]>
Commit | Line | Data |
---|---|---|
b3d44315 | 1 | <?xml version="1.0" encoding="utf-8" standalone="no"?> |
81cf16a2 DK |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ | |
5abbf5bb DK |
4 | <!ENTITY % aptent SYSTEM "apt.ent"> %aptent; |
5 | <!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> %aptverbatiment; | |
6 | <!ENTITY % aptvendor SYSTEM "apt-vendor.ent"> %aptvendor; | |
b3d44315 MV |
7 | ]> |
8 | ||
9 | <refentry> | |
45fb8bf7 DK |
10 | <refentryinfo> |
11 | &apt-author.jgunthorpe; | |
12 | &apt-author.team; | |
13 | &apt-email; | |
14 | &apt-product; | |
15 | <!-- The last update date --> | |
4bdf29d3 | 16 | <date>2016-07-07T00:00:00Z</date> |
45fb8bf7 DK |
17 | </refentryinfo> |
18 | ||
b3d44315 MV |
19 | <refmeta> |
20 | <refentrytitle>apt-key</refentrytitle> | |
21 | <manvolnum>8</manvolnum> | |
f0599b9c | 22 | <refmiscinfo class="manual">APT</refmiscinfo> |
b3d44315 MV |
23 | </refmeta> |
24 | ||
25 | <!-- Man page title --> | |
26 | <refnamediv> | |
27 | <refname>apt-key</refname> | |
28 | <refpurpose>APT key management utility</refpurpose> | |
29 | </refnamediv> | |
30 | ||
6e8b4572 | 31 | &synopsis-command-apt-key; |
b3d44315 MV |
32 | |
33 | <refsect1><title>Description</title> | |
34 | <para> | |
35 | <command>apt-key</command> is used to manage the list of keys used | |
36 | by apt to authenticate packages. Packages which have been | |
37 | authenticated using these keys will be considered trusted. | |
38 | </para> | |
08fcf962 DK |
39 | <para> |
40 | Note that if usage of <command>apt-key</command> is desired the additional | |
41 | installation of the GNU Privacy Guard suite (packaged in | |
42 | <package>gnupg</package>) is required. For this reason alone the programatic | |
43 | usage (especially in package maintainerscripts!) is strongly discouraged. | |
44 | Further more the output format of all commands is undefined and can and does | |
45 | change whenever the underlying commands change. <command>apt-key</command> will | |
46 | try to detect such usage and generates warnings on stderr in these cases. | |
47 | </para> | |
b3d44315 MV |
48 | </refsect1> |
49 | ||
50 | <refsect1><title>Commands</title> | |
51 | <variablelist> | |
2b9b27c3 | 52 | <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term> |
b3d44315 MV |
53 | <listitem> |
54 | <para> | |
c086ac18 DK |
55 | Add a new key to the list of trusted keys. |
56 | The key is read from the filename given with the parameter | |
57 | &synopsis-param-filename; or if the filename is <literal>-</literal> | |
58 | from standard input. | |
b3d44315 | 59 | </para> |
002b1bc4 DK |
60 | <para> |
61 | It is critical that keys added manually via <command>apt-key</command> are | |
62 | verified to belong to the owner of the repositories they claim to be for | |
63 | otherwise the &apt-secure; infrastructure is completely undermined. | |
64 | </para> | |
08fcf962 DK |
65 | <para> |
66 | Instead of using this command a keyring can be placed directly in the | |
67 | <filename>/etc/apt/trusted.gpg.d/</filename> directory with a descriptive name | |
68 | (same rules for filename apply as for &apt-conf; files) and "<literal>gpg</literal>" | |
69 | as file extension. | |
70 | </para> | |
b3d44315 MV |
71 | </listitem> |
72 | </varlistentry> | |
73 | ||
2b9b27c3 | 74 | <varlistentry><term><option>del</option> <option>&synopsis-param-keyid;</option></term> |
b3d44315 MV |
75 | <listitem> |
76 | <para> | |
77 | ||
78 | Remove a key from the list of trusted keys. | |
79 | ||
80 | </para> | |
81 | ||
82 | </listitem> | |
83 | </varlistentry> | |
84 | ||
2b9b27c3 | 85 | <varlistentry><term><option>export</option> <option>&synopsis-param-keyid;</option></term> |
bf6d5b42 OS |
86 | <listitem> |
87 | <para> | |
88 | ||
6e8b4572 | 89 | Output the key &synopsis-param-keyid; to standard output. |
bf6d5b42 OS |
90 | |
91 | </para> | |
92 | ||
93 | </listitem> | |
94 | </varlistentry> | |
95 | ||
2b9b27c3 | 96 | <varlistentry><term><option>exportall</option></term> |
bf6d5b42 OS |
97 | <listitem> |
98 | <para> | |
99 | ||
100 | Output all trusted keys to standard output. | |
101 | ||
102 | </para> | |
103 | ||
104 | </listitem> | |
105 | </varlistentry> | |
106 | ||
