Browse code
rerender css
traumschule authored on 04/09/2018 18:22:04
Showing 1 changed files
| ... | ... |
@@ -163,7 +163,7 @@ |
| 163 | 163 |
<div> |
| 164 | 164 |
<input id="ac-2-1" name="accordion-2" type="radio" checked /> |
| 165 | 165 |
<article class="ac-os"> |
| 166 |
- <h3>Import OpenPGP keys on Windows</h3> |
|
| 166 |
+ <h3>Import OpenPGP key on Windows</h3> |
|
| 167 | 167 |
<p> |
| 168 | 168 |
First of all you need to have GnuPG installed before you can verify |
| 169 | 169 |
signatures. |
| ... | ... |
@@ -180,7 +180,9 @@ |
| 180 | 180 |
The Tor Browser team signs Tor Browser releases. Import its key |
| 181 | 181 |
(0x4E2C6E8793298290) by starting <i>cmd.exe</i> and typing: |
| 182 | 182 |
</p> |
| 183 |
- <pre>gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290</pre> |
|
| 183 |
+ <pre> |
|
| 184 |
+ > gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 |
|
| 185 |
+ </pre> |
|
| 184 | 186 |
<p> |
| 185 | 187 |
</article> |
| 186 | 188 |
</div> |
| ... | ... |
@@ -188,7 +190,7 @@ |
| 188 | 190 |
<div> |
| 189 | 191 |
<input id="ac-2-2" name="accordion-2" type="radio" /> |
| 190 | 192 |
<article class="ac-os"> |
| 191 |
- <h3>Import OpenPGP keys on Mac OS</h3> |
|
| 193 |
+ <h3>Import OpenPGP key on Mac OS</h3> |
|
| 192 | 194 |
<p> |
| 193 | 195 |
You need to have GnuPG installed before you can verify |
| 194 | 196 |
signatures. Install it from |
| ... | ... |
@@ -199,7 +201,9 @@ |
| 199 | 201 |
your package. The Tor Browser team signs Tor Browser releases. Import its |
| 200 | 202 |
key (0x4E2C6E8793298290) by starting the terminal under "Applications" |
| 201 | 203 |
and typing:</p> |
| 202 |
- <pre>gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290</pre> |
|
| 204 |
+ <pre> |
|
| 205 |
+ $ gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 |
|
| 206 |
+ </pre> |
|
| 203 | 207 |
<p> |
| 204 | 208 |
</article> |
| 205 | 209 |
</div> |
| ... | ... |
@@ -207,7 +211,7 @@ |
| 207 | 211 |
<div> |
| 208 | 212 |
<input id="ac-2-3" name="accordion-2" type="radio" /> |
| 209 | 213 |
<article class="ac-os"> |
| 210 |
- <h3>Import OpenPGP keys on Linux</h3> |
|
| 214 |
+ <h3>Import OpenPGP key on Linux</h3> |
|
| 211 | 215 |
<p> |
| 212 | 216 |
You need to have GnuPG installed before you can verify |
| 213 | 217 |
signatures. It's probably GnuPG is alreadyy installed on your |
| ... | ... |
@@ -218,7 +222,9 @@ |
| 218 | 222 |
The next step is to use GnuPG to import the key that signed |
| 219 | 223 |
your package. The Tor Browser team signs Tor Browser releases. Import its |
| 220 | 224 |
key (0x4E2C6E8793298290) by starting the terminal and typing:</p> |
| 221 |
- <pre>gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290</pre> |
|
| 225 |
+ <pre> |
|
| 226 |
+ $ gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 |
|
| 227 |
+ </pre> |
|
| 222 | 228 |
<p> |
| 223 | 229 |
</article> |
| 224 | 230 |
</div> |
| ... | ... |
@@ -227,7 +233,9 @@ |
| 227 | 233 |
After importing the key, you can verify that the fingerprint |
| 228 | 234 |
is correct: |
| 229 | 235 |
</p> |
| 230 |
- <pre>gpg --fingerprint 0x4E2C6E8793298290</pre> |
|
| 236 |
+ <pre> |
|
| 237 |
+ gpg --fingerprint 0x4E2C6E8793298290 |
|
| 238 |
+ </pre> |
|
| 231 | 239 |
<p>You should see:</p> |
| 232 | 240 |
<pre> |
| 233 | 241 |
pub rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24] |
| ... | ... |
