Loading...
X

How to install the latest version of Tor on Ubuntu

How to get the latest version of Tor on Ubuntu

The tor package is present in the Ubuntu repositories, but its version may be out of date. This is especially true for Ubuntu distributions released several years ago, even if they have long-term support (LTS).

In new versions of Tor, identified weaknesses and vulnerabilities are eliminated, as well as updating and supplementing the functionality. For this reason, you may need to install the latest version of the tor package.

Like other programs on Linux, you can compile Tor from source, and this article will show you how. Fortunately, the Tor developers maintain a binary repository for Ubuntu and Debian distributions.

In this guide, we will look at two ways to install a fresh version of Tor – from the repositories and from the source code.

How to install Tor from the Tor developers repositories

The Tor Project has its own Debian repository. Debian itself includes an LTS version of Tor. With it, you will not always be able to have the latest and most stable version of Tor. Therefore, it is recommended to install tor from the Tor Project repository.

This section will show you how to enable the Tor package repository on Debian-based Linux distributions.

Prerequisite: Verify the CPU architecture

The package repository offers amd64, arm64, and i386 binaries. Verify your operating system is capable of running the binary by inspecting the output of the following commend:

dpkg --print-architecture

It should output either amd64, arm64, or i386. The repository does not support other CPU architectures.

Note on Raspbian: The package repository does not offer 32-bit ARM architecture (armhf) images (yet). You should either install the version Debian offers (make sure to check out Debian backports, too, as that one has often a more up-to-date Tor package), or build Tor from source.

1. Install apt-transport-https

This step is only required for apt versions below 1.5. Support for https was added in versions of apt 1.5 and later, so currently the apt-transport-https package is kept in the repository for compatibility only and can be removed from the system without consequences.

To check the version of apt use the command

apt --version

On older distributions, you may need to install this package:

sudo apt install apt-transport-https

2. Create a new file in /etc/apt/sources.list.d/ named tor.list.

sudo gedit /etc/apt/sources.list.d/tor.list

Add the following entries:

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main

In these lines, replace <DISTRIBUTION> with your operating system code. Run

lsb_release -c

to find out the operating system code.

The following command will output only the distribution code (the command is suitable for use in scripts):

lsb_release -c | awk '{print $2}'

Note. Starting with Ubuntu Focal, 32-bit applications are no longer supported, so when using sudo apt update, you may encounter the message:

Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://deb.torproject.org/torproject.org focal InRelease' doesn't support architecture 'i386'

To get rid of this message, the entries in the /etc/apt/sources.list.d/tor.list file need to be edited to be in the following format:

   deb     [arch= signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org focal main
   deb-src [arch= signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org focal main

Replace <ARCHITECTURE> with the architecture of your system, which can be viewed with the command

dpkg --print-architecture

For example:

deb [arch=amd64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org impish main
deb-src [arch=amd64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org impish main

3. Then add the gpg key used to sign the packages by running the following command at your command prompt:

wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | sudo tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

4. Install tor and tor debian keyring

It is provided a Debian package to help you keep the latest version of your signing key. To install, use the following commands:

sudo apt update
sudo apt install tor deb.torproject.org-keyring

Source: https://support.torproject.org/apt/tor-deb-repo/

How to compile and install Tor from source on Ubuntu and Debian

This method differs from the previous one from a practical point of view in at least two important points:

  1. You need to keep track of new versions and update Tor yourself
  2. With this method, tor.service files are not created, that is, it will not be possible to manage the service using systemd with commands like
sudo systemctl start tor

To compile tor run the following commands:

sudo apt remove tor
sudo apt update
sudo apt install git make build-essential automake autoconf libevent-dev libssl-dev zlib1g-dev zlib1g asciidoc liblzma-dev libzstd-dev systemd libsystemd-dev pkg-config libnss3-dev
git clone https://github.com/torproject/tor
cd tor
sh autogen.sh
./configure --enable-systemd --enable-nss
make

Note that if the make command throws an error

make: *** No targets specified and no makefile found. Stop.

this means that the previous configure command failed. You need to return to its output and look in the last lines for the name of the missing package or another reason due to which the configuration failed.

After a successful compilation configuration, the installation is done like this:

sudo make install

To start Tor run the command:

tor

A sample configuration file is located at /usr/local/etc/tor/torrc.sample, you can use this as a base to configure Tor:

sudo cp /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc

Should I install Tor from my package manager or build from source?

If you are using Debian or Ubuntu, installing Tor from the Tor Project repository has several advantages:

  1. Your ulimit -n is set to 32768, which is enough for Tor to keep all necessary connections open.
  2. The user profile is created only for Tor, so Tor does not need to be run as root.
  3. An init script is included in the package so that Tor can be configured to start on boot. You can use systemd and systemctl to control the service
  4. Tor works with the --verify-config option, which means that before starting the service, the configuration file will be checked for correctness – this can help you solve problems if the service is not running.
  5. Tor can bind to low-level ports and then lower the privileges of its process.

See also: More Tor manuals


Leave Your Observation

Your email address will not be published.