Tor Browser on Ubuntu 20.04.1

Hi
I have a Dell Inspiron 5767 laptop, running Ubuntu 20.04.1 LTS.
I would like to try the Tor Browser.
But no matter how i Try to install it (Software center, snap, Terminal commands, PPA 's etc), it is getting stuck in verifying signature after the download wizard has run.
Anyone know the solution to this problem?

Skærmbillede fra 2020-09-07 14-46-17

Best regards
Viking Penguin

Hi
I can add, that I just tried to start the Tor browser in the Terminal by entering:
torbrowser-launcher
I gives the following output:
Tor Browser-opstarter
Af Micah Lee, licenseret under MIT
version 0.3.2


Downloader Tor Browser for første gang.
Downloader over Tor
Downloader https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US
Seneste version: 9.5.4
Downloader https://www.eprci.com/tor/dist/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz.asc
Downloader https://www.eprci.com/tor/dist/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz
Verificerer signatur
Refreshing local keyring…
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py”, line 589, in verify
c.verify(signature=sig, signed_data=signed)
File “/usr/lib/python3/dist-packages/gpg/core.py”, line 541, in verify
raise errors.BadSignatures(results[1], results=results)
gpg.errors.BadSignatures: 110775B5D101FB36BC6C911BEB774491D9FF06E2: Nøgle udløbet

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py”, line 600, in run
verify()
File “/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py”, line 594, in verify
raise Exception
Exception

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py”, line 603, in run
self.common.refresh_keyring()
File “/usr/lib/python3/dist-packages/torbrowser_launcher/common.py”, line 196, in refresh_keyring
p = subprocess.Popen([’/usr/bin/gpg2’, ‘–status-fd’, ‘2’,
File “/usr/lib/python3.8/subprocess.py”, line 854, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File “/usr/lib/python3.8/subprocess.py”, line 1702, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] Ingen sådan fil eller filkatalog: ‘/usr/bin/gpg2’

What I take away is the message saying “Nøgle udløbet” which is in English that the “key has expired”

But what does that means?

sudo apt install gnupg2

Edit: Whatever is happening is looking for /usr/bin/gpg2 which has been replaced since 18.04 with /usr/bin/gpg but the symlinks apparently don’t exist unless you installed the gnupg2 transition package. I guess you could put them there yourself too.

Edit2: I’ve had a chance to try this in a fresh Ubuntu 20.04.1 VM. My first solution solves the stuck problem. However it looks like the Tor browser tarball can’t be verified, which is troubling. I have downloaded the tarball and .asc from the actual website and not the torbrowser-launcher and am still unable to verify the tarball. I will continue to give this a shot.

Edit3: I was able to verify the tarball by following the instructions on the Tor project documentation. I was then able to launch the browser as described in the docs. I have no idea why torbrowser-launcher is failing. My guess is at some point the Tor project gpg key isn’t being imported because that is the only thing I did differently by hand.

1 Like

Hi
Thank you for the reply.
I tried to install the gnupg2, and it got me a little down the road.
I looks like Tor is starting now, but then goes to this warning

Yeah that’s where I was during my second edit. I still can’t get any of the automated launchers to work.

From their GitHub:
“You can install torbrowser-launcher from your operating system’s package manager, but it might be out-of-date and have issues working. If you want to make sure you always have the latest version, use one of the methods below to install:”

For Ubuntu they recommend:
sudo apt purge torbrowser-launcher # I added this to remove the existing installation
sudo add-apt-repository ppa:micahflee/ppa
sudo apt update
sudo apt install torbrowser-launcher

Or Flatpak:
flatpak install flathub com.github.micahflee.torbrowser-launcher -y
flatpak run com.github.micahflee.torbrowser-launcher # Or use GUI

https://github.com/micahflee/torbrowser-launcher

That PPA is out of date though.

What do you mean by out of date? I’m not a regular PPA user. I seem to be getting the latest version of torbrowser-launcher and Tor when I use it and it’s the one on their GitHub if that means anything.


