Search Criteria
Package Details: tor-browser-bin 14.0.3-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/tor-browser-bin.git (read-only, click to copy) |
---|---|
Package Base: | tor-browser-bin |
Description: | Tor Browser Bundle: anonymous browsing using Firefox and Tor |
Upstream URL: | https://www.torproject.org/projects/torbrowser.html |
Licenses: | MPL-2.0 |
Conflicts: | tor-browser |
Provides: | tor-browser |
Submitter: | FabioLolix |
Maintainer: | grufo (jugs) |
Last Packager: | jugs |
Votes: | 1280 |
Popularity: | 1.03 |
First Submitted: | 2023-09-24 17:45 (UTC) |
Last Updated: | 2024-12-06 14:48 (UTC) |
Dependencies (19)
- alsa-lib
- dbus-glib
- desktop-file-utils (desktop-file-utils-gitAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- hunspell (hunspell-gitAUR)
- icu (icu-gitAUR)
- libevent (libevent-gitAUR)
- libvpx (libvpx-full-gitAUR, libvpx-gitAUR)
- libxt
- mime-types (mailcap)
- nss (nss-hgAUR)
- sqlite (sqlite-fossilAUR)
- startup-notification
- gst-libav (gst-libav-gitAUR) (optional) – H.264 video
- gst-plugins-good (gst-plugins-good-gitAUR) (optional) – H.264 video
- kdialog (kdialog-gitAUR) (optional) – KDE dialog boxes
- libnotify (libnotify-gitAUR) (optional) – Gnome dialog boxes
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR) (optional) – PulseAudio audio driver
- zenity (qarma-gitAUR, zenity-gtk3AUR, zenity-gitAUR) (optional) – simple dialog boxes
Required by (0)
Sources (8)
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-i686-14.0.3.tar.xz
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-i686-14.0.3.tar.xz.asc
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-x86_64-14.0.3.tar.xz
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-x86_64-14.0.3.tar.xz.asc
- tor-browser.desktop.in
- tor-browser.in
- tor-browser.png
- tor-browser.svg
Latest Comments
« First ‹ Previous 1 .. 35 36 37 38 39 40 41 42 43 44 45 .. 77 Next › Last »
kyak commented on 2017-01-25 18:14 (UTC)
yar commented on 2017-01-25 17:25 (UTC)
z3ntu commented on 2017-01-25 11:43 (UTC)
slav commented on 2017-01-25 10:15 (UTC)
yar commented on 2017-01-25 09:14 (UTC) (edited on 2018-09-06 16:52 (UTC) by yar)
Before running makepkg, you must do this:
gpg --keyserver pool.sks-keyservers.net --recv-keys EB774491D9FF06E2
See below for details.
yar commented on 2017-01-25 09:12 (UTC)
A headache indeed. First of all, let's review all the relevant keys:
1) 8738A680B84B3031A630F2DB:416F0610:63FEE659 Erinn Clark's personal key - 4.0.3 [2015-01-14] and earlier were signed by this 2) EF6E286DDA85EA2A4BA7DE68:4E2C6E87:93298290 A master key created on 2014-12-15 for the purpose of signing other Tor Browser Developer keys 3) BA1EE421BBB45263180E1FC7:2E1AC68E:D40814E0 signed by #2, 4.0.4 [2015-02-25] through 6.0.8 [2016-12-13] were signed by this 4) A4300A6BC93C0877A4451486:D1483FA6:C3C07136 signed by #2, 6.5 [2017-01-24, today] is signed by this
Second of all, look at the makepkg source code: https://git.archlinux.org/pacman.git/tree/scripts/libmakepkg/integrity/verify_signature.sh.in#n64
- If the signer of the .asc file is not known by your build user's gpg keyring, your error message will be: "unknown public key"
- If validgpgkeys doesn't exist and the key isn't TRUSTED by your build user's gpg keyring, your error message will be: "the public key %s is not trusted"
- If validgpgkeys exists and the MASTER KEY isn't listed there, your error message will be: "invalid public key"
- Again, it checks against the MASTER KEY. Listing the subkey does nothing. See line 239: "If the file was signed with a subkey, arg10 contains the fingerprint of the primary key"
Note that makepkg has no code for retrieving signatures. It relies on you to --recv-key on your own. The validgpgkeys code doesn't even execute until makepkg has queried your build user's gpg keyring. So no matter what you need to --recv-key, which only downloads the key and does not imply that you fully trust it (for that you would run --edit-key). Validgpgkeys is used in lieue of fully trusting the key, but you still need to download it yourself. If you don't want to interact with GPG on your own, then run makepkg --skippgpcheck. There is no other way.
tl;dr you have to run this: gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136
Pinned Comments
grufo commented on 2019-08-15 02:22 (UTC)
Before running
makepkg
, you must do this (as normal user):$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:
$ tor-browser -u