summaryrefslogtreecommitdiff
path: root/doc/examples
diff options
context:
space:
mode:
Diffstat (limited to 'doc/examples')
-rw-r--r--doc/examples/apt-https-method-example.conf21
-rw-r--r--doc/examples/configure-index26
2 files changed, 41 insertions, 6 deletions
diff --git a/doc/examples/apt-https-method-example.conf b/doc/examples/apt-https-method-example.conf
index 0067171bd..cc7889044 100644
--- a/doc/examples/apt-https-method-example.conf
+++ b/doc/examples/apt-https-method-example.conf
@@ -36,6 +36,8 @@
to access its content.
- The certificate presented by both server have (as expected) a CN that
matches their respective DNS names.
+ - We have CRL available for both dom1.tld and dom2.tld PKI, and intend
+ to use them.
- It somtimes happens that we had other more generic https available
repository to our list. We want the checks to be performed against
a common list of anchors (like the one provided by ca-certificates
@@ -56,10 +58,13 @@ Acquire::https::CaInfo "/etc/ssl/certs/ca-certificates.pem";
// Use a specific anchor and associated CRL. Enforce issuer of
// server certificate using its cert.
Acquire::https::secure.dom1.tld::CaInfo "/etc/apt/certs/ca-dom1-crt.pem";
+Acquire::https::secure.dom1.tld::CrlFile "/etc/apt/certs/ca-dom1-crl.pem";
+Acquire::https::secure.dom1.tld::IssuerCert "/etc/apt/certs/secure.dom1-issuer-crt.pem";
// Like previous for anchor and CRL, but also provide our
// certificate and keys for client authentication.
Acquire::https::secure.dom2.tld::CaInfo "/etc/apt/certs/ca-dom2-crt.pem";
+Acquire::https::secure.dom2.tld::CrlFile "/etc/apt/certs/ca-dom2-crl.pem";
Acquire::https::secure.dom2.tld::SslCert "/etc/apt/certs/my-crt.pem";
Acquire::https::secure.dom2.tld::SslKey "/etc/apt/certs/my-key.pem";
@@ -97,6 +102,22 @@ Acquire::https::secure.dom2.tld::SslKey "/etc/apt/certs/my-key.pem";
used for the https entries in the sources.list file that use that
repository (with the same name).
+ Acquire::https[::repo.domain.tld]::CrlFile "/path/to/all/crl.pem";
+
+ Like previous knob but for passing the list of CRL files (in PEM
+ format) to be used to verify revocation status. Again, if the
+ option is defined with no specific mirror (probably makes little
+ sense), this CRL information is used for all defined https entries
+ in sources.list file. In a mirror specific context, it only applies
+ to that mirror.
+
+ Acquire::https[::repo.domain.tld]::IssuerCert "/path/to/issuer/cert.pem";
+
+ Allows to constrain the issuer of the server certificate (for all
+ https mirrors or a specific one) to a specific issuer. If the
+ server certificate has not been issued by this certificate,
+ connection fails.
+
Acquire::https[::repo.domain.tld]::Verify-Peer "true";
When authenticating the server, if the certificate verification fails
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 05826feaa..0b30a50a9 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -90,11 +90,6 @@ APT
TrustCDROM "false"; // consider the CDROM always trusted
};
- GPGV
- {
- TrustedKeyring "/etc/apt/trusted.gpg";
- };
-
// Some general options
Ignore-Hold "false";
Clean-Installed "true";
@@ -176,7 +171,10 @@ Acquire
Source-Symlinks "true";
PDiffs "true"; // try to get the IndexFile diffs
-
+ PDiffs::FileLimit "4"; // don't use diffs if we would need more than 4 diffs
+ PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
+ // 50% of the size of the original file
+
// HTTP method configuration
http
{
@@ -250,6 +248,10 @@ Acquire
cdrom
{
+ // do auto detection of the cdrom mountpoint
+ AutoDetect "true";
+
+ // cdrom mountpoint (needs to be defined in fstab if AutoDetect is not used)
mount "/cdrom";
// You need the trailing slash!
@@ -309,6 +311,7 @@ Dir "/"
// Config files
Etc "etc/apt/" {
Main "apt.conf";
+ Netrc "auth.conf";
Parts "apt.conf.d/";
Preferences "preferences";
PreferencesParts "preferences.d";
@@ -316,6 +319,8 @@ Dir "/"
SourceParts "sources.list.d";
VendorList "vendors.list";
VendorParts "vendors.list.d";
+ Trusted "trusted.gpg";
+ TrustedParts "trusted.gpg.d";
};
// Locations of binaries
@@ -334,6 +339,13 @@ Dir "/"
Log "var/log/apt" {
Terminal "term.log";
};
+
+ // Media
+ Media
+ {
+ // Media AutoDetect mount path
+ MountPath "/media/apt";
+ };
};
// Things that effect the APT dselect method
@@ -391,6 +403,7 @@ Debug
pkgProblemResolver::ShowScores "false";
pkgDepCache::AutoInstall "false"; // what packages apt install to satify dependencies
pkgDepCache::Marker "false";
+ pkgCacheGen "false";
pkgAcquire "false";
pkgAcquire::Worker "false";
pkgAcquire::Auth "false";
@@ -407,6 +420,7 @@ Debug
Acquire::gpgv "false"; // Show the gpgv traffic
aptcdrom "false"; // Show found package files
IdentCdrom "false";
+ acquire::netrc "false"; // netrc parser
}