]>
Commit | Line | Data |
---|---|---|
b3d44315 | 1 | <?xml version="1.0" encoding="utf-8" standalone="no"?> |
81cf16a2 DK |
2 | <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" |
3 | "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ | |
5abbf5bb DK |
4 | <!ENTITY % aptent SYSTEM "apt.ent"> %aptent; |
5 | <!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> %aptverbatiment; | |
6 | <!ENTITY % aptvendor SYSTEM "apt-vendor.ent"> %aptvendor; | |
b3d44315 MV |
7 | ]> |
8 | ||
9 | <refentry> | |
45fb8bf7 DK |
10 | <refentryinfo> |
11 | &apt-author.jgunthorpe; | |
12 | &apt-author.team; | |
13 | &apt-email; | |
14 | &apt-product; | |
15 | <!-- The last update date --> | |
dabb215c | 16 | <date>2012-06-09T00:00:00Z</date> |
45fb8bf7 DK |
17 | </refentryinfo> |
18 | ||
b3d44315 MV |
19 | <refmeta> |
20 | <refentrytitle>apt-key</refentrytitle> | |
21 | <manvolnum>8</manvolnum> | |
f0599b9c | 22 | <refmiscinfo class="manual">APT</refmiscinfo> |
b3d44315 MV |
23 | </refmeta> |
24 | ||
25 | <!-- Man page title --> | |
26 | <refnamediv> | |
27 | <refname>apt-key</refname> | |
28 | <refpurpose>APT key management utility</refpurpose> | |
29 | </refnamediv> | |
30 | ||
6e8b4572 | 31 | &synopsis-command-apt-key; |
b3d44315 MV |
32 | |
33 | <refsect1><title>Description</title> | |
34 | <para> | |
35 | <command>apt-key</command> is used to manage the list of keys used | |
36 | by apt to authenticate packages. Packages which have been | |
37 | authenticated using these keys will be considered trusted. | |
38 | </para> | |
39 | </refsect1> | |
40 | ||
41 | <refsect1><title>Commands</title> | |
42 | <variablelist> | |
2b9b27c3 | 43 | <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term> |
b3d44315 MV |
44 | <listitem> |
45 | <para> | |
c086ac18 DK |
46 | Add a new key to the list of trusted keys. |
47 | The key is read from the filename given with the parameter | |
48 | &synopsis-param-filename; or if the filename is <literal>-</literal> | |
49 | from standard input. | |
b3d44315 | 50 | </para> |
002b1bc4 DK |
51 | <para> |
52 | It is critical that keys added manually via <command>apt-key</command> are | |
53 | verified to belong to the owner of the repositories they claim to be for | |
54 | otherwise the &apt-secure; infrastructure is completely undermined. | |
55 | </para> | |
b3d44315 MV |
56 | </listitem> |
57 | </varlistentry> | |
58 | ||
2b9b27c3 | 59 | <varlistentry><term><option>del</option> <option>&synopsis-param-keyid;</option></term> |
b3d44315 MV |
60 | <listitem> |
61 | <para> | |
62 | ||
63 | Remove a key from the list of trusted keys. | |
64 | ||
65 | </para> | |
66 | ||
67 | </listitem> | |
68 | </varlistentry> | |
69 | ||
2b9b27c3 | 70 | <varlistentry><term><option>export</option> <option>&synopsis-param-keyid;</option></term> |
bf6d5b42 OS |
71 | <listitem> |
72 | <para> | |
73 | ||
6e8b4572 | 74 | Output the key &synopsis-param-keyid; to standard output. |
bf6d5b42 OS |
75 | |
76 | </para> | |
77 | ||
78 | </listitem> | |
79 | </varlistentry> | |
80 | ||
2b9b27c3 | 81 | <varlistentry><term><option>exportall</option></term> |
bf6d5b42 OS |
82 | <listitem> |
83 | <para> | |
84 | ||
85 | Output all trusted keys to standard output. | |
86 | ||
87 | </para> | |
88 | ||
89 | </listitem> | |
90 | </varlistentry> | |
91 | ||
2b9b27c3 | 92 | <varlistentry><term><option>list</option></term> |
b3d44315 MV |
93 | <listitem> |
94 | <para> | |
95 | ||
96 | List trusted keys. | |
d2793259 | 97 | |
b3d44315 MV |
98 | </para> |
99 | ||
a8cabc8f LB |
100 | </listitem> |
101 | </varlistentry> | |
102 | ||
2b9b27c3 | 103 | <varlistentry><term><option>finger</option></term> |
a8cabc8f LB |
104 | <listitem> |
105 | <para> | |
106 | ||
107 | List fingerprints of trusted keys. | |
108 | ||
109 | </para> | |
110 | ||
111 | </listitem> | |
112 | </varlistentry> | |
113 | ||
2b9b27c3 | 114 | <varlistentry><term><option>adv</option></term> |
a8cabc8f LB |
115 | <listitem> |
116 | <para> | |
