From 134d2aa2940338f7cd19e17fefd6a0a41911f10c Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Fri, 26 Aug 2016 14:34:37 +0200 Subject: mention how to disable non-tor sources in apt --- README.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 9380be4..ca7edc0 100644 --- a/README.md +++ b/README.md @@ -51,22 +51,26 @@ available as an onion service. ## Configuration -Most users should not need to adjust SOCKS settings. +### Using a different Tor instance By default, apt-transport-tor uses the following SOCKS proxy setting, which -matches the default Tor SOCKS port: +is the default location of a locally installed Tor instance: - socks5h://apt-transport-tor@localhost:9050 + Acquire::tor::proxy "socks5h://apt-transport-tor@localhost:9050"; -If you want to use a different port, you can edit the Acquire::tor::proxy -apt preference: +Note the use of a username to make use of the default IsolateSOCKSAuth Tor +setting for stream isolation, which requires Tor 0.2.4.19 to work well. +This means your apt traffic will be sent over a different circuit from your +regular Tor traffic and for each host you connect to. - Acquire::tor::proxy "socks5h://apt-transport-tor@localhost:9050"; +### Disabling use of http(s) without Tor in APT -Note the use of a username to make use of the default IsolateSOCKSAuth Tor -setting for stream isolation, which requires bug fixes from Tor 0.2.4.19 to -work well. This means your apt traffic will be sent over a different circuit -from your regular Tor traffic for each host you connect to. +APT >= 1.3 allows methods to be disabled without removing them from the system, +so to avoid mistakenly adding new sources without using tor you can tell apt +via the following configuration options to fail for non-tor-http(s) sources: + + Dir::Bin::Methods::http "false"; + Dir::Bin::Methods::https "false"; ## Caveats -- cgit v1.2.3-70-g09d2