Can't update after installing apt-transport-tor
- Login o registrati per inviare commenti
Hey everyone,
After reading here https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/apt I decided to install apt-transport-tor and use it.
I did
sudo apt install apt-transport-tor
sudo apt edit-sources
(choose nano)
changed all "https://archive.trisquel.info...." into "tor://archive.trisquel.info..."
And tried sudo apt-get update
It failed to access any of the repository links. It's as if it doesn't see that it should use Tor. Has anyone gotten this to work?
Thanks.
Because that page is wrong. It should be https://github.com/diocles/apt-transport-tor and you'll see it should be tor+http or even tor+https
So:
deb https://archive.trisquel.info/trisquel/ flidas main
deb-src https://archive.trisquel.info/trisquel/ flidas main
Becomes:
deb tor+https://archive.trisquel.info/trisquel/ flidas main
deb-src tor+https://archive.trisquel.info/trisquel/ flidas main
In effect, you can open your exit editor and tell it to replace all instances of http to tor+http (that will catch http and https because your text editor should do partial text matches too.)
Thanks, that makes sense (still haven't tried, just wanted to thank you right away!).
Reading that page, I notice one can change the port used. So, in theory, I could not install system Tor, and use the Tor Browser's Tor? Or would install apt-transport-tor always require Tor to be installed and running?
Well, to answer my own question, it is indeed possible to do
sudo nano /etc/apt/apt.conf
add the following line
Acquire::tor::proxy "socks5h://apt:apt@localhost:9150";
And it will use the Tor Browser's Tor. HOWEVER, you cannot uninstall the Tor binary from the system, as it is marked as a dependency of apt-transport-tor
So, you can not have it running but it has to be installed.
Also, another important notice, one must edit also other sources lines (such as PPA and stuff) to add "tor+" or else those will be done without Tor. Synaptic is a more clear way of doing so as it will show all the sources at once.
I also discovered that launchpad PPA can't use https, didn't know that. Is that even remotely secure??
"Is that even remotely secure??"
All APT repositories are GPG-signed which makes it still possible for the package manager to verify that the integrity and detect alterations even if it comes over an insecure connection. The package manager should warn you if you're using packages from an unsigned repository.
Check out the program apt-key if you want to see more information on which GPG keys your system is trusting.
Thanks for clarifying that for me ;)
- Login o registrati per inviare commenti