On 07/18/2014 11:46 AM, Tim Retout wrote: > On Tue, 2014-07-15 at 16:29 -0400, Hans-Christoph Steiner wrote: >> apt already supports SOCKS proxies, I use one for forcing all my apt traffic >> over Tor in /etc/apt/apt.conf: >> >> Acquire::socks::Proxy "socks://127.0.0.1:9050"; > > Unfortunately I do not believe this will work - there are various > references to this apt config setting on the internet, but none in the > source code for apt. Worse still, apt will just silently ignore it and > route your requests over HTTP, ignoring Tor. > > Please see: https://bugs.debian.org/744934 > > Even if SOCKS support were added to apt, you would have to be quite > careful not to leak DNS requests - you need the right sort of SOCKS. > > apt-transport-tor tries to make this harder to get wrong, but the > tradeoff is that you need to put "tor" or something similar at the front > of the URLs.
Doh, I get it now, I was misunderstanding the apt.conf syntax. Acquire::socks::Proxy "socks://127.0.0.1:9050"; Means proxy all socks:// URLs through socks://127.0.0.1:9050. So really it should read: Acquire::http::Proxy "socks://127.0.0.1:9050"; Acquire::https::Proxy "socks://127.0.0.1:9050"; Acquire::ftp::Proxy "socks://127.0.0.1:9050"; >> I like your URL scheme idea. I think the ideal would be to support it with >> all of these URLs: >> >> http://asdfasdfasdfadfadf.onion >> https://asdfasdfasdfadfadf.onion > >> tor+http://mirrors.kernel.org >> tor+https://mirrors.kernel.org >> tor+ftp://mirrors.kernel.org > > I can probably support the last three, but not the first two, under the > current design of apt. > > Hope that helps, Yes this is good. Actually the Tor plugin does not need to support the http:// and https:// onion URLs as long as there is a working SOCKS proxy that handles the DNS stuff. Then the user would just need to setup the SOCKS proxy, and no plugin should be needed to handle these: http://asdfasdfasdfadfadf.onion https://asdfasdfasdfadfadf.onion .hc
signature.asc
Description: OpenPGP digital signature
