summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/apt-ftparchive.1.xml3
-rw-r--r--doc/apt.conf.5.xml24
-rw-r--r--doc/examples/configure-index4
3 files changed, 30 insertions, 1 deletions
diff --git a/doc/apt-ftparchive.1.xml b/doc/apt-ftparchive.1.xml
index a3ac45bd3..549aa6a34 100644
--- a/doc/apt-ftparchive.1.xml
+++ b/doc/apt-ftparchive.1.xml
@@ -122,7 +122,8 @@
e.g. <literal>APT::FTPArchive::Release::Origin</literal>. The supported fields
are: <literal>Origin</literal>, <literal>Label</literal>, <literal>Suite</literal>,
<literal>Version</literal>, <literal>Codename</literal>, <literal>Date</literal>,
- <literal>Architectures</literal>, <literal>Components</literal>, <literal>Description</literal>.</para></listitem>
+ <literal>Valid-Until</literal>, <literal>Architectures</literal>,
+ <literal>Components</literal>, <literal>Description</literal>.</para></listitem>
</varlistentry>
diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml
index fe005e0f1..0cf4bb663 100644
--- a/doc/apt.conf.5.xml
+++ b/doc/apt.conf.5.xml
@@ -230,6 +230,30 @@ DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
and the URI handlers.
<variablelist>
+ <varlistentry><term>Check-Valid-Until</term>
+ <listitem><para>Security related option defaulting to true as an
+ expiring validation for a Release file prevents longtime replay attacks
+ and can e.g. also help users to identify no longer updated mirrors -
+ but the feature depends on the correctness of the time on the user system.
+ Archive maintainers are encouraged to create Release files with the
+ <literal>Valid-Until</literal> header, but if they don't or a stricter value
+ is volitional the following <literal>Max-ValidTime</literal> option can be used.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry><term>Max-ValidTime</term>
+ <listitem><para>Seconds the Release file should be considered valid after
+ it was created. The default is "for ever" (0) if the Release file of the
+ archive doesn't include a <literal>Valid-Until</literal> header.
+ If it does then this date is the default. The date from the Release file or
+ the date specified by the creation time of the Release file
+ (<literal>Date</literal> header) plus the seconds specified with this
+ options are used to check if the validation of a file has expired by using
+ the earlier date of the two. Archive specific settings can be made by
+ appending the label of the archive to the option name.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry><term>PDiffs</term>
<listitem><para>Try to download deltas called <literal>PDiffs</literal> for
Packages or Sources files instead of downloading whole ones. True
diff --git a/doc/examples/configure-index b/doc/examples/configure-index
index 487c09acb..fdec32c2c 100644
--- a/doc/examples/configure-index
+++ b/doc/examples/configure-index
@@ -176,6 +176,10 @@ Acquire
PDiffs::SizeLimit "50"; // don't use diffs if size of all patches excess
// 50% of the size of the original file
+ Check-Valid-Until "true";
+ Max-ValidTime "864000"; // 10 days
+ Max-ValidTime::Debian-Security "604800"; // 7 days, label specific configuration
+
// HTTP method configuration
http
{