It would be a shame to successfully download the tarball (takes a long time) only to notice, that the signature can not be downloaded (takes very little time), wouldn't it?

So if that won't require a lot work, could you shuffle that code please and download the signature before the tarball?

When launching TBB, it just tries executing start-tor-browser. Add a check to make sure it's executable.

ioerror@3ab77db

TBL checks for updates by downloading this json object: https://check.torproject.org/RecommendedTBBVersions

It looks like this:

[
"2.3.25-6-MacOS",
"2.3.25-6-Windows",
"2.3.25-6-Linux",
"2.4.11-alpha-2-MacOS",
"2.4.11-alpha-2-Windows",
"2.4.11-alpha-2-Linux"
]

Right now the attempt_update() method is always picking the latest alpha. It should pick the latest stable instead by default.

develop ~/torbrowser-launcher $ python
Python 2.7.3 (default, Jan  2 2013, 16:53:07)
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import locale
>>> locale.getdefaultlocale()

(None, None)

Need to figure out a more reliable way to get the language.

Since many places block TorProject.org, it would be useful for the launcher to accept TorProject mirrors as alternative download locations.

Is it "clone or d/l & run build_and_install.sh"? Even if that's all it is it should be in the Readme, as what's currently there addresses more advanced topics but does not address the needs of novice users, who are presumably the core target.

I would suggest putting it at the very top of the readme.

When TBL is downloading a file and you exit before it's done it leaves the file on the disk. Then if you open TBL again it sees the tarball and tarball_sig and thinks you have downloaded TBB but it's not installed, and tries verifying the sig. Since the file was canceled the sig clearly doesn't verify so it pops up MITM warning.

Here is a use flow:

1. Run torbrowser-launcher
2. Do some torbrowsing. Close torbrowser.
3. Run torbrowser-launcher again.

The use will be confronted with this message:

Another Vidalia process is possibly already running. If there really is not another Vidalia process running, you can choose to continue anyway.
Would you like to continue starting Vidalia?

Continue|Quit

This is All Wrong. The launcher should notice that Vidalia/tor is already running, and open a new torbrowser window that talks to it.

This will be a big one. Most dependencies (like gnupg) will either need to be bundled, or TBL will need to require users to have MacPorts or homebrew or something, which I think is a bad idea.

And the biggest challenge will be porting all the GUI stuff to Cocoa. Right now it's using GTK, which I understand totally sucks in OS X.

There's also some Linux-specific code:

• When checking for updates, choosing the right version
• Bringing windows to front

Right now the .tar.gz and .tar.gz.asc are downloaded from https://www.torproject.org/ not over Tor. I should make tor a dependency (#5) and make these requests go over the system Tor.

