Page MenuHomePhabricator

anon-shared-build-apt-sources-tpoProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Mar 7 2018

Patrick closed T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false"; as Resolved.
Mar 7 2018, 1:11 AM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Jan 21 2018

Patrick closed T399: Switch Debian links in sources.list to .onion as Resolved.
Jan 21 2018, 1:21 PM · Whonix 14, research, enhancement, whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, Whonix

Mar 2 2017

Patrick added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.

https://github.com/Whonix/qubes-whonix/commit/afcdbbaa6bc46d06b4dca4a37c60079d1d6305c8

Mar 2 2017, 5:44 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Mar 1 2017

Patrick added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.

pkg-systemd-maintainers question - [Install] for static systemd unit file?:
http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/2017-March/014376.html

Mar 1 2017, 9:50 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
Patrick changed the status of T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false"; from Open to Review.
In T610#11827, @Patrick wrote:

marmarek (Marek Marczykowski-Górecki):

marmarek added a comment.

Perhaps it's better to implement this rather minimally inside the
https://phabricator.whonix.org/tag/qubes-whonix/ package? A simple
one socat listener port 9050 only redirection from whonix-gw
TemplateVM to sys-whonix?

You're talking about whonix-gw template here, right? And still cover
whonix-ws with
https://phabricator.whonix.org/tag/anon-ws-disable-stacked-tor/?

Good question. Would work either way. I guess simpler for both whonix-gw
and whonix-ws to have this minimal redirection inside the qubes-whonix
package.

Mar 1 2017, 9:23 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
Patrick added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.
In T610#12427, @Patrick wrote:

We should probably also set a socks user name for better Tor stream isolation. (IsolateSOCKSAuth) I am considering to add this to the uwt package.

Acquire::tor::proxy "socks5h://apt-transport-tor@127.0.0.1:9050";

(From reading zless /usr/share/doc/apt-transport-tor/README.md.gz.)
I was considering to change the port from 9050 to another one, but I am vary of this. It might look better but would also make the implementation more complicated. (Another Tor SocksPort. Not redirect 9050 from TemplateVM to gateway but another port.) Without any actual benefit.

Mar 1 2017, 1:52 AM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Feb 21 2017

Patrick added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.

We should probably also set a socks user name for better Tor stream isolation. (IsolateSOCKSAuth) I am considering to add this to the uwt package.

Feb 21 2017, 10:11 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Jan 22 2017

Patrick added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.

marmarek (Marek Marczykowski-Górecki):

marmarek added a comment.

Perhaps it's better to implement this rather minimally inside the
https://phabricator.whonix.org/tag/qubes-whonix/ package? A simple
one socat listener port 9050 only redirection from whonix-gw
TemplateVM to sys-whonix?

You're talking about whonix-gw template here, right? And still cover
whonix-ws with
https://phabricator.whonix.org/tag/anon-ws-disable-stacked-tor/?

Jan 22 2017, 1:38 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Jan 21 2017

marmarek added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.
Perhaps it's better to implement this rather minimally inside the https://phabricator.whonix.org/tag/qubes-whonix/ package? A simple one socat listener port 9050 only redirection from whonix-gw TemplateVM to sys-whonix?
Jan 21 2017, 11:15 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
Patrick added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.
In T610#11722, @Patrick wrote:

I haven't updated whonix_repository_uri= in https://github.com/Whonix/qubes-template-whonix/blob/master/whonix-gateway/04_install_qubes_post.sh to onion yet. I guess there we should use onion plus Acquire::BlockDotOnion "false";?

In Qubes Whonix case, I think this is the easiest thing to do, for both whonix-ws and whonix-gw. Both have other mechanism to prevent updating over clearnet, so IMHO no real reason for using tor+http.

Jan 21 2017, 11:19 AM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
marmarek added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.
In T610#11722, @Patrick wrote:

I haven't updated whonix_repository_uri= in https://github.com/Whonix/qubes-template-whonix/blob/master/whonix-gateway/04_install_qubes_post.sh to onion yet. I guess there we should use onion plus Acquire::BlockDotOnion "false";?

Jan 21 2017, 1:12 AM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Jan 19 2017

Patrick reopened T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false"; as "Open".

I am glad I tagged you for this ticket. This can use scrutiny indeed. Haven't thought of that yet.

