

















@medaminezghal,
Because this package treats /opt/tor-browser as the system-managed cache/source, not the runnable browser install. There's a number of reasons why we don't install there...
@grufo Why don't you install tor-browser fully under /opt/tor-browser? Why it's under ~/.local/opt/tor-browser?
@ilovemikael: Alright. Grammar fixed.
@grufo - My mistake on the .desktop file, thanks for clarifying the spec (I was fixing it for the alpha package, and when I made it use the pkgver, it worked, but I think I confounded that as fixing the file when changing [Dsektop Entry] to [Desktop Entry] was the real fix, always the red herrings!).
@ilovemikael:
Version key in the .desktop file does refer to Tor Browser's version, but to “the version of the desktop entry specification to which this file conforms” (see the wiki)_TB_PKGNAME_.Hi, the value of Version in the desktop file (1.0) should be switched to @PACKAGE_VERSION@ to work with the _sed_subst function; also, although it is pestilentially petty to point out, considering that the words should be printed only if things go awry, my moral barometer nonetheless impels me to inform you that line 212 of the shell script has a typo ("you do not have installed ${TB_PKGNAME} yet"). Good day.
@zuzavo, I am seeing that the window is tiling by default in hyprland as well. I don't think that's a bug as the tor-browser package has nothing to do with your compositor/window manager. If you want to edit your hyprland config you can make it floating by default:
windowrule = float 1, match:class Tor Browser
Hello I am a Hyprland user. The latest update makes Tor Browser take up the entire screen. Could someone else confirm this to be sure this is a bug?
The PKGBUILD fetches SHA256 checksums at build time via _dist_checksum(), which downloads them from torproject.org. This defeats the purpose of checksum verification - a compromised server could serve both malicious archives AND matching checksums. Additionally, the fallback to sha256sums-unsigned-build.txt further weakens security if the signed version is unavailable.
This breaks makepkg's security model where checksums should be hardcoded in the PKGBUILD. While GPG signature verification provides some protection (if users import the key as instructed), relying solely on runtime-fetched checksums is problematic.
Do I miss something? If not, is it really necessary to let it fetch the checksums instead of hardcoding them?
@LaughingMan Well the package is basically broken at this point too.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。
Before running
makepkg, you must do this (as normal user):$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.orgIf you want to update tor-browser from AUR without AUR helpers you can run in a terminal:
$ tor-browser -u