| | 1 | <!-- -*- mode: sgml; mode: fold -*- --> |
| | 2 | <!doctype refentry PUBLIC "-//OASIS//DTD DocBook V3.1//EN" [ |
| | 3 | |
| | 4 | <!ENTITY % aptent SYSTEM "apt.ent"> |
| | 5 | %aptent; |
| | 6 | |
| | 7 | ]> |
| | 8 | |
| | 9 | <refentry> |
| | 10 | &apt-docinfo; |
| | 11 | |
| | 12 | <refmeta> |
| | 13 | <refentrytitle>vendors.list</> |
| | 14 | <manvolnum>5</> |
| | 15 | </refmeta> |
| | 16 | |
| | 17 | <!-- Man page title --> |
| | 18 | <refnamediv> |
| | 19 | <refname>vendors.list</> |
| | 20 | <refpurpose>Security key configuration for APT</> |
| | 21 | </refnamediv> |
| | 22 | |
| | 23 | <RefSect1><Title>Description</> |
| | 24 | <para> |
| | 25 | The package vendor list contains a list of all vendors |
| | 26 | from whom you wish to authenticate downloaded packages. |
| | 27 | For each vendor listed, it must contain the corresponding |
| | 28 | PGP key fingerprint, so that APT can perform signature |
| | 29 | verification of the release file and subsequent checking |
| | 30 | of the checksums of each downloaded package. |
| | 31 | To have authentication enabled, you must add the |
| | 32 | vendor identification string (see below) enclosed in |
| | 33 | square braces to the sources.list line for all sites that mirror |
| | 34 | the repository provided by that vendor. |
| | 35 | <para> |
| | 36 | The format of this file is similar to the one used by |
| | 37 | apt.conf. It consists of an arbitrary number of blocks of |
| | 38 | vendors, where each block starts with a string telling the |
| | 39 | <replaceable/key_type/ and the <replaceable/vendor_id/. |
| | 40 | <para> |
| | 41 | Some vendors may have multiple blocks that define different |
| | 42 | security policies for their distributions. Debian for instance |
| | 43 | uses a different signing methodology for stable and unstable releases. |
| | 44 | <para> |
| | 45 | <replaceable/key_type/ is the type of the check required. |
| | 46 | Currently, there is only one type available which is |
| | 47 | <literal/simple-key/. |
| | 48 | <para> |
| | 49 | <replaceable/vendor_id/ is the vendor identification string. It is an |
| | 50 | arbitrary string you must supply to uniquely identifify a |
| | 51 | vendor that's listed in this file. |
| | 52 | |
| | 53 | Example: |
| | 54 | <informalexample><programlisting> |
| | 55 | simple-key "joe" |
| | 56 | { |
| | 57 | Fingerprint "0987AB4378FSD872343298787ACC"; |
| | 58 | Name "Joe Shmoe <joe@shmoe.com>"; |
| | 59 | } |
| | 60 | </programlisting></informalexample> |
| | 61 | |
| | 62 | </RefSect1> |
| | 63 | |
| | 64 | <RefSect1><Title>The simple-key type</> |
| | 65 | <para> |
| | 66 | This type of verification is used when the vendor has a single |
| | 67 | secured key that must be used to sign the Release file. The |
| | 68 | following items should be present |
| | 69 | |
| | 70 | <VariableList> |
| | 71 | <VarListEntry><Term>Fingerprint</Term> |
| | 72 | <ListItem><Para> |
| | 73 | The PGP fingerprint for the key. The fingerprint should be |
| | 74 | expressed in the standard notion with or without spaces. |
| | 75 | The <option/--fingerprint/ option for |
| | 76 | <CiteRefEntry><RefEntryTitle><command/gpg/</RefEntryTitle><ManVolNum/1/</CiteRefEntry> |
| | 77 | will show the fingerprint for the selected keys(s). |
| | 78 | </VarListEntry> |
| | 79 | |
| | 80 | <VarListEntry><Term>Name</Term> |
| | 81 | <ListItem><Para> |
| | 82 | A string containing a description of the owner of |
| | 83 | the key or vendor. You may put the vendor name and it's |
| | 84 | email. The string must be quoted with ". |
| | 85 | </VarListEntry> |
| | 86 | |
| | 87 | </VariableList> |
| | 88 | </RefSect1> |
| | 89 | |
| | 90 | <RefSect1><Title>Files</> |
| | 91 | <para> |
| | 92 | <filename>/etc/apt/vendors.list</> |
| | 93 | </RefSect1> |
| | 94 | |
| | 95 | <RefSect1><Title>See Also</> |
| | 96 | <para> |
| | 97 | &sources-list; |
| | 98 | </RefSect1> |
| | 99 | |
| | 100 | &manbugs; |
| | 101 | &manauthor; |
| | 102 | |
| | 103 | </refentry> |
| | 104 | |
projects / apt.git / blame_incremental