pde@host:~/src/torbrowser-launcher$ python setup.py --command-packages=stdeb.command bdist_deb
running bdist_deb
running sdist_dsc
CALLING dpkg-source -b torbrowser-launcher-0.1-alpha (in dir deb_dist)
dpkg-source: info: using source format 3.0 (quilt)' dpkg-source: info: building torbrowser-launcher using existing ./torbrowser-launcher_0.1-alpha.orig.tar.gz dpkg-source: info: building torbrowser-launcher in torbrowser-launcher_0.1-alpha-1.debian.tar.gz dpkg-source: info: building torbrowser-launcher in torbrowser-launcher_0.1-alpha-1.dsc dpkg-source: warning: extracting unsigned source package (torbrowser-launcher_0.1-alpha-1.dsc) dpkg-source: info: extracting torbrowser-launcher in torbrowser-launcher-0.1-alpha dpkg-source: info: unpacking torbrowser-launcher_0.1-alpha.orig.tar.gz dpkg-source: info: unpacking torbrowser-launcher_0.1-alpha-1.debian.tar.gz Traceback (most recent call last): File "setup.py", line 24, in <module> ('/usr/share/torbrowser-launcher/locale/en', ['locale/en/messages.pot'])] File "/usr/lib/python2.7/distutils/core.py", line 152, in setup dist.run_commands() File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands self.run_command(cmd) File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command cmd_obj.run() File "/usr/lib/python2.7/dist-packages/stdeb/command/bdist_deb.py", line 32, in run raise ValueError('more than one directory in deb_dist. ' ValueError: more than one directory in deb_dist. Unsure which is source directory pde@xylophonic:~/src/torbrowser-launcher$ ls deb_dist/ torbrowser-launcher-0.1/ torbrowser-launcher_0.1-1.debian.tar.gz torbrowser-launcher_0.1-1_i386.changes torbrowser-launcher_0.1-alpha-1.debian.tar.gz torbrowser-launcher_0.1-alpha.orig.tar.gz torbrowser-launcher_0.1-1_all.deb torbrowser-launcher_0.1-1.dsc torbrowser-launcher-0.1-alpha/ torbrowser-launcher_0.1-alpha-1.dsc torbrowser-launcher_0.1.orig.tar.gz pde@host:~/src/torbrowser-launcher$ python setup.py clean running clean pde@host:~/src/torbrowser-launcher$ python setup.py --command-packages=stdeb.command bdist_deb running bdist_deb running sdist_dsc CALLING dpkg-source -b torbrowser-launcher-0.1-alpha (in dir deb_dist) dpkg-source: info: using source format3.0 (quilt)'
dpkg-source: info: building torbrowser-launcher using existing ./torbrowser-launcher_0.1-alpha.orig.tar.gz
dpkg-source: info: building torbrowser-launcher in torbrowser-launcher_0.1-alpha-1.debian.tar.gz
dpkg-source: info: building torbrowser-launcher in torbrowser-launcher_0.1-alpha-1.dsc
dpkg-source: warning: extracting unsigned source package (torbrowser-launcher_0.1-alpha-1.dsc)
dpkg-source: info: extracting torbrowser-launcher in torbrowser-launcher-0.1-alpha
dpkg-source: info: unpacking torbrowser-launcher_0.1-alpha.orig.tar.gz
dpkg-source: info: unpacking torbrowser-launcher_0.1-alpha-1.debian.tar.gz
Traceback (most recent call last):
File "setup.py", line 24, in
('/usr/share/torbrowser-launcher/locale/en', ['locale/en/messages.pot'])]
File "/usr/lib/python2.7/distutils/core.py", line 152, in setup
dist.run_commands()
File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
self.run_command(cmd)
File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File "/usr/lib/python2.7/dist-packages/stdeb/command/bdist_deb.py", line 32, in run
raise ValueError('more than one directory in deb_dist. '

I was Tor Browser Launcher localized into the same languages that TBB is localized to. This means I should import gettext, and all strings should be wrapped in _("") (ioerror@bfe97f4).

I launched torbrowser-launcher on xubuntu localized in Italian but the download fails, because it tries to download a version of TBB that does not exist.

In this directory:
https://www.torproject.org/dist/torbrowser/linux/

the files:
https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.4.12-alpha-1-dev-it.tar.gz
https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.4.12-alpha-1-dev-it.tar.gz.asc

does not exist!

The torbrowser-launch returns with error "SIGNATURE VERIFICATION FAILED"

Take this in the spirit of "how do the uninitiated fail when using cool things you make".

Torbrowser-launcher is great and I love it on my main computer (ubuntu 12.04). On 3 other systems though (two laptops, one which I tried both before and after switching from ubuntu 12.04 to debian wheezy), I follow the steps you give and then try to open it and just get a 404 not found error.

I tried different mirrors as well as trying to uninstall and reinstall; nothing doing.

Don't know if it's a bug in the technical sense, but definitely a bug in the usability sense.

Thanks so much for making torbrowser-launcher!

Right now if you don't have internet access it just crashes.

In a fresh install of Debian squeeze, following the build instructions to create a .deb doesn't work.

