browser-en.git (read-only)
Package Base: tor-browser-en
Description: Tor Browser Bundle: Anonymous browsing using firefox and tor
Upstream URL: https://www.torproject.org/projects/torbrowser.html.en
Licenses: GPL
Submitter: Maxr
Maintainer: yar (jugs)
Last Packager: jugs
Votes: 541
Popularity: 22.118251
First Submitted: 2011-10-14 19:30
Last Updated: 2016-04-27 01:25

Latest Comments

M0Rf30 commented on 2016-05-02 20:41

In order to allow customizations with icons themes, could you change Icons entry in .desktop file as follow?
Icon=tor-browser-en
You need to copy icon in /usr/share/pixmaps

Could you answer or give signals of life? It doesn't require too much time to do such a little change
Greetings and cordiality

toruser commented on 2016-04-27 09:07

Please add the following line to 'tor-browser-en.sh' in function 'update()':

setfattr -n user.pax.flags -v m "${INSTALL_DIRECTORY}/Browser/firefox"

Else people using 'linux-grsec' can't use it. Thanks.

erkexzcx commented on 2016-04-17 06:22

Up

$ gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0

M0Rf30 commented on 2016-04-07 13:19

In order to allow customizations with icons themes, could you change Icons entry in .desktop file as follow?
Icon=tor-browser-en
You need to copy icon in /usr/share/pixmaps

dmp1ce commented on 2016-03-27 02:15

@donny, I understand it works now. I just think rm is potentially dangerous to have in the script. What if the developer accidentally spells the variable wrong one day? That probably won't happen, but it would be very bad if it did.

Archeon commented on 2016-03-27 01:55

gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0
Worked great for me. Thanks again, ian_x86.

donny commented on 2016-03-25 21:06

dmp1ce:
look again, the global variable $INSTALL_DIRECTORY is defined on line 83, the update() function is called on line 106.

dmp1ce commented on 2016-03-12 19:28

There is a line in the update() function which concerns me. The line is "rm -rf $INSTALL_DIRECTORY/*". If for whatever reason "$INSTALL_DIRECTORY" is not set, users are going to have a bad day. Do you think a check to see if "$INSTALL_DIRECTORY" is set would be a good idea? Or maybe not have the "rm -rf" at all and just override files with the tar extraction?

It is too bad that the Tor Bundle cannot be installed directly into /opt and the profile user data picked up from ~/. It didn't look like that was possible with the way the Tor Bundle is setup.

Krieger commented on 2016-02-27 02:30

Executing this:
gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0

worked, thanks ian_x86.

ian_x86 commented on 2016-02-24 03:07

Problems with error signature? try this : gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0

dmp1ce commented on 2016-02-01 23:44

I'm sure this has been asked before, but how can I make settings changes to the tor-browser-en and have them persist to new updates? I want to change the hidpi settings and add a few bookmarks.

mystified1234 commented on 2016-01-12 14:07

hi guys, found a work around for tor-browser-en.

install through packer.

I use manjaro and currently I'm testing aapricity.

through user $ yaourt -S packer
ownloading packer PKGBUILD from AUR...
x .AURINFO
x .SRCINFO
x PKGBUILD

after installing packer

packer -S tor-browser-en
Aur Targets (1): tor-browser-en
Pacman Targets (1): mime-types


should now work..

the other option is to download & extract the app from torproject to desktop both the folder "browser" and start-tor-browser.desktop. then dbl click this file and run as executable file.

this always works for me regardless of distro, but not as clean looking as installing through packer.

cheers

blueish4 commented on 2015-12-24 19:15

@Matheus You need to add the tor developer's key, see the comments below. Try:
gpg --keyserver pgp.mit.edu --recv-keys 2E1AC68ED40814E0

Matheus commented on 2015-12-24 06:15

This appearing a mistake that one or more signatures could not be verified.

TingPing commented on 2015-12-21 16:41

The desktop file shouldn't reference a full path for the icon as this breaks icon themes. It should just be set to 'tor-browser-en'.

petruschka commented on 2015-11-20 05:49

@SofianeSadi, worked! Like a charm... Thank you!!! Must go RTFgnupgM ;)

SofianeSadi commented on 2015-11-20 03:22

@petruschka this is a problem related to gnupg.

Add this to your ~/.gnupg/gpg.conf:
keyserver-options debug
keyserver hkp://pgp.mit.edu

Then try again:
gpg --recv-keys 2E1AC68ED40814E0

It should work.

tastyminerals commented on 2015-11-19 21:46

jesus christ, this thread became a PGP nightmare...

petruschka commented on 2015-11-19 00:12

Greetings,

I'm having the same problem:

==> Verifying source file signatures with gpg...
tor-browser-linux64-5.0.4_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build tor-browser-en.

Also,
$ gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0
gpg: keyserver receive failed: No keyserver available


Apologies, I'm very new to all this security stuff and don't yet really understand how keys work so help is much appreciated! Pointers to how this stuff works too! ;)
Thanks in advance!

vyachkonovalov commented on 2015-11-11 21:13

@rugaliz, just look below what Krawuzl says

rugaliz commented on 2015-11-11 21:09

I get an error:

==> Verifying source file signatures with gpg...
tor-browser-linux64-5.0.4_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build tor-browser-en.

securitybreach commented on 2015-11-06 19:52

Can someone upload the updated PKGBUILD as I can't get it to work even after changing the PKGBUILD to your diff?

vyachkonovalov commented on 2015-11-04 19:24

@HeavyRain

Yes. The problem was incorrect hash sum and it's already solved https://aur.archlinux.org/cgit/aur.git/commit/?h=tor-browser-en&id=baeedb876ad6352a21ff4317de8d3251a0c2dd66

HeavyRain commented on 2015-11-04 19:09

@aizuon
@vyachkonovalov

Have you imported their gpg key (2E1AC68ED40814E0)?

aizuon commented on 2015-11-04 18:44

@vyachkonovalov
having the same issue

vyachkonovalov commented on 2015-11-04 18:38

==> Validating source files with sha256sums...
tor-browser-linux64-5.0.4_en-US.tar.xz ... FAILED
tor-browser-linux64-5.0.4_en-US.tar.xz.asc ... Skipped
==> ERROR: One or more files did not pass the validity check!

Krawuzl commented on 2015-10-23 21:10

Thanx for the tip about the gpg key.
It took me a while until it worked, because I always added the key as root.
`$ gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0`
NO SUDO!
;)

beroal commented on 2015-09-24 15:06

TBB's attempts to install its own update annoy me. Is there a way to disable them and leave just the notification?

Hoot215 commented on 2015-09-17 00:49

Using the 'fte' bridge fails because the '.tor-browser-en/INSTALL/Browser/TorBrowser/Tor/PluggableTransports/fteproxy.bin' file uses '#!/usr/bin/env python', which expects python2, not python3.

natedog commented on 2015-08-29 01:27

Misunderstood, clearly didn't understand how keys work well enough, works now, thanks for the help!

NewWorld commented on 2015-08-26 17:20

To import their key run:

`$ gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0`

HeavyRain commented on 2015-08-25 08:16

@natedog:

Please see my last comment, directly underneath yours...

natedog commented on 2015-08-25 02:58

==> Verifying source file signatures with gpg...
tor-browser-linux64-5.0.1_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0)
==> ERROR: One or more PGP signatures could not be verified!

HeavyRain commented on 2015-08-22 17:57

@EgidioCaprino:

Does it not say which signature? Try importing their public gpg key (2E1AC68ED40814E0).

EgidioCaprino commented on 2015-08-22 17:52

It does not build.

==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build tor-browser-en.

iskenderoguz commented on 2015-08-16 20:50

I get "(35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol" error.

toruser commented on 2015-07-22 19:04

I had to disable MPROTECT using the following command to get the program working. I don't know if that is desirable though.

# setfattr -n user.pax.flags -v m .tor-browser-en/INSTALL/Browser/firefox

Please refer to `man paxctl` for basic information about attribute "m" and to the following link for further information about different attribute types and else: https://wiki.gentoo.org/wiki/Hardened/PaX_Quickstart#Controlling_PaX

toruser commented on 2015-07-17 17:46

journald catches two related messages, I don't know if that one about libGL is fatal though.

Jul 17 17:16:06 toruser kernel: grsec: denied RWX mprotect of /usr/lib/nvidia/libGL.so.352.21 by /home/toruser/.tor-browser-en/INSTALL/Browser/firefox[firefox:896] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:884] uid/euid:1000/1000 gid/egid:1000/1000
Jul 17 17:16:07 toruser kernel: grsec: denied RWX mmap of <anonymous mapping> by /home/toruser/.tor-browser-en/INSTALL/Browser/firefox[firefox:896] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:884] uid/euid:1000/1000 gid/egid:1000/1000

toruser commented on 2015-07-17 17:39

journald catches two related messages, I don't know if that one about libGL is fatal though.

Jul 17 19:16:06 toruser kernel: grsec: denied RWX mprotect of /usr/lib/nvidia/libGL.so.352.21 by /home/toruser/.tor-browser-en/INSTALL/Browser/firefox[firefox:896] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:884] uid/euid:1000/1000 gid/egid:1000/1000
Jul 17 19:16:07 toruser kernel: grsec: denied RWX mmap of <anonymous mapping> by /home/toruser/.tor-browser-en/INSTALL/Browser/firefox[firefox:896] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/bash[bash:884] uid/euid:1000/1000 gid/egid:1000/1000

toruser commented on 2015-07-17 13:02

Tor-Browser does not launch on my system. There is no crash or exception message.

Are there any known bugs when using linux-grsec (maybe in combination with nvidia-grsec as video driver)?

