X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/124e6916b7b02984803ff8217e8163947aae2882..accf0ca336a82397063fb262c64a01d2a8947ca7:/doc/apt.conf.5.xml

diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index 215634e99..260c66c46 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -19,7 +19,7 @@
    &apt-email;
    &apt-product;
    <!-- The last update date -->
-   <date>2015-12-14T00:00:00Z</date>
+   <date>2016-11-25T00:00:00Z</date>
  </refentryinfo>
  
  <refmeta>
@@ -444,15 +444,20 @@ APT::Compressor::rev {
      only if the client uses a known identifier.</para>
 
      <para><literal>Acquire::http::Proxy-Auto-Detect</literal> can be used to
-     specify an external command to discover the http proxy to use. Apt expects
-     the command to output the proxy on stdout in the style
-     <literal>http://proxy:port/</literal>. This will override the
-     generic <literal>Acquire::http::Proxy</literal> but not any specific
-     host proxy configuration set via 
-     <literal>Acquire::http::Proxy::$HOST</literal>.
+     specify an external command to discover the http proxy to use. The first
+     and only parameter is an URI denoting the host to be contacted to allow
+     for host-specific configuration. APT expects the command to output the
+     proxy on stdout as a single line in the style <literal>http://proxy:port/</literal>
+     or the word <literal>DIRECT</literal> if no proxy should be used. No output
+     indicates that the generic proxy settings should be used.
+
+     Note that auto-detection will not be used for a host if a host-specific proxy
+     configuration is already set via <literal>Acquire::http::Proxy::<replaceable>HOST</replaceable></literal>.
 
      See the &squid-deb-proxy-client; package for an example implementation that
-     uses avahi. This option takes precedence over the legacy option name 
+     uses avahi.
+
+     This option takes precedence over the legacy option name
      <literal>ProxyAutoDetect</literal>.
      </para>
 
@@ -645,27 +650,32 @@ APT::Compressor::rev {
 
      <varlistentry><term><option>AllowInsecureRepositories</option></term>
 	 <listitem><para>
-           Allow the update operation to load data files from
-           a repository without a trusted signature. If enabled this
-           option no data files will be loaded and the update
-           operation fails with a error for this source. The default
-           is false for backward compatibility. This will be changed
-           in the future.
+	   Allow update operations to load data files from
+	   repositories without sufficient security information.
+	   The default value is "<literal>false</literal>".
+	   Concept, implications as well as alternatives are detailed in &apt-secure;.
 	 </para></listitem>
      </varlistentry>
 
-     <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term>
+     <varlistentry><term><option>AllowWeakRepositories</option></term>
 	 <listitem><para>
-           Allow that a repository that was previously gpg signed to become
-           unsigned durign a update operation. When there is no valid signature
-           of a previously trusted repository apt will refuse the update. This
-           option can be used to override this protection. You almost certainly
-           never want to enable this. The default is false.
+	   Allow update operations to load data files from
+	   repositories which provide security information, but these
+	   are deemed no longer cryptographically strong enough.
+	   The default value is "<literal>false</literal>".
+	   Concept, implications as well as alternatives are detailed in &apt-secure;.
+	 </para></listitem>
+     </varlistentry>
 
-           Note that apt will still consider packages from this source
-           untrusted and warn about them if you try to install
-           them.
-         </para></listitem>
+     <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term>
+	 <listitem><para>
+	   Allow that a repository that was previously gpg signed to become
+	   unsigned during an update operation. When there is no valid signature
+	   for a previously trusted repository apt will refuse the update. This
+	   option can be used to override this protection. You almost certainly
+	   never want to enable this. The default is <literal>false</literal>.
+	   Concept, implications as well as alternatives are detailed in &apt-secure;.
+	 </para></listitem>
      </varlistentry>
 
      <varlistentry><term><option>Changelogs::URI</option> scope</term>
@@ -894,91 +904,21 @@ APT::Compressor::rev {
      <listitem><para>These options are passed to &dpkg-buildpackage; when compiling packages;
      the default is to disable signing and produce all binaries.</para></listitem>
      </varlistentry>
-   </variablelist>
 