micah@debian:~/torbrowser-launcher$ python setup.py --command-packages=stdeb.command bdist_deb
running bdist_deb
running sdist_dsc
working around Debian #548392, changing XS-Python-Version: to 'current'
CALLING dpkg-source -b torbrowser-launcher-0.1 torbrowser-launcher_0.1.orig.tar.gz (in dir deb_dist)
dpkg-source: info: using source format `1.0'
dpkg-source: info: building torbrowser-launcher using existing torbrowser-launcher_0.1.orig.tar.gz
dpkg-source: info: building torbrowser-launcher in torbrowser-launcher_0.1-1.diff.gz
dpkg-source: info: building torbrowser-launcher in torbrowser-launcher_0.1-1.dsc
dpkg-source: warning: extracting unsigned source package (torbrowser-launcher_0.1-1.dsc)
dpkg-source: info: extracting torbrowser-launcher in torbrowser-launcher-0.1
dpkg-source: info: unpacking torbrowser-launcher_0.1.orig.tar.gz
dpkg-source: info: applying torbrowser-launcher_0.1-1.diff.gz
dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor): 
dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2
dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor): 
dpkg-buildpackage: source package torbrowser-launcher
dpkg-buildpackage: source version 0.1-1
dpkg-buildpackage: source changed by Micah Lee <[email protected]>
dpkg-buildpackage: host architecture i386
 dpkg-source --before-build torbrowser-launcher-0.1
 fakeroot debian/rules clean
dh clean
   dh_testdir
Unknown option: buildsystem
dh_testdir: warning: ignored unknown options in DH_OPTIONS
   dh_auto_clean
running clean
'build/lib.linux-i686-2.6' does not exist -- can't clean it
'build/bdist.linux-i686' does not exist -- can't clean it
'build/scripts-2.6' does not exist -- can't clean it
   dh_clean
Unknown option: buildsystem
dh_clean: warning: ignored unknown options in DH_OPTIONS
 debian/rules build
dh build
   dh_testdir
Unknown option: buildsystem
dh_testdir: warning: ignored unknown options in DH_OPTIONS
   dh_auto_configure
   dh_auto_build
running build
running build_scripts
creating build
creating build/scripts-2.6
copying and adjusting torbrowser-launcher -> build/scripts-2.6
changing mode of build/scripts-2.6/torbrowser-launcher from 644 to 755
   dh_auto_test
 fakeroot debian/rules binary
dh binary
   dh_testroot
   dh_prep
Unknown option: buildsystem
dh_prep: warning: ignored unknown options in DH_OPTIONS
   dh_installdirs
Unknown option: buildsystem
dh_installdirs: warning: ignored unknown options in DH_OPTIONS
   dh_auto_install
running install
running build
running build_scripts
running install_scripts
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/bin
copying build/scripts-2.6/torbrowser-launcher -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/bin
changing mode of /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/bin/torbrowser-launcher to 755
running install_data
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/applications
copying torbrowser.desktop -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/applications
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/pixmaps
copying img/torbrowser32.xpm -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/pixmaps
copying img/torbrowser80.xpm -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/pixmaps
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/torbrowser-launcher
copying keys/erinn.asc -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/torbrowser-launcher
copying keys/sebastian.asc -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/torbrowser-launcher
copying torproject.pem -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/torbrowser-launcher
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/torbrowser-launcher/locale
creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/torbrowser-launcher/locale/en
copying locale/en/messages.pot -> /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/share/torbrowser-launcher/locale/en
running install_egg_info
Creating /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/lib/python2.6/dist-packages/
Writing /home/micah/torbrowser-launcher/deb_dist/torbrowser-launcher-0.1/debian/torbrowser-launcher/usr/lib/python2.6/dist-packages/torbrowser_launcher-0.1.egg-info
   dh_install
Unknown option: buildsystem
dh_install: warning: ignored unknown options in DH_OPTIONS
   dh_installdocs
Unknown option: buildsystem
dh_installdocs: warning: ignored unknown options in DH_OPTIONS
