&apt-email;
&apt-product;
<!-- The last update date -->
- <date>2015-12-14T00:00:00Z</date>
+ <date>2016-11-25T00:00:00Z</date>
</refentryinfo>
<refmeta>
only if the client uses a known identifier.</para>
<para><literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to
- specify an external command to discover the http proxy to use. Apt expects
- the command to output the proxy on stdout in the style
- <literal>http://proxy:port/</literal>. This will override the
- generic <literal>Acquire::http::Proxy</literal> but not any specific
- host proxy configuration set via
- <literal>Acquire::http::Proxy::$HOST</literal>.
+ specify an external command to discover the http proxy to use. The first
+ and only parameter is an URI denoting the host to be contacted to allow
+ for host-specific configuration. APT expects the command to output the
+ proxy on stdout as a single line in the style <literal>http://proxy:port/</literal>
+ or the word <literal>DIRECT</literal> if no proxy should be used. No output
+ indicates that the generic proxy settings should be used.
+
+ Note that auto-detection will not be used for a host if a host-specific proxy
+ configuration is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</replaceable></literal>.
See the &squid-deb-proxy-client; package for an example implementation that
- uses avahi. This option takes precedence over the legacy option name
+ uses avahi.
+
+ This option takes precedence over the legacy option name
<literal>ProxyAutoDetect</literal>.
</para>
<varlistentry><term><option>AllowInsecureRepositories</option></term>
<listitem><para>
- Allow the update operation to load data files from
- a repository without a trusted signature. If enabled this
- option no data files will be loaded and the update
- operation fails with a error for this source. The default
- is false for backward compatibility. This will be changed
- in the future.
+ Allow update operations to load data files from
+ repositories without sufficient security information.
+ The default value is "<literal>false</literal>".
+ Concept, implications as well as alternatives are detailed in &apt-secure;.
</para></listitem>
</varlistentry>
- <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term>
+ <varlistentry><term><option>AllowWeakRepositories</option></term>
<listitem><para>
- Allow that a repository that was previously gpg signed to become
- unsigned durign a update operation. When there is no valid signature
- of a previously trusted repository apt will refuse the update. This
- option can be used to override this protection. You almost certainly
- never want to enable this. The default is false.
+ Allow update operations to load data files from
+ repositories which provide security information, but these
+ are deemed no longer cryptographically strong enough.
+ The default value is "<literal>false</literal>".
+ Concept, implications as well as alternatives are detailed in &apt-secure;.
+ </para></listitem>
+ </varlistentry>
- Note that apt will still consider packages from this source
- untrusted and warn about them if you try to install
- them.
- </para></listitem>
+ <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term>
+ <listitem><para>
+ Allow that a repository that was previously gpg signed to become
+ unsigned during an update operation. When there is no valid signature
+ for a previously trusted repository apt will refuse the update. This
+ option can be used to override this protection. You almost certainly
+ never want to enable this. The default is <literal>false</literal>.
+ Concept, implications as well as alternatives are detailed in &apt-secure;.
+ </para></listitem>
</varlistentry>
<varlistentry><term><option>Changelogs::URI</option> scope</term>
<listitem><para>These options are passed to &dpkg-buildpackage; when compiling packages;
the default is to disable signing and produce all binaries.</para></listitem>
</varlistentry>
- </variablelist>
- <refsect2><title>dpkg trigger usage (and related options)</title>
- <para>APT can call &dpkg; in such a way as to let it make aggressive use of triggers over
- multiple calls of &dpkg;. Without further options &dpkg; will use triggers once each time it runs.
- Activating these options can therefore decrease the time needed to perform the
- install or upgrade. Note that it is intended to activate these options per default in the
- future, but as it drastically changes the way APT calls &dpkg; it needs a lot more testing.
- <emphasis>These options are therefore currently experimental and should not be used in
- production environments.</emphasis> It also breaks progress reporting such that all front-ends will
- currently stay around half (or more) of the time in the 100% state while it actually configures
- all packages.</para>
- <para>Note that it is not guaranteed that APT will support these options or that these options will
- not cause (big) trouble in the future. If you have understand the current risks and problems with
- these options, but are brave enough to help testing them, create a new configuration file and test a
- combination of options. Please report any bugs, problems and improvements you encounter and make sure
- to note which options you have used in your reports. Asking &dpkg; for help could also be useful for
- debugging proposes, see e.g. <command>dpkg --audit</command>. A defensive option combination would be
-<literallayout>DPkg::NoTriggers "true";
-PackageManager::Configure "smart";
-DPkg::ConfigurePending "true";
-DPkg::TriggersPending "true";</literallayout></para>
-
- <variablelist>
- <varlistentry><term><option>DPkg::NoTriggers</option></term>
- <listitem><para>Add the no triggers flag to all &dpkg; calls (except the ConfigurePending call).
