The following is a quick overview of what I did to change my debian servers to update via Tor instead of the clearnet.
Install the transport and Tor:
apt install apt-transport-tor tor
Update your /etc/apt/sources.list:
Don't take my word for it that these onions are correct. Confirm they are by visiting onion.debian.org.
# Comment out everything else # Main FTP Server deb tor+http://vwakviie2ienjx6t.onion/debian jessie main # FTP Updates deb tor+http://vwakviie2ienjx6t.onion/debian jessie-updates main # Security Patches deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates main # Enable FTP Backports if you enjoy that kinda thing #deb tor+http://vwakviie2ienjx6t.onion/debian jessie-backports main
Confirm that tor is set to start on boot and that it is listening on port 9050 for a local socks proxy. (How else is apt going to get the packages?)
# Enable Tor to start on boot sudo systemctl enable tor # Update torrc to have "SocksProxy 9050" sudo vim /etc/tor/torrc
Finishing up, Testing!
If everything is setup correctly, and you have tor running, run
apt update and you should get lines in your apt log saying
Ign tor+http://vwakviie2ienjx6t.onion jessie/contrib
Let me know in the comments if you have any problems or ideas on this topic! Or just found it useful.