Jan 19 2017, 3:50 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
marmarek added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.

What about tor-over-tor issue here? And starting tor in template by having apt-transport-tor installed? Are those issues mitigated somehow else?

Jan 19 2017, 1:18 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
Patrick added a comment to T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.

https://github.com/Whonix/Whonix/commit/2fed0f35b060b12160b1cbb475b3c74cd2075c74

Jan 19 2017, 1:07 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Jan 18 2017

Patrick updated subscribers of T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.
Jan 18 2017, 2:43 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
Patrick closed T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false"; as Resolved.

https://github.com/Whonix/anon-apt-sources-list/commit/9c85a9f2486f8c19ee96ba98e3dc3ce3b5a3ad77
https://github.com/Whonix/whonix-repository/commit/1584d14065cf4f14fcce77e9d387552e21c45711
https://github.com/Whonix/anon-apt-sources-list/commit/48fbc20a43b85dbe18aa07fabb0a93f1ee02fe69
https://github.com/Whonix/anon-meta-packages/commit/7cf8cf4e50b72a570de54fad10f912af73e3cf3d
https://github.com/Whonix/Whonix/commit/f2d5ac58d8c043e94ad10c7470b3a3c89875d35b
https://github.com/Whonix/Whonix/commit/77162abafc2a71ee51817b6c1f574eb6d97ed444
https://github.com/Whonix/Whonix/commit/921fc44efe75d96b18af27cf4f26479e68e259cf

Jan 18 2017, 2:43 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
Patrick renamed T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false"; from should use http+tor / apt-transport-tor rather than Acquire::BlockDotOnion "false"; to use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.
Jan 18 2017, 2:25 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14
Patrick created T610: use tor+http / apt-transport-tor rather than Acquire::BlockDotOnion "false";.
Jan 18 2017, 2:19 PM · Whonix, anon-shared-build-apt-sources-tpo, build, whonix-repository, anon-apt-sources-list, Whonix 14

Aug 19 2016

Patrick changed the status of T399: Switch Debian links in sources.list to .onion from Open to Review.
Aug 19 2016, 2:33 AM · Whonix 14, research, enhancement, whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, Whonix
Patrick raised the priority of T399: Switch Debian links in sources.list to .onion from Wishlist to Normal.
Aug 19 2016, 2:08 AM · Whonix 14, research, enhancement, whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, Whonix

Aug 3 2016

Patrick added a comment to T399: Switch Debian links in sources.list to .onion .

Already up.

Aug 3 2016, 12:30 AM · Whonix 14, research, enhancement, whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, Whonix

Aug 2 2016

HulaHoop added a comment to T399: Switch Debian links in sources.list to .onion .

IMHO restoring Whonix onion repos should be part of this to achieve complete protection.

Aug 2 2016, 12:40 AM · Whonix 14, research, enhancement, whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, Whonix

Aug 1 2016

Patrick added a project to T399: Switch Debian links in sources.list to .onion : Whonix 14.
Aug 1 2016, 9:08 PM · Whonix 14, research, enhancement, whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, Whonix
Patrick added projects to T399: Switch Debian links in sources.list to .onion : anon-apt-sources-list, anon-shared-build-apt-sources-tpo, whonix-repository, enhancement, research.
Aug 1 2016, 9:00 PM · Whonix 14, research, enhancement, whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, Whonix

Apr 25 2015

Patrick updated subscribers of T270: change release codename from wheezy to jessie.
Apr 25 2015, 4:28 AM · whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, build, Debian version 8 codename Jessie, Whonix, Whonix 11

Apr 22 2015

Patrick updated subscribers of T270: change release codename from wheezy to jessie.
Apr 22 2015, 5:59 PM · whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, build, Debian version 8 codename Jessie, Whonix, Whonix 11
Patrick closed T270: change release codename from wheezy to jessie as Resolved.

Done:

Apr 22 2015, 5:58 PM · whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, build, Debian version 8 codename Jessie, Whonix, Whonix 11
Patrick created T270: change release codename from wheezy to jessie.
Apr 22 2015, 5:40 PM · whonix-repository, anon-shared-build-apt-sources-tpo, anon-apt-sources-list, build, Debian version 8 codename Jessie, Whonix, Whonix 11