7 files changed, 833 insertions, 0 deletions
diff --git a/doc/examples/CMakeLists.txt b/doc/examples/CMakeLists.txt
new file mode 100644
index 000000000..1998867db
--- /dev/null
+++ b/doc/examples/CMakeLists.txt
@@ -0,0 +1,4 @@
+install(FILES apt.conf apt-https-method-example.conf configure-index preferences
+        DESTINATION ${CMAKE_INSTALL_DOCDIR}/examples)
+install(FILES apt-ftparchive.conf ftp-archive.conf
+        DESTINATION ${CMAKE_INSTALL_DOCDIR}/../apt-utils/examples)
diff --git a/doc/examples/apt-ftparchive.conf b/doc/examples/apt-ftparchive.conf
new file mode 100644
index 000000000..0e8bcb2ce
--- /dev/null
+++ b/doc/examples/apt-ftparchive.conf
@@ -0,0 +1,46 @@
+// This config is for use with the pool-structure for the packages, thus we
+// don't use a Tree Section in here
+
+// The debian archive should be in the current working dir
+Dir {
+	ArchiveDir ".";
+	CacheDir ".";
+};
+
+// Create Packages, Packages.gz and Packages.xz, remove/add as needed
+Default {
+	Packages::Compress ". gzip xz";
+	Sources::Compress ". gzip xz";
+	Contents::Compress ". gzip xz";
+};
+
+// Includes the main section. You can structure the directory tree under
+// ./pool/main any way you like, apt-ftparchive will take any deb (and
+// source package) it can find. This creates a Packages a Sources and a
+// Contents file for these in the main section of the sid release
+BinDirectory "pool/main" {
+	Packages "dists/sid/main/binary-i386/Packages";
+	Sources "dists/sid/main/source/Sources";
+	Contents "dists/sid/main/Contents-i386";
+}
+
+// This is the same for the contrib section
+BinDirectory "pool/contrib" {
+	Packages "dists/sid/contrib/binary-i386/Packages";
+	Sources "dists/sid/contrib/source/Sources";
+	Contents "dists/sid/contrib/Contents-i386";
+}
+
+// This is the same for the non-free section
+BinDirectory "pool/non-free" {
+	Packages "dists/sid/non-free/binary-i386/Packages";
+	Sources "dists/sid/non-free/source/Sources";
+	Contents "dists/sid/non-free/Contents-i386";
+};
+
+// By default all Packages should have the extension ".deb"
+Default {
+	Packages {
+		Extensions ".deb";
+	};
+};
diff --git a/doc/examples/apt-https-method-example.conf b/doc/examples/apt-https-method-example.conf
new file mode 100644
index 000000000..a03766746
--- /dev/null
+++ b/doc/examples/apt-https-method-example.conf
@@ -0,0 +1,186 @@
+/* This file is a sample configuration for apt https method. Configuration
+   parameters found in this example file are expected to be used in main
+   apt.conf file, just like other configuration parameters for different
+   methods (ftp, file, ...).
+
+   This example file starts with a common setup that voluntarily exhibits
+   all available configurations knobs with simple comments. Extended
+   comments on the behavior of the option is provided at the end for
+   better readability. As a matter of fact, a common configuration file
+   will certainly contain far less elements and benefit of default values
+   for many parameters.
+
+   Because some configuration parameters for apt https method in following
+   examples apply to specific (fictional) repositories, the associated
+   sources.list file is provided here:
+
+   ...
+
+   deb     https://secure.dom1.tld/debian unstable main contrib non-free
+   deb-src https://secure.dom1.tld/debian unstable main contrib non-free
+
+   deb     https://secure.dom2.tld/debian unstable main contrib non-free
+   deb-src https://secure.dom2.tld/debian unstable main contrib non-free
+
+   ...
+
+
+   Some notes on the servers:
+
+    - secure.dom1.tld is freely accessible using https (no client
+      authentication is required).
+    - secure.dom1.tld certificate is part of a multi level PKI, and we
+      want to specifically check the issuer of its certificate. We do
+      not have the constraint for secure.dom2.tld
+    - secure.dom2.tld requires client authentication by certificate
+      to access its content.
+    - The certificate presented by both server have (as expected) a CN that
+      matches their respective DNS names.
+    - We have CRL available for both dom1.tld and dom2.tld PKI, and intend
+      to use them.
