]>
Commit | Line | Data |
---|---|---|
a7c835af AL |
1 | <!-- -*- mode: sgml; mode: fold -*- --> |
2 | <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [ | |
3 | ||
4 | <!ENTITY % aptent SYSTEM "apt.ent"> | |
5 | %aptent; | |
6 | ||
7 | ]> | |
8 | ||
9 | <refentry> | |
10 | &apt-docinfo; | |
11 | ||
12 | <refmeta> | |
13 | <refentrytitle>vendors.list</> | |
14 | <manvolnum>5</> | |
15 | </refmeta> | |
16 | ||
17 | <!-- Man page title --> | |
18 | <refnamediv> | |
19 | <refname>vendors.list</> | |
20 | <refpurpose>Security key configuration for APT</> | |
21 | </refnamediv> | |
22 | ||
23 | <RefSect1><Title>Description</> | |
24 | <para> | |
25 | The package vendor list contains a list of all vendors | |
26 | from whom you wish to authenticate downloaded packages. | |
27 | For each vendor listed, it must contain the corresponding | |
28 | PGP key fingerprint, so that APT can perform signature | |
29 | verification of the release file and subsequent checking | |
30 | of the checksums of each downloaded package. | |
31 | To have authentication enabled, you must add the | |
32 | vendor identification string (see below) enclosed in | |
33 | square braces to the sources.list line for all sites that mirror | |
34 | the repository provided by that vendor. | |
35 | <para> | |
36 | The format of this file is similar to the one used by | |
37 | apt.conf. It consists of an arbitrary number of blocks of | |
38 | vendors, where each block starts with a string telling the | |
39 | <replaceable/key_type/ and the <replaceable/vendor_id/. | |
40 | <para> | |
41 | Some vendors may have multiple blocks that define different | |
42 | security policies for their distributions. Debian for instance | |
43 | uses a different signing methodology for stable and unstable releases. | |
44 | <para> | |
45 | <replaceable/key_type/ is the type of the check required. | |
46 | Currently, there is only one type available which is | |
47 | <literal/simple-key/. | |
48 | <para> | |
49 | <replaceable/vendor_id/ is the vendor identification string. It is an | |
50 | arbitrary string you must supply to uniquely identifify a | |
51 | vendor that's listed in this file. | |
52 | ||
53 | Example: | |
54 | <informalexample><programlisting> | |
70e86a21 | 55 | simple-key "joe" |
a7c835af AL |
56 | { |
57 | Fingerprint "0987AB4378FSD872343298787ACC"; | |
58 | Name "Joe Shmoe <joe@shmoe.com>"; | |
59 | } | |
60 | </programlisting></informalexample> | |
61 | ||
62 | </RefSect1> | |
63 | ||
64 | <RefSect1><Title>The simple-key type</> | |
65 | <para> | |
66 | This type of verification is used when the vendor has a single | |
67 | secured key that must be used to sign the Release file. The | |
68 | following items should be present | |
69 | ||
70 | <VariableList> | |
71 | <VarListEntry><Term>Fingerprint</Term> | |
72 | <ListItem><Para> | |
73 | The PGP fingerprint for the key. The fingerprint should be | |
74 | expressed in the standard notion with or without spaces. | |
75 | The <option/--fingerprint/ option for | |
76 | <CiteRefEntry><RefEntryTitle><command/gpg/</RefEntryTitle><ManVolNum/1/</CiteRefEntry> | |
77 | will show the fingerprint for the selected keys(s). | |
78 | </VarListEntry> | |
79 | ||
80 | <VarListEntry><Term>Name</Term> | |
81 | <ListItem><Para> | |
82 | A string containing a description of the owner of | |
83 | the key or vendor. You may put the vendor name and it's | |
84 | email. The string must be quoted with ". | |
85 | </VarListEntry> | |
86 | ||
87 | </VariableList> | |
88 | </RefSect1> | |
89 | ||
90 | <RefSect1><Title>Files</> | |
91 | <para> | |
92 | <filename>/etc/apt/vendors.list</> | |
93 | </RefSect1> | |
94 | ||
95 | <RefSect1><Title>See Also</> | |
96 | <para> | |
97 | &sources-list; | |
98 | </RefSect1> | |
99 | ||
100 | &manbugs; | |
101 | &manauthor; | |
102 | ||
103 | </refentry> | |
104 |