With the official debian.org onion links which can be found here: onion.debian.org and their official onionlink we can now update our servers via Tor.

Minimal Setup

The following is a quick overview of what I did to change my debian servers to update via Tor instead of the clearnet.

Install the transport and Tor:

apt install apt-transport-tor tor

Update Apt

Update your /etc/apt/sources.list:

Don’t take my word for it that these onions are correct. Confirm they are by visiting onion.debian.org.

# Comment out everything else
# Main FTP Server
deb  tor+http://vwakviie2ienjx6t.onion/debian          jessie            main
# FTP Updates
deb  tor+http://vwakviie2ienjx6t.onion/debian          jessie-updates    main
# Security Patches
deb  tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates    main
# Enable FTP Backports if you enjoy that kinda thing
#deb tor+http://vwakviie2ienjx6t.onion/debian          jessie-backports  main

Update Tor

Confirm that tor is set to start on boot and that it is listening on port 9050 for a local socks proxy. (How else is apt going to get the packages?)

# Enable Tor to start on boot
sudo systemctl enable tor
# Update torrc to have "SocksProxy 9050"
sudo vim /etc/tor/torrc

Finishing up, Testing!

If everything is setup correctly, and you have tor running, run apt update and you should get lines in your apt log saying Ign tor+http://vwakviie2ienjx6t.onion jessie/contrib

Let me know in the comments if you have any problems or ideas on this topic! Or just found it useful.