+    - It sometimes happens that we had other more generic https available
+      repository to our list. We want the checks to be performed against
+      a common list of anchors (like the one provided by ca-certificates
+      package for instance)
+
+   The sample configuration below basically covers those simple needs.
+*/
+
+
+// Verify peer certificate and also matching between certificate name
+// and server name as provided in sources.list (default values)
+Acquire::https::Verify-Peer "true";
+Acquire::https::Verify-Host "true";
+
+// Except otherwise specified, use that list of anchors
+Acquire::https::CaInfo     "/etc/ssl/certs/ca-certificates.pem";
+
+// Use a specific anchor and associated CRL. Enforce issuer of
+// server certificate using its cert.
+Acquire::https::secure.dom1.tld::CaInfo     "/etc/apt/certs/ca-dom1-crt.pem";
+Acquire::https::secure.dom1.tld::CrlFile    "/etc/apt/certs/ca-dom1-crl.pem";
+Acquire::https::secure.dom1.tld::IssuerCert "/etc/apt/certs/secure.dom1-issuer-crt.pem";
+
+// Like previous for anchor and CRL, but also provide our
+// certificate and keys for client authentication.
+Acquire::https::secure.dom2.tld::CaInfo  "/etc/apt/certs/ca-dom2-crt.pem";
+Acquire::https::secure.dom2.tld::CrlFile "/etc/apt/certs/ca-dom2-crl.pem";
+Acquire::https::secure.dom2.tld::SslCert "/etc/apt/certs/my-crt.pem";
+Acquire::https::secure.dom2.tld::SslKey  "/etc/apt/certs/my-key.pem";
+
+// No need to downgrade, TLS will be proposed by default. Uncomment
+// to have SSLv3 proposed.
+// Acquire::https::mirror.ipv6.ssi.corp::SslForceVersion "SSLv3";
+
+// No need for more debug if every is fine (default). Uncomment
+// me to get additional information.
+// Debug::Acquire::https "true";
+
+
+/*
+  Options with extended comments:
+
+  Acquire::https[::repo.domain.tld]::CaInfo  "/path/to/ca/certs.pem";
+
+    A string providing the path of a file containing the list of trusted
+    CA certificates used to verify the server certificate. The pointed
+    file is made of the concatenation of the CA certificates (in
+    PEM format) creating the chain used for the verification of the path
+    from the root (self signed one). If the remote server provides the
+    whole chain during the exchange, the file need only contain the root
+    certificate. Otherwise, the whole chain is required.
+
+    If you need to support multiple authorities, the only way is to
+    concatenate everything.
+
+    If None is provided, the default CA bundle used by GnuTLS (apt https
+    method is linked against libcurl-gnutls) is used. At the time of
+    writing, /etc/ssl/certs/ca-certificates.crt.
+
+    If no specific hostname is provided, the file is used by default
+    for all https targets. If a specific mirror is provided, it is
+    used for the https entries in the sources.list file that use that
+    repository (with the same name).
+
+  Acquire::https[::repo.domain.tld]::CrlFile  "/path/to/all/crl.pem";
+
+    Like previous knob but for passing the list of CRL files (in PEM
+    format) to be used to verify revocation status. Again, if the
+    option is defined with no specific mirror (probably makes little
+    sense), this CRL information is used for all defined https entries
+    in sources.list file. In a mirror specific context, it only applies
+    to that mirror.
+
+  Acquire::https[::repo.domain.tld]::IssuerCert "/path/to/issuer/cert.pem";
+
+    Allows to constrain the issuer of the server certificate (for all
+    https mirrors or a specific one) to a specific issuer. If the
+    server certificate has not been issued by this certificate,
+    connection fails.
+
+  Acquire::https[::repo.domain.tld]::Verify-Peer "true";
+
+    When authenticating the server, if the certificate verification fails
+    for some reason (expired, revoked, man in the middle, lack of anchor,
+    ...), the connection fails. This is obviously what you want in all
+    cases and what the default value (true) of this option provides.
+
+    If you know EXACTLY what you are doing, setting this option to "false"
+    allow you to skip peer certificate verification and make the exchange
+    succeed. Again, this option is for debugging or testing purpose only.
+    It removes ALL the security provided by the use of SSL.TLS to secure
+    the HTTP exchanges.
