'tbl_bin': sys.argv[0],
'icon_file': os.path.join(os.path.dirname(SHARE), 'pixmaps/torbrowser.png'),
'torproject_pem': os.path.join(SHARE, 'torproject.pem'),
- 'keyserver_ca': os.path.join(SHARE, 'sks-keyservers.netCA.pem'),
'signing_keys': {
'tor_browser_developers': os.path.join(SHARE, 'tor-browser-developers.asc')
},
else:
print('Refreshing local keyring...')
+ # Fetch key from wkd, as per https://support.torproject.org/tbb/how-to-verify-signature/
p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2',
'--homedir', self.paths['gnupg_homedir'],
- '--keyserver', 'hkps://hkps.pool.sks-keyservers.net',
- '--keyserver-options', 'ca-cert-file=' + self.paths['keyserver_ca']
- + ',include-revoked,no-honor-keyserver-url,no-honor-pka-record',
- '--refresh-keys'], stderr=subprocess.PIPE)
+ '--auto-key-locate', 'nodefault,wkd',
+ '--locate-keys', 'torbrowser@torproject.org'], stderr=subprocess.PIPE)
p.wait()
for output in p.stderr.readlines():