Squirrel_Man91 commented on 2015-07-07 17:28

For anyone having an issue with PGP Signatures, try

gpg --keyserver pgp.mit.edu --recv-keys 2E1AC68ED40814E0

Looks like Blazer78's post is no longer working (no route to host)

Squirrel_Man91 commented on 2015-07-07 17:28

For anyone having an issue with PGP Signatures, try
gpg --keyserver pgp.mit.edu --recv-keys 2E1AC68ED40814E0

Looks like Blazer78's post is no longer working (no route to host)

kyak commented on 2015-07-04 12:53

@beroal You should really be running some aur helper. I'm running pacaur, and got used to to 'pacaur -Syu' instead of 'pacman -Syu'. This will keep you up to date without maintainer having to post update comments.

beroal commented on 2015-07-04 12:36

I have a suggestion. @yar, would you post a comment here when you update the package so we will receive email notifications? Out-of-date Tor Browser is pretty annoying, so I can't update it once in a month or like that, I check this page several times before the package is updated because Tor Browser nags me.

kete commented on 2015-05-25 22:38

Is it possible to open external links in this browser? When I try, the browser tries to start from scratch, and it can't do that. Then, the attempted process gives an error message and stops. The first instance keeps running.

idomeneo1 commented on 2015-05-23 20:41

That's it - I loaded this on a new computer and only redid the pkgbuild, assuming the other files were the same...

yar commented on 2015-05-23 19:55

idomeneo1: Are you sure you're using the newest tarball? c2303d.. is the sha256sum from 3 versions ago.

idomeneo1 commented on 2015-05-23 19:47

Should be:
sha256sums=('3d5fc01f2cfbae0a00b7117b0b0a24028d1686e6f81a347809f74de2d8522ff7'
'17fc2f5784d080233aca16e788d62ab6fe3e57cf781b123cfe32767de97d6d3b'
'c2303d3e85265fd2b5cad64187558841e7088dcdaf6dd957a5a48ce0ba003934')

idomeneo1 commented on 2015-05-23 19:37

==> Validating source files with sha256sums...
tor-browser-en.desktop ... Passed
tor-browser-en.png ... Passed
tor-browser-en.sh ... FAILED
==> ERROR: One or more files did not pass the validity check!

aurelieng commented on 2015-05-13 06:28

4.5.1 is out :)

Blazer78 commented on 2015-05-12 09:04

Do it to import official Tor's Developer Keys:

gpg --keyserver keys.gnupg.net --recv-keys 2E1AC68ED40814E0

Then update all:

yaourt -Syua

Bye

bouhappy commented on 2015-05-03 16:23

The key requested is the last key listed in:
https://www.torproject.org/docs/signing-keys.html.en

bouhappy commented on 2015-05-03 16:18

For PGP signature issue:
$ gpg --recv-keys 0x4E2C6E8793298290
Done.

Later you can delete your key:
$ gpg --list-keys

bouhappy commented on 2015-05-03 16:16

I just feel like re-sharing, for the lazy ones. For PGP issue:

$ gpg --recv-keys 0x4E2C6E8793298290

Done.

Later you can delete your key:

$ gpg --list-keys

Crashlog commented on 2015-05-01 20:17

Is checking the wiki really too much to ask for?
https://wiki.archlinux.org/index.php/Makepkg#Signature_checking

tastyminerals commented on 2015-05-01 20:10

For all those who have the same issue do please download the package from www.torproject.org and don't waste you time.

student975 commented on 2015-05-01 20:05

I have got the same issue as tastyminerals. After reading comments I have imported and signed the key ("pacman-key -r" and "pacman-key --lsign-key", and verified). The error still exists. It seems, some step still was missed. Hint?

hobarrera commented on 2015-04-29 10:07

@archaurwiki's advice is just as bad as tecnopado. *never* add a trust of level 5 to someone unless you've verified their key in person.

Adding trust of 5 to a key you find in comments in the AUR means that whomever owns that key now has a huge influence in your gpg web-of-trust. And you're not really sure who that owner is.

syl commented on 2015-04-26 09:47

@mountpeaks: you better learn respect of each other. yar is doing good for longtime.
All you need has already been discussed within the comment a while ago. Look for the history!

tastyminerals commented on 2015-04-26 09:12

If there is something we should know OR do before installing the package it should be stated by the maintainer at least here in comments. I see only one comment by @yar so far and it says nothing about PGP issue.

tastyminerals commented on 2015-04-26 09:12

If there is something we should know OR do before installing the package it should be stated by the maintainer at least here in comments. I see only one comment by @yar so far and it says nothing about the PGP issue.

tastyminerals commented on 2015-04-26 09:08

@beroal: Maybe I should also teach the maintainer how to maintain AUR packages?

tastyminerals commented on 2015-04-26 09:07

@beroal: Maybe I should also teach the maintainer how to maintain AUR packages?

beroal commented on 2015-04-26 08:18

@mountpeaks: Learn about PGP, read previous comments.

tastyminerals commented on 2015-04-26 07:37

Please fix this for Christ's sake

tor-browser-linux64-4.0.8_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0)
==> ERROR: One or more PGP signatures could not be verified!

Anonymous comment on 2015-04-26 04:54

@tecnopado's comment should be deleted if possible

joeychagnon commented on 2015-04-14 22:01

Because the desktop file's path is hardcoded this package doesn't work with custom icon themes. Maybe it should be changed to just "Icon=REPL_NAME.png"?

conley commented on 2015-04-11 18:12

No worries yar, you're doing good.

yar commented on 2015-04-09 19:19

@archaurwiki The last out-of-date flag was wrong, but by mistake I forgot to clear it, so there was no way for me to get a notification the next time. Sorry about that, won't happen again.

archaurwiki commented on 2015-04-09 18:24

@yar: Hi, if you can't maintain this package in a timely manner will you please abandon it for someone else to take care of? Thanks.

Marcel_K commented on 2015-04-01 22:10

Instead of 2 and 3, you can simply run updpkgsums and the checksums will be updated. However, it's always a good habit to check those with the ones provided upstream. In *this* case, the signature is also checked, but checksum checking is useless when calculating them yourselves after downloading.

thinking-aloud commented on 2015-04-01 20:06

you can easily do the changes yourself:
pkgver='4.0.6'

1. download:
https://dist.torproject.org/torbrowser/4.0.6/tor-browser-linux64-4.0.6_en-US.tar.xz
and
https://dist.torproject.org/torbrowser/4.0.6/tor-browser-linux64-4.0.6_en-US.tar.xz.asc

2. generate checksum
run "sha256sum <filename>" on both files

3. Insert the keys in line 27 and 28

If you trust me (I wouldn't trust me) you can skip Step 1 and 2 and use the keys here:
d954510bf812f624945bdba8e1c37e23573de89e2f159d7c89a3e3589a765559
67653aecfab4e9e0f6d0d2f534e5fabe24a6373c1149add2679fcad5ee195c72

archaurwiki commented on 2015-03-24 18:04

@tecnopado: that is a horrible hack. NEVER skip gpgcheck for something as sensitive as Tor or TBB. Anyone reading this: do NOT use @tecnopado's advice.

In addition to @blackhole's advice you can also
$ gpg --edit-key 0x4E2C6E8793298290
gpg> trust
<select option 5 to fully trust (this assumes that you have met the keyholder in person and can guarantee it is from that person)>
gpg> save

pcxz commented on 2015-03-23 16:32

@blackhole
Thx work ok.

tecnopado commented on 2015-03-10 14:36

for the issue whit pgp key i've solved by "the noobs/lazy way" .. yaourt -G tor-browser-en → /tmp/yaourt-tmp-<USERNAME>/aur-tor-browser-en/ → makepkg -si --skippgpcheck

tecnopado commented on 2015-03-10 14:36

or the issue whit pgp key i've solved by "the noobs/lazy way" .. yaourt -G tor-browser-en → /tmp/yaourt-tmp-<USERNAME>/aur-tor-browser-en/ → makepkg -si --skippgpcheck

tecnopado commented on 2015-03-10 14:34

for the issue whit pgp key i've solved by "the noobs/lazy way" .. yaourt -G tor-browser-en → cd /yaourt-tmp-username/aur-tor-browser-en → makepkg -si --skippgpkey

Toost_Inc commented on 2015-03-03 21:41

To add to blackholes comment, you can verify the key fingerprint against
https://www.torproject.org/docs/signing-keys.html.en

to make sure you've got the right one.

blackhole commented on 2015-02-25 23:02

As USER:
gpg --keyserver pgp.mit.edu --recv-keys 0x4E2C6E8793298290
you can verify with:
gpg --fingerprint 0x4E2C6E8793298290

dzen commented on 2015-02-24 20:29

work for me
1)unpack tarball
2)gpg --keyserver pool.sks-keyservers.net --recv-keys 416F061063FEE659
3)makepkg -i

fosnss commented on 2015-02-16 06:51

How to fix: tor-browser-linux64-4.0.3_it.tar.xz ... FAILED (the public key 8738A680B84B3031A630F2DB416F061063FEE659 is not trusted)

To verify signatures for packages
https://www.torproject.org/docs/verifying-signatures.html.en

beroal commented on 2015-02-10 22:05

For example, I don't use Privoxy.

ernie4chan commented on 2015-02-10 20:54

Hey, there! Two question:
1) How to change GUI and fonts to match desktop settings?
2) Do I have to install Privoxy?
Tks.

