## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

Source: anon-ws-disable-stacked-tor
Section: misc
Priority: optional
Maintainer: Patrick Schleizer <adrelanos@whonix.org>
Build-Depends: debhelper (>= 13.11.6), debhelper-compat (= 13), config-package-dev
Homepage: https://github.com/Whonix/anon-ws-disable-stacked-tor
Vcs-Browser: https://github.com/Whonix/anon-ws-disable-stacked-tor
Vcs-Git: https://github.com/Whonix/anon-ws-disable-stacked-tor.git
Standards-Version: 4.7.2
Rules-Requires-Root: no

Package: anon-ws-disable-stacked-tor
Provides: tor, obfsproxy, obfs4proxy, ${diverted-files}
Conflicts: ${diverted-files}
Architecture: all
## dist-base-files provides account 'user'.
Depends: procps, socat, helper-scripts, dist-base-files, adduser,
 ${misc:Depends}
Description: Prevents Tor over Tor in Anonymity Distribution Workstations
 Supposed to be installed on Workstations, which prevents installing the real
 Tor package from upstream (ex: Debian, The Tor Project) APT repositories. Its
 purpose is to prevent, running Tor over Tor.
 .
 It allows installation of packages, which depend on Tor, such as TorChat,
 parcimonie and torbrowser-launcher.
 .
 This package uses the "Provides: tor" field[1], which should avoid any kinds of
 conflicts, in case upstream releases a higher version of Tor. This won't work
 for packages, which depend on an explicit version of Tor (such as TorChat).
 This is non-ideal, since for example the torchat package will install Tor, but
 still acceptable, because of the following additional implementations.
 .
 Binaries eventually installed (by the tor Debian package) /usr/bin/tor as well
 as /usr/sbin/tor are replaced with a dummy wrapper that does nothing
 (dpkg-diverted using config-package-dev).
 .
 systemd-socket-proxyd listens on Tor's default ports. system Tor's
 127.0.0.1:9050, 127.0.0.1:9051 and TBB's 127.0.0.1:9150, 127.0.0.1:9051,
 which prevents the
 default Tor Browser Bundle or Tor package by The Tor Project from opening
 these default ports, which will result in Tor failing to open its listening
 port and therefore exiting, thus preventing Tor over Tor.
 .
 See also:
 .
 * https://www.whonix.org/wiki/Dev/anon-ws-disable-stacked-tor
 * https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous
 .
 [1] See "7.5 Virtual packages - Provides" on
 http://www.debian.org/doc/debian-policy/ch-relationships.html
 .
 This package is produced independently of, and carries no guarantee from,
 The Tor Project.