@@ -248,7 +256,7 @@ sub rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12] |
| 248 | 256 |
<input id="ac-3" name="accordion-3" type="checkbox" /> |
| 249 | 257 |
<label for="ac-3"> |
| 250 | 258 |
<a class="nav" title="link here" href="#VerifySignature">◄</a> |
| 251 |
- <h3><a name="VerifySignature">Step 2: Verification with OpenGPG signatures</a></h3> |
|
| 259 |
+ <h3><a name="VerifySignature">Step 2: Verification with OpenGPG signature</a></h3> |
|
| 252 | 260 |
<hr> |
| 253 | 261 |
<p>This section explains how to verify the downloaded file's digital |
| 254 | 262 |
signature on different operating systems. Please notice that a signature is |
| ... | ... |
@@ -272,13 +280,16 @@ sub rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12] |
| 272 | 280 |
<div> |
| 273 | 281 |
<input id="ac-3-1" name="accordion-3" type="radio" checked /> |
| 274 | 282 |
<article class="ac-os"> |
| 275 |
- <h3>Verify with an OpenPGP signature on Windows</h3> |
|
| 283 |
+ <h3>Verify with OpenPGP signature on Windows</h3> |
|
| 276 | 284 |
<p> |
| 277 | 285 |
To verify the signature of the package you downloaded, you will need |
| 278 | 286 |
to download the ".asc" file as well. Assuming you downloaded the |
| 279 | 287 |
package and its signature to your Desktop, run: |
| 280 | 288 |
</p> |
| 281 |
- <pre>gpg.exe --verify C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe.asc</pre> |
|
| 289 |
+ <pre> |
|
| 290 |
+ > gpg.exe --verify C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe.asc |
|
| 291 |
+ </pre> |
|
| 292 |
+ |
|
| 282 | 293 |
<p>Please substitute "Alice" with your own username.</p> |
| 283 | 294 |
<p>The output should say "Good signature":</p> |
| 284 | 295 |
<pre> |
| ... | ... |
@@ -297,14 +308,16 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 297 | 308 |
<div> |
| 298 | 309 |
<input id="ac-3-2" name="accordion-3" type="radio" /> |
| 299 | 310 |
<article class="ac-os"> |
| 300 |
- <h3>Verify with an OpenPGP signature on Mac OS</h3> |
|
| 311 |
+ <h3>Verify with OpenPGP signature on Mac OS</h3> |
|
| 301 | 312 |
<p> |
| 302 | 313 |
To verify the signature of the package you downloaded, you will need |
| 303 | 314 |
to download the ".asc" file as well. Assuming you downloaded the |
| 304 | 315 |
package and its signature to your Downloads folder, run: |
| 305 | 316 |
</p> |
| 306 | 317 |
|
| 307 |
- <pre>gpg --verify ~/Downloads/TorBrowser-<version-torbrowserbundleosx64>_en-US.dmg{.asc*,}</pre>
|
|
| 318 |
+ <pre> |
|
| 319 |
+ $ gpg --verify ~/Downloads/TorBrowser-<version-torbrowserbundleosx64>_en-US.dmg{.asc*,}
|
|
| 320 |
+ </pre> |
|
| 308 | 321 |
|
| 309 | 322 |
<p>The output should say "Good signature":</p> |
| 310 | 323 |
|
| ... | ... |
@@ -324,7 +337,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 324 | 337 |
<div> |
| 325 | 338 |
<input id="ac-3-3" name="accordion-3" type="radio" /> |
| 326 | 339 |
<article class="ac-os"> |
| 327 |
- <h3>Verify with an OpenPGP signature on Linux</h3> |
|
| 340 |
+ <h3>Verify with OpenPGP signature on Linux</h3> |
|
| 328 | 341 |
<p> |
| 329 | 342 |
To verify the signature of the package you downloaded, you will need |
| 330 | 343 |
to download the ".asc" file as well. Assuming you downloaded the |
| ... | ... |
@@ -333,7 +346,9 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 333 | 346 |
|
| 334 | 347 |
<p>Change 64 to 32 if you have the 32-bit package:</p> |
