{{Header}}
{{title|title=
{{project_name_long}} Tor Integration
}}
{{#seo:
|description=Using {{project_name_short}} without Tor. Can Kicksecure be used without Tor?
}}
{{intro|
Using {{project_name_short}} without Tor. Can Kicksecure be used without Tor?
}}

= Introduction =
Documentation on how to use {{project_name_short}} without Tor.

{{stub}}

{{AdvancedUsersOnly}}

= Options =
'''Choose one <u>or</u> multiple options.'''

'''A)''' Kicksecure Repositories Review

Look through the repositories provided by [https://github.com/{{project_name_short}} {{project_name_short}} on GitHub] ([https://github.com/orgs/Kicksecure/repositories?q=&type=all&language=&sort=name sorted by name]). For example, [[security-misc]] can be installed without installing any packages that <code>Depends:</code> on <code>tor</code>.

Each repository has a rudimentary README file that explains the functionality of the software package and how to install it.

'''B)''' Packages for Debian Hosts

Some packages are mentioned on the [[Packages for Debian Hosts]] wiki page.

'''C)''' Kicksecure Meta Packages Review

Alternatively, the user could look at [https://github.com/{{project_name_short}}/kicksecure-meta-packages/blob/master/debian/control kicksecure-meta-packages <code>debian/control</code>] and choose meta packages that do not <code>Depends:</code> on <code>tor</code>. This isn't easy, as a package on which a meta package <code>Depends:</code> might itself have a <code>Depends:</code> on <code>tor</code>.

The user would have to review the output of APT before proceeding with installation to see if it includes <code>tor</code>.

'''D)''' Install a fake Tor package

1. Fake <code>tor</code> already being installed:

{{CodeSelect|code=
dummy-dependency tor
}}

2. Configure APT to update without Tor.

3. [[#Update without Tor|Update without Tor]]

'''E)''' Mask the Tor service.

The user could attempt to prevent Tor from starting before installing Kicksecure. [[Untested]]!

1.

{{CodeSelect|code=
sudo systemctl mask tor
}}

2.

{{CodeSelect|code=
sudo systemctl mask tor@default
}}

3. [[#Update without Tor|Update without Tor]]

= Update without Tor =

'''1.''' Information.

Just read this. Nothing to do yet in this step.

The <code>tor+</code> prefix would need to be removed from any APT sources files:

* '''1)''' The {{CodeSelect|inline=true|code=
/etc/apt/sources.list
}} file; <u>and</u>
* '''2)''' Any file inside the {{CodeSelect|inline=true|code=
/etc/apt/sources.list.d
}} folder.

By {{project_name_short}} default, this would involve modification of {{CodeSelect|inline=true|code=
/etc/apt/sources.list.d/derivative.list
}}, which can be done using the <code>repository-dist</code> tool and {{CodeSelect|inline=true|code=
/etc/apt/sources.list.d/debian.list
}}, which is documented below.

'''2.''' <code>/etc/apt/sources.list.d/derivative.list</code>

{{CodeSelect|code=
sudo repository-dist --enable --repository stable --transport plain-tls
}}

See [[Project-APT-Repository]] for other options (such as testers repository, etc.).

'''3.''' <code>/etc/apt/sources.list.d/debian.list</code>

The <code>tor+</code> prefix would need to be removed.

{{CodeSelect|code=
sudo str_replace "tor+" "" /etc/apt/sources.list.d/debian.list
}}

'''4.''' Any other APT sources files.

Only in case the user had previously opted in to add additional repositories.

'''5.''' Done.

The process of disabling torified APT updates has been completed.

= Qubes specific =
== Using cacher over clearnet ==
{{stub}}

Since [https://www.kicksecure.com/?#explain-protectedupdates Kicksecure updates are torified by default /security feature)], this is not compatible with Qubes' <code>cacher</code> by default without additional configuration.

To set up Qubes <code>cacher</code>:

'''1.''' Disable torified updates.

The user would need to apply the instructions [[Tor#Update_without_Tor|Update without Tor]] in the {{project_name_short}} Template.

'''2.''' Configure Qubes <code>cacher</code> normally.

[[Unspecific]] to {{project_name_short}}. [[Self Support First Policy]] applies.

'''3.''' Done.

The process of configuring clearnet <code>cacher</code> updates has been completed.

== Using cacher over Tor ==

{{stub}}

'''1.''' Configure Qubes <code>cacher</code> normally.

[[Unspecific]] to {{project_name_short}}. [[Self Support First Policy]] applies.

'''2.''' Torify <code>cacher</code>.

<code>cacher</code> would need to be configured to use a NetVM that supports torification, such as, for example, [[Whonix]]'s <code>sys-whonix</code>. This is also unspecific to {{project_name_short}}.

'''3.''' Configure the {{project_name_short}} Template to use <code>cacher</code> as Qubes UpdatesProxy.

Specific to Qubes, not {{project_name_short}}.

'''4.''' Disable torified updates.

The user would need to apply the instructions [[Tor#Update_without_Tor|Update without Tor]] in the {{project_name_short}} Template. This is because torification would be up to <code>cacher</code> and its NetVM. <ref>
The <code>tor+</code> syntax that {{project_name_long}} is using is not easily compatible with <code>apt-cacher-ng</code>.

* https://github.com/derivative-maker/derivative-maker/blob/master/build_sources/debian_stable_current_clearnet.list
* https://github.com/derivative-maker/derivative-maker/blob/master/build_sources/debian_testing_current_onion.list
</ref>

'''5.''' Done.

The process of configuring torified <code>cacher</code> updates has been completed.

= Future =
This is mostly [[undocumented]]. No development progress should be expected as this is not the project focus.

= References =
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.