Package Details: tor-browser 7.5.6-1

Git Clone URL: https://aur.archlinux.org/tor-browser.git (read-only)
Package Base: tor-browser
Description: Tor Browser Bundle: anonymous browsing using Firefox and Tor (international PKGBUILD)
Upstream URL: https://www.torproject.org/projects/torbrowser.html
Keywords: Anonymity Browser Internet Network Tor
Licenses: GPL
Submitter: grufo
Maintainer: grufo
Last Packager: grufo
Votes: 110
Popularity: 6.825864
First Submitted: 2017-03-23 12:24
Last Updated: 2018-06-27 13:28

Pinned Comments

grufo commented on 2017-11-04 19:47

Before running makepkg, you must do this:

$ gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

Latest Comments

1 2 3 4 Next › Last »

nRoof commented on 2018-07-07 16:50

  1. Does anybody have H.264 video working? I tried to install both optional dependencies from the PKGBUILD (gst-libav and gst-plugins-good), but no luck. This can be checked in multiple ways, for example: https://www.quirksmode.org/html5/tests/video.html (H.264 clip cannot be played); https://www.youtube.com/html5 (H.264 and MSE & H.264 are listed as not supported); about:support in address bar -> Graphics shows "Hardware H264 Decoding: No; Failed to create H264 decoder". When I unpack the same binary distribution, that PKGBUILD downloads, in latest Debian, the same videos work fine. Update: never mind, was able to fix it by installing ffmpeg-compat-57 from AUR.
  2. Isn't it more correct to name this package "tor-browser-bin"? This has been already mentioned in the very first comment from @TrialnError. Or, instead, is it planned to build it from source any time soon?

crypt.ix commented on 2018-05-07 08:31

gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys EF6E286DDA85EA2A4BA7DE684E2C6E8793298290

This worked for me. @grufo's comment did not.

anniezpw commented on 2018-05-02 21:23

@pirxel

run it without "--keyserver hkp://pgp.mit.edu:11371" as that address:port is currently unreachable.

pirxel commented on 2018-04-30 10:49

$ gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136 gpg: keyserver receive failed: No data

sorry guys but this is not helping, any idea what to do with this?

grufo commented on 2017-11-04 19:47

Before running makepkg, you must do this:

$ gpg --keyserver hkp://pgp.mit.edu:11371 --recv-keys D1483FA6C3C07136

If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:

$ tor-browser -u

grufo commented on 2017-10-21 02:15

@Marcel_K Thank you for the clarification. I will remove the `pre_install()` message in the next days. Regarding the md5sums, this is an umbrella PKGBUILD, which selects the package source in function of the language of the machine. I really cannot mantain an array of md5sums/SHA256 for each language and update it with each release.

Marcel_K commented on 2017-10-20 23:47

BTW, it is *not* a good idea to skip checksumming of source files, like you do now in md5sums_(i686|x86_64). Only (automatically) set the checksum of signature files to SKIP. A better hashing algorithm like SHA256 is also nice, unless the source of the files provide MD5 checksums, which isn't the case, as far as I can see within a few seconds.

Marcel_K commented on 2017-10-20 23:43

Yes, signature checking of the source files (using the signature files downloaded due to their presence in the sources array) is done during makepkg. You can install signed packages, like the ones from the official repos, but those keys are in the pacman keyring and installed automatically (with a slight hiccup, like a few days ago, when I tried to update my system but pacman-keyring wasn't update in time). See https://wiki.archlinux.org/index.php/Pacman/Package_signing
There also exist user repositories with pre-built packages that can be signed: https://wiki.archlinux.org/index.php/Unofficial_user_repositories
In short: do not compile a package yourself and then send it to someone using an insecure method like regular email.

grufo commented on 2017-10-20 23:25

@Marcel_K I am not enough a pacman expert to give an answer, therefore I will ask you a question. Imagine you have not imported the PGP keys and I did. Now imagine that I build the tor-browser package and I email it to you (the built pacman package). My question is: will you be able to install it?

Marcel_K commented on 2017-10-20 23:15

But the .install files are only run using pacman, which is too late. The message makepkg outputs should be enough, IMHO. Or create a pinned comment about the import of the PGP key, linking to https://wiki.archlinux.org/index.php/Makepkg#Signature_checking