Install Tor Browser on CentOS 9 Stream – Two Simple Ways
You want to browse the hidden corners of the web without turning your system into a Frankenstein of hacks. This guide shows two reliable ways to get Tor Browser running on CentOS 9 Stream, with concrete commands and notes about why each step matters.
Method 1 – Install the official tarball
- Add the EPEL repository – some required libraries live there.
sudo dnf install -y epel-release
- Install dependencies – Tor needs a recent version of libevent and openssl‑libs.
sudo dnf install -y libevent openssl-libs
- Create a dedicated folder – keeping the browser separate makes upgrades cleaner.
mkdir -p $HOME/tor-browser && cd $HOME/tor-browser
- Download the signed tarball – always pull from the official site to avoid tampering.
curl -O https://dist.torproject.org/torbrowser/12.0.7/tor-browser-linux64-12.0.7_LANG.tar.xz
- Verify the signature – this step catches a corrupted or malicious file before you run anything.
gpg --keyserver keys.openpgp.org --recv-keys 0x4E2C6E8793298290
If you see “Good signature”, you’re safe to continue.
curl -O https://dist.torproject.org/torbrowser/12.0.7/tor-browser-linux64-12.0.7_LANG.tar.xz.asc
gpg --verify tor-browser-linux64-12.0.7_LANG.tar.xz.asc tor-browser-linux64-12.0.7_LANG.tar.xz - Extract the archive – the tarball contains a ready‑to‑run directory.
tar -xf tor-browser-linux64-12.0.7_LANG.tar.xz
- Launch Tor Browser – the wrapper script sets up the right environment each time.
./tor-browser/start-tor-browser.desktop --register-app
The first run will download a few extra components; let it finish.
Why this works: The tarball is built by the Tor Project for Linux, so you get the exact binaries they test. By verifying the GPG signature you protect yourself from supply‑chain attacks—a mistake I’ve seen people make when they just copy a .deb from an unknown source.
Method 2 – Install via Flatpak
Flatpak isolates applications from the host system, which sidesteps many library version conflicts that can bite on CentOS 9 Stream.
- Enable Flathub – it’s the central repository for flatpaks.
sudo dnf install -y flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - Install Tor Browser – this pulls a sandboxed build that includes everything it needs.
flatpak install -y flathub com.github.torproject.TorBrowser
- Run the browser – Flatpak creates a desktop entry; you can also start from terminal.
flatpak run com.github.torproject.TorBrowser
- (Optional) Adjust SELinux policy – if you have enforcing mode, the sandbox may be blocked.
sudo setsebool -P container_use_devices on
Why this works: Flatpak bundles its own libraries, so you don’t need to chase down libevent or glibc versions that CentOS might not provide yet. I’ve used the tarball method on older RHEL machines where flatpak wasn’t available; on a fresh Stream 9 install the flatpak route is faster and cleaner.
Common pitfalls and how to avoid them
- SELinux denial – after installing, you might see “Permission denied” when Tor tries to write its profile. Check the audit log (sudo ausearch -m avc -ts recent) and either set SELinux to permissive for a quick test or add an appropriate rule (audit2allow can generate one).
- Missing “libstdc++.so.6” – some older CentOS 9 Stream images lack the newest C++ runtime. Installing gcc-toolset-13-libstdc++ from the Software Collections repository fixes it.
- Stale cache after a Tor update – if you used the tarball method and later download a newer version, delete the old directory before extracting the new archive to avoid leftover files causing crashes.
That’s it—pick the approach that matches your workflow and you’ll be browsing through onion sites in no time.