- See &dpkg; if you are interested in what this actually means. In short: &dpkg; will not run the
- triggers when this flag is present unless it is explicitly called to do so in an extra call.
- Note that this option exists (undocumented) also in older APT versions with a slightly different
- meaning: Previously these option only append --no-triggers to the configure calls to &dpkg; -
- now APT will also add this flag to the unpack and remove calls.</para></listitem>
- </varlistentry>
- <varlistentry><term><option>PackageManager::Configure</option></term>
- <listitem><para>Valid values are "<literal>all</literal>",
- "<literal>smart</literal>" and "<literal>no</literal>".
- The default value is "<literal>all</literal>", which causes APT to
- configure all packages. The "<literal>smart</literal>" way is to
- configure only packages which need to be configured before another
- package can be unpacked (Pre-Depends), and let the rest be configured
- by &dpkg; with a call generated by the ConfigurePending option (see
- below). On the other hand, "<literal>no</literal>" will not configure
- anything, and totally relies on &dpkg; for configuration (which at the
- moment will fail if a Pre-Depends is encountered). Setting this option
- to any value other than <literal>all</literal> will implicitly also
- activate the next option by default, as otherwise the system could end
- in an unconfigured and potentially unbootable state.</para></listitem>
- </varlistentry>
- <varlistentry><term><option>DPkg::ConfigurePending</option></term>
- <listitem><para>If this option is set APT will call <command>dpkg --configure --pending</command>
- to let &dpkg; handle all required configurations and triggers. This option is activated automatically
- per default if the previous option is not set to <literal>all</literal>, but deactivating it could be useful
- if you want to run APT multiple times in a row - e.g. in an installer. In these sceneries you could
- deactivate this option in all but the last run.</para></listitem>
- </varlistentry>
- <varlistentry><term><option>DPkg::TriggersPending</option></term>
- <listitem><para>Useful for the <literal>smart</literal> configuration as a package which has pending
- triggers is not considered as <literal>installed</literal>, and &dpkg; treats them as <literal>unpacked</literal>
- currently which is a showstopper for Pre-Dependencies (see debbugs #526774). Note that this will
- process all triggers, not only the triggers needed to configure this package.</para></listitem>
- </varlistentry>
- <varlistentry><term><option>OrderList::Score::Immediate</option></term>
- <listitem><para>Essential packages (and their dependencies) should be configured immediately
- after unpacking. It is a good idea to do this quite early in the upgrade process as these
- configure calls also currently require <literal>DPkg::TriggersPending</literal> which
- will run quite a few triggers (which may not be needed). Essentials get per default a high score
- but the immediate flag is relatively low (a package which has a Pre-Depends is rated higher).
- These option and the others in the same group can be used to change the scoring. The following
- example shows the settings with their default values.
- <literallayout>OrderList::Score {
- Delete 500;
- Essential 200;
- Immediate 10;
- PreDepends 50;
-};</literallayout>
- </para></listitem>
- </varlistentry>
- </variablelist>
- </refsect2>
+ <varlistentry><term><option>DPkg::ConfigurePending</option></term>
+ <listitem><para>If this option is set APT will call <command>dpkg --configure --pending</command>
+ to let &dpkg; handle all required configurations and triggers. This option is activated by default,
+ but deactivating it could be useful if you want to run APT multiple times in a row - e.g. in an installer.
+ In this scenario you could deactivate this option in all but the last run.</para></listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
<title>Periodic and Archives options</title>
<para><literal>APT::Periodic</literal> and <literal>APT::Archives</literal>
groups of options configure behavior of apt periodic updates, which is
- done by the <literal>/etc/cron.daily/apt</literal> script. See the top of
+ done by the <literal>/usr/lib/apt/apt.systemd.daily</literal> script. See the top of
this script for the brief documentation of these options.
</para>
</refsect1>