<?xml version="1.0" encoding="utf-8" standalone="no"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % aptent SYSTEM "apt.ent">
%aptent;
+<!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent">
+%aptverbatiment;
+
]>
<refentry>
- &apt-docinfo;
-
+ <refentryinfo>
+ &apt-author.jgunthorpe;
+ &apt-author.team;
+ &apt-email;
+ &apt-product;
+ <!-- The last update date -->
+ <date>2012-05-21T00:00:00Z</date>
+ </refentryinfo>
+
<refmeta>
<refentrytitle>apt-secure</refentrytitle>
<manvolnum>8</manvolnum>
+ <refmiscinfo class="manual">APT</refmiscinfo>
</refmeta>
<!-- NOTE: This manpage has been written based on the
different steps. <command>apt-secure</command> is the last step in
this chain, trusting an archive does not mean that the packages
that you trust it do not contain malicious code but means that you
- trust the archive maintainer. Its the archive maintainer
+ trust the archive maintainer. It's the archive maintainer
responsibility to ensure that the archive integrity is correct.
</para>
is computed and put in the Packages file. The MD5 sum of all of the
packages files are then computed and put into the Release file. The
Release file is then signed by the archive key (which is created
- once a year and distributed through the FTP server. This key is
+ once a year) and distributed through the FTP server. This key is
also on the Debian keyring.
</para>
(you should make sure you are using a trusted communication channel
when retrieving it), add it with <command>apt-key</command> and
then run <command>apt-get update</command> so that apt can download
- and verify the <filename>Release.gpg</filename> files from the archives you
- have configured.
+ and verify the <filename>InRelease</filename> or <filename>Release.gpg</filename>
+ files from the archives you have configured.
</para>
</refsect1>
</para>
<itemizedlist>
- <listitem><para><literal>Create a toplevel Release
- file</literal>. if it does not exist already. You can do this
+ <listitem><para><emphasis>Create a toplevel Release
+ file</emphasis>, if it does not exist already. You can do this
by running <command>apt-ftparchive release</command>
- (provided inftp apt-utils).</para></listitem>
+ (provided in apt-utils).</para></listitem>
- <listitem><para><literal>Sign it</literal>. You can do this by running
+ <listitem><para><emphasis>Sign it</emphasis>. You can do this by running
+ <command>gpg --clearsign -o InRelease Release</command> and
<command>gpg -abs -o Release.gpg Release</command>.</para></listitem>
- <listitem><para><literal>Publish the key fingerprint</literal>,
+ <listitem><para><emphasis>Publish the key fingerprint</emphasis>,
that way your users will know what key they need to import in
order to authenticate the files in the
archive.</para></listitem>
<refsect1><title>See Also</title>
<para>
-&apt-conf;, &apt-get;, &sources-list;, &apt-key;, &apt-archive;,
+&apt-conf;, &apt-get;, &sources-list;, &apt-key;, &apt-ftparchive;,
&debsign; &debsig-verify;, &gpg;
</para>
-<para>For more backgound information you might want to review the
+<para>For more background information you might want to review the
<ulink
-url="http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html">Debian
+url="http://www.debian.org/doc/manuals/securing-debian-howto/ch7">Debian
Security Infrastructure</ulink> chapter of the Securing Debian Manual
(available also in the harden-doc package) and the
<ulink url="http://www.cryptnet.net/fdp/crypto/strong_distro.html"