1 <?xml version=
"1.0" encoding=
"utf-8" standalone=
"no"?>
2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
5 <!ENTITY % aptent SYSTEM
"apt.ent">
13 &apt-author.jgunthorpe;
17 <!-- The last update date -->
18 <date>29 February
2004</date>
22 <refentrytitle>apt.conf
</refentrytitle>
23 <manvolnum>5</manvolnum>
26 <!-- Man page title -->
28 <refname>apt.conf
</refname>
29 <refpurpose>Configuration file for APT
</refpurpose>
32 <refsect1><title>Description
</title>
33 <para><filename>apt.conf
</filename> is the main configuration file for the APT suite of
34 tools, all tools make use of the configuration file and a common command line
35 parser to provide a uniform environment. When an APT tool starts up it will
36 read the configuration specified by the
<envar>APT_CONFIG
</envar> environment
37 variable (if any) and then read the files in
<literal>Dir::Etc::Parts
</literal>
38 then read the main configuration file specified by
39 <literal>Dir::Etc::main
</literal> then finally apply the
40 command line options to override the configuration directives, possibly
41 loading even more config files.
</para>
43 <para>The configuration file is organized in a tree with options organized into
44 functional groups. option specification is given with a double colon
45 notation, for instance
<literal>APT::Get::Assume-Yes
</literal> is an option within
46 the APT tool group, for the Get tool. options do not inherit from their
49 <para>Syntactically the configuration language is modeled after what the ISC tools
50 such as bind and dhcp use. Lines starting with
51 <literal>//
</literal> are treated as comments (ignored).
52 Each line is of the form
53 <literal>APT::Get::Assume-Yes "true";
</literal> The trailing
54 semicolon is required and the quotes are optional. A new scope can be
55 opened with curly braces, like:
</para>
57 <informalexample><programlisting>
64 </programlisting></informalexample>
66 <para>with newlines placed to make it more readable. Lists can be created by
67 opening a scope and including a single word enclosed in quotes followed by a
68 semicolon. Multiple entries can be included, each separated by a semicolon.
</para>
70 <informalexample><programlisting>
71 DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
72 </programlisting></informalexample>
74 <para>In general the sample configuration file in
75 <filename>&docdir;examples/apt.conf
</filename> &configureindex;
76 is a good guide for how it should look.
</para>
78 <para>The names of the configuration items are not case-sensitive. So in the previous example
79 you could use
<literal>dpkg::pre-install-pkgs
</literal>.
</para>
81 <para>Two specials are allowed,
<literal>#include
</literal> and
<literal>#clear
</literal>
82 <literal>#include
</literal> will include the given file, unless the filename
83 ends in a slash, then the whole directory is included.
84 <literal>#clear
</literal> is used to erase a list of names.
</para>
86 <para>All of the APT tools take a -o option which allows an arbitrary configuration
87 directive to be specified on the command line. The syntax is a full option
88 name (
<literal>APT::Get::Assume-Yes
</literal> for instance) followed by an equals
89 sign then the new value of the option. Lists can be appended too by adding
90 a trailing :: to the list name.
</para>
93 <refsect1><title>The APT Group
</title>
94 <para>This group of options controls general APT behavior as well as holding the
95 options for all of the tools.
</para>
98 <varlistentry><term>Architecture
</term>
99 <listitem><para>System Architecture; sets the architecture to use when fetching files and
100 parsing package lists. The internal default is the architecture apt was
101 compiled for.
</para></listitem>
104 <varlistentry><term>Default-Release
</term>
105 <listitem><para>Default release to install packages from if more than one
106 version available. Contains release name or release version. Examples: 'stable', 'testing', 'unstable', '
4.0', '
5.0*'. Release codenames ('etch', 'lenny' etc.) are not allowed now. See also &apt-preferences;.
</para></listitem>
109 <varlistentry><term>Ignore-Hold
</term>
110 <listitem><para>Ignore Held packages; This global option causes the problem resolver to
111 ignore held packages in its decision making.
