ok, i did the commands you suggested me, but still getting the error while updating
INFO: Auto detecting ARCH...
INFO: ARCH x86_64 detected.
INFO: Auto detecting ARCH_DOWNLOAD...
INFO: ARCH_DOWNLOAD linux64 detected.
[INFO] [torbrowser-downloader] INFO: CURL_PROXY: --proxy socks5h://tb-updater_fa220be3-7b52-4f3c-9575-3c802d81587b:password@10.152.152.10:9115
[INFO] [torbrowser-downloader] INFO: tbb_version_previous_downloaded_version: 9.0.9
[INFO] [torbrowser-downloader] INFO: stdin connected to terminal, setting TB_INPUT to stdin, will use terminal for input, ok.
[INFO] [torbrowser-downloader] INFO: Alternatively, if want to run from command line, but still use the graphical user interface for input, you could add to command line: --input gui
INFO: not running inside Qubes DVM Template, ok.
INFO: tbb_download_alpha_version: false
INFO: Running Tor enabled check... Done.
INFO: Running Tor bootstrap check... Done.
INFO: Running connectivity check...
INFO: CURL_OUT_FILE: /home/user/.cache/tb/temp/tbb_remote_folder
INFO: Connectivity check succeeded.
INFO: Find out latest version... Downloading: https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions...
INFO: CURL_OUT_FILE: /home/user/.cache/tb/RecommendedTBBVersions
INFO: Done, downloaded https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions.
INFO: tbb_download_alpha_version: false
INFO: Lowest online version might be: 9.5
INFO: Currently installed version: None installed. (Folder /home/user/.tb/tor-browser does not exist.)
Only versions still considered secure should be listed here. Higher version numbers does not necessarily mean more secure here. Could be alpha or beta versions. In most cases you are best off choosing the lowest version number among them.
Learn more about this Download Confirmation Screen.
https://www.whonix.org/wiki/Tor_Browser/Download_Confirmation_Screen
QUESTION: Download now?
n/9.5/9.5.1/9.5.3/10.0a1/10.0a2/10.0a4/10.0a5?
9.5.3
INFO: Version 9.5.3 chosen.
INFO: Tor Browser language variable TB_LANG was not yet set. Therefore defaulting TB_LANG to 'en-US', ok.
INFO: Because you are not using --nokilltb, now killing eventually still running instances of Tor Browser...
firefox: no process found
INFO: Downloading GPG signature... Will take a moment...
INFO: Downloading:
https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt.asc ... Will take a moment...
INFO: CURL_OUT_FILE: /home/user/.cache/tb/files/sha256sums-unsigned-build.txt.asc
INFO: Done, downloaded https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt.asc.
INFO: Downloading sha256sums file... Will take a moment...
INFO: Downloading:
https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt ... Will take a moment...
INFO: CURL_OUT_FILE: /home/user/.cache/tb/files/sha256sums-unsigned-build.txt
INFO: Done, downloaded https://dist.torproject.org/torbrowser/9.5.3/sha256sums-unsigned-build.txt.
INFO: Downloading Tor Browser Bundle: 9.5.3
INFO: Downloading:
https://dist.torproject.org/torbrowser/9.5.3/tor-browser-linux64-9.5.3_en-US.tar.xz ... Will take a while...
INFO: CURL_OUT_FILE: /home/user/.cache/tb/files/tor-browser-linux64-9.5.3_en-US.tar.xz
INFO: Done, downloaded https://dist.torproject.org/torbrowser/9.5.3/tor-browser-linux64-9.5.3_en-US.tar.xz.
INFO: GPG signature verification... This will take a moment...
gpg: WARNING: no command supplied. Trying to guess what you mean ...
GPG download signature could NOT be verified.
Tor Browser update failed! Try again later.
gpg_bash_lib_output_alright_status: false
gpg_bash_lib_output_failure:
gpg_bash_lib_output_diagnostic_message:
gpg_bash_lib_internal_gpg_verify_status_fd_file: /home/user/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /home/user/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keybox '/home/user/.cache/tb/gpgtmpdir/pubring.kbx' created
gpg: key 4E2C6E8793298290: 1 duplicate signature removed
gpg: key 4E2C6E8793298290: 236 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 1 signature reordered
gpg: /home/user/.cache/tb/gpgtmpdir/trustdb.gpg: trustdb created
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) " imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Fri 24 Jul 2020 04:16:54 PM UTC
gpg: using RSA key EB774491D9FF06E2
gpg: Good signature from "Tor Browser Developers (signing key) " [expired]
gpg: Note: This key has expired!
