diff options
author | Michael Vogt <mvo@ubuntu.com> | 2014-10-13 09:39:25 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2014-10-13 11:29:46 +0200 |
commit | 954d30df8d8b0fb4fa203d09674a4fe1e990e55c (patch) | |
tree | e33b2d4e81509432715510fd65c959d33bbb74fe | |
parent | 07cb47e71f4de7e3c57f9dcfbfb82e4e5566aed6 (diff) |
Document Acquire{MaxReleaseFileSize,AllowInsecureRepositories,AllowDowngradeToInsecureRepositories} and --no-allow-insecure-repositories
Document the new options to restrict loading unauthenticated data
into our parsers.
-rw-r--r-- | doc/apt-get.8.xml | 8 | ||||
-rw-r--r-- | doc/apt.conf.5.xml | 32 |
2 files changed, 40 insertions, 0 deletions
diff --git a/doc/apt-get.8.xml b/doc/apt-get.8.xml index 80b3be639..a372a0d30 100644 --- a/doc/apt-get.8.xml +++ b/doc/apt-get.8.xml @@ -525,6 +525,14 @@ Configuration Item: <literal>APT::Get::AllowUnauthenticated</literal>.</para></listitem> </varlistentry> + <varlistentry><term><option>--no-allow-insecure-repositories</option></term> + <listitem><para>Forbid the update command to acquire unverifiable + data from configured sources. Apt will fail at the update command + for repositories without valid cryptographically signatures. + + Configuration Item: <literal>Acquire::AllowInsecureRepositories</literal>.</para></listitem> + </varlistentry> + <varlistentry><term><option>--show-progress</option></term> <listitem><para>Show user friendly progress information in the terminal window when packages are installed, upgraded or diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index 0f98a6fe9..efe986ea8 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -586,6 +586,38 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";}; </para></listitem> </varlistentry> + <varlistentry><term><option>MaxReleaseFileSize</option></term> + <listitem><para> + The maximum file size of Release/Release.gpg/InRelease files. + The default is 10MB. + </para></listitem> + </varlistentry> + + <varlistentry><term><option>AllowInsecureRepositories</option></term> + <listitem><para> + Allow the update operation to load data files from + a repository without a trusted signature. If enabled this + option no data files will be loaded and the update + operation fails with a error for this source. The default + is false for backward compatibility. This will be changed + in the future. + </para></listitem> + </varlistentry> + + <varlistentry><term><option>AllowDowngradeToInsecureRepositories</option></term> + <listitem><para> + Allow that a repository that was previously gpg signed to become + unsigned durign a update operation. When there is no valid signature + of a perviously trusted repository apt will refuse the update. This + option can be used to override this protection. You almost certainly + never want to enable this. The default is false. + + Note that apt will still consider packages from this source + untrusted and warn about them if you try to install + them. + </para></listitem> + </varlistentry> + </variablelist> </refsect1> |