| 335 | 348 |
|
| 336 |
- <pre>gpg --verify tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz.asc</pre> |
|
| 349 |
+ <pre> |
|
| 350 |
+ $ gpg --verify tor-browser-linux64-<version-torbrowserbundlelinux64>_en-US.tar.xz.asc |
|
| 351 |
+ </pre> |
|
| 337 | 352 |
|
| 338 | 353 |
<p>The output should say "Good signature":</p> |
| 339 | 354 |
|
| ... | ... |
@@ -389,7 +404,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 389 | 404 |
<input id="ac-4" name="accordion-4" type="checkbox" /> |
| 390 | 405 |
<label for="ac-4"> |
| 391 | 406 |
<a class="nav" title="link here" href="#ChecksumVerification">◄</a> |
| 392 |
- <h3><a id="Checksumerification">Step 3: Verify the file integrity</a></h3> |
|
| 407 |
+ <h3><a id="ChecksumVerification">Step 3: Verify the file integrity by sha256 checksum</a></h3> |
|
| 393 | 408 |
<hr> |
| 394 | 409 |
<p> |
| 395 | 410 |
Build reproducibility is a |
| ... | ... |
@@ -420,11 +435,14 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 420 | 435 |
for Tor Browser <version-torbrowserbundlelinux64>. |
| 421 | 436 |
</li> |
| 422 | 437 |
<li> |
| 423 |
- Retrieve the signers' GPG keys with this id like described above<br/> |
|
| 424 |
- (Other developers' key IDs can be found on |
|
| 425 |
- <a href="<page docs/signing-keys>">this page)</a>: |
|
| 426 |
- <pre id="ttb-key">0x4E2C6E8793298290</pre></li> |
|
| 438 |
+ Retrieve the signers' GPG key with following ID with the method <a href="#ImportKey">described above</a>:<br/> |
|
| 439 |
+ (Other developers' key IDs can be found |
|
| 440 |
+ <a href="<page docs/signing-keys>">here)</a> |
|
| 441 |
+ </li> |
|
| 427 | 442 |
</ul> |
| 443 |
+ <pre> |
|
| 444 |
+ 0x4E2C6E8793298290 |
|
| 445 |
+ </pre> |
|
| 428 | 446 |
</article> |
| 429 | 447 |
<article class="ac-box"> |
| 430 | 448 |
|
| ... | ... |
@@ -444,14 +462,18 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 444 | 462 |
|
| 445 | 463 |
<!-- Windows --> |
| 446 | 464 |
<div> |
| 447 |
- <input id="ac-4-1" name="accordion-4" type="radio" /> |
|
| 465 |
+ <input id="ac-4-1" name="accordion-4" type="radio" checked /> |
|
| 448 | 466 |
<article class="ac-os"> |
| 467 |
+ <!--<pre id="ttb-key"> |
|
| 468 |
+ > gpg.exe --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 |
|
| 469 |
+ </pre>--> |
|
| 449 | 470 |
<h3>Verififcation with a checksum on Windows</h3> |
| 450 | 471 |
<h4>Verify the signature of the checksum file</h4> |
| 451 | 472 |
<p> |
| 452 | 473 |
Verify the sha256sums-unsigned-build.txt file by executing this command: |
| 453 | 474 |
</p> |
| 454 |
- <pre>gpg.exe --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt |
|
| 475 |
+ <pre> |
|
| 476 |
+ > gpg.exe --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt |
|
| 455 | 477 |
</pre> |
| 456 | 478 |
|
| 457 | 479 |
<p> |
| ... | ... |
@@ -461,23 +483,25 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 461 | 483 |
</p> |
| 462 | 484 |
|
| 463 | 485 |
<h4>Verify the file integrity of Tor Browser</h4> |
| 464 |
- <ul> |
|
| 465 |
- <li>If you want to verify a Windows Tor Browser package you need to first |
|
| 466 |
- strip off the authenticode signature of it.<br/> |
|
| 467 |
- Tools that can be used for this purpose are |
|
| 468 |
- <a href="http://osslsigncode.sourceforge.net">osslsigncode</a> and |
|
| 469 |