</para></listitem>
114 <varlistentry><term>Clean-Installed
</term>
115 <listitem><para>Defaults to on. When turned on the autoclean feature will remove any packages
116 which can no longer be downloaded from the cache. If turned off then
117 packages that are locally installed are also excluded from cleaning - but
118 note that APT provides no direct means to reinstall them.
</para></listitem>
121 <varlistentry><term>Immediate-Configure
</term>
122 <listitem><para>Disable Immediate Configuration; This dangerous option disables some
123 of APT's ordering code to cause it to make fewer dpkg calls. Doing
124 so may be necessary on some extremely slow single user systems but
125 is very dangerous and may cause package install scripts to fail or worse.
126 Use at your own risk.
</para></listitem>
129 <varlistentry><term>Force-LoopBreak
</term>
130 <listitem><para>Never Enable this option unless you -really- know what you are doing. It
131 permits APT to temporarily remove an essential package to break a
132 Conflicts/Conflicts or Conflicts/Pre-Depend loop between two essential
133 packages. SUCH A LOOP SHOULD NEVER EXIST AND IS A GRAVE BUG. This option
134 will work if the essential packages are not tar, gzip, libc, dpkg, bash or
135 anything that those packages depend on.
</para></listitem>
138 <varlistentry><term>Cache-Limit
</term>
139 <listitem><para>APT uses a fixed size memory mapped cache file to store the 'available'
140 information. This sets the size of that cache (in bytes).
</para></listitem>
143 <varlistentry><term>Build-Essential
</term>
144 <listitem><para>Defines which package(s) are considered essential build dependencies.
</para></listitem>
147 <varlistentry><term>Get
</term>
148 <listitem><para>The Get subsection controls the &apt-get; tool, please see its
149 documentation for more information about the options here.
</para></listitem>
152 <varlistentry><term>Cache
</term>
153 <listitem><para>The Cache subsection controls the &apt-cache; tool, please see its
154 documentation for more information about the options here.
</para></listitem>
157 <varlistentry><term>CDROM
</term>
158 <listitem><para>The CDROM subsection controls the &apt-cdrom; tool, please see its
159 documentation for more information about the options here.
</para></listitem>
164 <refsect1><title>The Acquire Group
</title>
165 <para>The
<literal>Acquire
</literal> group of options controls the download of packages
166 and the URI handlers.
169 <varlistentry><term>PDiffs
</term>
170 <listitem><para>Try do download deltas called
<literal>PDiffs
</literal> for
171 Packages or Sources files instead of downloading whole ones. True
172 by default.
</para></listitem>
175 <varlistentry><term>Queue-Mode
</term>
176 <listitem><para>Queuing mode;
<literal>Queue-Mode
</literal> can be one of
<literal>host
</literal> or
177 <literal>access
</literal> which determines how APT parallelizes outgoing
178 connections.
<literal>host
</literal> means that one connection per target host
179 will be opened,
<literal>access
</literal> means that one connection per URI type
180 will be opened.
</para></listitem>
183 <varlistentry><term>Retries
</term>
184 <listitem><para>Number of retries to perform. If this is non-zero APT will retry failed
185 files the given number of times.
</para></listitem>
188 <varlistentry><term>Source-Symlinks
</term>
189 <listitem><para>Use symlinks for source archives. If set to true then source archives will
190 be symlinked when possible instead of copying. True is the default.
</para></listitem>
193 <varlistentry><term>http
</term>
194 <listitem><para>HTTP URIs; http::Proxy is the default http proxy to use. It is in the
195 standard form of
<literal>http://[[user][:pass]@]host[:port]/
</literal>. Per
196 host proxies can also be specified by using the form
197 <literal>http::Proxy::
<host
></literal> with the special keyword
<literal>DIRECT
</literal>
198 meaning to use no proxies. The
<envar>http_proxy
</envar> environment variable
199 will override all settings.
</para>
201 <para>Three settings are provided for cache control with HTTP/
1.1 compliant
202 proxy caches.
<literal>No-Cache
</literal> tells the proxy to not use its cached
203 response under any circumstances,
<literal>Max-Age
</literal> is sent only for
204 index files and tells the cache to refresh its object if it is older than
205 the given number of seconds. Debian updates its index files daily so the
206 default is
1 day.