I’m getting the same errors as @VikingPenguin though.

The PPA does not contain a version for 20.04. It’s pulling it in from the Ubuntu repositories.

As I said in my third edit, I am able to verify, install, and run the browser when following their instructions on the tor browser website.

There must be a bug in the app preventing it from properly importing the tor project GPG key. Someone should probably file a bug report.

1 Like

WOOF. I did some digging in the github. This verification problem seems to have been an ongoing issue** for over a year. This may be one of those times where a bug report won’t do it.

** or at least a constant similar issue plaguing the project.

You know what my biggest problem is? I just don’t know when to quit.

Quick background:

The gpg key id used for the Tor Browser is 0x4E2C6E8793298290

http://keys.gnupg.net/pks/lookup?search=0x4E2C6E8793298290&fingerprint=on&op=index

The gnupg home relevant to the installation isn’t the default: ~/.gnupg/, it’s: ~/.local/share/torbrowser/gnupg_homedir/

It’s created with appropriate permissions when torbrowser-launcher launches for the first time.

The default key server is keys.openpgp.org as seen when running:

gpg -v --homedir ~/.local/share/torbrowser/gnupg_homedir --recv-keys 0x4E2C6E8793298290

…and confirming the response from keys.openpgp.org:

gpg -v --homedir ~/.local/share/torbrowser/gnupg_homedir --keyserver keys.openpgp.org --recv-keys 0x4E2C6E8793298290

It gives the error: “new key but contains no user ID - skipped” and doesn’t install the key.

What’s interesting is when torbrowser-launcher reaches the end of it’s installation it’ll install a key so i’m not sure where it’s getting it from or if it’s forcing the inadequate key that’s coming from keys.openpgp.org.

The solution is to use a key from a different key server. Having tried:

  • keyserver.ubuntu.com
  • pgp.mit.edu
  • keys.gnupg.net

These all work with browser-launcher and Tor starts without a hitch.

Side note: With a functional key there’s no error for missing gnupg2.

The Solution:

How to install browser-launcher from scratch:

Install and launch torbrowser-launcher:

sudo add-apt-repository ppa:micahflee/ppa # Gives same version as Ubuntu 20 repo
sudo apt update
sudo apt install torbrowser-launcher
torbrowser-launcher

Upon launch the required folder structure and permissions will be created.

It’ll begin to downloading Tor, during the download open another Terminal and install the correct gpg key:

gpg --homedir ~/.local/share/torbrowser/gnupg_homedir --keyserver keyserver.ubuntu.com --recv-keys 0x4E2C6E8793298290

It’ll take a few minutes for this to complete. Once the Tor download is complete browser-launcher will run Tor correctly.

If you didn’t install the gpg key in time skip to “Fixing a non-working installation”

Fixing a non-working installation:

Delete the offending key:

gpg --homedir ~/.local/share/torbrowser/gnupg_homedir --delete-keys torbrowser@torproject.org

Install the correct key:

gpg --homedir ~/.local/share/torbrowser/gnupg_homedir --keyserver keyserver.ubuntu.com --recv-keys 0x4E2C6E8793298290

Run torbrowser-launcher

torbrowser-launcher
1 Like

The Tor browser team’s key was poisoned last year, so there might be a hiccup there.

Important edits: I pulled it from the github and modified the source code torbrowser_launcher/common.py at line 206

from '--keyserver', 'hkps://keys.openpgp.org',
to '--keyserver', 'hkps://keyserver.ubuntu.com',

built the .deb, installed the .deb, launched it and everything installed just fine. So I think @Ulfnic has figured it out.

Great job team.

1 Like

Fingers crossed :wink:

1 Like

I editted you and the fix into the comment, WE NAILED IT!! :smiley:

2 Likes

It worked for me as well :slight_smile:
Thank you so much for your time and good help.

1 Like