Last update: March 17, 2019. This website uses cookies. By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. More information

 Actions

Tor Versioning

Introduction[edit]


It is possible to install newer Tor versions from either the Whonix ™ or Tor Project repositories. Note that a later Tor version will not always be installed from The Tor Project repository -- in the recent past, the stretch repositories for packages.debian.org and deb.torproject.org had identical Tor versions. In general, as the Debian stable release ages, the likelihood of receiving a newer Tor version from deb.torproject.org increases.

Newer Tor Versions: Whonix ™ Repository[edit]

Newer Tor versions can be installed by enabling the Whonix ™ stable-proposed-updates repository in Whonix-Gateway ™ (whonix-gw-14) and then upgrading the system as usual.

Newer Tor Versions: The Tor Project Repository[edit]


If you wish to proceed despite the risk, two steps are required:

  • The deb.torproject.org repository must be enabled.
  • The anon-shared-build-apt-sources-tpo package must be installed, since it enables The Tor Project's apt-get signing key and installs the apt source torproject.list [2]

1. In Whonix-Gateway ™ (whonix-gw-14), update the package lists.

sudo apt-get update

2. Install anon-shared-build-apt-sources-tpo

sudo apt-get install anon-shared-build-apt-sources-tpo

3. Refresh the package lists. [3]

sudo apt-get update

4. Install the (potentially) newer version of the tor package.

This step also installs the deb.torproject.org-keyring package which keeps the Tor Project repository apt key up-to-date.

sudo apt-get install tor deb.torproject.org-keyring

Onionize Tor Project Updates[edit]

Only follow these instructions if Newer Tor versions from The Tor Project Repository was configured. Note that The Tor Project deb apt signing key must be added first (see the prior link), or error messages will appear when completing these steps.

Non-Qubes-Whonix[edit]

The following commands are run in Whonix-Gateway ™.

1. Create a torproject.list file using an editor.

Open /etc/apt/sources.list.d/torproject.list in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix ™ with KDE, run.

kdesudo kwrite /etc/apt/sources.list.d/torproject.list

If you are using a graphical Whonix or Qubes-Whonix ™ with XFCE, run.

kdesudo mousepad /etc/apt/sources.list.d/torproject.list

If you are using a terminal-only Whonix, run.

sudo nano /etc/apt/sources.list.d/torproject.list

2. Cut and paste the following text and comment out (#) the corresponding http repository.

#Tor Project Mirror
#deb http://deb.torproject.org/torproject.org stretch main
deb http://sdscoq7snqtznauu.onion/torproject.org stretch main

Save and exit.

Qubes R4[edit]

Add the Tor Signing Key[edit]

As a workaround, the Tor apt singing key can be fetched from a (networked) anon-whonix AppVM, then copied over to whonix-gw-14 in a text file.

1. Add the Tor Project deb apt signing key.

Run the following command in anon-whonix.

sudo apt-key adv --keyserver jirk5u4osbsr34t5.onion --recv-keys A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

2. Display the key's fingerprint.

Run.

sudo apt-key adv --fingerprint A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

3. Examine the key's fingerprint.

Compare the fingerprint displayed in the terminal with the one listed on this website https://www.torproject.org/docs/signing-keys.html (v2 onion).

4. Copy the Tor signing key to whonix-gw-14.

In anon-whonix, copy the Tor singing key to a new text file named tor.key.

sudo apt-key export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 > /tmp/tor.key

In anon-whonix, copy the tor.key text file over to whonix-gw-14.

qvm-copy /tmp/tor.key whonix-gw-14

If the following error appears, it can be safely ignored (hit "OK" when prompted).

 qfile-agent: Fatal error: stat whonix-gw-14-version (error type: No such file or directory)

5. Add the Tor signing key to the list of trusted keys

In whonix-gw-14, run.

sudo apt-key add ~/QubesIncoming/anon-whonix/tor.key

Onionize the Sources File[edit]

1. To onionize Tor Project updates, first create a torproject.list file using an editor.

Open /etc/apt/sources.list.d/torproject.list in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix ™ with KDE, run.

kdesudo kwrite /etc/apt/sources.list.d/torproject.list

If you are using a graphical Whonix or Qubes-Whonix ™ with XFCE, run.

kdesudo mousepad /etc/apt/sources.list.d/torproject.list

If you are using a terminal-only Whonix, run.

sudo nano /etc/apt/sources.list.d/torproject.list

2. Next, cut and paste the following text and comment out (#) the corresponding http repository.

#Tor Project Mirror
#deb http://deb.torproject.org/torproject.org stretch main
deb http://sdscoq7snqtznauu.onion/torproject.org stretch main

Save and exit.

Footnotes[edit]

  1. One example in the recent past was a Tor release that contained AppArmor changes which were incompatible with one of Whonix-Gateway ™ (whonix-gw-14)'s configuration files (anon-gw-anonymizer-config's /etc/apparmor.d/local/system_tor.anondist) causing Tor's systemd unit to fail.
  2. Alternatively, The Tor Project's native instructions for Debian can be used, but the manual steps are more difficult and involved. The verification of The Tor Project apt-get signing key is also harder. Since you already trust Whonix ™, the logical choice is to trust another Whonix ™ package to install the right signing key.
  3. So the newly installed /etc/apt/sources.list.d/torproject.list takes effect.
  4. https://github.com/QubesOS/qubes-issues/issues/1854

No user support in comments. See Support.

Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables. Please come and introduce yourself in the development forum.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.