<literal>No-Store
</literal> specifies that the cache should never
207 store this request, it is only set for archive files. This may be useful
208 to prevent polluting a proxy cache with very large .deb files. Note:
209 Squid
2.0.2 does not support any of these options.
</para>
211 <para>The option
<literal>timeout
</literal> sets the timeout timer used by the method,
212 this applies to all things including connection timeout and data timeout.
</para>
214 <para>One setting is provided to control the pipeline depth in cases where the
215 remote server is not RFC conforming or buggy (such as Squid
2.0.2)
216 <literal>Acquire::http::Pipeline-Depth
</literal> can be a value from
0 to
5
217 indicating how many outstanding requests APT should send. A value of
218 zero MUST be specified if the remote host does not properly linger
219 on TCP connections - otherwise data corruption will occur. Hosts which
220 require this are in violation of RFC
2068.
</para></listitem>
223 <varlistentry><term>https
</term>
224 <listitem><para>HTTPS URIs. Cache-control and proxy options are the same as for
225 <literal>http
</literal> method.
226 <literal>Pipeline-Depth
</literal> option is not supported yet.
</para>
228 <para><literal>CaInfo
</literal> suboption specifies place of file that
229 holds info about trusted certificates.
230 <literal><host
>::CaInfo
</literal> is corresponding per-host option.
231 <literal>Verify-Peer
</literal> boolean suboption determines whether verify
232 server's host certificate against trusted certificates or not.
233 <literal><host
>::Verify-Peer
</literal> is corresponding per-host option.
234 <literal>Verify-Host
</literal> boolean suboption determines whether verify
235 server's hostname or not.
236 <literal><host
>::Verify-Host
</literal> is corresponding per-host option.
237 <literal>SslCert
</literal> determines what certificate to use for client
238 authentication.
<literal><host
>::SslCert
</literal> is corresponding per-host option.
239 <literal>SslKey
</literal> determines what private key to use for client
240 authentication.
<literal><host
>::SslKey
</literal> is corresponding per-host option.
241 <literal>SslForceVersion
</literal> overrides default SSL version to use.
242 Can contain 'TLSv1' or 'SSLv3' string.
243 <literal><host
>::SslForceVersion
</literal> is corresponding per-host option.
244 </para></listitem></varlistentry>
246 <varlistentry><term>ftp
</term>
247 <listitem><para>FTP URIs; ftp::Proxy is the default proxy server to use. It is in the
248 standard form of
<literal>ftp://[[user][:pass]@]host[:port]/
</literal> and is
249 overridden by the
<envar>ftp_proxy
</envar> environment variable. To use a ftp
250 proxy you will have to set the
<literal>ftp::ProxyLogin
</literal> script in the
251 configuration file. This entry specifies the commands to send to tell
252 the proxy server what to connect to. Please see
253 &configureindex; for an example of
254 how to do this. The substitution variables available are
255 <literal>$(PROXY_USER)
</literal> <literal>$(PROXY_PASS)
</literal> <literal>$(SITE_USER)
</literal>
256 <literal>$(SITE_PASS)
</literal> <literal>$(SITE)
</literal> and
<literal>$(SITE_PORT)
</literal>
257 Each is taken from it's respective URI component.
</para>
259 <para>The option
<literal>timeout
</literal> sets the timeout timer used by the method,
260 this applies to all things including connection timeout and data timeout.
</para>
262 <para>Several settings are provided to control passive mode. Generally it is
263 safe to leave passive mode on, it works in nearly every environment.
264 However some situations require that passive mode be disabled and port
265 mode ftp used instead. This can be done globally, for connections that
266 go through a proxy or for a specific host (See the sample config file
267 for examples).
</para>
269 <para>It is possible to proxy FTP over HTTP by setting the
<envar>ftp_proxy
</envar>
270 environment variable to a http url - see the discussion of the http method
271 above for syntax. You cannot set this in the configuration file and it is
272 not recommended to use FTP over HTTP due to its low efficiency.
