how to update mobian over tor

Kevin Kofler · 07-09-2023, 05:40 AM

How can we trust those TOR links not to contain malware? I would recommend HTTPS instead, failing that HTTP, but not TOR with Onion links given by some random commenter on some forum.

zetabeta · 07-09-2023, 03:27 PM

(07-09-2023, 05:40 AM)Kevin Kofler Wrote: How can we trust those TOR links not to contain malware? I would recommend HTTPS instead, failing that HTTP, but not TOR with Onion links given by some random commenter on some forum.

we should be suspicious of tor links. however, if signing keys are properly validated, then installer won't install those altered packages.

this creates another problem, where are signing keys from!? do users check signing keys!?

btw, http (non-ssl) could be hijacked in rare cases.

Kevin Kofler · 07-09-2023, 05:01 PM

(07-09-2023, 03:27 PM)zetabeta Wrote: btw, http (non-ssl) could be hijacked in rare cases.

Which is why I recommend HTTPS if possible. But Debian has this strange idea of still defaulting to unencrypted HTTP mirrors in 2023 and requiring a subpackage to be installed for APT to support HTTPS at all.

vusra · (This post was last modified: 07-09-2023, 09:05 PM by vusra.)

(07-09-2023, 05:40 AM)Kevin Kofler Wrote: How can we trust those TOR links not to contain malware? I would recommend HTTPS instead, failing that HTTP, but not TOR with Onion links given by some random commenter on some forum.

links not random not suspicious. all .onion links in this thread are official debian mirrors https://onion.debian.org as zetabeta says, non official mirrors okay if signing keys are properly validated, then installer won't install those altered packages. But all onion links in this thread are official debian mirrors https://onion.debian.org

sub packages no longer need to be installed for apt transport https support

vusra · (This post was last modified: 12-04-2024, 07:06 PM by vusra.)

Updated trixie instructions

Code:
sudo apt install apt-transport-tor  tor

Edit /etc/apt/sources.list as root

Code:
sudo nano  /etc/apt/sources.list   

Put # in front of every existing line and add these two new lines

Code:
deb  tor://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian trixie main

deb  tor://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security trixie-security main

Edit /etc/apt/sources.list.d/mobian.list as root

Code:
sudo nano /etc/apt/sources.list.d/mobian.list

and put tor+ in front of the https://repo.mobian.org/ url

Code:
tor+https://repo.mobian.org/

Run

Code:
sudo apt update

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	XLibre for Mobian	Hiraghm	1	60	2 hours ago Last Post: Haroldkent
	Axolotl on PinePhone / Mobian	arno_nuehm	223	239,491	06-25-2025, 01:19 PM Last Post: anonymous
	bookworm vs trixie discussion for mobian in pinephone regular.	zetabeta	64	22,243	06-17-2025, 06:27 AM Last Post: anonymous
	VoIP account on mobian dialer	j_s	0	125	06-15-2025, 04:19 PM Last Post: j_s
	Mobian Pinephone Notification LED	biketool	2	294	06-07-2025, 03:19 PM Last Post: KC9UDX
	Vivaldi Web browser nearly native for Mobian	biketool	3	654	05-06-2025, 02:19 AM Last Post: biketool
	mobian calamares fail	merom	2	693	04-29-2025, 02:10 PM Last Post: mdk
	mobian phosh on screen keyboard not popping up for Chromium/Electron apps	grump_fiddle_reinstall	1	820	01-15-2025, 08:08 PM Last Post: Kevin Kofler
	How to use QR codes on Mobian Sid(unstable) Pinephone Pro	biketool	1	712	01-02-2025, 12:47 PM Last Post: zetabeta
	Upgrade to Mobian (Trixie) Staging	biketool	13	3,497	12-29-2024, 10:35 AM Last Post: biketool

Login




Remember me Lost Password?

About Us