Tor browser don't start with Ubuntu 18.04

I sometimes use the TOR browser to check connections from different networks or different countries. My usage of Tor is very rare. The last time I try, TOR have never started. To troubleshoot I ended up to launch it from the console and same problem occurs.

rja@SBox:~/tmp/$ torbrowser-launcher 
Gtk-Message: 15:56:44.321: Failed to load module "canberra-gtk-module"
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.2.9
https://github.com/micahflee/torbrowser-launcher
Refreshing local keyring...

diagnosis

What is this thing? Local keyring? I found more details with the pstree and ps commands.

rja@SBox:~/tmp/$ pstree -l -p 4517
bash(4517)───torbrowser-laun(6295)───gpg(6300)
rja@SBox:~/tmp/$ ps auwx |grep gpg
rja  3941  0.0  0.0 100472  3656 ?        SLs  15:27   0:00 /usr/bin/gpg-agent --supervised
rja  4974  0.0  0.1  54808 16280 tty2     SL+  15:31   0:00 /usr/bin/gpg --status-fd 2 --homedir /home/rja/.local/share/torbrowser/gnupg_homedir --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file /usr/share/torbrowser-launcher/sks-keyservers.netCA.pem include-revoked no-honor-keyserver-url no-honor-pka-record --refresh-keys
rja  5075  0.0  0.1  54104 15660 tty2     SL+  15:34   0:00 /usr/bin/gpg --status-fd 2 --homedir /home/rja/.local/share/torbrowser/gnupg_homedir --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file /usr/share/torbrowser-launcher/sks-keyservers.netCA.pem include-revoked no-honor-keyserver-url no-honor-pka-record --refresh-keys
rja  6300  0.0  0.0  46584  8180 pts/0    SL+  15:56   0:00 /usr/bin/gpg --status-fd 2 --homedir /home/rja/.local/share/torbrowser/gnupg_homedir --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file /usr/share/torbrowser-launcher/sks-keyservers.netCA.pem include-revoked no-honor-keyserver-url no-honor-pka-record --refresh-keys

We can see that the GPG command is used to refresh a specific keyring located under /home/rja/.local/share/torbrowser/. Multiple GPG commands come from multiple Tor browser launching. Because it doesn't make sense to run more than one gpg command at the same time on the same keyring.
Gpg told us that the key is associated with the email torbrowser@torproject.org and that key is still valid.

$ LANG= gpg --homedir /home/rja/.local/share/torbrowser/gnupg_homedir --list-keys
/home/rjacquet/.local/share/torbrowser/gnupg_homedir/pubring.kbx
----------------------------------------------------------------
pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid           [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>
sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

So what's happenning? I get the clue when I ran the command in the console:

$ LANG= /usr/bin/gpg --status-fd 2 --homedir /home/rjacquet/.local/share/torbrowser/gnupg_homedir --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file /usr/share/torbrowser-launcher/sks-keyservers.netCA.pem include-revoked no-honor-keyserver-url no-honor-pka-record --refresh-keys
gpg: keyserver option 'ca-cert-file' is obsolete; please use 'hkp-cacert' in dirmngr.conf
gpg: Note: '--refresh-keys' is not considered an option
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
usage: gpg [options] [filename]

The syntax of the command is not correct! Problably the gpg command have been updated and it broke the torbrowser-launcher.

Looking for a solution

I try to find a potential update but nothing match gpg or tor.

apt list --upgradable |egrep 'gpg|tor'

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

I decided to fix it in the source code. Yes this is ugly but it will fix my tor browser before updating my Ubuntu to 20.04 :-).

This gpg call is located in the file /usr/lib/python2.7/dist-packages/torbrowser_launcher/common.py around line 220:

        p = subprocess.Popen(['/usr/bin/gpg', '--status-fd', '2',
                              '--homedir', self.paths['gnupg_homedir'],
                              '--keyserver', 'hkps://hkps.pool.sks-keyservers.net',
                              '--keyserver-options', 'ca-cert-file=' + self.paths['keyserver_ca']
                              + ',include-revoked,no-honor-keyserver-url,no-honor-pka-record',
                              '--refresh-keys'], stderr=subprocess.PIPE)

I decided to remove the keyserver options. There are really unclear for me. I also replace the server url like it is in the last version of code source.

$  LANG= gpg --homedir . --keyserver hkps://keys.openpgp.org --refresh-keys
gpg: refreshing 1 key from hkps://keys.openpgp.org
gpg: key 4E2C6E8793298290: no user ID
gpg: Total number processed: 1

The victory is near... Below are the lines that fix the problem. And TOR starts in few seconds :-)

        p = subprocess.Popen(['/usr/bin/gpg', '--status-fd', '2',
                              '--homedir', self.paths['gnupg_homedir'],
                              '--keyserver', 'hkps://keys.openpgp.org',                              
                              '--refresh-keys'], stderr=subprocess.PIPE)
By @Romain JACQUET in [ sysadmin ] jeu. 21 mai 2020
Tags :