- <a href="http://forum.xda-developers.com/showthread.php?t=416175">delcert.exe</a>. |
|
| 470 |
- Assuming you have built e.g. <tt>osslsigncode</tt> on a Linux computer you can enter |
|
| 471 |
- </li> |
|
| 472 |
- <pre>C:\path\to\osslsigncode remove-signature \ |
|
| 473 |
- C:\path\to\your\<TOR BROWSER FILE NAME>.exe <TOR BROWSER FILE NAME>.exe |
|
| 474 |
- </pre> |
|
| 486 |
+ <p> |
|
| 487 |
+ If you want to verify a Windows Tor Browser package you need to first |
|
| 488 |
+ strip off the authenticode signature of it.<br/> |
|
| 489 |
+ Tools that can be used for this purpose are |
|
| 490 |
+ <a href="http://osslsigncode.sourceforge.net">osslsigncode</a> and |
|
| 491 |
+ <a href="http://forum.xda-developers.com/showthread.php?t=416175">delcert.exe</a>. |
|
| 492 |
+ Assuming you have built e.g. <tt>osslsigncode</tt> on a Linux computer you can enter |
|
| 493 |
+ </p> |
|
| 494 |
+ <pre> |
|
| 495 |
+ > C:\path\to\osslsigncode remove-signature \ |
|
| 496 |
+ where\you\saved\\<TOR BROWSER FILE NAME>.exe <TOR BROWSER FILE NAME>.exe |
|
| 497 |
+ </pre> |
|
| 475 | 498 |
|
| 476 |
- <li>Now use the sha256sum of the Tor Browser package with the |
|
| 477 |
- <a href="http://md5deep.sourceforge.net/">hashdeep utility</a> and run |
|
| 478 |
- </li> |
|
| 479 |
- <pre>C:\location\where\you\saved\hashdeep -c sha256sum <TOR BROWSER FILE NAME>.exe</pre> |
|
| 480 |
- </ul> |
|
| 499 |
+ <p>Now use the sha256sum of the Tor Browser package with the |
|
| 500 |
+ <a href="http://md5deep.sourceforge.net/">hashdeep utility</a> and run |
|
| 501 |
+ </p> |
|
| 502 |
+ <pre> |
|
| 503 |
+ C:\location\of\hashdeep -c sha256sum <TOR BROWSER FILE NAME>.exe |
|
| 504 |
+ </pre> |
|
| 481 | 505 |
</article> |
| 482 | 506 |
</div> |
| 483 | 507 |
<!-- Mac OS --><!-- |
| ... | ... |
@@ -489,38 +513,40 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 489 | 513 |
--> |
| 490 | 514 |
|
| 491 | 515 |
<!-- Linux --> |
| 492 |
- <input id="ac-4-3" name="accordion-4" type="radio" /> |
|
| 516 |
+ <div> |
|
| 517 |
+ <input id="ac-4-3" name="accordion-4" type="radio" /> |
|
| 493 | 518 |
<article class="ac-os ac-4-3"> |
| 519 |
+ <!--<pre id="ttb-key"> |
|
| 520 |
+ $ gpg --keyserver pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290 |
|
| 521 |
+ </pre>--> |
|
| 494 | 522 |
<h3>Verififcation with a checksum on Linux</h3> |
| 495 | 523 |
<h4>Verify the signature of the checksum file</h4> |
| 496 | 524 |
<ul> |
| 497 | 525 |
<li>Verify the sha256sums-unsigned-build.txt with this command:</li> |
| 498 |
- <pre>gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt |
|
| 499 |
- </pre> |
|
| 526 |
+ <pre>$ gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt</pre> |
|
| 500 | 527 |
|
| 501 |
- <li>><!-- TODO which OSs are meant here? --> |
|
| 528 |
+ <li><!-- TODO which OSs are meant here? --> |
|
| 502 | 529 |
In case your operating system is adding the .txt extension automatically |
| 503 | 530 |
to the SHA256 sums signature file strip it again by running |
| 504 |
- </li>> |
|
| 505 |
- <pre>mv sha256sums-unsigned-build.txt.asc.txt sha256sums-unsigned-build.txt.asc</pre> |
|
| 531 |
+ </li> |
|
| 532 |
+ <pre>$ mv sha256sums-unsigned-build.txt.asc.txt sha256sums-unsigned-build.txt.asc</pre> |
|
| 506 | 533 |
|
| 507 |
- <li>> |
|
| 534 |
+ <li> |
|
| 508 | 535 |
Verify the sha256sums-unsigned-build.txt file by executing this command: |
| 509 | 536 |
