]> git.saurik.com Git - apt.git/blame - doc/apt-key.8.xml
disable updating insecure repositories in apt by default
[apt.git] / doc / apt-key.8.xml
CommitLineData
b3d44315 1<?xml version="1.0" encoding="utf-8" standalone="no"?>
81cf16a2
DK
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
5abbf5bb
DK
4<!ENTITY % aptent SYSTEM "apt.ent"> %aptent;
5<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> %aptverbatiment;
6<!ENTITY % aptvendor SYSTEM "apt-vendor.ent"> %aptvendor;
b3d44315
MV
7]>
8
9<refentry>
45fb8bf7
DK
10 <refentryinfo>
11 &apt-author.jgunthorpe;
12 &apt-author.team;
13 &apt-email;
14 &apt-product;
15 <!-- The last update date -->
dabb215c 16 <date>2012-06-09T00:00:00Z</date>
45fb8bf7
DK
17 </refentryinfo>
18
b3d44315
MV
19 <refmeta>
20 <refentrytitle>apt-key</refentrytitle>
21 <manvolnum>8</manvolnum>
f0599b9c 22 <refmiscinfo class="manual">APT</refmiscinfo>
b3d44315
MV
23 </refmeta>
24
25 <!-- Man page title -->
26 <refnamediv>
27 <refname>apt-key</refname>
28 <refpurpose>APT key management utility</refpurpose>
29 </refnamediv>
30
6e8b4572 31 &synopsis-command-apt-key;
b3d44315
MV
32
33 <refsect1><title>Description</title>
34 <para>
35 <command>apt-key</command> is used to manage the list of keys used
36 by apt to authenticate packages. Packages which have been
37 authenticated using these keys will be considered trusted.
38 </para>
39</refsect1>
40
41<refsect1><title>Commands</title>
42 <variablelist>
2b9b27c3 43 <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term>
b3d44315
MV
44 <listitem>
45 <para>
c086ac18
DK
46 Add a new key to the list of trusted keys.
47 The key is read from the filename given with the parameter
48 &synopsis-param-filename; or if the filename is <literal>-</literal>
49 from standard input.
b3d44315 50 </para>
002b1bc4
DK
51 <para>
52 It is critical that keys added manually via <command>apt-key</command> are
53 verified to belong to the owner of the repositories they claim to be for
54 otherwise the &apt-secure; infrastructure is completely undermined.
55 </para>
b3d44315
MV
56 </listitem>
57 </varlistentry>
58
2b9b27c3 59 <varlistentry><term><option>del</option> <option>&synopsis-param-keyid;</option></term>
b3d44315
MV
60 <listitem>
61 <para>
62
63 Remove a key from the list of trusted keys.
64
65 </para>
66
67 </listitem>
68 </varlistentry>
69
2b9b27c3 70 <varlistentry><term><option>export</option> <option>&synopsis-param-keyid;</option></term>
bf6d5b42
OS
71 <listitem>
72 <para>
73
6e8b4572 74 Output the key &synopsis-param-keyid; to standard output.
bf6d5b42
OS
75
76 </para>
77
78 </listitem>
79 </varlistentry>
80
2b9b27c3 81 <varlistentry><term><option>exportall</option></term>
bf6d5b42
OS
82 <listitem>
83 <para>
84
85 Output all trusted keys to standard output.
86
87 </para>
88
89 </listitem>
90 </varlistentry>
91
2b9b27c3 92 <varlistentry><term><option>list</option></term>
b3d44315
MV
93 <listitem>
94 <para>
95
96 List trusted keys.
d2793259 97
b3d44315
MV
98 </para>
99
a8cabc8f
LB
100 </listitem>
101 </varlistentry>
102
2b9b27c3 103 <varlistentry><term><option>finger</option></term>
a8cabc8f
LB
104 <listitem>
105 <para>
106
107 List fingerprints of trusted keys.
108
109 </para>
110
111 </listitem>
112 </varlistentry>
113
2b9b27c3 114 <varlistentry><term><option>adv</option></term>
a8cabc8f
LB
115 <listitem>
116 <para>
002b1bc4
DK
117 Pass advanced options to gpg. With <command>adv --recv-key</command> you
118 can e.g. download key from keyservers directly into the the trusted set of
119 keys. Note that there are <emphasis>no</emphasis> checks performed, so it is
120 easy to completely undermine the &apt-secure; infrastructure if used without
121 care.
a8cabc8f
LB
122 </para>
123
b3d44315
MV
124 </listitem>
125 </varlistentry>
d2793259 126
2b9b27c3 127 <varlistentry><term><option>update</option></term>
d2793259
MV
128 <listitem>
129 <para>
130
00c6e1a3
MV
131 Update the local keyring with the archive keyring and remove from
132 the local keyring the archive keys which are no longer valid.
133 The archive keyring is shipped in the <literal>archive-keyring</literal> package of your
694ef56e 134 distribution, e.g. the &keyring-package; package in &keyring-distro;.
d2793259
MV
135
136 </para>
137
138 </listitem>
139 </varlistentry>
f37e6374 140
2b9b27c3 141 <varlistentry><term><option>net-update</option></term>
f37e6374
JAK
142 <listitem>
143 <para>
144
6072cbe1
JR
145 Perform an update working similarly to the <command>update</command> command above,
146 but get the archive keyring from a URI instead and validate it against a master key.
00c6e1a3
MV
147
148 This requires an installed &wget; and an APT build configured to have
149 a server to fetch from and a master keyring to validate.
150
6072cbe1 151 APT in Debian does not support this command, relying on
00c6e1a3 152 <command>update</command> instead, but Ubuntu's APT does.
f37e6374
JAK
153
154 </para>
155
156 </listitem>
157 </varlistentry>
d2793259
MV
158 </variablelist>
159</refsect1>
160
46e39c8e
MV
161 <refsect1><title>Options</title>
162<para>Note that options need to be defined before the commands described in the previous section.</para>
163 <variablelist>
2b9b27c3 164 <varlistentry><term><option>--keyring</option> <option>&synopsis-param-filename;</option></term>
6072cbe1 165 <listitem><para>With this option it is possible to specify a particular keyring
46e39c8e
MV
166 file the command should operate on. The default is that a command is executed
167 on the <filename>trusted.gpg</filename> file as well as on all parts in the
2130caa8 168 <filename>trusted.gpg.d</filename> directory, though <filename>trusted.gpg</filename>
46e39c8e
MV
169 is the primary keyring which means that e.g. new keys are added to this one.
170 </para></listitem>
171 </varlistentry>
172 </variablelist>
173 </refsect1>
174
d2793259
MV
175 <refsect1><title>Files</title>
176 <variablelist>
46e39c8e
MV
177
178 &file-trustedgpg;
d2793259
MV
179
180 <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term>
181 <listitem><para>Local trust database of archive keys.</para></listitem>
182 </varlistentry>
183
694ef56e
DK
184 <varlistentry><term>&keyring-filename;</term>
185 <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem>
d2793259
MV
186 </varlistentry>
187
694ef56e
DK
188 <varlistentry><term>&keyring-removed-filename;</term>
189 <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem>
d2793259
MV
190 </varlistentry>
191
b3d44315 192 </variablelist>
d2793259 193
b3d44315
MV
194</refsect1>
195
d2793259
MV
196<refsect1><title>See Also</title>
197<para>
198&apt-get;, &apt-secure;
199</para>
200</refsect1>
b3d44315
MV
201
202 &manbugs;
203 &manauthor;
204
205</refentry>
206