summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-06-24 19:31:22 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-08-10 17:25:26 +0200
commitb0d408547734100bf86781615f546487ecf390d9 (patch)
tree8e88e2394ce15a4ac5a070b59a0cf4b74d748859 /doc
parent0741daeb7ab870b4dd62a93fa12a1cf6330f9a72 (diff)
implement Signed-By option for sources.list
Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later).
Diffstat (limited to 'doc')
-rw-r--r--doc/sources.list.5.xml24
1 files changed, 12 insertions, 12 deletions
diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml
index aded8ecef..12a7773f5 100644
--- a/doc/sources.list.5.xml
+++ b/doc/sources.list.5.xml
@@ -232,18 +232,18 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
anomalies.
<itemizedlist>
- <listitem><para><option>Trusted</option> (<option>trusted</option>)
- is a tri-state value which defaults to APT deciding if a source
- is considered trusted or if warnings should be raised before e.g.
- packages are installed from this source. This option can be used
- to override this decision either with the value <literal>yes</literal>,
- which lets APT consider this source always as a trusted source
- even if it has no or fails authentication checks by disabling parts
- of &apt-secure; and should therefore only be used in a local and trusted
- context (if at all) as otherwise security is breached. The opposite
- can be achieved with the value no, which causes the source to be handled
- as untrusted even if the authentication checks passed successfully.
- The default value can't be set explicitly.
+ <listitem><para><option>Signed-By</option> (<option>signed-by</option>)
+ is either an absolute path to a keyring file (has to be
+ accessible and readable for the <literal>_apt</literal> user,
+ so ensure everyone has read-permissions on the file) or a
+ fingerprint of a key in either the
+ <filename>trusted.gpg</filename> keyring or in one of the
+ keyrings in the <filename>trusted.gpg.d/</filename> directory
+ (see <command>apt-key fingerprint</command>). If the option is
+ set only the key(s) in this keyring or only the key with this
+ fingerprint is used for the &apt-secure; verification of this
+ repository. Otherwise all keys in the trusted keyrings are
+ considered valid signers for this repository.
</para></listitem>
<listitem><para><option>Check-Valid-Until</option> (<option>check-valid-until</option>)