</para>
274 <para>The setting
<literal>ForceExtended
</literal> controls the use of RFC2428
275 <literal>EPSV
</literal> and
<literal>EPRT
</literal> commands. The default is false, which means
276 these commands are only used if the control connection is IPv6. Setting this
277 to true forces their use even on IPv4 connections. Note that most FTP servers
278 do not support RFC2428.
</para></listitem>
281 <varlistentry><term>cdrom
</term>
282 <listitem><para>CDROM URIs; the only setting for CDROM URIs is the mount point,
283 <literal>cdrom::Mount
</literal> which must be the mount point for the CDROM drive
284 as specified in
<filename>/etc/fstab
</filename>. It is possible to provide
285 alternate mount and unmount commands if your mount point cannot be listed
286 in the fstab (such as an SMB mount and old mount packages). The syntax
287 is to put
<literallayout>"/cdrom/"::Mount
"foo";
</literallayout> within
288 the cdrom block. It is important to have the trailing slash. Unmount
289 commands can be specified using UMount.
</para></listitem>
292 <varlistentry><term>gpgv
</term>
293 <listitem><para>GPGV URIs; the only option for GPGV URIs is the option to pass additional parameters to gpgv.
294 <literal>gpgv::Options
</literal> Additional options passed to gpgv.
302 <refsect1><title>Directories
</title>
304 <para>The
<literal>Dir::State
</literal> section has directories that pertain to local
305 state information.
<literal>lists
</literal> is the directory to place downloaded
306 package lists in and
<literal>status
</literal> is the name of the dpkg status file.
307 <literal>preferences
</literal> is the name of the APT preferences file.
308 <literal>Dir::State
</literal> contains the default directory to prefix on all sub
309 items if they do not start with
<filename>/
</filename> or
<filename>./
</filename>.
</para>
311 <para><literal>Dir::Cache
</literal> contains locations pertaining to local cache
312 information, such as the two package caches
<literal>srcpkgcache
</literal> and
313 <literal>pkgcache
</literal> as well as the location to place downloaded archives,
314 <literal>Dir::Cache::archives
</literal>. Generation of caches can be turned off
315 by setting their names to be blank. This will slow down startup but
316 save disk space. It is probably preferred to turn off the pkgcache rather
317 than the srcpkgcache. Like
<literal>Dir::State
</literal> the default
318 directory is contained in
<literal>Dir::Cache
</literal></para>
320 <para><literal>Dir::Etc
</literal> contains the location of configuration files,
321 <literal>sourcelist
</literal> gives the location of the sourcelist and
322 <literal>main
</literal> is the default configuration file (setting has no effect,
323 unless it is done from the config file specified by
324 <envar>APT_CONFIG
</envar>).
</para>
326 <para>The
<literal>Dir::Parts
</literal> setting reads in all the config fragments in
327 lexical order from the directory specified. After this is done then the
328 main config file is loaded.
</para>
330 <para>Binary programs are pointed to by
<literal>Dir::Bin
</literal>.
<literal>Dir::Bin::Methods
</literal>
331 specifies the location of the method handlers and
<literal>gzip
</literal>,
332 <literal>dpkg
</literal>,
<literal>apt-get
</literal> <literal>dpkg-source
</literal>
333 <literal>dpkg-buildpackage
</literal> and
<literal>apt-cache
</literal> specify the location
334 of the respective programs.
</para>
337 The configuration item
<literal>RootDir
</literal> has a special
338 meaning. If set, all paths in
<literal>Dir::
</literal> will be
339 relative to
<literal>RootDir
</literal>,
<emphasis>even paths that
340 are specified absolutely
</emphasis>. So, for instance, if
341 <literal>RootDir
</literal> is set to
342 <filename>/tmp/staging
</filename> and
343 <literal>Dir::State::status
</literal> is set to
344 <filename>/var/lib/dpkg/status
</filename>, then the status file
346 <filename>/tmp/staging/var/lib/dpkg/status
</filename>.
350 <refsect1><title>APT in DSelect
</title>
352 When APT is used as a
&dselect; method several configuration directives
353 control the default behaviour. These are in the
<literal>DSelect
</literal> section.
