Updates over Tor
In case of censorship or blocking of the SecureDrop APT repository
(apt.freedom.press
), which provides automatic updates, Tor can be
configured to provide unrestricted access.
Note
This is only meant as a temporary measure. SecureDrop generally expects an unfiltered internet connection. If you are facing long-term censorship, please contact us for other options.
Configuring updates over Tor
These steps will need to be applied to both the Application Server and the Monitor Server.
As mentioned earlier, this is meant to be a temporary measure.
Notably, running ./securedrop-admin install
will overwrite these changes.
From your Admin Workstation, SSH into the Application Server or Monitor Server using
ssh app
orssh mon
.Run
sudo nano /etc/tor/torrc
to edit the Tor configuration. Replace the first line ofSocksPort 0
withSocksPort 127.0.0.1:9050
and save the file.Run
sudo systemctl reload tor@default
for the new configuration to take effect.Run
sudo apt-get install apt-transport-tor --yes
.Run
sudo nano /etc/apt/sources.list.d/apt_freedom_press.list
to edit the URL to begin with a “tor+” prefix. The new contents should be:
deb [arch=amd64] tor+https://apt.freedom.press noble main
The line will say focal
instead of noble
if your server has not been
migrated to Ubuntu 24.04 yet.
Run
sudo apt update
and verify there are no error messages. This checks that fetching updates works
Disabling updates over Tor
From your Admin Workstation, run ./securedrop-admin install
. This will overwrite all the above changes.