committed 12:12PM - 24 Dec 21 UTC
- no longer download and verify sha256 hash file as this is no longer required
-… use only `gpg` to verify digital signature of Tor Browser
- higher security
- code simplification
This is also a workaround for upstream issue `sha256sums-unsigned-build.incrementals.txt and sha256sums-unsigned-build.txt are not signed with torbrowser key`.
- https://forums.whonix.org/t/tor-browser-downloader-needs-to-update-its-pgp-keys/13077
- https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40759
Unfortunately this breaks arm64 downloads.
- https://forums.whonix.org/t/arm64-tor-browser/11806