</para>
356 <varlistentry><term>Clean
</term>
357 <listitem><para>Cache Clean mode; this value may be one of always, prompt, auto,
358 pre-auto and never. always and prompt will remove all packages from
359 the cache after upgrading, prompt (the default) does so conditionally.
360 auto removes only those packages which are no longer downloadable
361 (replaced with a new version for instance). pre-auto performs this
362 action before downloading new packages.
</para></listitem>
365 <varlistentry><term>options
</term>
366 <listitem><para>The contents of this variable is passed to &apt-get; as command line
367 options when it is run for the install phase.
</para></listitem>
370 <varlistentry><term>Updateoptions
</term>
371 <listitem><para>The contents of this variable is passed to &apt-get; as command line
372 options when it is run for the update phase.
</para></listitem>
375 <varlistentry><term>PromptAfterUpdate
</term>
376 <listitem><para>If true the [U]pdate operation in
&dselect; will always prompt to continue.
377 The default is to prompt only on error.
</para></listitem>
382 <refsect1><title>How APT calls dpkg
</title>
383 <para>Several configuration directives control how APT invokes
&dpkg;. These are
384 in the
<literal>DPkg
</literal> section.
</para>
387 <varlistentry><term>options
</term>
388 <listitem><para>This is a list of options to pass to dpkg. The options must be specified
389 using the list notation and each list item is passed as a single argument
390 to
&dpkg;.
</para></listitem>
393 <varlistentry><term>Pre-Invoke
</term><term>Post-Invoke
</term>
394 <listitem><para>This is a list of shell commands to run before/after invoking
&dpkg;.
395 Like
<literal>options
</literal> this must be specified in list notation. The
396 commands are invoked in order using
<filename>/bin/sh
</filename>, should any
397 fail APT will abort.
</para></listitem>
400 <varlistentry><term>Pre-Install-Pkgs
</term>
401 <listitem><para>This is a list of shell commands to run before invoking dpkg. Like
402 <literal>options
</literal> this must be specified in list notation. The commands
403 are invoked in order using
<filename>/bin/sh
</filename>, should any fail APT
404 will abort. APT will pass to the commands on standard input the
405 filenames of all .deb files it is going to install, one per line.
</para>
407 <para>Version
2 of this protocol dumps more information, including the
408 protocol version, the APT configuration space and the packages, files
409 and versions being changed. Version
2 is enabled by setting
410 <literal>DPkg::Tools::options::cmd::Version
</literal> to
2.
<literal>cmd
</literal> is a
411 command given to
<literal>Pre-Install-Pkgs
</literal>.
</para></listitem>
414 <varlistentry><term>Run-Directory
</term>
415 <listitem><para>APT chdirs to this directory before invoking dpkg, the default is
416 <filename>/
</filename>.
</para></listitem>
419 <varlistentry><term>Build-options
</term>
420 <listitem><para>These options are passed to &dpkg-buildpackage; when compiling packages,
421 the default is to disable signing and produce all binaries.
</para></listitem>
426 <refsect1><title>Debug options
</title>
427 <para>Most of the options in the
<literal>debug
</literal> section are not interesting to
428 the normal user, however
<literal>Debug::pkgProblemResolver
</literal> shows
429 interesting output about the decisions dist-upgrade makes.
430 <literal>Debug::NoLocking
</literal> disables file locking so APT can do some
431 operations as non-root and
<literal>Debug::pkgDPkgPM
</literal> will print out the
432 command line for each dpkg invokation.
<literal>Debug::IdentCdrom
</literal> will
433 disable the inclusion of statfs data in CDROM IDs.
434 <literal>Debug::Acquire::gpgv
</literal> Debugging of the gpgv method.
438 <refsect1><title>Examples
</title>
439 <para>&configureindex; is a
440 configuration file showing example values for all possible
444 <refsect1><title>Files
</title>
445 <para><filename>/etc/apt/apt.conf
</filename></para>
448 <refsect1><title>See Also
</title>
449 <para>&apt-cache;, &apt-config;
<!-- ? reading apt.conf -->, &apt-preferences;.
</para>