diff --git a/docs/en/faq.wml b/docs/en/faq.wml
index c622e69c..38780f08 100644
--- a/docs/en/faq.wml
+++ b/docs/en/faq.wml
@@ -93,6 +93,10 @@
run another application through Tor.
What should I do if I can't set a proxy
with my application?
+ How do I make Tor Browser use the tor that is
+ already running on the system?
+ Which environment variables does Tor Launcher
+ respect?
@@ -1410,7 +1414,7 @@
First (best option), if you're on Linux, you can install the
system Tor package
(e.g. apt-get install tor) and then set it up to be a relay
- (instructions).
+ (instructions).
You can then use TBB independent of that.
@@ -1427,6 +1431,172 @@
+
+
+
+
+ Are you sure you want to do this? The Tor Browser runs tor using different
+ ports so it can co-exist happily with the tor process already running on
+ your system. Furthermore if you are running a relay, it may be better to
+ run another tor instance for all of your personal Tor usage.
+
+
+
+ Note: Using Tor Browser in this manner is NOT OFFICIALLY SUPPORTED.
+
+ If this does not work or randomly clobbers your torrc, you are on your own.
+
+
+
+ If you are using the Tor Project's
+ Debian/Ubuntu packages
+ (You ran apt-get install tor at some point):
+
+
+
+ Add the user you will be running Tor Browser as to the debian-tor group.
+ Set the following environment variables:
+
+
+
+ export TOR_SKIP_LAUNCH=1
+ export TOR_SOCKS_PORT=9050
+ export TOR_CONTROL_PORT=9051
+ export TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
+
+
+
+ Start Tor Browser.
+
+
+
+ $ ./start-tor-browser.sh
+
+
+
+ If you wish to use password authentication for the control port,
+ you will need to wait till #9936 is fixed.
+
+
+
+
+
+
+
+
+ Following settings can be changed but be aware that this is
+ not recommended and can harm your anonymity.
+
+
+
+ In the default situation (without TOR_CONFIGURE_ONLY and without
+ TOR_SKIP_LAUNCH), Tor Launcher starts tor and then issues a
+ TAKEOWNERSHIP command via tor's control port so that the tor process will
+ automatically exit when Tor Launcher's control port connection is closed.
+ That way we have a much lower risk of an old tor process hanging around if
+ the browser is killed or if it crashes. But when TOR_CONFIGURE_ONLY=1
+ and TOR_SKIP_LAUNCH=1 are set, Tor Launcher does not TAKEOWNERSHIP
+ (the assumption being that if Tor Launcher did not start the tor process,
+ it is someone else's problem to control its life cycle).
+
+
+
+ -
+ TOR_SKIP_LAUNCH:
+ if set to 1, do not start a tor process, and, unless
+ TOR_CONFIGURE_ONLY is set to 1, do to not try to configure Tor
+ (that is, do not make a control port connection).
+ Values other than 1 have no effect
+
(default: false)
+
+ -
+ TOR_CONFIGURE_ONLY:
+ if set to 1, do not start Tor but try to connect via the control
+ port to configure Tor. Tor Launcher will not try to become the primary
+ controller. Values other than 1 have no effect.
+
(default: false)
+
+ -
+ TOR_FORCE_NET_CONFIG:
+ if set to 1, display the Tor Network Settings wizard at startup
+ (the value of the extensions.torlauncher.prompt_at_startup hidden
+ preference is ignored). Values other than 1 have no effect.
+ Used by Tails.
+
(default: false)
+
+ -
+ TOR_TRANSPROXY:
+ if set to 1, enables Torbutton's transparent proxy mode, which is
+ used if you have a Tor Router or some other set up that does not
+ require that the browser connect to Tor via a SOCKS proxy.
+
(default: false)
+
+ -
+ TOR_CONTROL_PASSWD:
+ if this is not set or if it is an empty string, Tor Launcher will
+ generate a random password.
+
(default: empty)
+
+ -
+ TOR_CONTROL_COOKIE_AUTH_FILE:
+ if TOR_CONTROL_PASSWD is set, its value is used as the password.
+ If TOR_CONTROL_PASSWD is not set but
+ TOR_CONTROL_COOKIE_AUTH_FILE is, then the cookie contained in
+ the file that TOR_CONTROL_COOKIE_AUTH_FILE points to is used
+ to authenticate to tor. If neither one is set, a random password is
+ generated and used.
+
(default: empty)
+
+ -
+ TOR_CONTROL_HOST:
+ if set, it becomes part of the CONTROLPORT setting.
+
(default: 127.0.0.1)
+
+ -
+ TOR_CONTROL_PORT:
+ if set, it replaces the default CONTROLPORT.
+
(default: 9151)
+
+ -
+ TOR_SOCKS_HOST:
+ if set, it becomes part of the SOCKSPORT setting
+
(default: empty)
+
+ -
+ TOR_SOCKS_PORT:
+ if set, it replaces the default SOCKSPORT
+
(default: 9050)
+
+
+
+
+ There are Firefox preferences that correspond to some of the environment
+ variables. If an env variable is set the equivalent preference setting is
+ overwritten:
+
+
+
+ - TOR_SKIP_LAUNCH=1:
+ extensions.torlauncher.start_tor=false (default: true)
+
+ - TOR_CONFIGURE_ONLY=1:
+ extensions.torlauncher.only_configure_tor=true (default: false)
+
+ - TOR_FORCE_NET_CONFIG=1:
+ extensions.torlauncher.prompt_at_startup=true (The default value of
+ extensions.torlauncher.prompt_at_startup is true but Tor Launcher
+ automatically changes it to false after a successful Tor bootstrap, and
+ automatically changes it to false after a failed bootstrap. So this one
+ is not useful to set manually.)