Marcel_K commented on 2015-02-10 17:04

Import the key as normal user (the one with which you run makepkg).

djringjr commented on 2015-02-10 16:45

Same problem, I don't know why I have added the key. Perhaps when I reboot?

tor-browser-linux32-4.0.3_en-US.tar.xz ...
FAILED (unknown public key 416F061063FEE659)

# pacman-key -r 416F061063FEE659 --keyserver pgp.mit.edu
gpg: key 63FEE659: "Erinn Clark <erinn@torproject.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

Very odd!

alexiobash commented on 2015-02-09 18:49

when run mkaurball:

tor-browser-linux64-4.0.3_it.tar.xz ... FAILED (the public key 8738A680B84B3031A630F2DB416F061063FEE659 is not trusted)

i'v just run pacman-key -r 416F061063FEE659 --keyserver pgp.mit.edu and gpg --recv-keys 416F061063FEE659

Burner commented on 2015-01-30 22:05

This is package 4.0.2 of Tor, not 4.0.3 as far as my installation went.

It's ill-advised to use an outdated package of such software. Would you please update it and we'd be thankful!

ashaman-crypto commented on 2015-01-24 10:56

While installing with yaourt, adding the PGP key to the user's keyring did not help. What did the trick for me was running
pacman-key -r 416F061063FEE659 --keyserver pgp.mit.edu

francescortiz commented on 2015-01-19 11:45

To fix the problem I created a keyserver with kleopatra

syl commented on 2015-01-18 11:50

try:
gpg --keyserver pgp.mit.edu --recv-keys 416F061063FEE659

francescortiz commented on 2015-01-18 10:50

Runinng "gpg --recv-keys 416F061063FEE659" I get:

gpg: keyserver receive failed: No keyserver available

rufus1987 commented on 2015-01-17 17:51

For fix PGP error just run first
gpg --recv-keys 416F061063FEE659 without sudo and than install/update

gdea73 commented on 2015-01-16 23:48

==> Verifying source file signatures with gpg...
tor-browser-linux64-4.0.3_en-US.tar.xz ... FAILED
==> ERROR: One or more PGP signatures could not be verified!

I'm still getting this error in Packer, after adding the 0x63FEE659 key AND adding "keyring /etc/pacman.d/gnupg/pubring.gpg" to ~/.gnupg/gpg.conf.

What gives?

syl commented on 2015-01-14 09:18

Will tor-browser be moved into the community repository one day?

iskenderoguz commented on 2015-01-05 22:12

@Marcel_K, your answer works. thank you

Marcel_K commented on 2015-01-05 17:20

Choose another keyserver:

gpg --keyserver pgp.mit.edu --recv-keys 0x63FEE659

edward_81 commented on 2015-01-05 14:35

> gpg --recv-keys 0x63FEE659
> gpg: keyserver receive failed: No keyserver available
How I can fix this? I try to search but him totally lost.

mudrii commented on 2015-01-05 11:54

No fix for the issue ?

palasso commented on 2015-01-02 09:58

@yar

I did some cleanup in the PKGBUILD http://pastie.org/private/emg2wzh9whwhfn9jes89jq

It doesn't use anymore _pkgarch, _realpkgver, _realpkgver_i686 and instead uses a new feature from pacman 4.2. I'm not sure what was the use of _realpkgver_i686. Also fixed indentation.

I noticed that in tor-browser-en.sh, line 27: PKGARCH="REPL_ARCH" isn't being used anywhere.

I also noticed that tor-browser-en.sh extracts the (installed from pacman) tar.xz from /opt/$pkgname to home at first run while there are rm -rf commands in $pkgname.install for when updating/removing.

It's a hacky solution. Why isn't the extraction and packaging of files left on makepkg so that it'll be properly installed by pacman?

palasso commented on 2015-01-02 09:54

@yar

I did some cleanup in the PKGBUILD http://pastie.org/private/emg2wzh9whwhfn9jes89jq

It doesn't use anymore _pkgarch, _realpkgver, _realpkgver_i686 and instead uses a new feature from pacman 4.2. I'm not sure what was the use of _realpkgver_i686. Also fixed indentation.

I noticed that in tor-browser-en.sh, line 27: PKGARCH="REPL_ARCH" isn't being used anywhere.

I also noticed that tor-browser-en.sh extracts the (installed from pacman) tar.xz to /opt/$pkgname at first run while there are rm -rf commands in $pkgname.install for when updating/removing.

It's a hacky solution. Why isn't the extraction and packaging of files left on makepkg so that it'll be properly installed by pacman?

Marcel_K commented on 2015-01-01 23:17

Indeed. To be clear: the Arch Linux keyring and your local keyring have nothing in common, you should not add keys of AUR packages to the Arch keyring, unless you want to install packages signed by that user. When issuing makepkg, your local keyring is checked, not the Arch one.

blackhole commented on 2015-01-01 21:53

It seem solved now. I had to run gpg --recv-keys 0x63FEE659 as USER!

blackhole commented on 2015-01-01 21:48

I don'have a ~/.gnupg/gpg.conf. I have added it with "keyring /etc/pacman.d/gnupg/pubring.gpg" inside
The output of
gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub rsa2048/63FEE659 2003-10-16
uid [ unknown] Erinn Clark <erinn@torproject.org>
uid [ unknown] Erinn Clark <erinn@debian.org>
uid [ unknown] Erinn Clark <erinn@double-helix.org>
sub rsa2048/EB399FD7 2003-10-16

but I cannot install this package

kylebofh commented on 2015-01-01 21:43

Perfectly installed after issuing gpg --recv-keys 0x63FEE659 and adding the line keyring /etc/pacman.d/gnupg/pubring.gpg to ~/.gnupg/gpg.conf as Minbari mentioned earlier.

AnbuBlack commented on 2015-01-01 16:20

Do you have: keyring /etc/pacman.d/gnupg/pubring.gpg in ~/.gnupg/gpg.conf?! See more at: https://wiki.archlinux.org/index.php/Makepkg#Signature_checking

blackhole commented on 2015-01-01 15:01

Not in my case

AnbuBlack commented on 2015-01-01 12:55

gpg --recv-keys 0x63FEE659 - Solve the problem.

beroal commented on 2014-12-31 19:49

@tumbler: Well, you need to trust that key. An explanation https://bbs.archlinux.org/viewtopic.php?pid=1488772#p1488772 .

Marcel_K commented on 2014-12-31 19:36

@yar: Add

validpgpkeys=('8738A680B84B3031A630F2DB416F061063FEE659')

to PKGBUILD.

tumbler commented on 2014-12-31 18:51

if i add the public key with $ gpg --recv-keys 416F061063FEE659 .. i get this message of error:

==> Verifying source file signatures with gpg...
tor-browser-linux64-4.0.2_en-US.tar.xz ... FAILED (the public key 8738A680B84B3031A630F2DB416F061063FEE659 is not trusted)

beroal commented on 2014-12-31 17:32

@tumbler: see https://wiki.archlinux.org/index.php/Tor#Web_browsing

tumbler commented on 2014-12-31 16:46

while compiling it responds:

FAILED (unknown public key 416F061063FEE659)

how to fix it?

tumbler commented on 2014-12-31 16:43

while it is compiled responds:

ERROR: unknown public key 416F061063FEE659

How to fix that?

jackpot commented on 2014-11-28 13:29

Failure to download, seems ISP is blocking tor page. Users should use different nameservers.

lockheed commented on 2014-11-10 06:55

This is what I get since about two weeks:

==> ERROR: Failure while downloading tor-browser-linux64-4.0.1_en-US.tar.xz
Aborting...

nariox commented on 2014-11-01 16:17

Just in case, I was also having problems with SSL. Even after signing the certs. My problems was that I was using a custom DNS (OpenDNS), which was blocking requests to the tor-project.

roysc commented on 2014-10-24 20:41

WRT the unknown public key, the package is signed by Erinn Clark. Verify here:
https://github.com/vinc3nt/tor-browser-installer/blob/master/README.mkd
http://pgp.mit.edu:11371/pks/lookup?search=+0x63FEE659&op=index
You just need to import the key to avoid the warning.

rach commented on 2014-10-18 15:19

the newest icon is not onion anymore and looks better imo, wish you could use it the package :)

Marcel_K commented on 2014-10-18 15:14

@zzatkin: Just read earlier comments before posting, your issue is there already.

sekret commented on 2014-10-17 18:46

Looks like now it's not possible anymore to send links to tor-browser, right? Or can anyone give me a hint?

zzatkin commented on 2014-10-17 08:10

tor-browser-linux64-4.0_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659)

...

yar commented on 2014-09-26 04:27

It works for me. If it's breaking for anybody else, please let me know how so I can fix it. Thanks!

fx101 commented on 2014-09-26 03:18

This is now out of data (and broken).
Update to version 3.6.6

qwerty12 commented on 2014-08-29 13:07

Dirty hack that should allow you to keep the majority of your profile (bookmarks and extensions, at least) when updating: http://slexy.org/view/s2RQIMTuFp

You'll need customizepkg-scripting installed (and an AUR helper that makes use of it). To those of you (if anyone) considering using this, it goes without saying that you'll possibly make yourself more identifiable by using a previous profile and extra extensions atop the TBB.

mkoskar commented on 2014-08-03 20:57

I can't figure out why browser is NOT using my gtk2 theme. Am I missing something? Is it as designed, or some setting has to be fiddled with?

Marcel_K commented on 2014-07-31 17:56

Just add the public key to your private keyring, like so:

$ gpg --recv-keys 416F061063FEE659

rbellamy commented on 2014-07-31 16:40

==> Verifying source file signatures with gpg...
tor-browser-linux64-3.6.3_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659)

anonymous5203 commented on 2014-07-30 18:44

Did the maintainer get raided by the FBI for using TOR or what? This has been flagged out of date for awhile. Other languages for this browser have been updated, but not this one. Considering the serious nature of this program quickly updating this is essential to staying safe and anonymous.

odp commented on 2014-07-22 10:29

#makepkg
Verifying source file signatures with gpg...
tor-browser-linux64-3.6.2_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659)
==> WARNING: Warnings have occurred while verifying the signatures.
Please make sure you really trust them.

