X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=torbrowser_launcher%2Fcommon.py;h=adb9426aad1b6019dfaf65e9881443195f9f1594;hb=12ac68ecd8510a65040556766728ef085eeefae4;hp=4e3a30a6db3430bd96348d0358fa667227e347f3;hpb=a52b5a58dd08430fb82399b1e69c3c28a7574941;p=torbrowser-launcher.git

diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
index 4e3a30a..adb9426 100644
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -139,7 +139,6 @@ class Common(object):
                 'tbl_bin': sys.argv[0],
                 'icon_file': os.path.join(os.path.dirname(SHARE), 'pixmaps/torbrowser.png'),
                 'torproject_pem': os.path.join(SHARE, 'torproject.pem'),
-                'keyserver_ca': os.path.join(SHARE, 'sks-keyservers.netCA.pem'),
                 'signing_keys': {
                     'tor_browser_developers': os.path.join(SHARE, 'tor-browser-developers.asc')
                 },
@@ -194,12 +193,11 @@ class Common(object):
         else:
             print('Refreshing local keyring...')
 
+        # Fetch key from wkd, as per https://support.torproject.org/tbb/how-to-verify-signature/
         p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2',
                               '--homedir', self.paths['gnupg_homedir'],
-                              '--keyserver', 'hkps://hkps.pool.sks-keyservers.net',
-                              '--keyserver-options', 'ca-cert-file=' + self.paths['keyserver_ca']
-                              + ',include-revoked,no-honor-keyserver-url,no-honor-pka-record',
-                              '--refresh-keys'], stderr=subprocess.PIPE)
+                              '--auto-key-locate', 'nodefault,wkd',
+                              '--locate-keys', 'torbrowser@torproject.org'], stderr=subprocess.PIPE)
         p.wait()
 
         for output in p.stderr.readlines():