It is possible to install newer Tor versions from either the Whonix ™ or Tor Project repositories. Note that a later Tor version will not always be installed from The Tor Project repository -- in the recent past, the stretch repositories for packages.debian.org and deb.torproject.org had identical Tor versions. In general, as the Debian stable release ages, the likelihood of receiving a newer Tor version from deb.torproject.org increases.
Newer Tor Versions: Whonix ™ Repository
Newer Tor versions can be installed by enabling the Whonix ™ stable-proposed-updates repository in Whonix-Gateway ™ (
whonix-gw-14) and then upgrading the system as usual.
Newer Tor Versions: The Tor Project Repository
If the latest Tor version from deb.torproject.org has not been fully tested by Whonix ™ developers at a specific point in time, then problems can emerge such as broken connectivity. 
If you wish to proceed despite the risk, two steps are required:
- The deb.torproject.org repository must be enabled.
anon-shared-build-apt-sources-tpopackage must be installed, since it enables The Tor Project's apt-get signing key and installs the apt source torproject.list 
Onionize Tor Project Updates
Only follow these instructions if Newer Tor versions from The Tor Project Repository was configured. Note that The Tor Project deb apt signing key must be added first (see the prior link), or error messages will appear when completing these steps.
The following commands are run in Whonix-Gateway ™.
In Qubes R4.0 and above, TemplateVMs do not have network connections by default. This means any attempt to download the apt key in
Add the Tor Signing Key
As a workaround, the Tor apt singing key can be fetched from a (networked)
anon-whonix AppVM, then copied over to
whonix-gw-14 in a text file.
Onionize the Sources File
- One example in the recent past was a Tor release that contained AppArmor changes which were incompatible with one of Whonix-Gateway ™ (
whonix-gw-14)'s configuration files (anon-gw-anonymizer-config's /etc/apparmor.d/local/system_tor.anondist) causing Tor's systemd unit to fail.
- Alternatively, The Tor Project's native instructions for Debian can be used, but the manual steps are more difficult and involved. The verification of The Tor Project apt-get signing key is also harder. Since you already trust Whonix ™, the logical choice is to trust another Whonix ™ package to install the right signing key.
- So the newly installed /etc/apt/sources.list.d/torproject.list takes effect.
No user support in comments. See Support.
Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)