   dh_installchangelogs
Unknown option: buildsystem
dh_installchangelogs: warning: ignored unknown options in DH_OPTIONS
   dh_installexamples
Unknown option: buildsystem
dh_installexamples: warning: ignored unknown options in DH_OPTIONS
   dh_installman
Unknown option: buildsystem
dh_installman: warning: ignored unknown options in DH_OPTIONS
   dh_installcatalogs
Unknown option: buildsystem
dh_installcatalogs: warning: ignored unknown options in DH_OPTIONS
   dh_installcron
Unknown option: buildsystem
dh_installcron: warning: ignored unknown options in DH_OPTIONS
   dh_installdebconf
Unknown option: buildsystem
dh_installdebconf: warning: ignored unknown options in DH_OPTIONS
   dh_installemacsen
Unknown option: buildsystem
dh_installemacsen: warning: ignored unknown options in DH_OPTIONS
   dh_installifupdown
Unknown option: buildsystem
dh_installifupdown: warning: ignored unknown options in DH_OPTIONS
   dh_installinfo
Unknown option: buildsystem
dh_installinfo: warning: ignored unknown options in DH_OPTIONS
   dh_pysupport
Unknown option: buildsystem
dh_pysupport: warning: ignored unknown options in DH_OPTIONS
   dh_installinit
Unknown option: buildsystem
dh_installinit: warning: ignored unknown options in DH_OPTIONS
   dh_installmenu
Unknown option: buildsystem
dh_installmenu: warning: ignored unknown options in DH_OPTIONS
   dh_installmime
Unknown option: buildsystem
dh_installmime: warning: ignored unknown options in DH_OPTIONS
   dh_installmodules
Unknown option: buildsystem
dh_installmodules: warning: ignored unknown options in DH_OPTIONS
   dh_installlogcheck
Unknown option: buildsystem
dh_installlogcheck: warning: ignored unknown options in DH_OPTIONS
   dh_installlogrotate
Unknown option: buildsystem
dh_installlogrotate: warning: ignored unknown options in DH_OPTIONS
   dh_installpam
Unknown option: buildsystem
dh_installpam: warning: ignored unknown options in DH_OPTIONS
   dh_installppp
Unknown option: buildsystem
dh_installppp: warning: ignored unknown options in DH_OPTIONS
   dh_installudev
Unknown option: buildsystem
dh_installudev: warning: ignored unknown options in DH_OPTIONS
   dh_installwm
Unknown option: buildsystem
dh_installwm: warning: ignored unknown options in DH_OPTIONS
   dh_installxfonts
Unknown option: buildsystem
dh_installxfonts: warning: ignored unknown options in DH_OPTIONS
   dh_bugfiles
Unknown option: buildsystem
dh_bugfiles: warning: ignored unknown options in DH_OPTIONS
   dh_lintian
Unknown option: buildsystem
dh_lintian: warning: ignored unknown options in DH_OPTIONS
   dh_gconf
Unknown option: buildsystem
dh_gconf: warning: ignored unknown options in DH_OPTIONS
   dh_icons
Unknown option: buildsystem
dh_icons: warning: ignored unknown options in DH_OPTIONS
   dh_perl
Unknown option: buildsystem
dh_perl: warning: ignored unknown options in DH_OPTIONS
   dh_usrlocal
Unknown option: buildsystem
dh_usrlocal: warning: ignored unknown options in DH_OPTIONS
   dh_link
Unknown option: buildsystem
dh_link: warning: ignored unknown options in DH_OPTIONS
   dh_compress
Unknown option: buildsystem
dh_compress: warning: ignored unknown options in DH_OPTIONS
   dh_fixperms
Unknown option: buildsystem
dh_fixperms: warning: ignored unknown options in DH_OPTIONS
   dh_strip
Unknown option: buildsystem
dh_strip: warning: ignored unknown options in DH_OPTIONS
   dh_makeshlibs
Unknown option: buildsystem
dh_makeshlibs: warning: ignored unknown options in DH_OPTIONS
   dh_shlibdeps
Unknown option: buildsystem
dh_shlibdeps: warning: ignored unknown options in DH_OPTIONS
   dh_installdeb
Unknown option: buildsystem
dh_installdeb: warning: ignored unknown options in DH_OPTIONS
   dh_gencontrol
Unknown option: buildsystem
dh_gencontrol: warning: ignored unknown options in DH_OPTIONS
dpkg-gencontrol: warning: Provides field of package torbrowser-launcher: unknown substitution variable ${python:Provides}
   dh_md5sums
Unknown option: buildsystem
dh_md5sums: warning: ignored unknown options in DH_OPTIONS
   dh_builddeb
Unknown option: buildsystem
dh_builddeb: warning: ignored unknown options in DH_OPTIONS
dpkg-deb: warning: 'debian/torbrowser-launcher/DEBIAN/control' contains user-defined field 'Python-Version'
dpkg-deb: building package `torbrowser-launcher' in `../torbrowser-launcher_0.1-1_all.deb'.
dpkg-deb: warning: ignoring 1 warning about the control file(s)