+
+  Acquire::https[::repo.domain.tld]::Verify-Host "true";
+
+    The certificate provided by the server during the TLS/SSL exchange
+    provides the identity of the server which should match the DNS name
+    used to access it. By default, as requested by RFC 2818, the name
+    of the mirror is checked against the identity found in the
+    certificate. This default behavior is safe and should not be
+    changed. If you know that the server you are using has a DNS name
+    which does not match the identity in its certificate, you can
+    [report that issue to its administrator or] set the option to
+    "false", which will prevent the comparison to be done.
+
+    The options can be set globally or on a per-mirror basis. If set
+    globally, the DNS name used is the one found in the sources.list
+    file in the https URI.
+
+  Acquire::https[::repo.domain.tld]::SslCert "/path/to/client/cert.pem";
+  Acquire::https[::repo.domain.tld]::SslKey  "/path/to/client/key.pem";
+
+    These two options provides support for client authentication using
+    certificates. They respectively accept the X.509 client certificate
+    in PEM format and the associated client key in PEM format (non
+    encrypted form).
+
+    The options can be set globally (which rarely makes sense) or on a
+    per-mirror basis.
+
+  Acquire::https[::repo.domain.tld]::SslForceVersion "TLSv1";
+
+    This option can be use to select the version which will be proposed
+    to the server. "SSLv3" and "TLSv1" are supported. SSLv2, which is
+    considered insecure anyway is not supported (by gnutls, which is
+    used by libcurl against which apt https method is linked).
+
+    When the option is set to "SSLv3" to have apt propose SSLv3 (and
+    associated sets of ciphersuites) instead of TLSv1 (the default)
+    when performing the exchange. This prevents the server to select
+    TLSv1 and use associated ciphersuites. You should probably not use
+    this option except if you know exactly what you are doing.
+
+    Note that the default setting does not guarantee that the server
+    will not select SSLv3 (for ciphersuites and SSL/TLS version as
+    selection is always done by the server, in the end). It only means
+    that apt will not advertise TLS support.
+
+  Debug::Acquire::https "true";
+
+    This option can be used to show debug information. Because it is
+    quite verbose, it is mainly useful to debug problems in case of
+    failure to connect to a server for some reason. The default value
+    is "false".
+
+*/
diff --git a/doc/examples/apt.conf b/doc/examples/apt.conf
new file mode 100644
index 000000000..7201d1920
--- /dev/null
+++ b/doc/examples/apt.conf
@@ -0,0 +1,32 @@
+// $Id: apt.conf,v 1.43 1999/12/06 02:19:38 jgg Exp $
+/* This file is a sample configuration file with a few harmless sample 
+   options.   
+*/
+
+APT 
+{
+  // Options for apt-get
+  Get 
+  {
+     Download-Only "false";
+  };
+  
+};
+
+// Options for the downloading routines
+Acquire
+{
+  Retries "0";
+};
+
+// Things that effect the APT dselect method
+DSelect 
+{
+  Clean "auto";   // always|auto|prompt|never
+};
+
+DPkg 
+{
+  // Probably don't want to use force-downgrade..
+  Options {"--force-overwrite";}
+}
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
new file mode 100644
index 000000000..2d0fb6c64
--- /dev/null
+++ b/doc/examples/configure-index
@@ -0,0 +1,473 @@
+/* This file is an index of all APT configuration directives. It should
+   NOT actually be used as a real config file, though it is (except for the
+   last line) a completely valid file. Most of the options have sane default
+   values, unless you have specific needs you should NOT include arbitrary
+   items in a custom configuration.
+   
+   In some instances involving filenames it is possible to set the default
+   directory when the path is evaluated. This means you can use relative
+   paths within the sub scope.
+   
+   The configuration directives are specified in a tree with {} designating
+   a subscope relative to the tag before the {}. You can further specify
+   a subscope using scope notation eg,
+     APT::Architecture "i386";
+   This is prefixed with the current scope. Scope notation must be used
+   if an option is specified on the command line with -o.
+*/
+
+quiet "0";
+quiet::NoUpdate "true"; // never update progress information - included in -q=1
+
+// Options for APT in general
+APT 
+{
+  Architecture "i386";
+  Architectures { "amd64"; "armel"; };
+  Build-Essential "build-essential";
+
+  NeverAutoRemove  { "linux-image.*";  };  // packages that should never
+                                            // considered for autoRemove
+
+  // Options for apt-get
+  Get 
+  {
+     Host-Architecture "armel";
+     Arch-Only "false";
+     AllowUnauthenticated "false";        // packages from unauthenticated
+     AutomaticRemove "false";       
+     HideAutoRemove "false";
+     Download-Only "false";
+     Simulate "false";
+     Assume-Yes "false";
+     Force-Yes "false";             // I would never set this.
