diff options
author | Tim Retout <tim@retout.co.uk> | 2014-04-20 15:37:27 +0100 |
---|---|---|
committer | Tim Retout <tim@retout.co.uk> | 2014-04-20 15:37:27 +0100 |
commit | 698a7462be62528ec42eeb7dbc779686e698b50e (patch) | |
tree | 803a068626375ccd74423f44beacb8a35609992f | |
parent | 3c2edc4a92bd373d384a9c025c193fe3084e9704 (diff) |
Add stream isolation, and document Acquire::tor::proxy
-rw-r--r-- | README.md | 22 | ||||
-rw-r--r-- | tor.cc | 6 |
2 files changed, 27 insertions, 1 deletions
@@ -42,6 +42,28 @@ mirror, you can use that: deb tor://<long string>.onion/debian unstable main deb-src tor://<long string>.onion/debian unstable main +## Configuration + +Most users should not need to adjust SOCKS settings. + +By default, apt-transport-tor uses the following SOCKS proxy setting, which +matches the default Tor SOCKS port: + + socks5h://apt:apt@localhost:9050 + +If you want to use a different port, you can edit the Acquire::tor::proxy +apt preference: + + Acquire::tor::proxy "socks5h://apt:apt@localhost:9050"; + +Note the use of a username/password to make use of the default +IsolateSOCKSAuth Tor setting for stream isolation, which requires bug fixes +from Tor 0.2.4.19 to work well. This means your apt traffic will be sent +over a different circuit from your regular Tor traffic. + +Although "sock5h://" is put explicitly in these examples, at the moment its +use is hardcoded (to avoid DNS leaks). + ## Caveats Downloading your Debian packages over Tor prevents an attacker who is @@ -118,7 +118,11 @@ void HttpsMethod::SetupProxy() /*{{{*/ if (UseProxy.empty() == true) { - UseProxy = "socks5h://localhost:9050"; + // Default proxy + // - socks5h (actually ignored below) - use proxy for DNS resolution + // - apt:apt@ - dummy socks authentication (for IsolateSOCKSAuth in Tor) + // - localhost:9050 - default Tor SOCKS port + UseProxy = "socks5h://apt:apt@localhost:9050"; } // Determine what host and port to use based on the proxy settings |