Port TagIterator to correctly support ReMap (doh).

[apt.git] / doc / apt-key.8.xml

diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml
index 57200b1ededa4b3174415b0528c1512fbd386f54..eacd18d4d355a4bcc234cadd29f13893d5e92908 100644 (file)
--- a/doc/apt-key.8.xml
+++ b/doc/apt-key.8.xml
@@ -13,7 +13,7 @@
    &apt-email;
    &apt-product;
    <!-- The last update date -->
    &apt-email;
    &apt-product;
    <!-- The last update date -->

-   <date>2016-07-07T00:00:00Z</date>
+   <date>2016-11-25T00:00:00Z</date>

  </refentryinfo>
 
  <refmeta>
  </refentryinfo>
 
  <refmeta>


@@ -47,6 +47,20 @@
    </para>
 </refsect1>
 
    </para>
 </refsect1>
 

+<refsect1><title>Supported keyring files</title>
+<para>apt-key supports only the binary OpenPGP format (also known as "GPG key
+   public ring") in files with the "<literal>gpg</literal>" extension, not
+   the keybox database format introduced in newer &gpg; versions as default
+   for keyring files. Binary keyring files intended to be used with any apt
+   version should therefore always be created with <command>gpg --export</command>.
+</para>
+<para>Alternatively, if all systems which should be using the created keyring
+   have at least apt version >= 1.4 installed, you can use the ASCII armored
+   format with the "<literal>asc</literal>" extension instead which can be
+   created with <command>gpg --armor --export</command>.
+</para>
+</refsect1>
+

 <refsect1><title>Commands</title>
    <variablelist>
      <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term>
 <refsect1><title>Commands</title>
    <variablelist>
      <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term>


@@ -63,10 +77,10 @@
      otherwise the &apt-secure; infrastructure is completely undermined.
      </para>
      <para>
      otherwise the &apt-secure; infrastructure is completely undermined.
      </para>
      <para>

-       Instead of using this command a keyring can be placed directly in the
-       <filename>/etc/apt/trusted.gpg.d/</filename> directory with a descriptive name
-       (same rules for filename apply as for &apt-conf; files) and "<literal>gpg</literal>"
-       as file extension.
+       <emphasis>Note</emphasis>: Instead of using this command a keyring
+       should be placed directly in the <filename>/etc/apt/trusted.gpg.d/</filename>
+       directory with a descriptive name and either "<literal>gpg</literal>" or
+       "<literal>asc</literal>" as file extension.

      </para>
      </listitem>
      </varlistentry>
      </para>
      </listitem>
      </varlistentry>


@@ -139,7 +153,7 @@
      <para>
        Note that a distribution does not need to and in fact should not use
        this command any longer and instead ship keyring files in the
      <para>
        Note that a distribution does not need to and in fact should not use
        this command any longer and instead ship keyring files in the

-       <filename>/etc/apt/trusted.gpg</filename> directory directly as this
+       <filename>/etc/apt/trusted.gpg.d/</filename> directory directly as this

        avoids a dependency on <package>gnupg</package> and it is easier to manage
        keys by simply adding and removing files for maintainers and users alike.
      </para>
        avoids a dependency on <package>gnupg</package> and it is easier to manage
        keys by simply adding and removing files for maintainers and users alike.
      </para>