{{Header}}
{{title|title=
{{project_name_long}} Tor Integration
}}
{{#seo:
|description=Using {{project_name_short}} without Tor. Can Kicksecure be used without Tor?
}}
{{intro|
Using {{project_name_short}} without Tor. Can Kicksecure be used without Tor?
}}
= Introduction =
Documentation on how to use {{project_name_short}} without Tor.

{{stub}}

{{AdvancedUsersOnly}}

= Options =
'''Choose one <u>or</u> multiple options.'''

'''A)''' Kicksecure Repositories Review

Look through the repositories provided by [https://github.com/{{project_name_short}} {{project_name_short}} on github] ([https://github.com/orgs/Kicksecure/repositories?q=&type=all&language=&sort=name sorted by name]). For example, [[security-misc]] can be installed without installing any packages that <code>Depends:</code> on <code>tor</code>.

Each repository has a rudimentary readme file which explains the functionality of the software package and how to install it.

'''B)''' Packages for Debian Hosts

Some packages are mentioned on the [[Packages for Debian Hosts]] wiki page.

'''C)''' Kicksecure Meta Packages Review

Alternatively, the user could look at [https://github.com/{{project_name_short}}/kicksecure-meta-packages/blob/master/debian/control kicksecure-meta-packages <code>debian/control</code>] and choose meta packages which do not <code>Depends:</code> on <code>tor</code>. This isn't easy. As a package on which a meta pacakge <code>Depends:</code> might itself have a <code>Depends:</code> on <code>tor</code>.

The user would have to review the output of APT before proceeding to install to see if it includes <code>tor</code>.

'''D)''' Install a fake Tor package

1. fake <code>tor</code> already being installed

* https://askubuntu.com/questions/18192/how-to-fake-a-package-version-installed
* https://wiki.debian.org/Packaging/HackingDependencies

2. Configure APT to update without Tor

3. [[#Update without Tor|Update without Tor]]

'''E)''' Mask the Tor service.

The user could attempt to prevent Tor from starting before installing Kicksecure. [[Untested]]!

1.

{{CodeSelect|code=
sudo systemctl mask tor
}}

2.

{{CodeSelect|code=
sudo systemctl mask tor@default
}}

3. [[#Update without Tor|Update without Tor]]

= Update without Tor =

'''1.''' Information.

Just read this. Nothing to do yet in this step.

The <code>tor+</code> prefix would need to be removed from any APT sources files:

* '''1)''' The {{CodeSelect|inline=true|code=
/etc/apt/sources.list
}} file; <u>and</u>
* '''2)''' Any file inside the {{CodeSelect|inline=true|code=
/etc/apt/sources.list.d
}} folder.

By {{project_name_short}} default, this would involve modification of {{CodeSelect|inline=true|code=
/etc/apt/sources.list.d/derivative.list
}}, which can be done using the <code>repository-dist</code> tool and {{CodeSelect|inline=true|code=
/etc/apt/sources.list.d/debian.list
}}, which is documented below.

'''2.''' <code>/etc/apt/sources.list.d/derivative.list</code>

{{CodeSelect|code=
sudo repository-dist --enable --repository stable --transport plain-tls
}}

See [[Project-APT-Repository]] for other options (such as testers repository, etc.).

'''3.''' <code>/etc/apt/sources.list.d/debian.list</code>

The <code>tor+</code> prefix would need to be removed.

{{CodeSelect|code=
sudo str_replace "tor+" "" /etc/apt/sources.list.d/debian.list
}}

'''4.''' Any other APT sources files.

Only in case the user had previously opt-in to add additional repositories.

'''5.''' Done.

The process of disabling torified APT updates has been completed.

= Qubes specific =
== Using cacher over clearnet ==
{{stub}}

Since [https://www.kicksecure.com/?#explain-protectedupdates Kicksecure updates are torified by default /security feature)], this is not compatible with Qubes' cacher by default without additional configuration.

To set up Qubes cacher.

'''1.''' Disable torified updates.

The user would need to apply the instructions [[Tor#Update_without_Tor||Update without Tor]] in {{project_name_short}} Template.

'''2.''' Configure Qubes cacher normally.

[[Unspecific]] to {{project_name_short}}. [[Self Support First Policy]] applies.

'''3.''' Done.

The process of configuring clearnet cacher updates has been completed.

== Using cacher over Tor ==

{{stub}}

'''1.''' Configure Qubes cacher normally.

[[Unspecific]] to {{project_name_short}}. [[Self Support First Policy]] applies.

'''2.''' Torify cacher.

cacher would need to be configured to use NetVM that supports torification such as for example [[Whonix]]'s <code>sys-whonix</code>. This is also unspecific to {{project_name_short}}.

'''3.''' Configure the {{project_name_short}} Template to use cacher as Qubes UpdatesProxy.

Specific to Qubes, not {{project_name_short}}.

'''4.''' Disable torified updates.

The user would need to apply the instructions [[Tor#Update_without_Tor|Update without Tor]] in {{project_name_short}} Template. This is because torification would be up to cacher and its NetVM. <ref>
The <code>tor+</code> syntax that {{project_name_long}} is using is not easily compatible with apt-cacher-ng.

* https://github.com/derivative-maker/derivative-maker/blob/master/build_sources/debian_stable_current_clearnet.list
* https://github.com/derivative-maker/derivative-maker/blob/master/build_sources/debian_testing_current_onion.list
</ref>

'''5.''' Done.

The process of configuring torified cacher updates has been completed.

= Future =
This is mostly [[undocumented]]. No development progress should be expected as this is not the project focus. At very least not until a stable release of the {{project_name_short}} [[ISO]] becomes available.

= References =
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]