a5f9b45e | 107 | <varlistentry><term><option>list</option>, <option>finger</option></term> |
b3d44315 MV |
108 | <listitem> |
109 | <para> | |
110 | ||
a5f9b45e | 111 | List trusted keys with fingerprints. |
d2793259 | 112 | |
b3d44315 MV |
113 | </para> |
114 | ||
a8cabc8f LB |
115 | </listitem> |
116 | </varlistentry> | |
a8cabc8f | 117 | |
2b9b27c3 | 118 | <varlistentry><term><option>adv</option></term> |
a8cabc8f LB |
119 | <listitem> |
120 | <para> | |
002b1bc4 DK |
121 | Pass advanced options to gpg. With <command>adv --recv-key</command> you |
122 | can e.g. download key from keyservers directly into the the trusted set of | |
123 | keys. Note that there are <emphasis>no</emphasis> checks performed, so it is | |
124 | easy to completely undermine the &apt-secure; infrastructure if used without | |
125 | care. | |
a8cabc8f LB |
126 | </para> |
127 | ||
b3d44315 MV |
128 | </listitem> |
129 | </varlistentry> | |
d2793259 | 130 | |
ec51fe3f | 131 | <varlistentry><term><option>update</option> (deprecated)</term> |
d2793259 MV |
132 | <listitem> |
133 | <para> | |
00c6e1a3 MV |
134 | Update the local keyring with the archive keyring and remove from |
135 | the local keyring the archive keys which are no longer valid. | |
136 | The archive keyring is shipped in the <literal>archive-keyring</literal> package of your | |
694ef56e | 137 | distribution, e.g. the &keyring-package; package in &keyring-distro;. |
d2793259 | 138 | </para> |
f4dcab05 DK |
139 | <para> |
140 | Note that a distribution does not need to and in fact should not use | |
141 | this command any longer and instead ship keyring files in the | |
142 | <filename>/etc/apt/trusted.gpg</filename> directory directly as this | |
143 | avoids a dependency on <package>gnupg</package> and it is easier to manage | |
144 | keys by simply adding and removing files for maintainers and users alike. | |
145 | </para> | |
d2793259 MV |
146 | </listitem> |
147 | </varlistentry> | |
f37e6374 | 148 | |
2b9b27c3 | 149 | <varlistentry><term><option>net-update</option></term> |
f37e6374 JAK |
150 | <listitem> |
151 | <para> | |
152 | ||
6072cbe1 JR |
153 | Perform an update working similarly to the <command>update</command> command above, |
154 | but get the archive keyring from a URI instead and validate it against a master key. | |
00c6e1a3 MV |
155 | |
156 | This requires an installed &wget; and an APT build configured to have | |
157 | a server to fetch from and a master keyring to validate. | |
158 | ||
6072cbe1 | 159 | APT in Debian does not support this command, relying on |
00c6e1a3 | 160 | <command>update</command> instead, but Ubuntu's APT does. |
f37e6374 JAK |
161 | |
162 | </para> | |
163 | ||
164 | </listitem> | |
165 | </varlistentry> | |
d2793259 MV |
166 | </variablelist> |
167 | </refsect1> | |
168 | ||
46e39c8e MV |
169 | <refsect1><title>Options</title> |
170 | <para>Note that options need to be defined before the commands described in the previous section.</para> | |
171 | <variablelist> | |
2b9b27c3 | 172 | <varlistentry><term><option>--keyring</option> <option>&synopsis-param-filename;</option></term> |
6072cbe1 | 173 | <listitem><para>With this option it is possible to specify a particular keyring |
46e39c8e MV |
174 | file the command should operate on. The default is that a command is executed |
175 | on the <filename>trusted.gpg</filename> file as well as on all parts in the | |
2130caa8 | 176 | <filename>trusted.gpg.d</filename> directory, though <filename>trusted.gpg</filename> |
46e39c8e MV |
177 | is the primary keyring which means that e.g. new keys are added to this one. |
178 | </para></listitem> | |
179 | </varlistentry> | |
180 | </variablelist> | |
181 | </refsect1> | |
182 | ||
d2793259 MV |
183 | <refsect1><title>Files</title> |
184 | <variablelist> | |
46e39c8e MV |
185 | |
186 | &file-trustedgpg; | |
d2793259 | 187 | |
b3d44315 | 188 | </variablelist> |
d2793259 | 189 | |
b3d44315 MV |
190 | </refsect1> |
191 | ||
d2793259 MV |
192 | <refsect1><title>See Also</title> |
193 | <para> | |
194 | &apt-get;, &apt-secure; | |
195 | </para> | |
196 | </refsect1> | |
b3d44315 MV |
197 | |
198 | &manbugs; | |
199 | &manauthor; | |
200 | ||
201 | </refentry> | |
202 |