+     Fix-Broken "false";  
+     Fix-Missing "false";     
+     Show-Upgraded "false";
+     Show-Versions "false";
+     Upgrade "true";
+     Print-URIs "false";
+     Compile "false";
+     Download "true";
+     Purge "false";
+     List-Cleanup "true";
+     ReInstall "false";
+     Trivial-Only "false";
+     Remove "true";
+     Only-Source "";
+     Diff-Only "false";
+     Tar-Only "false";
+     Build-Dep-Automatic "true";
+     Show-User-Simulation-Note "true";
+  };
+
+  Cache 
+  {
+     Important "false";
+     AllVersions "false";
+     GivenOnly "false";
+     RecurseDepends "false";
+     ShowFull "false";
+     Generate "true";
+     NamesOnly "false";
+     AllNames "false";
+     Installed "false";
+  };
+
+  CDROM 
+  {
+     Rename "false";
+     NoMount "false";
+     Fast "false";
+     NoAct "false";
+  };
+
+  Update
+  {
+     Pre-Invoke {"touch /var/lib/apt/pre-update-stamp"; };
+     Post-Invoke {"touch /var/lib/apt/post-update-stamp"; };
+  };
+
+  // define a new supported compressor on the fly
+  APT::Compressor::rev {
+     Name "rev";
+     Extension ".reversed";
+     Binary "rev";
+     CompressArg {};
+     UncompressArg {};
+     Cost "10";
+  };
+
+  Authentication
+  {
+     TrustCDROM "false";            // consider the CD-ROM always trusted
+  };
+
+  // Some general options
+  Ignore-Hold "false";
+  Clean-Installed "true";
+  Immediate-Configure "true";      // DO NOT turn this off, see the man page
+  Force-LoopBreak "false";         // DO NOT turn this on, see the man page
+  Cache-Start "20971520";
+  Cache-Grow "1048576";
+  Cache-Limit "0";
+  Default-Release "";
+
+  // consider Recommends, Suggests as important dependencies that should
+  // be installed by default
+  Install-Recommends "true";
+  Install-Suggests "false";
+  // reverse Recommends or Suggests prevent autoremoval
+  AutoRemove::RecommendsImportant "true";
+  AutoRemove::SuggestsImportant "true";
+
+  // consider dependencies of packages in this section manual
+  Never-MarkAuto-Sections {"metapackages"; "universe/metapackages"; };
+
+  // Write progress messages on this fd (for stuff like base-config)
+  Status-Fd "-1";
+  // Keep the list of FDs open (normally apt closes all fds when it
+  // does a ExecFork)
+  Keep-Fds {};
+
+  // control parameters for cron jobs by /etc/cron.daily/apt
+  Periodic
+  {
+    BackupArchiveInterval "0";
+    // - Backup after n-days if archive contents changed.(0=disable)
+
+    BackupLevel "3";
+    // - Backup level.(0=disable), 1 is invalid.
+
+    // APT::Archives::MaxAge "0"; (old, deprecated)
+    MaxAge "0"; // (new)
+    // - Set maximum allowed age of a cache package file. If a cache 
+    //   package file is older it is deleted (0=disable)
+
+    // APT::Archives::MinAge "2"; (old, deprecated)
+    MinAge "2"; // (new)
+    // - Set minimum age of a package file. If a file is younger it
+    //   will not be deleted (0=disable). Useful to prevent races
+    //   and to keep backups of the packages for emergency.
+
+    // APT::Archives::MaxSize "0"; (old, deprecated)
+    MaxSize "0"; // (new)
+    // - Set maximum size of the cache in MB (0=disable). If the cache
+    //   is bigger, cached package files are deleted until the size
+    //   requirement is met (the oldest packages will be deleted 
+    //   first).
