X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/49ee5fa71d7df209a411db228a7532c4c56a28d0..923c592ceb6014b31ec751b97b3ed659fa3e88ae:/doc/apt.conf.5.xml diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index d71f99c0a..380371230 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -19,7 +19,7 @@ &apt-email; &apt-product; - 2016-05-27T00:00:00Z + 2016-08-17T00:00:00Z @@ -650,27 +650,32 @@ APT::Compressor::rev { - Allow the update operation to load data files from - a repository without a trusted signature. If enabled this - option no data files will be loaded and the update - operation fails with a error for this source. The default - is false for backward compatibility. This will be changed - in the future. + Allow update operations to load data files from + repositories without sufficient security information. + The default value is "false". + Concept, implications as well as alternatives are detailed in &apt-secure;. - + - Allow that a repository that was previously gpg signed to become - unsigned durign a update operation. When there is no valid signature - of a previously trusted repository apt will refuse the update. This - option can be used to override this protection. You almost certainly - never want to enable this. The default is false. + Allow update operations to load data files from + repositories which provide security information, but these + are deemed no longer cryptographically strong enough. + The default value is "false". + Concept, implications as well as alternatives are detailed in &apt-secure;. + + - Note that apt will still consider packages from this source - untrusted and warn about them if you try to install - them. - + + + Allow that a repository that was previously gpg signed to become + unsigned during an update operation. When there is no valid signature + for a previously trusted repository apt will refuse the update. This + option can be used to override this protection. You almost certainly + never want to enable this. The default is false. + Concept, implications as well as alternatives are detailed in &apt-secure;. + scope @@ -899,91 +904,21 @@ APT::Compressor::rev { These options are passed to &dpkg-buildpackage; when compiling packages; the default is to disable signing and produce all binaries. - - dpkg trigger usage (and related options) - APT can call &dpkg; in such a way as to let it make aggressive use of triggers over - multiple calls of &dpkg;. Without further options &dpkg; will use triggers once each time it runs. - Activating these options can therefore decrease the time needed to perform the - install or upgrade. Note that it is intended to activate these options per default in the - future, but as it drastically changes the way APT calls &dpkg; it needs a lot more testing. - These options are therefore currently experimental and should not be used in - production environments. It also breaks progress reporting such that all front-ends will - currently stay around half (or more) of the time in the 100% state while it actually configures - all packages. - Note that it is not guaranteed that APT will support these options or that these options will - not cause (big) trouble in the future. If you have understand the current risks and problems with - these options, but are brave enough to help testing them, create a new configuration file and test a - combination of options. Please report any bugs, problems and improvements you encounter and make sure - to note which options you have used in your reports. Asking &dpkg; for help could also be useful for - debugging proposes, see e.g. dpkg --audit. A defensive option combination would be -DPkg::NoTriggers "true"; -PackageManager::Configure "smart"; -DPkg::ConfigurePending "true"; -DPkg::TriggersPending "true"; - - - - Add the no triggers flag to all &dpkg; calls (except the ConfigurePending call). - See &dpkg; if you are interested in what this actually means. In short: &dpkg; will not run the - triggers when this flag is present unless it is explicitly called to do so in an extra call. - Note that this option exists (undocumented) also in older APT versions with a slightly different - meaning: Previously these option only append --no-triggers to the configure calls to &dpkg; - - now APT will also add this flag to the unpack and remove calls. - - - Valid values are "all", - "smart" and "no". - The default value is "all", which causes APT to - configure all packages. The "smart" way is to - configure only packages which need to be configured before another - package can be unpacked (Pre-Depends), and let the rest be configured - by &dpkg; with a call generated by the ConfigurePending option (see - below). On the other hand, "no" will not configure - anything, and totally relies on &dpkg; for configuration (which at the - moment will fail if a Pre-Depends is encountered). Setting this option - to any value other than all will implicitly also - activate the next option by default, as otherwise the system could end - in an unconfigured and potentially unbootable state. - - - If this option is set APT will call dpkg --configure --pending - to let &dpkg; handle all required configurations and triggers. This option is activated automatically - per default if the previous option is not set to all, but deactivating it could be useful - if you want to run APT multiple times in a row - e.g. in an installer. In these sceneries you could - deactivate this option in all but the last run. - - - Useful for the smart configuration as a package which has pending - triggers is not considered as installed, and &dpkg; treats them as unpacked - currently which is a showstopper for Pre-Dependencies (see debbugs #526774). Note that this will - process all triggers, not only the triggers needed to configure this package. - - - Essential packages (and their dependencies) should be configured immediately - after unpacking. It is a good idea to do this quite early in the upgrade process as these - configure calls also currently require DPkg::TriggersPending which - will run quite a few triggers (which may not be needed). Essentials get per default a high score - but the immediate flag is relatively low (a package which has a Pre-Depends is rated higher). - These option and the others in the same group can be used to change the scoring. The following - example shows the settings with their default values. - OrderList::Score { - Delete 500; - Essential 200; - Immediate 10; - PreDepends 50; -}; - - - - + + If this option is set APT will call dpkg --configure --pending + to let &dpkg; handle all required configurations and triggers. This option is activated by default, + but deactivating it could be useful if you want to run APT multiple times in a row - e.g. in an installer. + In this scenario you could deactivate this option in all but the last run. + + Periodic and Archives options APT::Periodic and APT::Archives groups of options configure behavior of apt periodic updates, which is - done by the /etc/cron.daily/apt script. See the top of + done by the /usr/lib/apt/apt.systemd.daily script. See the top of this script for the brief documentation of these options.