Download key using web key directory from torproject.org instead of keyservers

author Micah Lee <micah@micahflee.com>

Tue, 6 Oct 2020 22:58:22 +0000 (15:58 -0700)

committer Micah Lee <micah@micahflee.com>

Tue, 6 Oct 2020 22:58:22 +0000 (15:58 -0700)
author Micah Lee <micah@micahflee.com>
Tue, 6 Oct 2020 22:58:22 +0000 (15:58 -0700)
committer Micah Lee <micah@micahflee.com>
Tue, 6 Oct 2020 22:58:22 +0000 (15:58 -0700)
diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py

index 25bb984504904f73e2b798fa65fe39034ec50609..adb9426aad1b6019dfaf65e9881443195f9f1594 100644 (file)
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -193,10 +193,11 @@ class Common(object):
          else:
              print('Refreshing local keyring...')
  
+        # Fetch key from wkd, as per https://support.torproject.org/tbb/how-to-verify-signature/
          p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2',
                                '--homedir', self.paths['gnupg_homedir'],
-                              '--keyserver', 'hkps://keys.openpgp.org',
-                              '--refresh-keys'], stderr=subprocess.PIPE)
+                              '--auto-key-locate', 'nodefault,wkd',
+                              '--locate-keys', 'torbrowser@torproject.org'], stderr=subprocess.PIPE)
          p.wait()
  
          for output in p.stderr.readlines():
author	Micah Lee <micah@micahflee.com>
	Tue, 6 Oct 2020 22:58:22 +0000 (15:58 -0700)
committer	Micah Lee <micah@micahflee.com>
	Tue, 6 Oct 2020 22:58:22 +0000 (15:58 -0700)