Notice: Undefined variable: name in /srv/http/vhosts/aur-dev.archlinux.org/public/web/lib/pkgfuncs.inc.php on line 248

Package Details: tor-browser-en 6.5-1

Git Clone URL: https://aur-dev.archlinux.org/tor-browser-en.git (read-only)
Package Base: tor-browser-en
Description: Tor Browser Bundle: Anonymous browsing using firefox and tor
Upstream URL: https://www.torproject.org/projects/torbrowser.html.en
Keywords: tor
Licenses: GPL
Submitter: Maxr
Maintainer: yar (jugs)
Last Packager: yar
Votes: 628
Popularity: 17.255427
First Submitted: 2011-10-14 19:30
Last Updated: 2017-01-25 17:24

Pinned Comments

yar commented on 2017-01-25 09:14

Before running makepkg, you must do this:

gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136

See below for details.

Latest Comments

1 2 3 4 5 6 ... Next › Last »

Mark0009 commented on 2017-01-29 17:32

For the GPL license just copy that on your terminal: gpg --recv-keys 0x4E2C6E8793298290

Mark0009 commented on 2017-01-29 17:31

NICE ! ! ! 10/10

Alpha commented on 2017-01-29 17:01

@yar I got two work-around

1. As gnupg is failing to download the public key it can be done manually by this command:
curl "https://pgp.mit.edu/pks/lookup?op=get&search=0x4E2C6E8793298290" -o - | gpg --import

2. Gpg key verification can be skipped by replacing a pkgbuild line which is not recommended as tor is a very crucial piece of software. The line is:
validpgpkeys=('EF6E286DDA85EA2A4BA7DE684E2C6E8793298290' 'SKIP')

Process 1 is safe, 2 is risky and totally your choice. Peace!

fightcookie commented on 2017-01-27 15:23

@beroal Sorry, I confused the fingerprints with the keys itself. Now i understand it and have no problem with this packagebuild :)
Still, it would be nice if there would be a mechanism in makepkg to embed the whole key or at least instruct it to download it...

kyak commented on 2017-01-27 05:05

@kerberizer good for you, but i was using 2.1.17-4 at that time.
It contained incorrect patch, and so didn't work. In fact, it was silently fixed without a version bump: https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/gnupg&id=fff9ea5d38f76133a9ed5c38bc7dcf35591d33f6

Anyway, thanks for your feedback. The command from pinned message should work now for everyone running the latest gnupg.

kerberizer commented on 2017-01-26 16:00

@kyak:

$ pacman -Q gnupg
gnupg 2.1.18-1

$ killall dirmngr
dirmngr: no process found

$ killall gnome-keyring-daemon

$ mv ~/.gnupg{,.tmp}

$ gpg -k
gpg: directory '/home/<redacted>/.gnupg' created
gpg: new configuration file '/home/<redacted>/.gnupg/dirmngr.conf' created
gpg: new configuration file '/home/<redacted>/.gnupg/gpg.conf' created
gpg: keybox '/home/<redacted>/.gnupg/pubring.kbx' created
gpg: /home/<redacted>/.gnupg/trustdb.gpg: trustdb created

$ gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

$ makepkg -cCs
==> Making package: tor-browser-en 6.5-1 (Thu 26 Jan 17:53:58 EET 2017)
(...snip...)
==> Finished making: tor-browser-en 6.5-1 (Thu 26 Jan 17:54:14 EET 2017)

Please let me know if there are other tests or information that might help you find the cause of the problem you encounter.

kyak commented on 2017-01-26 15:35

@kerberizer obviously, you've already had the needed gpg key imported while running an older version of gnupg.
Try (re)moving the ~/.gnupg directory, killing dirmngr (or rebooting) and have a lot of "fun" with the latest gnupg.

What bothers me most is that people are not able to read even two comments back and try downgrading gnupg and then reporting back if it worked or not.

There are two types of commenters here: 1) It works for me, fix your problem and 2) It doesn't work for me, and i can't read.

kerberizer commented on 2017-01-26 13:16

Just to note that I've never had any issues with this package. I know this isn't too helpful for those who do face problems, but at least it's an indication that the source of the problems is something system and/or network-specific, and not the package itself.

tscs37 commented on 2017-01-26 07:22

The GPG command specified in the comments does not work. gpg will fail with "no key server available"

kyak commented on 2017-01-25 18:55

Downgrading to gnupg-2.1.16-2 and running gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136 has helped.

What a crappy piece of software.. Can't even handle itself.