summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Vogt <mvo@ubuntu.com>2014-10-13 09:39:25 +0200
committerMichael Vogt <mvo@ubuntu.com>2014-10-13 11:29:46 +0200
commit954d30df8d8b0fb4fa203d09674a4fe1e990e55c (patch)
treee33b2d4e81509432715510fd65c959d33bbb74fe
parent07cb47e71f4de7e3c57f9dcfbfb82e4e5566aed6 (diff)
Document Acquire{MaxReleaseFileSize,AllowInsecureRepositories,AllowDowngradeToInsecureRepositories} and --no-allow-insecure-repositories
Document the new options to restrict loading unauthenticated data into our parsers.
-rw-r--r--doc/apt-get.8.xml8
-rw-r--r--doc/apt.conf.5.xml32
2 files changed, 40 insertions, 0 deletions
diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml
index 80b3be639..a372a0d30 100644
--- a/doc/apt-get.8.xml
+++ b/doc/apt-get.8.xml
@@ -525,6 +525,14 @@
Configuration Item: <literal>APT::Get::AllowUnauthenticated</literal>.</para></listitem>
</varlistentry>
+ <varlistentry><term><option>--no-allow-insecure-repositories</option></term>
+ <listitem><para>Forbid the update command to acquire unverifiable
+ data from configured sources. Apt will fail at the update command
+ for repositories without valid cryptographically signatures.
+
+ Configuration Item: <literal>Acquire::AllowInsecureRepositories</literal>.</para></listitem>
+ </varlistentry>
+
<varlistentry><term><option>--show-progress</option></term>
<listitem><para>Show user friendly progress information in the
terminal window when packages are installed, upgraded or
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index 0f98a6fe9..efe986ea8 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -586,6 +586,38 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
</para></listitem>
</varlistentry>
+ <varlistentry><term><option>MaxReleaseFileSize</option></term>
+ <listitem><para>
+ The maximum file size of Release/Release.gpg/InRelease files.
+ The default is 10MB.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry><term><option>AllowInsecureRepositories</option></term>
+ <listitem><para>
+ Allow the update operation to load data files from
+ a repository without a trusted signature. If enabled this
+ option no data files will be loaded and the update
+ operation fails with a error for this source. The default
+ is false for backward compatibility. This will be changed
+ in the future.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term>
+ <listitem><para>
+ Allow that a repository that was previously gpg signed to become
+ unsigned durign a update operation. When there is no valid signature
+ of a perviously trusted repository apt will refuse the update. This
+ option can be used to override this protection. You almost certainly
+ never want to enable this. The default is false.
+
+ Note that apt will still consider packages from this source
+ untrusted and warn about them if you try to install
+ them.
+ </para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>