+
+    Update-Package-Lists "0";
+    // - Do "apt-get update" automatically every n-days (0=disable)
+    //   
+    Download-Upgradeable-Packages "0";
+    // - Do "apt-get upgrade --download-only" every n-days (0=disable)
+    //
+    Unattended-Upgrade "0";
+    // - Run the "unattended-upgrade" security upgrade script 
+    //   every n-days (0=disabled)
+    //   Requires the package "unattended-upgrades" and will write
+    //   a log in /var/log/unattended-upgrades
+    //
+    AutocleanInterval "0";
+    // - Do "apt-get autoclean" every n-days (0=disable)
+
+    Verbose "0";
+    // - Send report mail to root
+    //   0:  no report             (or null string)
+    //   1:  progress report       (actually any string)
+    //   2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
+    //   3:  + trace on            
+  };
+};
+
+// Options for the downloading routines
+Acquire
+{
+  Queue-Mode "host";       // host|access
+  Retries "0";
+  Source-Symlinks "true";
+  ForceHash "sha256"; // hashmethod used for expected hash: sha256, sha1 or md5sum
+
+  PDiffs "true";     // try to get the IndexFile diffs
+  PDiffs::FileLimit "4"; // don't use diffs if we would need more than 4 diffs
+  PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
+			  // 50% of the size of the original file
+
+  Check-Valid-Until "true";
+  Max-ValidTime "864000"; // 10 days
+  Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration
+
+  // HTTP method configuration
+  http 
+  {
+    Proxy "http://127.0.0.1:3128";
+    Proxy::http.us.debian.org "DIRECT";  // Specific per-host setting
+    Timeout "120";
+    Pipeline-Depth "5";
+    AllowRedirect  "true";
+
+    // Cache Control. Note these do not work with Squid 2.0.2
+    No-Cache "false";
+    Max-Age "86400";     // 1 Day age on index files
+    No-Store "false";    // Prevent the cache from storing archives    
+    Dl-Limit "7";        // 7Kb/sec maximum download rate
+    User-Agent "Debian APT-HTTP/1.3";
+  };
+
+
+
+  // HTTPS method configuration: uses the http
+  // - proxy config
+  // - cache-control values
+  // - Dl-Limit, Timout, ... values
+  // if not set explicit for https
+  //
+  // see /usr/share/doc/apt/examples/apt-https-method-example.conf.gz
+  // for more examples
+  https
+  {
+	Verify-Peer "false";
+	SslCert "/etc/apt/some.pem";
+	CaPath  "/etc/ssl/certs";
+	Verify-Host "true";
+	AllowRedirect  "true";
+
+	Timeout "120";
+	AllowRedirect  "true";
+
+	// Cache Control. Note these do not work with Squid 2.0.2
+	No-Cache "false";
+	Max-Age "86400";     // 1 Day age on index files
+	No-Store "false";    // Prevent the cache from storing archives
+	Dl-Limit "7";        // 7Kb/sec maximum download rate
+
+	User-Agent "Debian APT-CURL/1.0";
+  };
+
+  ftp
+  {
+    Proxy "ftp://127.0.0.1/";
+    Proxy::http.us.debian.org "DIRECT"; // Specific per-host setting
+
+    /* Required script to perform proxy login. This example should work
+       for tisfwtk */
+    ProxyLogin
+    {
+       "USER $(PROXY_USER)";
+       "PASS $(PROXY_PASS)";
+       "USER $(SITE_USER)@$(SITE):$(SITE_PORT)";
+       "PASS $(SITE_PASS)";
+    };
+    
+    Timeout "120";
+    
+    /* Passive mode control, proxy, non-proxy and per-host. Pasv mode
+       is preferred if possible */
+    Passive "true";
+    Proxy::Passive "true";
+    Passive::http.us.debian.org "true"; // Specific per-host setting
+  };
+  
+  cdrom
+  {
+    // do auto detection of the cdrom mountpoint
+    AutoDetect "true";   
+    // when auto-detecting, only look for cdrom/dvd. when this is false
+    // it will support any removable device as a "cdrom" source
+    CdromOnly "true";
+    
+    // cdrom mountpoint (needs to be defined in fstab if AutoDetect is not used)
+    mount "/cdrom";
+
+    // You need the trailing slash!
