Make get-tor.py download Tor Browser signing key from keys.openpgp.org

2025-01-09 19:27:28 -03:00 · 2023-09-27 11:45:42 -07:00 · 2023-09-27 11:45:42 -07:00 · f2bf4f0a94
commit f2bf4f0a94
parent 9f616efdc1
3 changed files with 6 additions and 5 deletions
--- a/cli/onionshare_cli/resources/torrc_template-snowflake
+++ b/cli/onionshare_cli/resources/torrc_template-snowflake
@ -1,3 +1,3 @@
 # Enable built-in snowflake bridge
-Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
-Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
+Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
+Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=foursquare.com ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
--- a/desktop/scripts/get-tor.py
+++ b/desktop/scripts/get-tor.py
@ -203,6 +203,9 @@ def get_tor_linux64(gpg, torkey, linux64_url, linux64_filename, expected_linux64
    # Verify signature
    sig_stream = open(tarball_sig_path, "rb")
    verified = gpg.verify_file(sig_stream, tarball_path)
+    print(verified)
+    print(verified.valid)
+    print(verified.pubkey_fingerprint)
    if not verified.valid or verified.pubkey_fingerprint != tor_dev_fingerprint:
        print("ERROR! The tarball verification with the signature failed!")
        sys.exit(-1)
@ -322,9 +325,7 @@ def main(platform):
    ) = get_latest_tor_version_urls(platform)
    tmpdir = tempfile.TemporaryDirectory()
    gpg = gnupg.GPG(gnupghome=tmpdir.name)
-    torkey = gpg.import_keys_file(
-        os.path.join(root_path, "scripts", "kounek7zrdx745qydx6p59t9mqjpuhdf")
-    )
+    torkey = gpg.recv_keys("keys.openpgp.org", tor_dev_fingerprint)
    print(f"Imported Tor GPG key: {torkey.fingerprints}")

    if platform == "win32":
--- a/desktop/scripts/kounek7zrdx745qydx6p59t9mqjpuhdf
+++ b/desktop/scripts/kounek7zrdx745qydx6p59t9mqjpuhdf