002b1bc4 DK |
117 | Pass advanced options to gpg. With <command>adv --recv-key</command> you |
118 | can e.g. download key from keyservers directly into the the trusted set of | |
119 | keys. Note that there are <emphasis>no</emphasis> checks performed, so it is | |
120 | easy to completely undermine the &apt-secure; infrastructure if used without | |
121 | care. | |
a8cabc8f LB |
122 | </para> |
123 | ||
b3d44315 MV |
124 | </listitem> |
125 | </varlistentry> | |
d2793259 | 126 | |
2b9b27c3 | 127 | <varlistentry><term><option>update</option></term> |
d2793259 MV |
128 | <listitem> |
129 | <para> | |
130 | ||
00c6e1a3 MV |
131 | Update the local keyring with the archive keyring and remove from |
132 | the local keyring the archive keys which are no longer valid. | |
133 | The archive keyring is shipped in the <literal>archive-keyring</literal> package of your | |
694ef56e | 134 | distribution, e.g. the &keyring-package; package in &keyring-distro;. |
d2793259 MV |
135 | |
136 | </para> | |
137 | ||
138 | </listitem> | |
139 | </varlistentry> | |
f37e6374 | 140 | |
2b9b27c3 | 141 | <varlistentry><term><option>net-update</option></term> |
f37e6374 JAK |
142 | <listitem> |
143 | <para> | |
144 | ||
6072cbe1 JR |
145 | Perform an update working similarly to the <command>update</command> command above, |
146 | but get the archive keyring from a URI instead and validate it against a master key. | |
00c6e1a3 MV |
147 | |
148 | This requires an installed &wget; and an APT build configured to have | |
149 | a server to fetch from and a master keyring to validate. | |
150 | ||
6072cbe1 | 151 | APT in Debian does not support this command, relying on |
00c6e1a3 | 152 | <command>update</command> instead, but Ubuntu's APT does. |
f37e6374 JAK |
153 | |
154 | </para> | |
155 | ||
156 | </listitem> | |
157 | </varlistentry> | |
d2793259 MV |
158 | </variablelist> |
159 | </refsect1> | |
160 | ||
46e39c8e MV |
161 | <refsect1><title>Options</title> |
162 | <para>Note that options need to be defined before the commands described in the previous section.</para> | |
163 | <variablelist> | |
2b9b27c3 | 164 | <varlistentry><term><option>--keyring</option> <option>&synopsis-param-filename;</option></term> |
6072cbe1 | 165 | <listitem><para>With this option it is possible to specify a particular keyring |
46e39c8e MV |
166 | file the command should operate on. The default is that a command is executed |
167 | on the <filename>trusted.gpg</filename> file as well as on all parts in the | |
2130caa8 | 168 | <filename>trusted.gpg.d</filename> directory, though <filename>trusted.gpg</filename> |
46e39c8e MV |
169 | is the primary keyring which means that e.g. new keys are added to this one. |
170 | </para></listitem> | |
171 | </varlistentry> | |
172 | </variablelist> | |
173 | </refsect1> | |
174 | ||
d2793259 MV |
175 | <refsect1><title>Files</title> |
176 | <variablelist> | |
46e39c8e MV |
177 | |
178 | &file-trustedgpg; | |
d2793259 MV |
179 | |
180 | <varlistentry><term><filename>/etc/apt/trustdb.gpg</filename></term> | |
181 | <listitem><para>Local trust database of archive keys.</para></listitem> | |
182 | </varlistentry> | |
183 | ||
694ef56e DK |
184 | <varlistentry><term>&keyring-filename;</term> |
185 | <listitem><para>Keyring of &keyring-distro; archive trusted keys.</para></listitem> | |
d2793259 MV |
186 | </varlistentry> |
187 | ||
694ef56e DK |
188 | <varlistentry><term>&keyring-removed-filename;</term> |
189 | <listitem><para>Keyring of &keyring-distro; archive removed trusted keys.</para></listitem> | |
d2793259 MV |
190 | </varlistentry> |
191 | ||
b3d44315 | 192 | </variablelist> |
d2793259 | 193 | |
b3d44315 MV |
194 | </refsect1> |
195 | ||
d2793259 MV |
196 | <refsect1><title>See Also</title> |
197 | <para> | |
198 | &apt-get;, &apt-secure; | |
199 | </para> | |
200 | </refsect1> | |
b3d44315 MV |
201 | |
202 | &manbugs; | |
203 | &manauthor; | |
204 | ||
205 | </refentry> | |
206 |