Setup debian updates over Tor via official onion links
With the official debian.org onion links which can be found here: onion.debian.org and their official onionlink we can now update our servers via Tor.
Minimal Setup
The following is a quick overview of what I did to change my debian servers to update via Tor instead of the clearnet.
Install the transport and Tor:
apt install apt-transport-tor tor
Update Apt
Update your /etc/apt/sources.list:
Don’t take my word for it that these onions are correct. Confirm they are by visiting onion.debian.org.
# Comment out everything else
# Main FTP Server
deb tor+http://vwakviie2ienjx6t.onion/debian jessie main
# FTP Updates
deb tor+http://vwakviie2ienjx6t.onion/debian jessie-updates main
# Security Patches
deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates main
# Enable FTP Backports if you enjoy that kinda thing
#deb tor+http://vwakviie2ienjx6t.onion/debian jessie-backports main
Update Tor
Confirm that tor is set to start on boot and that it is listening on port 9050 for a local socks proxy. (How else is apt going to get the packages?)
# Enable Tor to start on boot
sudo systemctl enable tor
# Update torrc to have "SocksProxy 9050"
sudo vim /etc/tor/torrc
Finishing up, Testing!
If everything is setup correctly, and you have tor running, run apt update
and you should get lines in your apt log saying Ign tor+http://vwakviie2ienjx6t.onion jessie/contrib
Let me know in the comments if you have any problems or ideas on this topic! Or just found it useful.