-   <refsect2><title>dpkg trigger usage (and related options)</title>
-     <para>APT can call &dpkg; in such a way as to let it make aggressive use of triggers over
-     multiple calls of &dpkg;. Without further options &dpkg; will use triggers once each time it runs.
-     Activating these options can therefore decrease the time needed to perform the
-     install or upgrade. Note that it is intended to activate these options per default in the
-     future, but as it drastically changes the way APT calls &dpkg; it needs a lot more testing.
-     <emphasis>These options are therefore currently experimental and should not be used in
-     production environments.</emphasis> It also breaks progress reporting such that all front-ends will
-     currently stay around half (or more) of the time in the 100% state while it actually configures
-     all packages.</para>
-     <para>Note that it is not guaranteed that APT will support these options or that these options will
-     not cause (big) trouble in the future. If you have understand the current risks and problems with
-     these options, but are brave enough to help testing them, create a new configuration file and test a
-     combination of options. Please report any bugs, problems and improvements you encounter and make sure
-     to note which options you have used in your reports. Asking &dpkg; for help could also be useful for
-     debugging proposes, see e.g. <command>dpkg --audit</command>. A defensive option combination would be
-<literallayout>DPkg::NoTriggers "true";
-PackageManager::Configure "smart";
-DPkg::ConfigurePending "true";
-DPkg::TriggersPending "true";</literallayout></para>
-
-     <variablelist>
-       <varlistentry><term><option>DPkg::NoTriggers</option></term>
-       <listitem><para>Add the no triggers flag to all &dpkg; calls (except the ConfigurePending call).
-       See &dpkg; if you are interested in what this actually means. In short: &dpkg; will not run the
-       triggers when this flag is present unless it is explicitly called to do so in an extra call.
-       Note that this option exists (undocumented) also in older APT versions with a slightly different
-       meaning: Previously these option only append --no-triggers to the configure calls to &dpkg; -
-       now APT will also add this flag to the unpack and remove calls.</para></listitem>
-       </varlistentry>
-       <varlistentry><term><option>PackageManager::Configure</option></term>
-       <listitem><para>Valid values are "<literal>all</literal>",
-       "<literal>smart</literal>" and "<literal>no</literal>".
-       The default value is "<literal>all</literal>", which causes APT to
-       configure all packages. The "<literal>smart</literal>" way is to
-       configure only packages which need to be configured before another
-       package can be unpacked (Pre-Depends), and let the rest be configured
-       by &dpkg; with a call generated by the ConfigurePending option (see
-       below). On the other hand, "<literal>no</literal>" will not configure
-       anything, and totally relies on &dpkg; for configuration (which at the
-       moment will fail if a Pre-Depends is encountered). Setting this option
-       to any value other than <literal>all</literal> will implicitly also
-       activate the next option by default, as otherwise the system could end
-       in an unconfigured and potentially unbootable state.</para></listitem>
-       </varlistentry>
-       <varlistentry><term><option>DPkg::ConfigurePending</option></term>
-       <listitem><para>If this option is set APT will call <command>dpkg --configure --pending</command>
-       to let &dpkg; handle all required configurations and triggers. This option is activated automatically
-       per default if the previous option is not set to <literal>all</literal>, but deactivating it could be useful
-       if you want to run APT multiple times in a row - e.g. in an installer. In these sceneries you could
-       deactivate this option in all but the last run.</para></listitem>
-       </varlistentry>
-       <varlistentry><term><option>DPkg::TriggersPending</option></term>
-       <listitem><para>Useful for the <literal>smart</literal> configuration as a package which has pending
-       triggers is not considered as <literal>installed</literal>, and &dpkg; treats them as <literal>unpacked</literal>
-       currently which is a showstopper for Pre-Dependencies (see debbugs #526774). Note that this will
-       process all triggers, not only the triggers needed to configure this package.</para></listitem>
-       </varlistentry>
-       <varlistentry><term><option>OrderList::Score::Immediate</option></term>
-       <listitem><para>Essential packages (and their dependencies) should be configured immediately
-       after unpacking. It is a good idea to do this quite early in the upgrade process as these
-       configure calls also currently require <literal>DPkg::TriggersPending</literal> which
-       will run quite a few triggers (which may not be needed). Essentials get per default a high score
-       but the immediate flag is relatively low (a package which has a Pre-Depends is rated higher).
-       These option and the others in the same group can be used to change the scoring. The following
-       example shows the settings with their default values.
-       <literallayout>OrderList::Score {
-	Delete 500;
-	Essential 200;
-	Immediate 10;
-	PreDepends 50;
-};</literallayout>
-       </para></listitem>
-       </varlistentry>
-     </variablelist>
-   </refsect2>
+     <varlistentry><term><option>DPkg::ConfigurePending</option></term>
+     <listitem><para>If this option is set APT will call <command>dpkg --configure --pending</command>
+     to let &dpkg; handle all required configurations and triggers. This option is activated by default,
+     but deactivating it could be useful if you want to run APT multiple times in a row - e.g. in an installer.
+     In this scenario you could deactivate this option in all but the last run.</para></listitem>
+     </varlistentry>
+   </variablelist>
  </refsect1>
 
  <refsect1>
    <title>Periodic and Archives options</title>
    <para><literal>APT::Periodic</literal> and <literal>APT::Archives</literal>
    groups of options configure behavior of apt periodic updates, which is
-   done by the <literal>/etc/cron.daily/apt</literal> script. See the top of
+   done by the <literal>/usr/lib/apt/apt.systemd.daily</literal> script. See the top of
    this script for the brief documentation of these options.
    </para>
  </refsect1>