Page MenuHomePhabricator

Switch Debian links in sources.list to .onion
Closed, ResolvedPublic

Description

Jacob is working with Debian to run their repositories as .onion

Once they're up and running I recommend switching Whonix to using them.

Whonix's own repos should follow their lead depending on the resources you can invest in running a .onion on the infrastructure.

Details

Impact
Normal

Event Timeline

HulaHoop created this task.Aug 25 2015, 2:46 PM
HulaHoop raised the priority of this task from to Normal.
HulaHoop updated the task description. (Show Details)
HulaHoop set Impact to Normal.
HulaHoop added a subscriber: HulaHoop.
Patrick lowered the priority of this task from Normal to Wishlist.Aug 25 2015, 6:24 PM

Trial in progress. Debian planning domain wide .onion roll out:

http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/

Patrick added subscribers: mfc, marmarek, nrgaway, wax.

Related issue recently raised on Qubes tracker:
high-level target: templates should default update over Tor
https://github.com/QubesOS/qubes-issues/issues/1159

create a Tor hidden service for deb.torproject.org [ .onion apt-get ]:
https://trac.torproject.org/projects/tor/ticket/17937

I was thinking about changing the main repo URLs to the optimized one but is it worth it when changing to .onion is better?

"Note the use of http.debian.net in order to pick a mirror near to whichever Tor exit node. Throughput is surprisingly good."

https://retout.co.uk/blog/2014/07/21/apt-transport-tor


Related files:

https://github.com/Whonix/anon-apt-sources-list/blob/master/etc/apt/sources.list.d/debian.list
https://github.com/Whonix/Whonix/tree/master/build_sources

As per Tails... httpredir.debian.net is not a great idea. Source:
https://labs.riseup.net/code/issues/9235

https://github.com/Whonix/Whonix/tree/master/build_sources

Btw changing these to onion not trivial. Requires Tor access during build.

Btw changing these to onion not trivial. Requires Tor access during build.

FWIW for Qubes templates (release builds) it isn't a problem - I always build them in DispVM behind Tor.
But it may be a problem for devel builds and it may slow them down...

Once we stop using deb.torproject.org (T472), implementing this ticket gets more attractive. (since they do not yet host a .onion for deb.torproject.org) (And we would need to get our onion for whonix.org back up. (T494))

That day has finally come. Both Tor and Debian have onion repos;

http://forums.whonix.org/t/debian-starts-onionizing/2797

IMHO restoring Whonix onion repos should be part of this to achieve complete protection.

Patrick raised the priority of this task from Wishlist to Normal.Aug 19 2016, 2:08 AM
Patrick closed this task as Resolved.Jan 21 2018, 1:21 PM
Patrick claimed this task.