Setup debian updates over Tor via official onion links

With the official debian.org onion links which can be found here: onion.debian.org and their official onionlink we can now update our servers via Tor.

Minimal Setup

The following is a quick overview of what I did to change my debian servers to update via Tor instead of the clearnet.

Install the transport and Tor:

apt install apt-transport-tor tor  

Update Apt

Update your /etc/apt/sources.list:

Don't take my word for it that these onions are correct. Confirm they are by visiting onion.debian.org.

# Comment out everything else
# Main FTP Server
deb  tor+http://vwakviie2ienjx6t.onion/debian          jessie            main  
# FTP Updates
deb  tor+http://vwakviie2ienjx6t.onion/debian          jessie-updates    main  
# Security Patches
deb  tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates    main  
# Enable FTP Backports if you enjoy that kinda thing
#deb tor+http://vwakviie2ienjx6t.onion/debian          jessie-backports  main

Update Tor

Confirm that tor is set to start on boot and that it is listening on port 9050 for a local socks proxy. (How else is apt going to get the packages?)

# Enable Tor to start on boot
sudo systemctl enable tor  
# Update torrc to have "SocksProxy 9050"
sudo vim /etc/tor/torrc

Finishing up, Testing!

If everything is setup correctly, and you have tor running, run apt update and you should get lines in your apt log saying Ign tor+http://vwakviie2ienjx6t.onion jessie/contrib

Let me know in the comments if you have any problems or ideas on this topic! Or just found it useful.

Tim Coombs

Administrator of Slowb.ro and world leader of my own mind, the only place our ideas and thoughts are our own in a world gone mad

In a terminal https://slowb.ro

Subscribe to Slowb.ro's Blog

Get the latest posts delivered right to your inbox.

or subscribe via RSS