#sudo pacman -U tor-browser-linux64-3.6.2_en-US.tar.xz
loading packages...
error: missing package metadata in tor-browser-linux64-3.6.2_en-US.tar.xz
error: 'tor-browser-linux64-3.6.2_en-US.tar.xz': invalid or corrupted package

deusstultus commented on 2014-06-11 18:36

The dependencies list is incomplete. Browser aspect requires additional libraries to be installed on the machine.

From firefox (Note this is 30.0 not ESR on which TBB is built): http://www.mozilla.org/en-US/firefox/30.0/system-requirements/

I'm getting additional flags indicating dependencies as built on alsa, etc. as well, recommend cloning dependencies from extra/firefox package.

GordonGR commented on 2014-06-11 10:45

I'm sure there's a sense of the word “normal” that applies to such a situation. Somewhere… Thank you.

beroal commented on 2014-06-11 10:32

“My whole browser profile is gone.”
This is normal.

GordonGR commented on 2014-06-11 10:26

Hello again. I updated the package today and my whole browser profile is gone (bookmarks, plugins etc). Is this normal behaviour, a bug or have I done anything wrong?

yar commented on 2014-05-29 23:29

@GordonGR tor-browser-en now passes arbitrary args to firefox. To use -new-tab you must also remove the "-no-remote" argument from ~/.tor-browser-en/start-tor-browser. This will also decrease your anonymity...

@computerwhiz1 thanks! I patched our launch script to do it automatically, but I used "Tor-Browser" because their script breaks on spaces. Bug report here: https://trac.torproject.org/projects/tor/ticket/12161

And for the record, I'm a woman. It's her, not him.

beroal commented on 2014-05-28 10:24

A tip. Tor Browser Bundle version>3 (I guess) does not work with an external tor daemon (e. g. the package "tor" from the official repositories). The error is "Could not bind to 127.0.0.1:9150: Address already in use. Is Tor already running?". If you want to, remove the file "$HOME/.tor-browser-$LANG/INSTALL/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi" after upgrading TBB.

GordonGR commented on 2014-05-24 18:38

Hello Yar. Thanks for maintaining this. Is there something similar to "tor-browser-en -newtab http://www.something.org", so I can put it in xfce control centre?

computerwhiz1 commented on 2014-05-23 04:37

You can add '--class "Tor Browser" to line 230 in the file '~/.tor-browser-en/start-tor-browser' in order to get the browser to run as its own application rather than calling its self firefox under GNOME 3. I have emailed the maintainer to let him know about this and explaining in better detail what I mean.

zyni42 commented on 2014-05-09 21:18

You're right, Marcel_K, thank you very much. :-)
I used autocomplete (tab) in console, and didn't check the estimated filename.

Marcel_K commented on 2014-05-09 12:01

After packaging the package file is called tor-browser-en-3.6.1-1-x86_64.pkg.tar.xz (or something like that). You're trying to install the original source file you downloaded.

zyni42 commented on 2014-05-09 07:46

makepkg worked like a charm, but I can't install created package:

$ sudo pacman -U tor-browser-linux64-3.6.1_en-US.tar.xz
loading packages...
error: missing package metadata in tor-browser-linux64-3.6.1_en-US.tar.xz
error: 'tor-browser-linux64-3.6.1_en-US.tar.xz': invalid or corrupted package

I don't know which metadata is missing, as the package generation worked without errors (except one warning):

-> Found tor-browser-en.desktop
-> Found tor-browser-en.png
-> Found tor-browser-en.sh
==> Validating source files with sha256sums...
tor-browser-linux64-3.6.1_en-US.tar.xz ... Passed
tor-browser-linux64-3.6.1_en-US.tar.xz.asc ... Passed
tor-browser-en.desktop ... Passed
tor-browser-en.png ... Passed
tor-browser-en.sh ... Passed
==> Verifying source file signatures with gpg...
tor-browser-linux64-3.6.1_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659)
==> WARNING: Warnings have occurred while verifying the signatures.
Please make sure you really trust them.
==> Extracting sources...
==> Entering fakeroot environment...
==> Starting package()...
==> Tidying install...
-> Purging unwanted files...
-> Removing libtool files...
-> Removing static library files...
-> Compressing man and info pages...
-> Stripping unneeded symbols from binaries and libraries...
==> Creating package "tor-browser-en"...
-> Generating .PKGINFO file...
-> Adding install file...
-> Generating .MTREE file...
-> Compressing package...
==> Leaving fakeroot environment.
==> Finished making: tor-browser-en 3.6.1-1 (Fre Mai 9 09:18:26 CEST 2014)

Any suggestions?

skorgon commented on 2014-05-09 02:59

Am I the only one seeing this problem:
==> Validating source files with sha256sums...
tor-browser-linux64-3.6.1_en-US.tar.xz ... Passed
tor-browser-linux64-3.6.1_en-US.tar.xz.asc ... Passed
tor-browser-en.desktop ... Passed
tor-browser-en.png ... Passed
tor-browser-en.sh ... Passed
==> Verifying source file signatures with gpg...
tor-browser-linux64-3.6.1_en-US.tar.xz ... Passed
==> Extracting sources...
==> Entering fakeroot environment...
==> Starting package()...
install: cannot stat ‘tor-browser-linux64-3.6.1_en-US.tar.xz’: No such file or directory
==> ERROR: A failure occurred in package().
Aborting...
==> ERROR: Makepkg was unable to build tor-browser-en.

It's easily resolved by creating an appropriate symlink in $srcdir manually, since the file is correctly downloaded, but I suspect that should happen automatically.

hamgom95 commented on 2014-05-07 17:54

new tor version is 3.6.1
version 3.6 is NOT on the servers anymore
just have to change pkgver's and sha256sums's

dmp1ce commented on 2014-05-02 05:50

The torrc file I was looking for was in "~/.tor-browser-en/INSTALL/Data/Tor"

dmp1ce commented on 2014-05-02 03:00

How do you go about modifying the torrc once this package is installed?

jswagner commented on 2014-04-30 22:56

This occurred on today's update. The package was still built and installed, but this should probably be sorted out.
--

==> Verifying source file signatures with gpg...
tor-browser-linux64-3.6_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659)
==> WARNING: Warnings have occurred while verifying the signatures.
Please make sure you really trust them.

poincare commented on 2014-04-30 11:31


Hello. I gwet the following error when trying to install:

==> Building and installing package
==> Making package: tor-browser-en 3.5.4-1 (Wed Apr 30 07:29:41 EDT 2014)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Downloading tor-browser-linux64-3.5.4_en-US.tar.xz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found

Is there some way to update this to the current version of torbrowser (as listed on the tor project site)?

Thanks.

gim commented on 2014-04-13 18:58

gpg --recv-keys 416F061063FEE659

Did the trick to me

yar commented on 2014-03-21 17:18

@Ba7a7chy Erinn Clark usually builds TBB packages. If you trust her key, run this:

$ sudo pacman-key --recv-keys 0x416F061063FEE659

To trust inside a chroot, run something like this:

$ sudo arch-nspawn /var/lib/archbuild/blahblah/root pacman-key --recv-keys 0x416F061063FEE659

Tor project devs list their keys here:
https://www.torproject.org/docs/signing-keys.html.en
https://www.torproject.org/docs/verifying-signatures.html.en

Ba7a7chy commented on 2014-03-21 08:34

==> Verifying source file signatures with gpg...
tor-browser-linux64-3.5.3_en-US.tar.xz ... FAILED (unknown public key 416F061063FEE659)
==> WARNING: Warnings have occurred while verifying the signatures.
Please make sure you really trust them.

yar commented on 2014-02-19 19:17

Sorry I wasn't clear before - I will NOT abandon this package. If I or anyone else creates a source version it should simply be called "tor-browser." I absolutely agree with the value of a binary package and will continue using it myself, since the binaries are GPG signed. The value in a source PKGBUILD will be for developers, not all the users of this package.

EscapedNull commented on 2014-02-19 17:32

Nothing4You, the only problem I see with that idea is that everyone already using this package will have to uninstall it and install tor-browser-en-bin to continue using it, otherwise they will be silently switched to compiling from source.

kyak, that's unfortunate.

Nothing4You commented on 2014-02-19 15:36

There could also get created tor-browser-en-bin, the -bin suffix for binary sources is much more common than -src for builds from source.

beroal commented on 2014-02-19 15:26

“AUR is source only”
Well, if there are a compiled file, I use it in AUR PKGBUILD. Sometimes it is the only option.

kyak commented on 2014-02-19 15:22

EscapedNull, updating doesn't take a few minutes to compile because i choose to clean up my build directory (automatically by pacman AUR helper) and don't plan to change this behaviour.

EscapedNull commented on 2014-02-19 14:29

kyak, fair enough. But as I said, updating from a previous version should only take a few minutes to compile in most cases, provided you're using a persistent build directory. Creating tor-browser-en-src is also an option, but that's up to yar. As a side note: you don't have to check their site for updates. Torbutton automatically checks and warns you when there's an update available.

beroal, that's true for the official repos, but the AUR is source only (or it is supposed to be). This is one of the only packages I've seen that breaks that rule. I'm guessing it wouldn't be much harder to implement deterministic builds in official packages than in the AUR. If deterministic builds are the future, who is to say that TUs won't adopt the same process? But I'm not even thinking that far into the future; I'm only suggesting deterministic builds for this particular package at this point.

kyak commented on 2014-02-19 04:19

EscapedNull, let me explain what convenience is from my point of view. Running pacaur -Syu and having the latest tor-browser installed in seconds, that's what it is. Not having to check their site for updates and manually downloading and extracting the tarball, as you suggested.

beroal commented on 2014-02-19 00:05

Well, this is a guaranteed fork. ArchLinux is a binary distribution.