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] NEWSIG
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1599945844
[GNUPG:] SIG_ID Tmkg474j7SZzfKGjdcJp7+u1gzQ 2020-07-24 1595607414
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] EXPKEYSIG EB774491D9FF06E2 Tor Browser Developers (signing key)
[GNUPG:] VALIDSIG 110775B5D101FB36BC6C911BEB774491D9FF06E2 2020-07-24 1595607414 0 4 0 1 10 00 EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660203
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1503660390
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEYEXPIRED 1535109984
[GNUPG:] KEYEXPIRED 1598268349
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23
Confirmed. Fixed just now in all Whonix repositories. Should be fixed.
upgrade as per usual as per:
update-torbrowser should now be functional as per usual.
(Technical background: OpenPGP key tbb-team.asc was outdated. The signing key was expired. Upstream extended the key but it wasnât updated on in the tb-updater package yet. Now fixed. No danger/harm except this usability issue.)
Iâm getting the following error when using the âTor Browser Downloaderâ both in the anon-whonix AppVM as well as the workstation template after it downloads the 13.0.10 update:
ERROR: Digital signature (GPG) could NOT be verified.
Tor Browser update failed! Try again later.
gpg_bash_lib_output_alright_status: false
gpg_bash_lib_output_failure:
gpg_bash_lib_output_diagnostic_message:
gpg_bash_lib_internal_gpg_verify_status_fd_file: /home/user/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /home/user/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keybox '/home/user/.cache/tb/gpgtmpdir/pubring.kbx' created
gpg: /home/user/.cache/tb/gpgtmpdir/trustdb.gpg: trustdb created
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) " imported
gpg: Total number processed: 1
gpg: imported: 1
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made Tue 20 Feb 2024 12:22:18 PM UTC
gpg: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) " [ultimate]
gpg: Note: This key has expired!
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5 4901 E53D 989A 9E2D 47BF
gpg_bash_lib_output_gpg_verify_status_fd_output:
[GNUPG:] NEWSIG
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] SIG_ID Dv6ryFYw4jPrC0jxlQEdvXbm4tE 2024-02-20 1708431738
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] EXPKEYSIG E53D989A9E2D47BF Tor Browser Developers (signing key)
[GNUPG:] VALIDSIG 613188FC5BE2176E3ED54901E53D989A9E2D47BF 2024-02-20 1708431738 0 4 0 1 10 00 EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
[GNUPG:] KEYEXPIRED 1708337812
[GNUPG:] KEY_CONSIDERED EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 0
I checked with date if the VMâs date and time are correct and they are, so not an issue with the wrong time set in the vm. Performing an in-place browser update using the browser itself works, however, but I donât know how safe that is.
I did notice strangely, however, that the Downloader now shows the TB version in my template as already being 13.0.10âŚthis is not the case for anon-whonix, where the upgrade went as expected. It may have to do with me trying several times yesterday to use the TB Downloader, without success, but the last time (or perhaps second last) it seemed to have crashed. When I just redownloaded TB for the template, it said for âPrevious Signature Creation Dateâ: âUnknown. Probably never downloaded a signature before.â, even though it definitely has downloaded a previous signature so thatâs weirdâŚin any case, redownloading and reinstalling worked.
For future reference, Iâd like to ask, though: is it considered safe enough to upgrade TB via the internal mechanism of the browser? I.e. is the Downloader just there so we donât have to start TB in the template or does it have extra security / verification mechanisms, too?
tb-updater (by Whonix developers) does digital software signature verification but nothing âextraâ on top.
Tor Browser internal updater also does digital software signature verification for updates.
tb-updater is fully optional. It does nothing which the user couldnât do manually either. It is a usability feature. It simplifies Tor Browser integration into Qubes. See also: Tor Browser Update: Technical Details