@fightcookie: When "then"? Which "these keys"?
Search Criteria
Package Details: tor-browser-bin 14.0.3-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/tor-browser-bin.git (read-only, click to copy) |
---|---|
Package Base: | tor-browser-bin |
Description: | Tor Browser Bundle: anonymous browsing using Firefox and Tor |
Upstream URL: | https://www.torproject.org/projects/torbrowser.html |
Licenses: | MPL-2.0 |
Conflicts: | tor-browser |
Provides: | tor-browser |
Submitter: | FabioLolix |
Maintainer: | grufo (jugs) |
Last Packager: | jugs |
Votes: | 1280 |
Popularity: | 1.01 |
First Submitted: | 2023-09-24 17:45 (UTC) |
Last Updated: | 2024-12-06 14:48 (UTC) |
Dependencies (19)
- alsa-lib
- dbus-glib
- desktop-file-utils (desktop-file-utils-gitAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- hunspell (hunspell-gitAUR)
- icu (icu-gitAUR)
- libevent (libevent-gitAUR)
- libvpx (libvpx-full-gitAUR, libvpx-gitAUR)
- libxt
- mime-types (mailcap)
- nss (nss-hgAUR)
- sqlite (sqlite-fossilAUR)
- startup-notification
- gst-libav (gst-libav-gitAUR) (optional) – H.264 video
- gst-plugins-good (gst-plugins-good-gitAUR) (optional) – H.264 video
- kdialog (kdialog-gitAUR) (optional) – KDE dialog boxes
- libnotify (libnotify-gitAUR) (optional) – Gnome dialog boxes
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR) (optional) – PulseAudio audio driver
- zenity (qarma-gitAUR, zenity-gtk3AUR, zenity-gitAUR) (optional) – simple dialog boxes
Required by (0)
Sources (8)
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-i686-14.0.3.tar.xz
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-i686-14.0.3.tar.xz.asc
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-x86_64-14.0.3.tar.xz
- https://dist.torproject.org/torbrowser/14.0.3/tor-browser-linux-x86_64-14.0.3.tar.xz.asc
- tor-browser.desktop.in
- tor-browser.in
- tor-browser.png
- tor-browser.svg
Latest Comments
« First ‹ Previous 1 .. 36 37 38 39 40 41 42 43 44 45 46 .. 77 Next › Last »
beroal commented on 2017-01-15 10:33 (UTC)
xuiqzy commented on 2017-01-14 23:11 (UTC)
but then we would trust these keys for all packages?
isn't the validpgpkeys array in the pkgbuild exactly the right way of verifying only this package, as currently there are keys in there, too!? (but only the wrong ones) (see pkgbuild arch wiki)
optimal would be a mechanism for knowing when the pgp key for only this package changes...
beroal commented on 2017-01-14 07:00 (UTC) (edited on 2017-01-14 07:01 (UTC) by beroal)
@ratcheer: See my comment under "All comments."
ratcheer commented on 2017-01-12 20:00 (UTC)
I also get this problem with the AUR package:
tor-browser-linux64-6.0.8_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0)
xuiqzy commented on 2017-01-06 02:11 (UTC)
Can you please change the validpgpkeys to the correct ones since the current ones are not the ones the paackage is signed with?
https://wiki.archlinux.org/index.php/PKGBUILD#validpgpkeys
pigmonkey commented on 2017-01-05 04:23 (UTC)
You may have a MITM. For me dist.torproject.org has a valid certificate from DigiCert.
Extended validation: No
Signature: SHA-256/RSA
Key: 2048 bits RSA
Common name: *.torproject.org
Issued to: The Tor Project, Inc.
Issued by: DigiCert Inc www.digicert.com
Validity: 4/14/2016 -- 5/29/2019
Fingerprint: 34:10:F9:2B:0C:7E:EC:81:86:EE:B3:F8:FC:B0:EC:01:DD:CD:90:FB:7F:0C:ED:17:FC:B9:A9:08:70:0C:6A:42
marcin commented on 2017-01-05 04:12 (UTC)
Curl ssl certificate problem:
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz
Aborting...
==> ERROR: Makepkg was unable to build tor-browser-en.
==> Restart building tor-browser-en ? [y/N]
==> ---------------------------------------
This seems to be torproject fault. Even manual going to https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz in a chrome/chromium results in Privacy error.
indunil commented on 2016-12-15 02:14 (UTC) (edited on 2016-12-15 02:15 (UTC) by indunil)
Hey Guys,
I'm having an issue on the tor update.
"Failure while downloading https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz
Aborting..."
-> Downloading tor-browser-linux64-6.0.8_en-US.tar.xz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
==> ERROR: Failure while downloading https://dist.torproject.org/torbrowser/6.0.8/tor-browser-linux64-6.0.8_en-US.tar.xz
Aborting...
==> ERROR: Makepkg was unable to build tor-browser-en.
==> Restart building tor-browser-en ? [y/N]
Please help
iskenderoguz commented on 2016-11-26 19:15 (UTC)
How can I install offline tor package ?
RubenKelevra commented on 2016-11-17 03:42 (UTC)
Please do not mess around with gpg-keyrings of the users with bloody scripting. AUR-Helper should just implement a semiautomatic function for this.
Pinned Comments
grufo commented on 2019-08-15 02:22 (UTC)
Before running
makepkg
, you must do this (as normal user):$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
If you want to update tor-browser from AUR without AUR helpers you can run in a terminal:
$ tor-browser -u