 dpkg-genchanges -b >../torbrowser-launcher_0.1-1_i386.changes
dpkg-genchanges: binary-only upload - not including any source code
 dpkg-source --after-build torbrowser-launcher-0.1
dpkg-buildpackage: binary only upload (no source included)

It keeps trying to update the browser and returning an error of "signature validation fail" then dumping me out.

Downloading https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-    x86_64-2.4.15-beta-1-dev-fr.tar.gz.asc
Download error: Download Error: 404 Not Found <class '__main__.DownloadErrorException'>

but "https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.4.15-beta-1-dev-en-US.tar.gz.asc" is available.

Suggestion: maybe ask the user

"fr version not available, continue with en_US version ?" -> OK/CANCEL

I think this will cause some confusion...

Checked for update within 24 hours, skipping

...because, Tor Button has it's own update check and will show a red blinking light, indicating it should get updated.

I expect users will ask, how to update if Tor Button implies an update, but torbrowser-launcher does offer updating.

One solution could be to add an additional Tor Browser Updater icon which starts torbrowser-launcher with -force-check-update.

Sometimes TBL ends up checking for updates and thinking that there are none, when really they are. I have a ~/.torbrowser that does this, so I can debug why the wrong code path is getting run.

Since the release of 3.0 alpha1 (https://blog.torproject.org/blog/announcing-tor-browser-bundle-30alpha1) the alpha bundles stopped working. Retrieving the signature results in a 404 error.

I've opened an ITP bug for Debian:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705177

Tor Browser Bundle is localized into 13 different languages, but right now TBL is only in English. All the strings are currently wrapped in the _() function, and gettext is included, but nothing has actually been localized.

I'll want to borrow the Tor Project's https://www.transifex.com/ account for this.

Now, that updating over Tor is in...

torbrowser-launcher could download form http://idnxcnkne4qt76tg.onion instead from https://www.torproject.org/.

Advantages of .onion:

• free end-to-end encryption (strictly speaking: Tor to Tor)
• no SSL-CA's involved
• no Tor exit nodes involved

Disadvantages of .onion:

• slower

From a comment on https://micahflee.com/2013/04/sudo-apt-get-install-torbrowser/:

I also want to notice that on Debian GNU/Linux wheezy, I need to manualy install python-all (using aptitude or apt-get) and need to modify torbrowser-launcher on line 194 to specify ‘en-US’ as other locales are still not supported (as of now only en-us build is available since april 2nd). Moreother, idealy, the package and signature should be pushed on the same day: for the latest release, the package was pushed on apri 2nd and the sig on april 5th.

Great project :)

It's licensed GPLv3, this should be more obvious.

When the environment variable (/etc/environment on Debian based systems) is set to 1.

TB_STANDALONE=1

Please only start Tor Browser, but don't start Tor/Vidalia. This would be useful for users using a (custom) Transparent Proxy or Isolating Proxy such as Whonix.

I don't think there is a security risk, because this variable has to be manually set and if if set Tor Browser still fails closed (due to proxy settings).

Tor Button has three other features.

TOR_SOCKS_HOST="192.168.0.10"
TOR_SOCKS_PORT="9100"

# TOR_TRANSPROXY=1

It would be the users responsibility to either manually change the proxy settings or the set the environment variables TOR_TRANSPROXY or TOR_SOCKS_HOST/TOR_SOCKS_PORT. In a anonymity related distribution it would be the task of the maintainer to add all environment variables to /etc/environment.

This would be awesome, because the torbrowser-launcher would work for everyone out of the box, for users who want to use TBB and also for users who want to use (custom) Transparent Proxies or distributions such as Whonix.

Implementation is hopefully not very hard. I do it in my start-tor-browser bash script fork:
https://github.com/adrelanos/tbb-scripts/blob/master/start-tor-browser

But you don't have to read the full script.

When the TB_STANDALONE is set to 1, change directory into the Tor Browser binary folder and instead of starting it with

./App/vidalia --datadir Data/Vidalia/ -style Cleanlooks

start it with

./App/Firefox/firefox --profile Data/profile

That's all.

This is new.
Alexandre Allaire (0x4279F297) ... sign Obfsproxy Tor Browser Bundles ...
https://www.torproject.org/docs/signing-keys.html.en

Since #29 may also support pluggable transport bundles, I think it's better to add the key now than later wondering about a verification error.

Right now it's in Other. Apparently Categories didn't do what I thought it did.

