torbrowser-launcher: Unable to start tor browser - gpg hangs refreshing keys (possible key servers DoS)
See https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
What I have now looks very much like it:
UID PID PPID C STIME TTY TIME CMD
bor 31474 31391 97 06:30 ? 00:13:46 /usr/bin/gpg --status-fd 2 --homedir /home/bor/.local/share/torbrowser/gnupg_homedir --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file /usr/share/torbrowser-launcher/sks-keyservers.netCA.pem include-revoked no-honor-keyserver-url no-honor-pka-record --refresh-keys
Yes, 13 minutes processing time!!!
Please make key server configurable to allow mitigation.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Reactions: 11
- Comments: 26 (1 by maintainers)
People using the Ubuntu 18.04.2 LTS release version of this can do a oneliner to delete the bad key and a small hack to make torbrowser-launcher not hang on the key refresh.
This will delete the offending key you received from hkps.pool.sks-keyservers.net:
gpg --homedir ~/.local/share/torbrowser/gnupg_homedir --delete-keys torbrowser@torproject.orgThen you can manually edit your locally installed torbrowser-launcher to use keys.openpgp.org as seen in #402 by editing
/usr/lib/python2.7/dist-packages/torbrowser_launcher/common.pyline 220 and changehkps://hkps.pool.sks-keyservers.nettohkps://keys.openpgp.org.Then start torbrowser-launcher like usual and it will get an uncorrupted key and things will keep working. It’s just a way to workaround the issue until Ubuntu releases a fixed version downstream.
For those who will experience this behavior on Ubuntu 18.04 - you should install newer version by adding ppa:
Source: https://github.com/micahflee/torbrowser-launcher/issues/410#issuecomment-520294348
The workaround I used is to kill all GPG processes with the command
killall gpg, then Tor Browser started and I could use it. But isn’t this workaround removing the following security feature?Verifies Tor Browser's signature for you, to ensure the version you downloaded was cryptographically signed by Tor developers and was not tampered withThen it would be considered a security vulnerability that we can start Tor Browser just by killing GPG, users should not be able to disable a security feature without giving an explicit permission (e.g. through a command parameter --disable-gpg) and a warning should be displayed when the browser starts.This issue looks similar to a previous one: https://github.com/micahflee/torbrowser-launcher/issues/305 Here is a cleaner workaround to start Tor Browser:
~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser.Related: https://github.com/micahflee/torbrowser-launcher/issues/400
I tried this fix and get farther now, in startup, but get a dialog with
GENERIC_VERIFY_FAILerror.then add the ppa and sudo apt
install torbrowser-launcherWorked for me, ubuntu 18.04
Add a “mee too” for Ubuntu 18.04.03 x86_64 (fully patched).
I can’t seem to get beyond this failure. It has been going on 6 months to a year:
Why can’t Tor and Ubuntu get this to work?
This problem is still present in Ubuntu 19.10. Adding PPA and reinstalling Tor browser did not fix the issue for me.
Confirming this works for me. From a newbie at Linux, let me give you guys a big Thank you!
Adding ppa worked for me. Thanx