diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2018-08-17 16:33:41 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2018-09-11 13:16:11 +0200 |
| commit | 8375d5b58038fc026098dcccc3de87cd9d740334 (patch) | |
| tree | a7a746154a32e6370293c4bc693692dcdc796dc7 /doc | |
| parent | ff8fa4ab4b80384a9240f0df63181f71077a8d83 (diff) | |
Support multiple keyrings in sources.list Signed-By
A user can specify multiple fingerprints for a while now, so its seems
counter-intuitive to support only one keyring, especially if this isn't
really checked or enforced and while unlikely mixtures of both should
work properly, too, instead of a kinda random behaviour.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/sources.list.5.xml | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index 84eb527e7..eaea13ae5 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -14,7 +14,7 @@ &apt-email; &apt-product; <!-- The last update date --> - <date>2018-02-27T00:00:00Z</date> + <date>2018-08-17T00:00:00Z</date> </refentryinfo> <refmeta> @@ -294,17 +294,22 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. </para></listitem> <listitem><para><option>Signed-By</option> (<option>signed-by</option>) - is either an absolute path to a keyring file (has to be - accessible and readable for the <literal>_apt</literal> user, - so ensure everyone has read-permissions on the file) or one or - more fingerprints of keys either in the - <filename>trusted.gpg</filename> keyring or in the - keyrings in the <filename>trusted.gpg.d/</filename> directory - (see <command>apt-key fingerprint</command>). If the option is - set, only the key(s) in this keyring or only the keys with these - fingerprints are used for the &apt-secure; verification of this - repository. Defaults to the value of the option with the same name - if set in the previously acquired <filename>Release</filename> file. + is an option to require a repository to pass &apt-secure; verification + with a certain set of keys rather than all trusted keys apt has configured. + It is specified as a list of absolute paths to keyring files (have to be + accessible and readable for the <literal>_apt</literal> system user, + so ensure everyone has read-permissions on the file) and fingerprints + of keys to select from these keyrings. If no keyring files are specified + the default is the <filename>trusted.gpg</filename> keyring and + all keyrings in the <filename>trusted.gpg.d/</filename> directory + (see <command>apt-key fingerprint</command>). If no fingerprint is + specified all keys in the keyrings are selected. A fingerprint will + accept also all signatures by a subkey of this key, if this isn't + desired an exclamation mark (<literal>!</literal>) can be appended to + the fingerprint to disable this behaviour. + The option defaults to the value of the option with the same name + if set in the previously acquired <filename>Release</filename> file + of this repository (only fingerprints can be specified there through). Otherwise all keys in the trusted keyrings are considered valid signers for this repository. </para></listitem> |