From a18b43a0fa916c0d99bc42dfc340213e4effb4ed Mon Sep 17 00:00:00 2001
From: cyteen <cyteen@ring-zero.co.uk>
Date: Wed, 11 Mar 2026 01:44:35 +0000
Subject: [PATCH] Move to deb822.

---
 020_torproject.sh | 81 +++++++++++++++++++++++++++++++++++------------
 1 file changed, 60 insertions(+), 21 deletions(-)

diff --git a/020_torproject.sh b/020_torproject.sh
index 36b59c8..0087773 100755
--- a/020_torproject.sh
+++ b/020_torproject.sh
@@ -1,33 +1,72 @@
 #!/usr/bin/env bash
 
-AVAILABLE=/etc/apt/sources.list-available
-ACTIVE=/etc/apt/sources.list.d
+# This script sets up the Tor Project repository using the modern deb822 format.
+# Optimized for Debian Bookworm and modern security standards.
 
-# Install apt-transport-https to handle HTTPS connections
-apt install -y apt-transport-https
+set -e
 
-RELEASE="bookworm"
-# EXPERIMENTAL="tor-experimental"
+# --- Variables (Defined as Lists/Arrays) ---
+APP="torproject"
+AVAILABLE="/etc/apt/sources.list-available"
+ACTIVE="/etc/apt/sources.list.d"
+KEY_HOME="/usr/share/keyrings"
+KEYRING="${KEY_HOME}/tor-archive-keyring.gpg"
+GPG_KEY_URL="https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc"
 
-# Add the Tor Project repository to the list of available sources
-KEYRING="/etc/apt/trusted.gpg.d/tor-archive-keyring.gpg"
-sudo bash -c "cat > ${AVAILABLE}/torproject.list" <<-EOF
-    deb [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org ${EXPERIMENTAL} ${RELEASE} main
-    deb-src [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org ${EXPERIMENTAL} ${RELEASE} main
+# Repository Specifics
+ENABLED="yes"
+TYPES="deb deb-src"
+URIS="https://deb.torproject.org/torproject.org"
+SUITES="bookworm"
+COMPONENTS="main"
+ARCHITECTURES=$(dpkg --print-architecture)
+
+# --- Prep Work ---
+echo "Installing prerequisites..."
+sudo apt update && sudo apt install -y apt-transport-https wget gpg
+
+# --- Key Management ---
+echo "Importing Tor Project GPG key to ${KEYRING}..."
+# Using gpg --dearmor ensures we have a binary keyring for the Signed-By field
+wget -qO- "$GPG_KEY_URL" | gpg --dearmor | sudo tee "$KEYRING" >/dev/null
+
+# --- Deb822 Configuration ---
+# All fields are now strictly pulled from variables
+conf_print_tor_sources() {
+  cat <<EOF
+Enabled: ${ENABLED}
+Types: ${TYPES}
+URIs: ${URIS}
+Suites: ${SUITES}
+Architectures: ${ARCHITECTURES}
+Components: ${COMPONENTS}
+Signed-By: ${KEYRING}
 EOF
+}
 
+echo "Generating deb822 source file..."
+sudo mkdir -p "$AVAILABLE"
+conf_print_tor_sources | sudo tee "${AVAILABLE}/${APP}.sources" >/dev/null
 
-# Create a symbolic link to the active sources list
-ln -sf "${AVAILABLE}"/torproject.list "${ACTIVE}"/torproject.list
+# Create symbolic link to activate the repo
+sudo ln -sf "${AVAILABLE}/${APP}.sources" "${ACTIVE}/${APP}.sources"
 
-# Import the GPG key for the Tor Project repository
-# Directly add the key to the trusted.gpg.d directory
-KEY="A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc"
-wget -q -O- https://deb.torproject.org/torproject.org/${KEY} | gpg --dearmor | sudo tee ${KEYRING} >/dev/null
+# --- Proxy Bypass ---
+URL="deb.torproject.org"
+PROXY_FILE="/etc/apt/apt.conf.d/02proxy"
+ENTRY="Acquire::https::Proxy { \"${URL}\" DIRECT; };"
 
-# Update the package lists
-apt update
+if [ -f "$PROXY_FILE" ] && grep -qF "${URL}" "$PROXY_FILE"; then
+  echo "Proxy bypass for ${URL} already exists."
+else
+  sudo touch "$PROXY_FILE"
+  echo "$ENTRY" | sudo tee -a "$PROXY_FILE" >/dev/null
+  echo "Added proxy bypass for ${URL}."
+fi
 
-# Install Tor and the Tor Project keyring
-apt install -y tor  # deb.torproject.org-keyring
+# --- Installation ---
+echo "Updating package lists and installing Tor..."
+sudo apt update
+sudo apt install -y tor deb.torproject.org-keyring
 
+echo "Tor Project repository setup complete."