+    "/cdrom/"
+    {
+       Mount "sleep 1000";
+       UMount "sleep 500";
+    }
+  };
+
+  gpgv
+  {
+   Options {"--ignore-time-conflict";}	// not very useful on a normal system
+  };
+
+  CompressionTypes
+  {
+    bz2 "bzip2";
+    lzma "lzma";
+    gz "gzip";
+
+    Order { "uncompressed"; "gz"; "lzma"; "bz2"; };
+  };
+
+  Languages
+  {
+     "environment";
+     "de";
+     "en";
+     "none";
+     "fr";
+  };
+
+  // Location of the changelogs with the placeholder @CHANGEPATH@ (e.g. "main/a/apt/apt_1.1")
+  Changelogs::URI::Origin::Debian "http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog";
+};
+
+// Directory layout
+Dir "/"
+{
+  // Location of the state dir
+  State "var/lib/apt/" 
+  {
+     Lists "lists/";
+     status "/var/lib/dpkg/status";
+     extended_states "extended_states";
+     cdroms "cdroms.list";
+  };
+  
+  // Location of the cache dir
+  Cache "var/cache/apt/" {
+     Archives "archives/";
+     // backup directory created by /etc/cron.daily/apt
+     Backup "backup/"; 
+     srcpkgcache "srcpkgcache.bin";
+     pkgcache "pkgcache.bin";     
+  };
+  
+  // Config files
+  Etc "etc/apt/" {
+     Main "apt.conf";
+     Netrc "auth.conf";
+     Parts "apt.conf.d/";
+     Preferences "preferences";
+     PreferencesParts "preferences.d";
+     SourceList "sources.list";
+     SourceParts "sources.list.d";
+     VendorList "vendors.list";
+     VendorParts "vendors.list.d";
+     Trusted "trusted.gpg";
+     TrustedParts "trusted.gpg.d";
+  };
+  
+  // Locations of binaries
+  Bin {
+     methods "/usr/lib/apt/methods/";
+     gzip "/bin/gzip";
+     gpg  "/usr/bin/gpgv";
+     dpkg "/usr/bin/dpkg";
+     dpkg-source "/usr/bin/dpkg-source";
+     dpkg-buildpackage "/usr/bin/dpkg-buildpackage";
+     apt-get "/usr/bin/apt-get";
+     apt-cache "/usr/bin/apt-cache";
+  };
+
+  // Location of the logfile
+  Log "var/log/apt" {
+	Terminal "term.log";
+	History "history.log";
+  };
+
+  // Media 
+  Media 
+  {
+	// Media AutoDetect mount path
+	MountPath "/media/apt";
+  };
+
+  // Media 
+  Media 
+  {
+	// Media AutoDetect mount path
+	MountPath "/media/apt";
+  };
+};
+
+// Things that effect the APT dselect method
+DSelect 
+{
+   Clean "auto";   // always|auto|prompt|never
+   Options "-f";
+   UpdateOptions "";
+   PromptAfterUpdate "no";
+   CheckDir "no";
+}
+
+DPkg
+{
+   // let apt aggressivly use dpkg triggers
+   NoTriggers "true";
+   ConfigurePending "true";
+
+   // Probably don't want to use force-downgrade..
+   Options {"--force-overwrite";"--force-downgrade";}
+
+   // Auto re-mounting of a readonly /usr
+   Pre-Invoke {"mount -o remount,rw /usr";};
+   Post-Invoke {"mount -o remount,ro /usr";};
+
+   Chroot-Directory "/";
+
+   // Prevents daemons from getting cwd as something mountable (default)
+   Run-Directory "/";
+
+   // Build options for apt-get source --compile
+   Build-Options "-b -uc";
+
+   // Pre-configure all packages before they are installed using debconf.
+   Pre-Install-Pkgs {"dpkg-preconfigure --apt --priority=low --frontend=dialog";};
+
+   // Flush the contents of stdin before forking dpkg.
+   FlushSTDIN "true";
+
+   // Control the size of the command line passed to dpkg.