+
+
+
+
+
diff --git a/docs/en/update_signing-keys.pl.withsig b/docs/en/update_signing-keys.pl.withsig
new file mode 100755
index 00000000..b18120f5
--- /dev/null
+++ b/docs/en/update_signing-keys.pl.withsig
@@ -0,0 +1,121 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+
+my $keysfile = "include/keys.txt";
+my $wmifile = 'include/keys.wmi';
+my $forcekeyupdates = 0;
+my $skipkeyupdates = 0;
+
+# First we load the keys, then we create a wmi file which is included by
+# https://www.torproject.org/docs/signing-keys.html.en
+
+# Determine the base directory in case we are called from somewhere else.
+# We assume to sit in docs/en. Update $root path if this file has moved:
+$0 =~ /^(.+)\/[^\/]+$/;
+my $root = "$1/../..";
+chdir $root or die "Could not enter $root: $! (script path: $0)\n";
+
+open my $kf, '<', "$keysfile" # read keys
+ or die "Could not open $keysfile: $!\n";
+
+my %sections; # project => key owners
+my %owners; # key owner => string with all keys
+my @projects; # save sections in order of appearance
+my $section;
+foreach (<$kf>) {
+ # filters comment and empty lines
+ next if ($_ eq "\n");
+ if (/^#/) {
+ # [section] / project
+ } elsif (/^\[(.+)\]$/) {
+ $section = "$1";
+ $sections{"$section"} = ();
+ push (@projects, $section);
+ # key owner with list of key id(s)
+ } elsif (/^([^:]+):(.+)$/) {
+ my $owner = "$1";
+ my $keys = "$2";
+ push( @{$sections{"$section"}}, $owner);
+ $owners{"$owner"} = "$keys";
+ # tell about unrecognized lines
+ } else { print "Ignored line: $_\n"; }
+}
+close $kf;
+my @owners = keys %owners;
+print "Loaded $keysfile. Found $#owners key owners in $#projects projects.\n";
+
+# If the keysfile did not change since the last run, we will not update them.
+# To update all keys anyway, set $forcekeyupdates = 1 above, or comment:
+if (-f $wmifile && qx/[ $wmifile -nt $keysfile ]/) {
+ $forcekeyupdates or $skipkeyupdates++;
+}
+
+open my $out, '>', "$wmifile"
+ or die "Could not write to $wmifile; $!\n";
+print $out "#!/usr/bin/env wml\n
+This page is automatically generated from
+keys.txt (.asc).
+You can verify its signature as described in our
+manual to verify signatures.
+The signing keys we use are:\n
\n\n";
+my %fingerprints;
+foreach my $project (@projects) {
+ my $owners = '';
+ my $suf = 's';
+ my @keysinproject;
+ # we grab the key owners for each project and iterate over their keys
+ foreach my $owner (@{$sections{"$project"}}) { # iterate over owners
+ my $keys = $owners{"$owner"};
+ # example for $keys: 0x165733EA, 0x8D29319A(signing key)
+ my $inbrackets = '';
+ $suf = '' if ($owners ne '');
+ my @keys = split (',', $keys);
+ foreach my $key (@keys) { # iterate over keys
+ # validate key format. all regexp are beautiful.
+ if ($key =~ /^\s?(0x[^\(]+)(\(([^\)]+)\))?/) {
+ my $key = $1;
+ push (@keysinproject, $key);
+ # named alternative key
+ if ($2) {
+ $inbrackets .= " with its $3 $key";
+ # first key
+ } elsif ($inbrackets eq '') {
+ $inbrackets = "$key";
+ # second key
+ } else {
+ $inbrackets .= " and $key";
+ }
+ } else { # tell if the format is wrong
+ print "Unrecognized key format: $key\n";
+ }
+ }
+ my $sep = ($owners eq '') ? '' : ', ';
+ # Add owner to the list
+ $owners .= "$sep$owner ($inbrackets)";
+ print " - $owner ($inbrackets) [$project]\n";
+ }
+ if ($project eq 'other') {
+ print $out "- Other developers include $owners.
\n";
+ } else {
+ $suf = 'ed' if ($project =~ /older/);
+ print $out "- $owners sign$suf $project
\n";
+ }
+ my $keyids = join (' ', @keysinproject);
+ # update keys form keyserver pool
+ if ($forcekeyupdates or not $skipkeyupdates) {
+ print "Fetching $keyids from keyserver:\n";
+ qx/gpg --recv-key $keyids/;
+ }
+ # save gpg output for later
+ my $str = qx/gpg --list-keys --keyid-format 0xlong --with-fingerprint $keyids/;
+ $str =~ s//>/g; $str =~ s/@/#/g; # replace html codes
+ $fingerprints{"$project"} = "
\n$str
\n";
+}
+
+# print keys for each project to file
+print $out "\nFingerprints
\nThe fingerprints for the keys are:
\n";
+foreach my $project (@projects) {
+ print $out "$project
\n". $fingerprints{"$project"};
+}
+close $out; print "Wrote $wmifile.\n"; exit 0;