EscapedNull commented on 2014-02-18 21:23

kyak, I don't see what you're crying about over there. You do realize you can download a tarball of the binaries from torproject.org, don't you? Just extract and run. If you want convenience, why are you bothering with makepkg at all? Have you read Mike Perry's blog posts about the hows and whys of deterministic builds? PS: You only have to do a full-compile once, after that you only compile what's been updated.

@yar I like the idea. I'm sure Mike would love it if you could put something like that together, too. I don't know enough about Gitian to attempt to take on something like that myself, but if you're serious about it, keep us updated and I'll contribute where I can. Bonus points if you can generalize it outside of Tor (i.e. Bitcoin, or anything else that uses Gitian), but it might be a good idea to start small and work up.

kyak commented on 2014-02-18 05:38

I hope you are kidding. Create tor-browser-en-src or something and implement your perverted ideas overthere. Save the users convenience of being able to upgrade fast and furious, without 1.5 hours of compiling.

yar commented on 2014-02-18 00:04

@EscapedNull @ThePacman I agree about compiling from source, and having just adopted this package I'm planning on making that happen soon.

Gitian (Tor's deterministic build process) requires a VM with very precise setup. The process is so similar to Arch's devtools/makechrootpkg that I wonder if we shouldn't aim bigger and create a general infrastructure for Arch Linux to lead the entire FOSS community in deterministic building! Once containers and CONFIG_USER_NS are more mature and trusted, it could be the default and replace insecure makepkg. :)

EscapedNull commented on 2014-02-17 01:41

ThePacman, I'd consider attempting to create a package that compiles from source if there was a demand for it, but compiling Tor Browser on my Intel i3 took about an hour and a half, and probably half a dozen dependencies. Even then, that's just the browser. No Tor, Torbutton, Tor Launcher, Noscript, start-tor-browser, etc. I just don't know if anybody would use it. If I could get the Tor Project's deterministic build system down, however, that might be worth making a package for.

Almin commented on 2014-02-15 17:17

Got it working on 64bit by changing

pkgver='3.5.2'
_realpkgver='3.5.2'
_realpkgver_i686='3.5.2'

to

pkgver='3.5.2.1'
_realpkgver='3.5.2.1'
_realpkgver_i686='3.5.2.1'

and sha256sums from


if [[ "$CARCH" == 'x86_64' ]]; then
sha256sums=('b6880821cee958affef0aa851beca6bf4b52ab127fce9be9d6cd3721fdf9ffe8'
'f5be2e04e4b256a261bdd2daaef15f64d3a24b989864a743a1c93ff6a40cef58')


...to


if [[ "$CARCH" == 'x86_64' ]]; then
sha256sums=('853262207b9dbad6fecadc1e9d24df4e07d5fda0ef9e8cdca83be59a17d2206e'
'238d08e090f4b8a7454f212fbc65c5e325ba31cbd3be7b50a368dc3ea382a206')


I didn't look it up for 32bit and therefore those sha256sums are the ones of the old versions and therefore incorrect! They should not work! But if you can't wait on 64bit I posted my version of it on pastebin:
http://pastebin.com/pknfkXNR

Almin commented on 2014-02-15 16:51

confirm...additional .1 behind 3.5.2 (now 3.5.2.1), also checksum missing.
Flag as out-dated?

Roach2010 commented on 2014-02-15 15:31

The source has moved to https://www.torproject.org/dist/torbrowser/3.5.2.1/tor-browser-linux64-3.5.2.1_en-US.tar.xz

obb commented on 2014-02-15 15:31

The PKGBUILD contains wrong version numbers. It should be '3.5.2.1' instead of '3.5.2'. As a consequence I get a '404 - not found' error from curl. Also check if the SHA256-sums are right.

Roach2010 commented on 2014-02-15 15:31

The source has moved to https://www.torproject.org/dist/torbrowser/3.5.2.1/tor-browser-linux32-3.5.2.1_en-US.tar.xz

Roach2010 commented on 2014-02-15 15:30

The source has moved to https://www.torproject.org/dist/torbrowser/3.5.2.1/torbrowser-install-3.5.2.1_en-US.exe

Maxr commented on 2014-02-13 06:17

Works fine for me, no problem.

wolfjb commented on 2014-02-13 04:44

FYI:

Build fails with:

==> Retrieving sources...
-> Downloading tor-browser-linux64-3.5.2_en-US.tar.xz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (51) SSL: no alternative certificate subject name matches target host name 'www.torproject.org'
==> ERROR: Failure while downloading tor-browser-linux64-3.5.2_en-US.tar.xz
Aborting...

EscapedNull commented on 2014-01-16 13:53

Actually, there were only two packages that I had to manually install. Arguably they should be set as dependencies, but over all it wasn't hard to install.

dbus-glib
gtk2

beroal, you're probably right about installing "firefox" first. I just wanted to keep it as minimal as possible.

This package has my vote.

beroal commented on 2014-01-15 21:30

EscapedNull, IMHO, the workaround is to install "firefox" before.

polyzen commented on 2014-01-15 18:45

EscapedNull, if you ran makepkg w/o the s option, try `makepkg -si`

polyzen commented on 2014-01-15 18:44

EscapedNull, if you ran makepkg w/o the s option. Try `makepkg -si` perhaps

EscapedNull commented on 2014-01-15 16:16

Built, packaged, and installed, and it still has unfulfilled dependencies?

XPCOMGlueLoad error for file ...libxul.so
libdbus-glib-1.so.2: cannot open shared object file: No such file or directory.
Couldn't load XPCOM.
Tor Browser exited abnormally. Exit code 255.

I installed dbus-glib, and just got a different missing shared object. Something tells me I could sit here all night installing dependencies one by one and still not make a dent.

I understand dependencies are necessary, but why doesn't makepkg/pacman recognize them as such at build/install time? Or are they supposed to be in ~/.tor-browser-en/INSTALL/Browser/ with some of the other shared objects? Am I missing something?

Will vote for it if I can get it working in a reasonable amount of time. Otherwise, my suggestion is to have these handled by pacman in some manner.

zeek commented on 2013-12-21 01:22

Maxr: Thanks for updating it so quickly.
Cheers

ZaZam commented on 2013-12-20 01:04

Tor Browser 3.5 has been released
https://blog.torproject.org/blog/tor-browser-bundle-35-released


Maxr commented on 2013-11-02 15:58

> FAILED (unknown public key 416F061063FEE659)
^^^^^^^^^^^^^^^^^^

Please see posts below for instructions how to get the public key.

gim commented on 2013-11-02 15:53

==> Verifying source file signatures with gpg...
tor-browser-gnu-linux-x86_64-2.3.25-14-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659)
==> WARNING: Warnings have occurred while verifying the signatures.
Please make sure you really trust them.

Why is that?

Maxr commented on 2013-10-29 16:38

Is there someone who would like to take care of this package? I don't have spare time right now and want to disown it, but would love to know it to be well looked after. If there is someone, please contact me.

ernie4chan commented on 2013-10-28 14:41

Great work!

Just having a problem, while changing the style to QtCurve inside the start-tor-browser script, the bundle fails to start up (only QtCurve, the rests are ok). However if I run "./App/vidalia --datadir Data/Vidalia/ -Style QtCurve" on the command shell, it starts up perfectly.

ThePacman commented on 2013-10-14 16:53

Could this be changed to actually compile the package from source, instead of just packaging the precompiled binaries?
I understand the convenience aspect of having it download precompiled binaries, but since the user's "building" the package anyway, there wouldn't be any additional steps (except maybe a few build dependencies, but makepkg -s --asdeps handles that.)
Anyway, this is just a suggestion; you don't *have* to implement it if you don't want to.

msx commented on 2013-09-22 08:13

Thank you very much for this package.

msx commented on 2013-09-22 08:02

Thank you very much for this package.

Anonymous comment on 2013-09-08 04:00

I had to install firefox for this package to work. Maybe some dependency or path are wrong. Thanks Maxr :)

DaveCode commented on 2013-08-13 01:37

To Maxr:

Bookmarks matter to users, but not to privacy, as they aren't transmitted. Overwriting torrc means routing changes which can matter a LOT. The Tails distro is complaining about this very issue in TBB and trying to work around it.

Vidalia, well...appearance settings don't even take...aside from other brokenness. Tor Project is folding Vidalia into their browser. See 3.0 alpha release. So it's pointless trying to fix, I guess.

To Boskote:

Thanks for the interest and help.

Key signing has more to do with makepkg than pacaur. Still it'd be nice if pacaur would bail on fail. Your remark on -m lost me. If the download won't validate, there's no point building a package from it.

On the wiki I'd advise

sudo pacman-key --recv-keys 0x63FEE659
sudo echo "GNUPGHOME=/etc/pacman.d/gnupg" >> /etc/makepkg.conf

with explanation that makepkg will now use pacman keyrings as it should, rather than personal e-mail keyrings.

A special AUR keyring package for Tor Project might help. In core repo lives archlinux-keyring, for example. A similar package could become a dep for tor-browser. Then the keyring packager could monitor all the subtleness plus personnel or key changes at Tor Project. A separate package then nicely separates concerns from TBB proper.

GnuPG should already be a dep for tor-browser. That flag with a Tor Project keyring package dep would encapsulate the whole mess, I expect.

Boskote commented on 2013-08-12 09:14

Based on this discussion, I have updated the wiki page for Tor with more recent information about the Tor Browser Bundle, including a tip on how to add the tor dev signing keys to gpg for signature verification through makepkg: https://wiki.archlinux.org/index.php/Tor#Web_browsing

DaveCode,
Hopefully the update to the .install file for this package, and on the Tor wiki page, will make the signature verification process less confusing. I'm also a pacaur user, and I just noticed the pacaur -m option. To build but not install. This gives an opportunity to --recv-keys the required key (and rebuild to verify) before installing the package. I agree that support for signature verification could be developed further as a feature of an AUR helper (if it isn't already). I'm thinking of starting a thread about it on the forums. If I do I'll let you know.

