summaryrefslogtreecommitdiff
path: root/doc/sources.list.5.xml
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2018-10-14 19:23:41 +0000
committerJulian Andres Klode <jak@debian.org>2018-10-14 19:23:41 +0000
commitb80e48783c183aeaf1d30d898a7743f091d96336 (patch)
tree7a0e3711dd68bbd8fdfd0d07f9af6f33aa9d2d51 /doc/sources.list.5.xml
parentbb2f6c8c2a965ac1ff01582b93e64da8991dcbfc (diff)
parent8375d5b58038fc026098dcccc3de87cd9d740334 (diff)
Merge branch 'feature/subkeys' into 'master'
Support subkeys and multiple keyrings in Signed-By options See merge request apt-team/apt!27
Diffstat (limited to 'doc/sources.list.5.xml')
-rw-r--r--doc/sources.list.5.xml29
1 files changed, 17 insertions, 12 deletions
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml
index 84eb527e7..eaea13ae5 100644
--- a/doc/sources.list.5.xml
+++ b/doc/sources.list.5.xml
@@ -14,7 +14,7 @@
&apt-email;
&apt-product;
<!-- The last update date -->
- <date>2018-02-27T00:00:00Z</date>
+ <date>2018-08-17T00:00:00Z</date>
</refentryinfo>
<refmeta>
@@ -294,17 +294,22 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
</para></listitem>
<listitem><para><option>Signed-By</option> (<option>signed-by</option>)
- is either an absolute path to a keyring file (has to be
- accessible and readable for the <literal>_apt</literal> user,
- so ensure everyone has read-permissions on the file) or one or
- more fingerprints of keys either in the
- <filename>trusted.gpg</filename> keyring or in the
- keyrings in the <filename>trusted.gpg.d/</filename> directory
- (see <command>apt-key fingerprint</command>). If the option is
- set, only the key(s) in this keyring or only the keys with these
- fingerprints are used for the &apt-secure; verification of this
- repository. Defaults to the value of the option with the same name
- if set in the previously acquired <filename>Release</filename> file.
+ is an option to require a repository to pass &apt-secure; verification
+ with a certain set of keys rather than all trusted keys apt has configured.
+ It is specified as a list of absolute paths to keyring files (have to be
+ accessible and readable for the <literal>_apt</literal> system user,
+ so ensure everyone has read-permissions on the file) and fingerprints
+ of keys to select from these keyrings. If no keyring files are specified
+ the default is the <filename>trusted.gpg</filename> keyring and
+ all keyrings in the <filename>trusted.gpg.d/</filename> directory
+ (see <command>apt-key fingerprint</command>). If no fingerprint is
+ specified all keys in the keyrings are selected. A fingerprint will
+ accept also all signatures by a subkey of this key, if this isn't
+ desired an exclamation mark (<literal>!</literal>) can be appended to
+ the fingerprint to disable this behaviour.
+ The option defaults to the value of the option with the same name
+ if set in the previously acquired <filename>Release</filename> file
+ of this repository (only fingerprints can be specified there through).
Otherwise all keys in the trusted keyrings are considered valid
signers for this repository.
</para></listitem>