wiki:doc/TorifyHOWTO/dnf

Written: 2018-05-23 (Jaruga)

Torifying DNF

Dandified YUM (or 'DNF') is a package manager for rpm-based distributions that is utilises core libraries (or 'repositories') to facilitate the installation and removal of software. DNF is a modernised version of YUM that was introduced in Fedora 18, and has been the default package manager since Fedora 22. While it already includes mechanisms for guaranteeing the authenticity of the packages you download, an adversary sniffing your network traffic can still see what software you are installing. This is where Tor comes in.

Torifying all repositories

Like lots of open-source software, DNF is controlled by a configuration file. Adding Tor as a Socks5 proxy will allow the system to safely fetch packages over the network.

  1. First and foremost, make sure you have Tor installed and currently running.
  2. Open up /etc/dnf/dnf.conf in your favourite text editor. (must be root or have sudo privileges)
  3. Add the following line proxy=socks5://127.0.0.1:9050 to the bottom. Save and exit.
  4. Run the command sudo dnf update to ensure DNF is able to connect.

You should now be successfully fetching packages and updates from your distributions repositories via the Tor network.

Torifying individual repositories

You can also add individual connection profiles for each repository in your source file. To perform this, simply add the following lines to /etc/dnf/dnf.conf:

name=my-repository
baseurl=https://github.com/myrepository
enabled=1
gpgcheck=1
gpgkey=https://mysite.com/public_signing_key.pub
proxy=socks5://127.0.0.1:9050

Please note it is very important to ensure gpgcheck is always present and set to '1'. Failing to do this will permit your system to download packages from unauthenticated sources, and be left wide open to MitM attacks!

Last modified 4 months ago Last modified on May 23, 2018, 8:34:25 AM