[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Interested in a Tor Browser update script for Debian, Ubuntu and derivatives?

Downloading and gpg verifying Tor Browser each time there is an update
gets really tiresome and I think many people either never gpg verified
or don't do it sometimes.

What if we had a Debian package which contains a Tor Browser updater?

I could eventually provide something like this:

sudo apt-get install torbrowser-updater
torbrowser -update

No manual download and verification would be required.

I wrote a script to do it. It can do everything automatically. It
renames the old TB folder (after success), downloads, fetches the gpg
keys from the keyservers, gpg verifies and extracts it. Start menu
entries and icons are ready. Also an update checker is basically done.

Anyone interested?

Just details have to be sorted out. And a Debian package has to be
created. Anyone willing to help?

Open questions:

Do we download the Tor Browser archive in the clear or through Tor  have
an option for that?

Download the Tor Browser signing keys dynamically from the keyservers
(more prone to errors when keyserver is down) or ship the public keys?
If the signing keys change the package needs to be updated so or so,
because there is no package with the signing keys. [3]

Alternatives [1] [2].... None?

[1] Debian package with Tor Browser

Tickets #5236 "Make a deb of the Torbrowser and add to repository" [1[
and #3994 "Get TorBrowser in Debian" would only solve the Linux issue
and are totally unrealistic. [2]

Disto policy is a blocker. Tor Browser is too much of a hack. Too much
writing into the home (profile) folder. Distro policy wants to prevent
code duplication and does forbid to write (the profile) into the home
folder. The policy or packer advice is for such cases is "put the
functionality upstream".

Exactly this won't work either. According to distro policy it would be
best if the Tor Browser specific changes to Firefox could be activated
with a command line option. Ideally it could look like this...

The iceweasel package would look like:
- depends on iceweasel-bin
- depends on iceweasel-starter, i.e. normal iceweasel (Firefox) starter,
start menu entry and iceweasel icon

A Tor Browser Debian package would look like:
- depends on iceweasel-bin
- depends on torbrowser-starter, i.e. Tor Browser starter, start menu
entry and Tor Browser icon

This won't happen. Mozilla is generally disinterested takes ages to
merge patches. Getting Tor Browser into Linux distros (with Debian-like
policy) won't work.

[2] Thandy...

In which year we will get it?


[1] https://trac.torproject.org/projects/tor/ticket/5236
[2] https://trac.torproject.org/projects/tor/ticket/3994
[3] https://trac.torproject.org/projects/tor/ticket/5606
tor-talk mailing list