[tor-talk] TBB update using offline/ downloaded tarball?

Cain Ungothep ungocain at yandex.com
Fri Aug 21 04:14:54 UTC 2015

> This will upgrade the Linux x64 version from 4.5.3 to 5.0. To apply:
> $ cd /path/to/tor-stuff
> $ rm -rf outside.old; mv outside outside.old; mkdir outside
> $ cp [.mar file] outside/update.mar
> $ cd [tor-browser directory]
> $ cp updater ../../outside
> $ ../../outside/updater ../../outside . .

You left out the part about verifying PGP signatures (!).

You're excused this time because the MAR format allows for (possibly
multiple) signatures and Tor developers do sign their MAR releases.  I
also expect the Tor Browser to fail tightly in case of unsigned/invalid
MAR files.  But for those that already decided what degree of trust to
put where, and are going the manual route anyway, checking a PGP
signature ex ante is in order.

See:  https://www.torproject.org/docs/verifying-signatures.html.en#MARVerification

More information about the tor-talk mailing list