|
Bugzilla – Full Text Bug Listing |
| Summary: | torbrowser-launcher: signature verification failed | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Deleted Name <deleted> |
| Component: | X11 Applications | Assignee: | Atri Bhattacharya <badshah400> |
| Status: | RESOLVED DUPLICATE | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | astieger, badshah400, deleted |
| Version: | Leap 42.3 | Flags: | badshah400:
needinfo?
(deleted) |
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | openSUSE 42.3 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | screenshot | ||
(In reply to Name Deleted from comment #0) > EXPECTED: > Tor browser should install Except of course if the signature verification actually fails. > SIGNATURE VERIFICATION FAILED! > You must be under attack, or [...] People keep forgetting that. Downloading manually Tor browser for Linux and the signature file from the original site and following the instruction given here: https://www.torproject.org/docs/verifying-signatures.html.en [/tmp/download]: gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 gpg: requesting key 93298290 from hkp server pool.sks-keyservers.net gpg: key 93298290: public key "Tor Browser Developers (signing key) <torbrowser@torproject.org>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [/tmp/download]: gpg --fingerprint 0x4E2C6E8793298290 pub 4096R/93298290 2014-12-15 [expires: 2020-08-24] Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 uid [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org> sub 4096R/C3C07136 2016-08-24 [expires: 2018-08-24] [/tmp/download]: gpg --verify tor-browser-linux64-7.5_en-US.tar.xz.asc tor-browser-linux64-7.5_en-US.tar.xz gpg: Signature made Tue 23 Jan 2018 02:50:13 AM EET using RSA key ID C3C07136 gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 Subkey fingerprint: A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136 [/tmp/download]: Hi George, Would it be possible for you to try the test update I have prepared in: https://build.opensuse.org/package/show/home:badshah400:branches:devel:languages:python/torbrowser-launcher and let us know if it resolves your issue. If you prefer to add the test repository for 42.3, it is here: https://download.opensuse.org/repositories/home:/badshah400:/branches:/devel:/languages:/python/openSUSE_Leap_42.3/ George, a summary of "does not work" typically falls below our bug reporting standards. See https://github.com/micahflee/torbrowser-launcher/blob/master/CHANGELOG.md 0.2.9 [...] Updated list of Tor Project dist mirrors 0.2.8 [...] Update URL to check for latest version, which changed in Tor Browser 7 Automatically refresh GPG keyring, to prevent signature verification false positives Improve GnuPG code by using GPGME if available [...] 0.2.7 Updated Tor Browser signing key because they added a new subkey and verification was failing [...] Is this not simply a dup of bug 1023279? Atri can you submit a maintenance update? *** This bug has been marked as a duplicate of bug 1023279 *** I am ready to submit an update for 42.3. This does seem to be a dup of bug 1023279 (which is for Tumbleweed). YaST says "Unable to create repository from URL <the one you gave>" so I can't test and confirm anything. Visiting the URL in browser gives 404. Not sure why you marked it as fixed. @Andreas: well "doesn't work" is what actually happens: it doesn't work as expected + there is detailed explanation what actually happens. How would you formulate it better? It's marked fixed, but really it should be marked as a duplicate of bug 1023279. Please follow development there. *** This bug has been marked as a duplicate of bug 1023279 *** (In reply to Name Deleted from comment #7) > YaST says "Unable to create repository from URL <the one you gave>" so I > can't test and confirm anything. Visiting the URL in browser gives 404. Not > sure why you marked it as fixed. Because this is a defect tracker, not a helpdesk tracker. The issue fixed from an engineering standpoint in the new upstream version. You will see an update in due time. > @Andreas: well "doesn't work" is what actually happens: it doesn't work as > expected + there is detailed explanation what actually happens. How would > you formulate it better? A *summary* that differentiates the bug from all other instances where torbrowser-launchner does not work. In this case "signature verification failed". Ok, I will be more careful with summarizing for other reports. |
Created attachment 758748 [details] screenshot 1. Install package torbrowser-launcher 2. Start Tor Browser Launcher Settings and click "Install Tor Browser" (see attached screenshot) EXPECTED: Tor browser should install ACTUAL: A message appears (see attached screenshot) " SIGNATURE VERIFICATION FAILED! You must be under attack, or there must be a a networking problem. Click Start try the download again. " 3. Clicked "Start" but the same repeats 4. Chose another mirror - same unfortunate result. 5. Tried other mirrors. Some say 404, others say "111: Connection refused"