[Desktop Entry]
Encoding=UTF-8
Name=Tor Browser
Comment=Launch the Tor Browser Bundle
Exec=/usr/bin/torbrowser-launcher
Terminal=false
Type=Application
Icon=/usr/share/pixmaps/torbrowser80.xpm
Categories=Internet;

Right now the build instructions make a package called python-torbrowser-launcher, but I want to figure out how to make it just called torbrowser-launcher.

Also, add the right dependencies. Definitely python-gtk2, and likely also tor.

If you are executing a 32bit system on a 64bit kernel, torbrowser-launcher will detect "64bit" thus installing a non-working torbrowser
This is because it relies on uname
https://github.com/micahflee/torbrowser-launcher/blob/93f8080c43e5125deaa21d47cb61968ba3b0d224/torbrowser-launcher#L110
instead of detecting user-space properties.

An example of fix would be using 'x86_64' if '64' in platform.architecture()[0] else 'i686'.

From https://trac.torproject.org/projects/tor/ticket/5236#comment:33

Screenshots look good!

Can you add sebastian's key please? The verify page says he sometimes also signs the builds.

if 'Good signature' in output:

Not sure if that opens up for anything weird. gpg has exit codes.

A different example, clearsign a file, tamper with the clearsigned file and the gpg --decrypt.

$ gpg --decrypt xx.asc 
Good signature
f
gpg: Signature made Mon Feb 18 04:57:51 2013 UTC
gpg:                using RSA key 0x9C131AD3713AAEEF
gpg: BAD signature from "adrelanos <adrelanos at riseup dot net>" [ultimate]

In this case matching Good signature wouldn't be good. Doesn't work in this case, just wanted to note, that reading the exit codes is better.

It looks like you use a normal urllib2 call for downloading the files: https://github.com/micahflee/torbrowser-launcher/blob/master/torbrowser-launcher#L250

It doesn't verify certificates at all:
"Warning HTTPS requests do not do any verification of the server’s certificate."
http://docs.python.org/2/library/urllib2.html#urllib2.urlopen

You'll likely want to add a verification method - I'd suggest that since you're shipping hard coded keys that you simply pin to our CA or to our keys. It should be rather straight forward and actually more secure than python might have done more generally.

When a signature verification fails, and maybe in other situations like when the certificate served by https://www.torproject.org/ isn't valid, it should offer a button to report this back to Tor. I'm open to suggestions on what this button will do.

This is extremely minor, but if you've launched tbl from a term, it does not fully release the term after exiting vidalia and the browser.

The prompt prints "Vidalia exited cleanly," but I have to ctrl+c to release control and make the term usable again.

I'm pretty impressed, it pretty simply upgraded my TBB (was using an outdated version) and seems to work exactly as you describe. This is a good idea, and will definitely help people keep up-to-date with Tor releases.

Tested on Xubuntu 12.04.

versions such as 2.4.17-rc-1-Linux are incorrectly identified as "stable" because they do not contain the string alpha nor beta. See https://github.com/micahflee/torbrowser-launcher/blob/master/torbrowser-launcher#L1026

This is not only "incorrect" but also breaks the launcher: since -rc versions aren't fully localized, downloading may fail because torbrowser-launcher looks for a localized version of tor-browser. A slightly related bug is #53

The Tor Browser Launcher generally has a label, a progress bar, a Start button and an Exit button. But most of the time it could just automatically start. (ioerror@bfe97f4)

As far I know, The Tor Project (tpo) has no mechanism to inform others when they are planing to change their SSL certificates. One day they might just replace it and torbrowser-launcher will break.

Do you think its worth asking tpo for their policy on that topic or if they could add such a policy? Other thoughts?

Right now the current version of TBB is hard-coded into the python script, e.g.:

current_tbb_version = '2.3.25-2'

I should change it so that it makes a request to https://www.torproject.org/ to figure out what the current version actually is. It should check for updates with each run.