+   MaxArgBytes 32768;
+   MaxArgs 8192;
+
+   // controls if apt will apport on the first dpkg error or if it 
+   // tries to install as many packages as possible
+   StopOnError "true";
+}
+
+/* Options you can set to see some debugging text They correspond to names
+   of classes in the source code */
+Debug 
+{
+  pkgProblemResolver "false";
+  pkgProblemResolver::ShowScores "false";
+  pkgDepCache::AutoInstall "false"; // what packages apt install to satify dependencies
+  pkgDepCache::Marker "false"; 
+  pkgCacheGen "false";
+  pkgAcquire "false";
+  pkgAcquire::Worker "false";
+  pkgAcquire::Auth "false";
+  pkgDPkgPM "false";
+  pkgDPkgProgressReporting "false";
+  pkgOrderList "false";
+  pkgPackageManager "false"; // OrderList/Configure debugging
+  pkgAutoRemove "false";   // show information about automatic removes
+  BuildDeps "false";
+  pkgInitialize "false";   // This one will dump the configuration space
+  NoLocking "false";
+  Acquire::Ftp "false";    // Show ftp command traffic
+  Acquire::Http "false";   // Show http command traffic
+  Acquire::Https "false";   // Show https debug
+  Acquire::gpgv "false";   // Show the gpgv traffic
+  Acquire::cdrom "false";   // Show cdrom debug output
+  aptcdrom "false";        // Show found package files
+  IdentCdrom "false";
+  acquire::netrc "false";  // netrc parser
+  RunScripts "false";      // debug invocation of external scripts  
+}
+
+pkgCacheGen
+{
+  Essential "native"; // other modes: all, none, installed
+  ForceEssential { "apt"; };
+  ForceImportant "";
+}
+
+/* Whatever you do, do not use this configuration file!! Take out ONLY
+   the portions you need! */
+This Is Not A Valid Config File
diff --git a/doc/examples/ftp-archive.conf b/doc/examples/ftp-archive.conf
new file mode 100644
index 000000000..4f4b00852
--- /dev/null
+++ b/doc/examples/ftp-archive.conf
@@ -0,0 +1,81 @@
+/* This configuration file describes the standard Debian distribution
+   as it once looked */
+   
+Dir 
+{
+   ArchiveDir "/org/ftp.debian.org/ftp/";
+   OverrideDir "/org/ftp.debian.org/scripts/override/";
+   CacheDir "/org/ftp.debian.org/scripts/cache/";
+};
+
+Default
+{
+   Packages::Compress ". gzip";
+   Sources::Compress "gzip";
+   Contents::Compress "gzip";
+   DeLinkLimit 10000;          // 10 Meg delink per day
+   MaxContentsChange 10000;     // 10 Meg of new contents files per day
+};
+
+TreeDefault
+{
+   Contents::Header "/org/ftp.debian.org/scripts/masterfiles/Contents.top";
+   BinCacheDB "packages-$(ARCH).db";
+   
+   // These are all defaults and are provided for completeness
+   Directory "$(DIST)/$(SECTION)/binary-$(ARCH)/";
+   Packages "$(DIST)/$(SECTION)/binary-$(ARCH)/Packages";
+   
+   SrcDirectory "$(DIST)/$(SECTION)/source/";
+   Sources "$(DIST)/$(SECTION)/source/Sources";
+   
+   Contents "$(DIST)/Contents-$(ARCH)";   
+};
+
+tree "dists/woody"
+{
+   Sections "main contrib non-free";
+   Architectures "alpha arm hurd-i386 i386 m68k powerpc sparc sparc64 source";
+   BinOverride "override.woody.$(SECTION)";
+   SrcOverride "override.woody.$(SECTION).src";
+};
+
+tree "dists/potato"
+{
+   Sections "main contrib non-free";
+   Architectures "alpha arm i386 m68k powerpc sparc source";
+   BinOverride "override.potato.$(SECTION)";
+   SrcOverride "override.woody.$(SECTION).src";
+};
+
+tree "dists/slink"
+{
+   Sections "main contrib non-free";
+   Architectures "alpha i386 m68k sparc source";
+   BinOverride "override.slink.$(SECTION)";
+   SrcOverride "override.woody.$(SECTION).src";
+   External-Links false;             // Slink should contain no links outside itself
+};
+
+
+bindirectory "project/experimental"
+{
+   Sources "project/experimental/Sources";
+   Packages "project/experimental/Packages";
+   
+   BinOverride "override.experimental";
+   BinCacheDB "packages-experimental.db";
+   SrcOverride "override.experimental.src";
+};
+
+bindirectory "dists/proposed-updates"
+{
+   Packages "project/proposed-updates/Packages";
+   Contents "project/proposed-updates/Contents";
+   
+   BinOverride "override.slink.all3";
+   BinOverride "override.slink.all3.src";
+   BinCacheDB "packages-proposed-updates.db";
+};
+
+   
diff --git a/doc/examples/preferences b/doc/examples/preferences
new file mode 100644
index 000000000..7ebc52a41
--- /dev/null
+++ b/doc/examples/preferences
@@ -0,0 +1,11 @@
+Package:  *
+Pin:  release a=stable
+Pin-Priority:  500
+
+Package:  *
+Pin:  release a=testing
+Pin-Priority:  101
+
+Package:  *
+Pin:  release a=unstable
+Pin-Priority:  99