[apt.git] / doc / vendors.list.5.xml

<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [

<!ENTITY % aptent SYSTEM "apt.ent">
%aptent;

]>

<refentry>

 <refentryinfo>
   &apt-author.jgunthorpe;
   &apt-author.team;
   &apt-email;
   &apt-product;
   <!-- The last update date -->
   <date>29 February 2004</date>
 </refentryinfo>
 
 <refmeta>
   <refentrytitle>vendors.list</refentrytitle>
   <manvolnum>5</manvolnum>
 </refmeta>
 
 <!-- Man page title -->
 <refnamediv>
    <refname>vendors.list</refname>
    <refpurpose>Security key configuration for APT</refpurpose>
 </refnamediv>
 
 <refsect1><title>Description</title>

   <para>The package vendor list contains a list of all vendors
   from whom you wish to  authenticate  downloaded  packages.
   For each vendor listed, it must contain the corresponding
   PGP key fingerprint, so that  APT  can  perform  signature
   verification  of the release file and subsequent checking
   of the checksums of each  downloaded  package.
   To have authentication enabled, you must add the 
   vendor identification string  (see  below) enclosed in
   square braces to the sources.list line for all sites that mirror
   the repository provided by that vendor.</para>

   <para>The format of this file is similar  to  the  one  used  by
   apt.conf.  It consists of an arbitrary number of blocks of
   vendors, where each block starts with a string telling the
   <replaceable>key_type</replaceable> and the
   <replaceable>vendor_id</replaceable></para>

   <para>Some vendors may have multiple blocks that define different
   security policies for their distributions. Debian for instance
   uses a different signing methodology for stable and unstable releases.</para>
   <para><replaceable>key_type</replaceable> is the type of the check required.
   Currently, there is only one type available which is 
   <literal>simple-key</literal>.</para>

   <para><replaceable>vendor_id</replaceable> is the vendor identification
   string. It is an arbitrary string you must supply to uniquely identifify a
   vendor that's listed in this file.
   
   Example:
  </para> 
<informalexample><programlisting>   
simple-key "joe"
{
   Fingerprint "0987AB4378FSD872343298787ACC";
   Name "Joe Shmoe &lt;joe@shmoe.com&gt;";
}						    
</programlisting></informalexample>
 </refsect1>

 <refsect1><title>The simple-key type</title>

   <para>This type of verification is used when the vendor has a single
   secured key that must be used to sign the Release file. The
   following items should be present</para>
   
   <variablelist>
     <varlistentry><term>Fingerprint</term>
     <listitem><para>
     The PGP fingerprint for the key. The fingerprint should be
     expressed in the standard notion with or without spaces.
     The <option>--fingerprint</option> option for 
     <citerefentry><refentrytitle><command>gpg</command></refentrytitle><manvolnum>1</manvolnum></citerefentry>
     will show the fingerprint for the selected keys(s).
     </para>
     </listitem>
     </varlistentry>

     <varlistentry><term>Name</term>
     <listitem><para>
     A string containing a description of the owner of
     the  key  or vendor.  You may put the vendor name and it's
     email. The string must be quoted with ".
     </para>
     </listitem>
     </varlistentry>
     
   </variablelist>
 </refsect1>

 <refsect1><title>Files</title>
   <para><filename>/etc/apt/vendors.list</filename></para>
 </refsect1>
 
 <refsect1><title>See Also</title>
   <para>&sources-list;
   </para>
 </refsect1>

 &manbugs;
 
</refentry>
Commit	Line	Data
24f6490f AL	1	<?xml version="1.0" encoding="utf-8" standalone="no"?>
	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
	4
	5	<!ENTITY % aptent SYSTEM "apt.ent">
	6	%aptent;
	7
	8	]>
	9
	10	<refentry>
5e80de29 AL	11
	12	<refentryinfo>
	13	&apt-author.jgunthorpe;
	14	&apt-author.team;
	15	&apt-email;
	16	&apt-product;
	17	<!-- The last update date -->
	18	<date>29 February 2004</date>
	19	</refentryinfo>
24f6490f AL	20
	21	<refmeta>
	22	<refentrytitle>vendors.list</refentrytitle>
	23	<manvolnum>5</manvolnum>
	24	</refmeta>
	25
	26	<!-- Man page title -->
	27	<refnamediv>
	28	<refname>vendors.list</refname>
	29	<refpurpose>Security key configuration for APT</refpurpose>
	30	</refnamediv>
	31
	32	<refsect1><title>Description</title>
	33
	34	<para>The package vendor list contains a list of all vendors
	35	from whom you wish to authenticate downloaded packages.
	36	For each vendor listed, it must contain the corresponding
	37	PGP key fingerprint, so that APT can perform signature
	38	verification of the release file and subsequent checking
	39	of the checksums of each downloaded package.
	40	To have authentication enabled, you must add the
	41	vendor identification string (see below) enclosed in
	42	square braces to the sources.list line for all sites that mirror
	43	the repository provided by that vendor.</para>
	44
	45	<para>The format of this file is similar to the one used by
	46	apt.conf. It consists of an arbitrary number of blocks of
	47	vendors, where each block starts with a string telling the
	48	<replaceable>key_type</replaceable> and the
	49	<replaceable>vendor_id</replaceable></para>
	50
	51	<para>Some vendors may have multiple blocks that define different
	52	security policies for their distributions. Debian for instance
	53	uses a different signing methodology for stable and unstable releases.</para>
	54	<para><replaceable>key_type</replaceable> is the type of the check required.
	55	Currently, there is only one type available which is
	56	<literal>simple-key</literal>.</para>
	57
	58	<para><replaceable>vendor_id</replaceable> is the vendor identification
	59	string. It is an arbitrary string you must supply to uniquely identifify a
	60	vendor that's listed in this file.
	61
	62	Example:
	63	</para>
	64	<informalexample><programlisting>
	65	simple-key "joe"
	66	{
	67	Fingerprint "0987AB4378FSD872343298787ACC";
	68	Name "Joe Shmoe <joe@shmoe.com>";
	69	}
	70	</programlisting></informalexample>
	71	</refsect1>
	72
	73	<refsect1><title>The simple-key type</title>
	74
	75	<para>This type of verification is used when the vendor has a single
	76	secured key that must be used to sign the Release file. The
	77	following items should be present</para>
	78
	79	<variablelist>
	80	<varlistentry><term>Fingerprint</term>
	81	<listitem><para>
	82	The PGP fingerprint for the key. The fingerprint should be
	83	expressed in the standard notion with or without spaces.
84	The <option>--fingerprint</option> option for
85	<citerefentry><refentrytitle><command>gpg</command></refentrytitle><manvolnum>1</manvolnum></citerefentry>
86	will show the fingerprint for the selected keys(s).
87	</para>
88	</listitem>
89	</varlistentry>
90
91	<varlistentry><term>Name</term>
92	<listitem><para>
93	A string containing a description of the owner of
94	the key or vendor. You may put the vendor name and it's
95	email. The string must be quoted with ".
96	</para>
97	</listitem>
98	</varlistentry>
99
100	</variablelist>
101	</refsect1>
102
103	<refsect1><title>Files</title>
104	<para><filename>/etc/apt/vendors.list</filename></para>
105	</refsect1>
106
107	<refsect1><title>See Also</title>
5e80de29	108	<para>&sources-list;
24f6490f AL	109	</para>
	110	</refsect1>
	111
	112	&manbugs;
24f6490f AL	113
	114	</refentry>
	115