From: Micah Lee <micah@micahflee.com>
Date: Tue, 6 Oct 2020 22:58:22 +0000 (-0700)
Subject: Download key using web key directory from torproject.org instead of keyservers
X-Git-Url: https://git.lizzy.rs/?a=commitdiff_plain;h=12ac68ecd8510a65040556766728ef085eeefae4;p=torbrowser-launcher.git

Download key using web key directory from torproject.org instead of keyservers
---

diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
index 25bb984..adb9426 100644
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -193,10 +193,11 @@ class Common(object):
         else:
             print('Refreshing local keyring...')
 
+        # Fetch key from wkd, as per https://support.torproject.org/tbb/how-to-verify-signature/
         p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2',
                               '--homedir', self.paths['gnupg_homedir'],
-                              '--keyserver', 'hkps://keys.openpgp.org',
-                              '--refresh-keys'], stderr=subprocess.PIPE)
+                              '--auto-key-locate', 'nodefault,wkd',
+                              '--locate-keys', 'torbrowser@torproject.org'], stderr=subprocess.PIPE)
         p.wait()
 
         for output in p.stderr.readlines():