Boskote commented on 2013-08-12 07:54

Based on this discussion, I have updated the wiki page for Tor with more recent information about the Tor Browser Bundle, including a tip on how to add the tor dev signing keys to gpg for signature verification through makepkg: https://wiki.archlinux.org/index.php/Tor#Web_browsing

DaveCode,
Hopefully the update to the .install file for this package, and on the Tor wiki page, will make the signature verification process less confusing. I'm also a pacaur user, and I just noticed out pacaur -m option. To build but not install. This gives an opportunity to --recv-keys the required key (and rebuild to verify) before installing the package. I agree that support for signature verification could be developed further as a feature of an AUR helper (if it isn't already). I'm thinking of starting a thread about it on the forums. If I do I'll let you know.

Boskote commented on 2013-08-12 07:53

Based on this discussion, I have updated the wiki page for Tor with more recent information about the Tor Browser Bundle, including a tip on how to add the tor dev signing keys to gpg for signature verification through makepkg: https://wiki.archlinux.org/index.php/Tor#Web_browsing

DaveCode,
Hopefully the update to the .install file for this package, and on the Tor wiki page, will make the signature verification process less confusing. I'm also a pacaur user, and I just noticed out pacaur -m option. To build but not install. This gives an opportunity to --recv-keys the required key (and rebuild to verify) before installing the package. I agree that support for signature verification could be developed further as a feature of an AUR helper (if it isn't already). I'm thinking of starting a thread about it on the forums. If I do, I'll post a link to it here.

Maxr commented on 2013-08-10 06:20

In fact I consider the complete rewrite of ~/.tor-browser-en as a privacy feature. Nevertheless, I will have a look into this in two weeks after my vacation. The closing misbehaviour persists since AFAIK the start of this package. No idea why. I do not think it is really a problem. Feel free to investigate if you want to.

DaveCode commented on 2013-08-09 22:22

1. App closure is misbehaved - Vidalia stays open - fails to obey
tor-browser-en/INSTALL/Docs/README-TorBrowserBundle
"To exit, close Firefox. Vidalia will automatically clean up and exit."

2. Package updates wrongly overwrite customized torrc, vidalia.conf, and prefs.js (use *.pacnew for updated files).

3. To Boskote:

Put it the other way. Personal keyrings are for personal keys. So dropping AUR keys in personal rings is wrong. There is vastly more justification/rationale to have AUR keys mixed with dev packager keys.

I think we're just looking at a default situation that has fallen out of previous inertia. Nobody sat down and thought about it. Any dev intentions causing this situation should change -- I see none -- though I haven't looked beyond my last post.

A keyring can serve more than one need. AUR/Arch packages are close relatives, neighbors; all their keys belong on the same ring. If devs want separation, then they should create an AUR keyring just for AUR packages, as they made a package keyring for official packages.

Personally the amount of research needed to understand the matter tells me it's messed up. An experienced user should not need so much effort and I wasn't alone.

Lastly, and most importantly, any AUR helper tool that installs non-passing packages defeats the entire purpose. Pacaur emits a warning, but still installs, unless your fingers are really quick with Ctrl-C. I don't know about others.

- thanks -

ZaZam commented on 2013-08-07 14:13

Thanks Boskote. I got it working.

Maxr commented on 2013-08-07 08:17

Thanks for explanation. Just to clarify: It should be possible to use any browser with tor (providing you do the proxy configuration right). However, there are many ways to miss some important privacy/security related options when not using the builtin fixes provided by Torbutton (see https://www.torproject.org/torbutton/) which is only available within TBB, unfortunately.

Boskote commented on 2013-08-07 07:27

The tor project no longer supports using tor through any browser other than the tor browser bundle, including regular firefox (TBB uses a patched version of firefox ESR):
https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser

The standalone tor and vidalia packages still exist "for use by experts and relay operators". ZaZam, you can use Tor Browser from the TBB with your already installed versions of tor and vidalia with a simple change to the ~/.tor-browser-en/INSTALL/start-tor-browser script:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers#UseTorBrowserwithalocallyinstalledTorVidaliaNIXONLY

However, as Maxr explained in his comment on 2012-03-11, the contents of ~/.tor-browser-en get rewritten with the first call of TBB after each update. So you may need to redo the change to the start-browser-script with every update of the package.

Maxr commented on 2013-08-07 06:30

The package is distributed by the tor team as is for all those who don't want to install 3 software packages and configure them to work together. If you do not need the whole package, why don't you just install firefox in addition to your tor setup?

ZaZam commented on 2013-08-06 21:09

Could this be made to use tor and vidalia packages from the Arch repository?

I have those packages already installed for running a Tor relay.

I don't see the point of having them installed twice. And I don't see why this all has to be in a single package.

ZaZam commented on 2013-08-06 20:45

Could this be made to use tor and vidalia packages from the Arch repository?

I don't see why this all has to be in a single package.

Maxr commented on 2013-08-04 16:31

Thanks for the hint, .install file is up to date now (didn't bump pkgrel).

Boskote commented on 2013-08-03 05:26

Maxr,
From what DaveCode is saying, I think the command in the pre_install message should be changed from "pacman-key -r <keyid>"to "gpg --recv-keys <keyid>". Because the default for makepkg is to use the ~/.gnupg keyring.

DaveCode,
I agreed with you until I read that the keyring for pacman-key is intended for signatures of Arch developers for official packages, which makes sense:
https://bbs.archlinux.org/viewtopic.php?pid=1297793#p1297793
Verifying source signatures for AUR builds is really different. There should be better info on the AUR wiki page about possibly needing to use gpg --recv-keys <keyid> in order to verify signed source.

Boskote commented on 2013-08-03 04:45

DaveCode,
I see where you're coming from. I also don't want pacman keys in my personal gpg keyring, which is why I don't add the pacman keyring path to ~/.gnupg/gpg.conf as suggested on the makepkg wiki page. On the other hand, I have gathered that there are good reasons for keeping the public keys for AUR builds separate from the public keys for pacman-key and the official repos. Falconindy posted about this recently on the forums: https://bbs.archlinux.org/viewtopic.php?pid=1297793#p1297793

As you have found, this means that doing a verified build from the AUR requires adding a public key to the personal keyring. An extra step, and perhaps one that should be better documented on the AUR wiki page.


DaveCode commented on 2013-07-02 06:11

Arch Linux finally verifies packages, but AUR not so much, because "makepkg does not use pacman's keyring"
https://wiki.archlinux.org/index.php/Makepkg#Signature_checking

Most folks have no GPG keys. Makepkg should use pacman-key. It doesn't.

Key import and signing ain't enough. You need to fiddle an obscure app you probably don't use, and if you do, mix personal keys with pacman keys.

Or else, rely on makepkg's willingness to build crypto regardless of signature.

Yay Arch security design...

DaveCode commented on 2013-07-02 05:37

@Maxr The key is signed but I caught the bug. Why does /usr/bin/makepkg line 1282 call "gpg" not "pacman-key"? Pacman-key validates the tarball:

$ pacman-key --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc

==> Checking tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc ...
gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark <erinn@torproject.org>"
gpg: aka "Erinn Clark <erinn@debian.org>"
gpg: aka "Erinn Clark <erinn@double-helix.org>"


$ gpg --verify tor-browser-gnu-linux-i686-2.3.25-10-dev-en-US.tar.gz.asc

gpg: Signature made Wed 26 Jun 2013 02:31:33 PM MST using RSA key ID 63FEE659
gpg: Can't check signature: No public key

Maxr commented on 2013-06-29 11:34

optdeps updated. Thanks for the hint.

@DaveCode: Did you sign the imported key? Maybe have a look at https://wiki.archlinux.org/index.php/Pacman-key#Adding_Unofficial_keys for details. Signature verifying works for me.

DaveCode commented on 2013-06-29 01:22

I did crypto keys right, but get source tarball validation errors (i686).

# pacman-key --recv-keys 0x63FEE659
# pacman-key --finger "Erinn Clark"

My fingerprint output matches
https://www.torproject.org/docs/verifying-signatures.html.en

8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659

So key import worked. Now the validation bug,

http://troll.ws/paste/97d7981a

The stuff at far upper right is shell prompt, ignore. Look for FAILED in output. Inspecting the mystery key with

# pacman-key --list-keys 0x416F061063FEE659
# pacman-key --finger 0x416F061063FEE659

shows Erinn and the same fingerprint as during import, all fine. Also visit
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x416F061063FEE659

So validation should have worked. Yet I also wonder why, when it failed, I had to use Ctrl-C to stop installation, maybe another problem...it should have stopped itself.

kjslag commented on 2013-06-28 21:42

In the optional dependencies, I think "kdialog" is supposed to be "kdebase-kdialog". thanks!

Maxr commented on 2013-06-23 09:11

Thanks for the input. As far as I get it, the present state is not that far away from your suggestion (in fact just one additional number in the pkgrel). Nevertheless I'll try it with the next release. I am still hopeful that they will return to syncronized versioning in the future.

DaveCode commented on 2013-06-22 00:24

@Maxr
If I follow you, then on i686, pacman -Qi will now list package 2.3.25_9-1 but contain upstream's 2.3.25_8 code, so pacman will be wrong on i686.

If upstream is not synchronizing then don't even try. Use 2.3.25-<AURBuild> numbering to subsume their mess. Your <AURBuild> number can mean different upstream tarballs under the hood. Pacman will report the correct version to the best resolution possible for this multiarch package.

The other way to go is two packages in AUR, one for each CPU arch. I couldn't speculate which design would be easier.

Thanks!