</li> |
| 510 |
- <pre>gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt |
|
| 511 |
- </pre> |
|
| 537 |
+ <pre>$ gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt</pre> |
|
| 512 | 538 |
|
| 513 | 539 |
<li> |
| 514 |
- You should see a message like |
|
| 515 |
- <pre>"Good signature from <DEVELOPER NAME>"</pre>. |
|
| 516 |
- If you don't, there is a problem. Try these steps again. |
|
| 540 |
+ If you don't see a message like this, there is a problem |
|
| 541 |
+ and you should try these steps again: |
|
| 517 | 542 |
</li> |
| 543 |
+ <pre>"Good signature from <DEVELOPER NAME>"</pre>. |
|
| 518 | 544 |
</ul> |
| 519 | 545 |
|
| 520 | 546 |
<h4>Verify the file integrity of Tor Browser</h4> |
| 521 | 547 |
<ul> |
| 522 | 548 |
<li>Calculate the SHA-256 checksum of Tor Browser:</li> |
| 523 |
- <pre>sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre> |
|
| 549 |
+ <pre>$ sha256sum <TOR BROWSER FILE NAME>.tar.gz</pre> |
|
| 524 | 550 |
|
| 525 | 551 |
<li>You will see a string of letters and numbers.</li> |
| 526 | 552 |
|
| ... | ... |
@@ -534,7 +560,8 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 534 | 560 |
If they match, you've successfully verified the build. |
| 535 | 561 |
</li> |
| 536 | 562 |
</ul> |
| 537 |
- </article> |
|
| 563 |
+ </article> |
|
| 564 |
+ </div> |
|
| 538 | 565 |
<a class="nav" href="#TOC" title="go up">↑</a> |
| 539 | 566 |
</article> |
| 540 | 567 |
</div> |
| ... | ... |
@@ -560,10 +587,10 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 560 | 587 |
directory to remove the embedded signature(s). The steps to get the unsigned |
| 561 | 588 |
MAR file on a 64 bit Linux are</p> |
| 562 | 589 |
<pre> |
| 563 |
- cd /path/to/MAR/file |
|
| 564 |
- unzip /path/to/gitian-builder/inputs/mar-tools-linux64.zip |
|
| 565 |
- export LD_LIBRARY_PATH=/path/to/MAR/file/mar-tools |
|
| 566 |
- mar-tools/signmar -r your-signed-mar-file.mar your-unsigned-mar-file.mar</pre> |
|
| 590 |
+ $ cd /path/to/MAR/file |
|
| 591 |
+ $ unzip /path/to/gitian-builder/inputs/mar-tools-linux64.zip |
|
| 592 |
+ $ export LD_LIBRARY_PATH=/path/to/MAR/file/mar-tools |
|
| 593 |
+ $ mar-tools/signmar -r your-signed-mar-file.mar your-unsigned-mar-file.mar</pre> |
|
| 567 | 594 |
<p>Now you can compare the SHA256 sum of <tt>your-unsigned-mar-file.mar</tt> |
| 568 | 595 |
with the one provided in the <tt>sha265sums-unsigned-build.txt</tt> or |
| 569 | 596 |
<tt>sha256sums-unsigned-build.incremental.txt</tt> as outlined in |
| ... | ... |
@@ -583,7 +610,7 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 583 | 610 |
<a href="<page about/contact>#support">Reach out to us</a>!</p> |
| 584 | 611 |
</label> |
| 585 | 612 |
<article class="ac-small"> |
| 586 |
- |
|
| 613 |
+ <p>Send us your question!</p> |
|
| 587 | 614 |
<a class="nav" href="#TOC" title="go up">↑</a> |
| 588 | 615 |
</article> |
| 589 | 616 |
</div> |
| ... | ... |
@@ -601,6 +628,9 @@ Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 |
| 601 | 628 |
them yourself with the latest Tor Browser filename.</p> |
| 602 | 629 |
</label> |
| 603 | 630 |
<article class="ac-small"> |
| 631 |
+ <p> |
|
| 632 |
+ This needs to be explained. <a href="<page getinvolved/volunteer>">Help!</a> |
|
| 633 |
+ </p> |
|
| 604 | 634 |
<a class="nav" href="#TOC" title="go up">↑</a> |
| 605 | 635 |
</article> |
| 606 | 636 |
</div> |