With the official debian.org onion links which can be found here: onion.debian.org and their official onionlink we can now update our servers via Tor.

Minimal Setup

The following is a quick overview of what I did to change my debian servers to update via Tor instead of the clearnet.

Install the transport and Tor:

apt install apt-transport-tor tor

Update your /etc/apt/sources.list:

Don’t take my word for it that these onions are correct. Confirm they are by visiting onion.debian.org.

# Comment out everything else # Main FTP Server deb tor+http://vwakviie2ienjx6t.onion/debian jessie main # FTP Updates deb tor+http://vwakviie2ienjx6t.onion/debian jessie-updates main # Security Patches deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates main # Enable FTP Backports if you enjoy that kinda thing #deb tor+http://vwakviie2ienjx6t.onion/debian jessie-backports main

Confirm that tor is set to start on boot and that it is listening on port 9050 for a local socks proxy. (How else is apt going to get the packages?)

# Enable Tor to start on boot sudo systemctl enable tor # Update torrc to have "SocksProxy 9050" sudo vim /etc/tor/torrc

Finishing up, Testing!

If everything is setup correctly, and you have tor running, run apt update and you should get lines in your apt log saying Ign tor+http://vwakviie2ienjx6t.onion jessie/contrib

Let me know in the comments if you have any problems or ideas on this topic! Or just found it useful.