Maxr commented on 2013-06-20 12:01

Package updated (did not bump pkgrel however, because x64 ppl don't need to update at all). Hopefully i686 is working now. Please test and report any problems ;-)

I will have a look into this dbus-glib-thing ASAP.

@DaveCode
dash-8 / dash-9 mess is correct. Upstream did release different versions for different archs, unfortunately.
Signature checking should work providing you have the key available (you have to download it manually).

DrZingo commented on 2013-06-20 11:41

@Maxr
I tried the original tarball from Tor. I had to remove my packages I installed afterwards (firefox, thunar, tumbler) and their deps. I traced it down to dbus-glib was missing. Without it I get the same error again.
I don't know if it should be a dependency. I'm not running any other 'required by' package.

tiberiousr commented on 2013-06-19 16:38

This fixes the pkgbuild for i686:

package() {
cd "${srcdir}"

sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.sh
sed -i "s/REPL_VERSION/${_realpkgver}/g" ${pkgname}.sh
sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.sh

sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.desktop
sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.desktop
sed -i "s/REPL_COMMENT/${pkgdesc}/g" ${pkgname}.desktop

install -Dm 644 ${pkgname}.desktop ${pkgdir}/usr/share/applications/${pkgname}.desktop
install -Dm 644 ${pkgname}.png ${pkgdir}/usr/share/pixmaps/${pkgname}.png
install -Dm 755 ${pkgname}.sh ${pkgdir}/usr/bin/${pkgname}

if [[ "$CARCH" == 'x86_64' ]]; then
install -Dm 644 tor-browser-gnu-linux-${CARCH}-${_realpkgver}-dev-${_language}.tar.gz \
${pkgdir}/opt/${pkgname}/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz
else
install -Dm 644 tor-browser-gnu-linux-${CARCH}-${_real_pkgver_i686}-dev-${_language}.tar.gz \
${pkgdir}/opt/${pkgname}/tor-browser-gnu-linux-${CARCH}-${_real_pkgver_i686}-${_language}.tar.gz
fi
}

aiguofer commented on 2013-06-19 02:30

Well, updated to the new version and still can't type into it. I can't even hit the "enter" key. Any ideas of debugging I can do? I tried running from command line but no useful info pops up.

DaveCode commented on 2013-06-19 01:45

> someone using i686 please test
http://troll.ws/paste/217ae075
1. Fetches dash-8 not dash-9 tarball on 686?
2. Unknown key? How did prior dash-8 build then?
3. PS Thanks for maintenance.

Maxr commented on 2013-06-18 18:06

Package upgrade. There are different versions for i686 and x64, unfortunately (old 2.3.25-8 for i686). x64 works for me, someone using i686 please test.

@granted: Would you please download the oiginal tor-browser tarball & try wether the problem persists when just using this "vanilla" package?

Maxr commented on 2013-06-18 18:06

Package upgrade. There are different versions for i686 and x64, unfortunately (old 2.3.25-8 for i686). x64 works for me, someone using i686 please test.

@granted: Would you please download the oiginal tor-browser tarball & try wether the problem persists when just using this "vanilla" package?

DrZingo commented on 2013-06-18 00:37

I installed firefox and it launched when it should. But this seems like a security flaw to me. It seems to use the bundled browser, BUT instead of using the libraries that it comes with, it uses the libraries from the separate installed firefox.
Is this a flaw in this package or should it be reported upstream?

Spakman commented on 2013-06-17 08:04

I was also hitting the problem where I couldn't type into the Tor Firefox browser.

Strangely, the problem disappeared as quickly as it came yesterday (no immediately obvious change caused this).

I'm using xmonad.

DrZingo commented on 2013-06-16 13:42

The browser won't launch after successful connect to Tor.
When trying to launch the bundled firefox manually I get the following:
It seems like the bundled browser can't use the libraries in the home-folder.
XPCOMGlueLoad error for file /home/granted/.tor-browser-en/INSTALL/App/Firefox/libxpcom.so:
libxul.so: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

Any idea how to solve this? (I don't have FF installed seperately)

Maxr commented on 2013-06-11 20:07

You need to import the public key first (see posts below).

kralibes commented on 2013-06-11 18:13

tor-browser-en 2.3.25_8-1

No valid gpg signatures?

Error text (german):

==> Überprüfe Signaturen der Quell-Dateien mit gpg...
tor-browser-gnu-linux-x86_64-2.3.25-8-dev-en-US.tar.gz ... FEHLGESCHLAGEN
==> FEHLER: Eine oder mehrere PGP-Signaturen konnten nicht überprüft werden.
==> ERROR: Makepkg was unable to build tor-browser-en.

aiguofer commented on 2013-06-10 19:12

I'm using GNOME 3.8 stock, so I suppose it's using Mutter.

Maxr commented on 2013-06-04 20:19

I'm sorry, I can not reproduce your problem. Which window manager do you use?

aiguofer commented on 2013-05-27 18:42

I'm having a strange problem where I can't type into tor browser, anyone else encounter this?

Key shortcuts work fine, it's only typing into the address bar, text boxes, and search bar that doesn't work. Any clue?

Wilco commented on 2013-04-26 08:03

I've removed the java dependency from the PKGBUILD. It builds and runs fine without it. Maybe the dependency should be made optional for people that don't want to install Java?

Maxr commented on 2013-02-22 12:16

I did not encounter any loading problems anymore with the vanilla package and therefore removed the "hotfix".

Maxr commented on 2013-02-19 19:13

Did you maybe try to start tor-browser as another user using su? In fact I don't think this error is tor-browser related, does it occur in other situations too? Which window manager are you using?

urbanomad64 commented on 2013-02-12 17:24

I keep getting this error:
tor-browser-en
Launching Tor Browser Bundle for Linux in /home/user/.tor-browser-en/INSTALL
Qt: Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed.

Maxr commented on 2013-02-10 07:44

Didn't test prior releasing unfortunately... I modified the pkgbuild to apply your fix, divansantana. Works for me now. Also corrected the messed up version thing...

I'm going to report it upstream later today. Will post the link.

Mills00013 commented on 2013-02-10 03:04

Tor wont bootstrap beyond 10% without divansantana's recommended fix to comment out line 206. Looks like it works fine after that though.

divansantana commented on 2013-02-09 23:27

I couldn't for the life of me get this to work right.
Figured out I had to comment out line 206 of start-tor-browser for everything to work on Arch.
Than line:
export LD_LIBRARY_PATH which is previously set in the script to
LD_LIBRARY_PATH="${HOME}/Lib"

Anyway hope this helps someone else.
Anyone know why this is the case?
Also a new security update it out.

Maxr commented on 2012-10-25 09:48

The problem is, hyphens are not allowed in pkgver. I can't tell why but I had in mind to use 'rc' instead of '-'. According to the (current) packaging guidelines a simple underscore is the way to go. I will do so on the upcoming release...

vnoel commented on 2012-10-24 08:23

Hi, I may be wrong, but… are you sure these are release candidate?

I think the last number is just a distribution number, while the firt three are those of tor…

Maxr commented on 2012-10-10 05:40

For me, pacman -Ss java-runtime returns:
extra/jre7-openjdk 7.u7_2.3.2-2
extra/jre7-openjdk-headless 7.u7_2.3.2-2
extra/openjdk6 6.b24_1.11.4-1 [installed]

One of them installed will provide java-runtime.

I changed dependency from java-environment to java-runtime just some months ago. According to https://wiki.archlinux.org/index.php/Java_Package_Guidelines#Dependencies , java-runtime should do the job as far as I know. Please feel free to correct me if I'm wrong.

jsteel commented on 2012-10-09 20:24

I think it should be java-environment.

kozaki commented on 2012-10-09 19:47

Ooops, sudden issue with the java-runtime dependency:

Dependency `java-runtime' of `tor-browser-en' does not exist.

also clicking on the link over here:

We couldn't find any packages matching your query. Try searching again using different criteria, or try searching the AUR to see if the package can be found there.

Thank you for maintaining this package; use it on a machine at works where it works well.

Maxr commented on 2012-10-07 12:04

updated.

MisterAnderson commented on 2012-10-04 14:28

Working PKGBUILD: (version number is probably wrong)

# Maintainer: Max Roder <maxroder@web.de>

# To port this PKGBUILD to another language of tor-browser you
# have to change $pkgname, $_language, $pkgdesc and $url in PKGBUILD
# AND (!) the first line in the .install file!

pkgname='tor-browser-en'
pkgver='2.2.39_rc1'
_realpkgver='2.2.39-1-dev'
_language='en-US'
pkgrel='1'
pkgdesc='Anonymous browsing using firefox and tor'
url='https://www.torproject.org/projects/torbrowser.html.en'
arch=('x86_64' 'i686')
license=('GPL')
depends=('java-runtime')
optdepends=('zenity: simple dialog boxes'
'kdialog: KDE dialog boxes'
'notify-send: Gnome dialog boxes')
install="${pkgname}.install"
source=("https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz"
"https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz.asc"
"${pkgname}.desktop"
"${pkgname}.png"
"${pkgname}.sh")
if [[ "$CARCH" == 'x86_64' ]]; then
sha256sums=('1ae9cbb1db592539f24229de9a42d37587673d20174715c488273b1f573d3f1c'
'263b494fa3ca2e3513f0e25bb5d0b9aadc4d00c1ac0e0413b28e6af66fdeef76')
else
sha256sums=('54dc765fe8423a2058e0043a7a421e45853fba14489974bb5ea0f06787767615'
'72eb8a8af44ad7c6dd84b68619386ed614dc6c553621ad6de376e76b7ffc710b')
fi
sha256sums+=('2217f011197329019ae3d282d95623e0230f8f7a3a604290744280530cf1698a'
'17fc2f5784d080233aca16e788d62ab6fe3e57cf781b123cfe32767de97d6d3b'
'7fc947b8ae1483c5abb4545f6e26b315ff1fb16eb7ae8837f7afb10a9277383b')
noextract=("tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz")

package() {
cd "${srcdir}"

sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.sh
sed -i "s/REPL_VERSION/${_realpkgver}/g" ${pkgname}.sh
sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.sh

sed -i "s/REPL_NAME/${pkgname}/g" ${pkgname}.desktop
sed -i "s/REPL_LANGUAGE/${_language}/g" ${pkgname}.desktop
sed -i "s/REPL_COMMENT/${pkgdesc}/g" ${pkgname}.desktop

install -Dm 644 ${pkgname}.desktop ${pkgdir}/usr/share/applications/${pkgname}.desktop
install -Dm 644 ${pkgname}.png ${pkgdir}/usr/share/pixmaps/${pkgname}.png
install -Dm 755 ${pkgname}.sh ${pkgdir}/usr/bin/${pkgname}

install -Dm 644 tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz ${pkgdir}/opt/${pkgname}/tor-browser-gnu-linux-${CARCH}-${_realpkgver}-${_language}.tar.gz
}

# vim:set ts=2 sw=2 et:

Maxr commented on 2012-09-24 02:48

Sorry, on vacation. Will update in little more than a week.

vladimir1922 commented on 2012-09-23 18:30

This package is becoming very outdated. I know it is a bit annoying how frecuently they release a new version, but it is something important...

