** Description changed: [Impact] torbrowser-launcher does not have the ability to update to newer Tor. New downloads of updates through it fail to verify due to mismatched developer keys. - [Test Case] (1) Install torbrowser-launcher. (2) Attempt to start tor. (3) Tor will attempt to update and fail with a signature verification error. - [Regression Potential] Replacing the key to use for verification should have no impact on functionality, but older-signed versions of the tor browser tarball will fail to verify. However, Tor devs are saying to use the new key anyways, so we should replace the key anyways. + + [racb] We might have overlooked some case where the old key is still + required. ------ ------ [Original Bug Description] I'm working on Ubuntu 18.04 x86_64 (fully patched). I installed Tor using Apt. When I attempt to launch Tor I am in an endless loop of download/verify/verify-failed. The process at the moment is (1) Try to start Tor. (2) Tor downloads something. (3) Signature verification begins. (4) Signature verification fails. (5) Click "Start" to do it again. Clicking "Start" from the "signature verify failed" screen takes me back to the download. Ad infinitum. I have to go to a Windows machine to use Tor. I'd like to get the issue fixed on Ubuntu since it is my main workstation. This issue has been going on since about June 2018. I'm guessing someone does not realize something is broken. At this point I am willing to accept the bad signature so I can use the Tor browser. I'm ready for the 6 month DoS to end. Screenshots available at https://superuser.com/q/1511112/173513. ----- Ubuntu version: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.3 LTS Release: 18.04 Codename: bionic And Tor package: $ apt list --installed | grep -w -i tor tor/bionic,now 0.3.2.10-1 amd64 [installed,automatic] tor-geoipdb/bionic,bionic,now 0.3.2.10-1 all [installed,automatic] --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.9 Architecture: amd64 CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-11-20 (28 days ago) InstallationMedia: Ubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 (20190805) Package: tor 0.3.2.10-1 PackageArchitecture: amd64 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcVersionSignature: Ubuntu 5.0.0-37.40~18.04.1-generic 5.0.21 Tags: bionic Uname: Linux 5.0.0-37-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.9 Architecture: amd64 DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-11-20 (28 days ago) InstallationMedia: Ubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 (20190805) Package: tor 0.3.2.10-1 PackageArchitecture: amd64 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcVersionSignature: Ubuntu 5.0.0-37.40~18.04.1-generic 5.0.21 Tags: bionic Uname: Linux 5.0.0-37-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: _MarkForUpload: True
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1856895 Title: [SRU] Tor does not download and install; repeated signature verification failed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1856895/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
