From 698a7462be62528ec42eeb7dbc779686e698b50e Mon Sep 17 00:00:00 2001 From: Tim Retout Date: Sun, 20 Apr 2014 15:37:27 +0100 Subject: Add stream isolation, and document Acquire::tor::proxy --- README.md | 22 ++++++++++++++++++++++ tor.cc | 6 +++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1b39ca6..e06b277 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,28 @@ mirror, you can use that: deb tor://.onion/debian unstable main deb-src tor://.onion/debian unstable main +## Configuration + +Most users should not need to adjust SOCKS settings. + +By default, apt-transport-tor uses the following SOCKS proxy setting, which +matches the default Tor SOCKS port: + + socks5h://apt:apt@localhost:9050 + +If you want to use a different port, you can edit the Acquire::tor::proxy +apt preference: + + Acquire::tor::proxy "socks5h://apt:apt@localhost:9050"; + +Note the use of a username/password to make use of the default +IsolateSOCKSAuth Tor setting for stream isolation, which requires bug fixes +from Tor 0.2.4.19 to work well. This means your apt traffic will be sent +over a different circuit from your regular Tor traffic. + +Although "sock5h://" is put explicitly in these examples, at the moment its +use is hardcoded (to avoid DNS leaks). + ## Caveats Downloading your Debian packages over Tor prevents an attacker who is diff --git a/tor.cc b/tor.cc index c764840..9741f3e 100644 --- a/tor.cc +++ b/tor.cc @@ -118,7 +118,11 @@ void HttpsMethod::SetupProxy() /*{{{*/ if (UseProxy.empty() == true) { - UseProxy = "socks5h://localhost:9050"; + // Default proxy + // - socks5h (actually ignored below) - use proxy for DNS resolution + // - apt:apt@ - dummy socks authentication (for IsolateSOCKSAuth in Tor) + // - localhost:9050 - default Tor SOCKS port + UseProxy = "socks5h://apt:apt@localhost:9050"; } // Determine what host and port to use based on the proxy settings -- cgit v1.2.3-70-g09d2