Maxr commented on 2012-08-29 15:23

Key importing instructions are included now (this change is not important so I did not increase pkgrel)

jackgu1988 commented on 2012-08-19 11:24

@Maxr sorry about spamming :) Problem solved, thanks! Just import Erinn Clark's key (found on https://www.torproject.org/docs/signing-keys.html.en), using # pacman-key -r <keyid> and then run

env GNUPGHOME=/etc/pacman.d/gnupg makepkg -s

on the directory where the PKGBUILD is.

Maxr commented on 2012-08-19 09:56

You have to import the public key first (see posts below).

jackgu1988 commented on 2012-08-19 09:16

I am getting a message:

==> Verifying source file signatures with gpg...
tor-browser-gnu-linux-x86_64-2.2.38-1-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659)
==> WARNING: Warnings have occurred while verifying the signatures.
Please make sure you really trust them.

Is there any way I can include the verification of the signature in the PKGBUILD?

dartfira commented on 2012-08-01 08:05

With last update it works correctly for me.

Maxr commented on 2012-07-13 06:01

Already wondered why I couldn't start tbb ... well, as it seems you have to compile tbb to use the patch. This pkgbuild uses the binary version, so no way ATM.

Anonymous comment on 2012-07-13 02:29

patch

https://trac.torproject.org/projects/tor/attachment/ticket/6340/0001-Disables-the-ELF-hack-as-a-workaround-for-6340.patch

android_808 commented on 2012-06-10 19:00

Its a problem with makepkg.
https://bugs.archlinux.org/task/28825

Try:
env GNUPGHOME=/etc/pacman.d/gnupg makepkg -s

android_808 commented on 2012-06-10 18:53

same problem here.

Maxr commented on 2012-06-08 15:34

Sorry, I can not reproduce this here right now. Please double check key importing and try it again.

blackhole commented on 2012-06-05 09:07

tor-browser-gnu-linux-x86_64-2.2.35-12-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659)

I have made this:
pacman-key -r 416F061063FEE659
pacman-key -f 416F061063FEE659 and I have veryfied signatures
pacman-key pacman-key --lsign-key 63FEE659 (with the number 416F061063FEE659 is not working)
==> Updating trust database...

However,if I try to install the package I receive the same message about unknown public key 416F061063FEE659

Maxr commented on 2012-06-03 09:51

Changed dep from java-environment to java-runtime (did not increase the pkgrel, though). Please let me know if there are any problems.

Maxr commented on 2012-05-28 11:06

Hm, maybe, will investigate on that later this week...

lahwaacz commented on 2012-05-22 19:12

should it not depend on java-runtime instead of java-environment?

jpate commented on 2012-05-08 18:27

you need to add the key to your keyring: https://wiki.archlinux.org/index.php/Pacman-key

as mentioned a couple comments down, you can check the key fingerprint at https://www.torproject.org/docs/signing-keys.html.en

Maxr commented on 2012-05-08 18:27

Mh, I would say you are in need of the appropriate public key. Download & import it. In fact, signature checking works providing that you have the key available.

mmm commented on 2012-05-08 18:18

the signature feature would be nice for this package, yet now i get

Verifying source file signatures with gpg...
tor-browser-gnu-linux-i686-2.2.35-11-dev-en-US.tar.gz ... FAILED (unknown public key 416F061063FEE659)
==> WARNING: Warnings have occurred while verifying the signatures.
Please make sure you really trust them.

Anonymous comment on 2012-05-04 17:34

I get a 404 when downloading the package because all of the packages here (https://www.torproject.org/dist/torbrowser/linux/) are 2.2.35-11. Flagged as out-of-date.

jpate commented on 2012-03-19 15:48

perfect! thank you :)

Maxr commented on 2012-03-19 15:46

Have a look at this page: https://www.torproject.org/docs/signing-keys.html.en

jpate commented on 2012-03-19 10:12

Given the nature of this package, it would be nice to be able to verify the public key fingerprint somewhere besides the PGP keyserver. I see the name associated with the public key "Erinn Clark" is one of the "core people" on the Tor project website, but there's no PGP fingerprint there that I can see.

Maxr commented on 2012-03-11 15:53

Package update: To improve security, the PKGBUILD will not install tor-browser to /opt/ anymore. Instead, it will just put the .tar.gz archive in /opt/tor-browser-en/. The included wrapper script will extract it to the user's home directory upon first call. This way, no temporary files will be stored world-readable in /opt but in the users home directory.

Everytime tor-browser gets updated, the wrapper script should automatically update the per-user copy when it's called the first time after package installation. No user action should be required. Please test and report any issues.

teek commented on 2012-03-08 12:16

Ah, you're right, that was the first mirror, tought it was the one that should work. It works now, thanx, great work.

Maxr commented on 2012-03-08 10:42

> mirrors.kernel.org [...]

I don't think this is related to tor-browser. You should check your pacman mirror.

teek commented on 2012-03-08 09:03

It is unable to downoad all dependencies...

==> Building and installing package
==> Install or build missing dependencies for tor-browser-en:
Password:
resolving dependencies...
warning: dependency cycle detected:
warning: rhino will be installed before its jre7-openjdk dependency
looking for inter-conflicts...

Targets (6): ca-certificates-java-20120225-1 jre7-openjdk-7.b147_2.1-3
jre7-openjdk-headless-7.b147_2.1-3 rhino-1.7R3-1
xdg-utils-1.1.0rc1-3 jdk7-openjdk-7.b147_2.1-3

Total Download Size: 0.99 MiB
Total Installed Size: 135.53 MiB

Proceed with installation? [Y/n]
:: Retrieving packages from extra...
error: failed retrieving file 'rhino-1.7R3-1-any.pkg.tar.xz' from mirrors.kernel.org : Given file does not exist
error: failed retrieving file 'rhino-1.7R3-1-any.pkg.tar.xz' from mirrors.kernel.org : The requested URL returned error: 404
warning: failed to retrieve some files from extra
error: failed to commit transaction (download library error)
Errors occurred, no packages were upgraded.
==> Restart building tor-browser-en ? [y/N]
==> ---------------------------------------
==>
==> WARNING: Following packages have not been installed:
tor-browser-en

Maxr commented on 2012-03-03 14:23

changed pkgbuild.

giowck commented on 2012-03-03 14:07

Please remove xulrunner as dep, it is not needed, since the PKGBUILD downloads the binary from torproject.
Xulrunner is causing trouble lately with eclipse (conflict).

I'm running it without xulrunner and everything works fine.

ethail commented on 2012-03-03 13:18

xulrunner is not a run-time dep, thus it should be marked as makedepends

Maxr commented on 2012-02-20 19:43

upstream seems to update daily...

sud_crow commented on 2012-02-20 19:21

2.2.35-7.2 is out with a bugfix for Linux

Maxr commented on 2012-01-06 08:06

Updated.

Anonymous comment on 2012-01-05 20:36

current version should be 2.2.35-4

Maxr commented on 2011-11-25 08:09

Unfortunately, upon upgrading there will probably be a "conflicting files" error. Please try pacman -f to solve that.

MatejLach commented on 2011-10-23 10:37

Thanks!
Now it's great!

Notes: 'To start, you may fire tor-browser-en in the terminal.' - Sure you can, but for a user with DE this isn't practical at times, because I have quick access to my most often used programs from desktop and this is quicker for me than using CL, but if you do not have desktop (as you do) of course you have to use CL, so I can now see why you haven't included shortcuts in your first PKGBUILD.

Anyway,
Thank you very much,

Maxr commented on 2011-10-22 12:05

To start, you may fire tor-browser-en in the terminal. I don't use a desktop, so an icon did not came to my mind until now.

I just submitted an updated version which I hope will fit your needs. Please test and report.

MatejLach commented on 2011-10-21 11:53

I would really like to use this package, but I have a few problems with it:

- Why no link to Internet category/desktop shortcut etc. is created?
- Why not whole /opt/tor-browser-en folder is deleted when you do Pacman -R[s] tor-browser-en?

This PKGBUILD in this stage is nothing more, than uncompressed tor-browser from Tor's website, because you still have to go to go to /opt/tor-browser-en to launch it.
Now, even the fact that you can install it and manage using pacman is not very good, because as I said earlier not the whole thing gets automatically removed from your system after you remove it using pacman.

Apart from that, great package and keep it up, when it will be updated to my expecations I will definatelly install it.
Thanks,

P.S. This is MY personal view, for others this may work 'as is'.