I made a fresh Ubuntu 13.04 VM and followed the build instructions. After downloading the tarball, it popped up a signature verification error.

micah@micah-VirtualBox:~/torbrowser-launcher$ torbrowser-launcher 
Tor Browser Launcher
version 0.1
https://github.com/micahflee/torbrowser-launcher
Creating GnuPG homedir /home/micah/.torbrowser/gnupg_homedir
Importing keys
gpg: keyring `/home/micah/.torbrowser/gnupg_homedir/secring.gpg' created
gpg: keyring `/home/micah/.torbrowser/gnupg_homedir/pubring.gpg' created
gpg: /home/micah/.torbrowser/gnupg_homedir/trustdb.gpg: trustdb created
gpg: key C5AA446D: public key "Sebastian Hahn <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: key 63FEE659: public key "Erinn Clark <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
gpg: no ultimately trusted keys found
gpg: no ultimately trusted keys found
Checking for update
Downloading https://check.torproject.org/RecommendedTBBVersions
Finished receiving body: Response body fully received
Checking to see if update it needed
Downloading https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz
Finished receiving body: Response body fully received
Downloading https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz.asc
Finished receiving body: Response body fully received
Verifying signature
gpg: Signature made Thu 04 Apr 2013 08:20:39 PM PDT using RSA key ID 63FEE659
gpg: Can't check signature: public key not found

It says it was signed with key ID 63FEE659, which is Erinn's key. I suspect it's using the wrong gpg key dir or something.

It would be useful if torbrowser-launcher functions where available by command line or by environment variables.

My use cases:

• In Whonix-Workstation I'd like to use torbrowser-launcher to pre-install TBB-stable using a build script.

(I keep care of the start-tor-browser script, which will hopefully be removed from TBB by upstream and the new tor-laucher addon tpo is working on can be disabeld using an environment variable. Connections to 127.0.0.1:9150 get redirected to Whonix-Gateway.)

• in Whonix-Gateway I'd like to use torbrowser-launcher to pre-install and update the pluggable transports bundle.

(Not because I want to use it on the Gateway. Only because it contains latest pyobfsproxy, which is otherwise difficult to download, install, update using scripts.)

Micah, could you sign future git tags please? (git tag -s )

I think there needs to be two buttons on the download GUI, "Pause and Exit" and "Cancel". If a download is paused it should get resumed later.

This will be a big one. All dependencies will need to be bundled, e.g. gnupg.exe. There's also some Linux-specific code:

• When checking for updates, choosing the right version
• Probably process management and definitely bringing windows to front

@adrelanos already added the correct signing key (#36). I'm making a separate settings dialog that lets you choose if you want alpha or stable TBB (#29), so I should add Obfsproxy to that option.

I've actually never tried out obfsproxy myself. Here's the download link:
https://www.torproject.org/projects/obfsproxy.html.en#download

Do the obfsproxy bundles have the exact same release schedule as normal TBB? I know what the current alpha and stable version numbers are by looking here:
https://check.torproject.org/RecommendedTBBVersions

At the moment it seems like the current alpha is 2.4.11-alpha-2, and the obfsproxy bundle is at that same version too. Is it ever recommended to run the "stable" obfsproxy bundle?

Create a temporary TBB data directory called something like /tmp/torbrowser-USER, creating it with python's mktemp.

http://docs.python.org/2/library/tarfile.html

This would make it so tar isn't a debian dependency too.

This is related to #25 and #28. Rather than just making a new "Tor Browser Update" .desktop file that uses a -force-check-update flag, the menu item should use a -settings flag, and display a GUI interface that lets you do a couple things:

• Force an update check
• Toggle between preferring alpha or stable
• Launch TBB

This can be where all other settings we might want to add in the future can exist.

If it looks like this can get into deb.torproject.org soon, it might make more sense first to just finish #25 first, and add this later.

When torbrowser-launcher is already running, it's possible to start a second instance. I am not sure if that can lead to confusion or other strange behaviors. Wouldn't it be better to kill the old instance? If this is not of concern, sorry and feel free to close.

From https://lists.torproject.org/pipermail/tor-dev/2013-February/004434.html

I'd also suggest that you might want to ensure that version numbers are always increasing and other things that are outlined in the. A MITM may be able to replay an old valid signature for a package, does your code handle that case? You may enjoy the paper and code on theupdateframework.com to look into those kinds of issues...

It would be possible, during an update, for an attacker to serve an older version of the TBB tarball to install, using the old but valid signature.

Right now Tor Browser Launcher only knows what version of TBB it's installing based on filename. To fix this it will have to extract the tarball to a temp directory first to make sure that what was downloaded is a newer version.