summaryrefslogtreecommitdiff
path: root/doc/sources.list.5.xml
AgeCommit message (Collapse)Author
2016-05-01support Signed-By in Release files as a sort of HPKPDavid Kalnischkies
Users have the option since apt >= 1.1 to enforce that a Release file is signed with specific key(s) either via keyring filename or fingerprints. This commit adds an entry with the same name and value (except that it doesn't accept filenames for obvious reasons) to the Release file so that the repository owner can set a default value for this setting effecting the *next* Release file, not the current one, which provides a functionality similar "HTTP Public Key Pinning". The pinning is in effect as long as the (then old) Release file is considered valid, but it is also ignored if the Release file has no Valid-Until at all.
2016-05-01support multiple fingerprints in signed-byDavid Kalnischkies
A keyring file can include multiple keys, so its only fair for transitions and such to support multiple fingerprints as well.
2016-01-14change debian related entities to a more explicit nameDavid Kalnischkies
Git-Dch: Ignore
2015-11-26release apt 1.11.1Michael Vogt
2015-11-26Fix missing </literal> in sources.list.5.xml pageMichael Vogt
Git-Dch: ignore
2015-11-26reword Trusted paragraph in sources.list(5)Justin B Rye
Git-Dch: Ignore
2015-11-25update manpage last-modified from git via pre-export hookDavid Kalnischkies
Never updating this information is wrong, updating it automatically isn't super correct either, but it seems conventional to have it and updating it more often than needed seems better than updating it never. Git-Dch: Ignore
2015-11-25review sources.list(5) manpageJustin B Rye
2015-11-04revert accidental removal of documentation for trusted option in sources.listDavid Kalnischkies
In b0d408547734100bf86781615f546487ecf390d9 I accidently removed the documentation for Trusted and replaced it with Signed-By instead of adding it. Git-Dch: Ignore
2015-09-14add by-hash sources.list option and document all of by-hashDavid Kalnischkies
This changes the semantics of the option (which is renamed too) to be a yes/no value with the special additional value "force" as this allows by-hash to be disabled even if the repository indicates it would be supported and is more in line with our other yes/no options like pdiff which disable themselves if no support can be detected. The feature wasn't documented so far and hasn't reached a (un)stable release yet, so changing it without trying too hard to keep compatibility seems okay.
2015-08-31fix valid-until-min typo in sources.list(5)David Kalnischkies
Git-Dch: Ignore
2015-08-27sources.list and indextargets option for pdiffsDavid Kalnischkies
Disabling pdiffs can be useful occasionally, like if you have a fast local mirror where the download doesn't matter, but still want to use it for non-local mirrors. Also, some users might prefer it to only use it for very big indextargets like Contents.
2015-08-27allow explicit dis/enable of IndexTargets in sources optionsDavid Kalnischkies
While Target{,-Add,-Remove} is available for configuring IndexTargets already, allow Targets to be mentioned explicitely as yes/no options as well, so that the Target 'Contents' can be disabled via 'Contents: no' as well as 'Target-Remove: Contents'.
2015-08-27fix various typos reported by codespellDavid Kalnischkies
Reported-By: codespell
2015-08-14Mention that source order only matter per versionJulian Andres Klode
Closes: #617445
2015-08-10rename 'apt-get files' to 'apt-get indextargets'David Kalnischkies
'files' is a bit too generic as a name for a command usually only used programmatically (if at all) by developers, so instead of "wasting" this generic name for this we use "indextargets" which is actually the name of the datastructure the displayed data is stored in. Along with this rename the config options are renamed accordingly.
2015-08-10implement Signed-By option for sources.listDavid Kalnischkies
Limits which key(s) can be used to sign a repository. Not immensely useful from a security perspective all by itself, but if the user has additional measures in place to confine a repository (like pinning) an attacker who gets the key for such a repository is limited to its potential and can't use the key to sign its attacks for an other (maybe less limited) repository… (yes, this is as weak as it sounds, but having the capability might come in handy for implementing other stuff later).
2015-08-10add sources.list Check-Valid-Until and Valid-Until-{Max,Min} optionsDavid Kalnischkies
These options could be set via configuration before, but the connection to the actual sources is so strong that they should really be set in the sources.list instead – especially as this can be done a lot more specific rather than e.g. disabling Valid-Until for all sources at once. Valid-Until-* names are chosen instead of the Min/Max-ValidTime as this seems like a better name and their use in the wild is probably low enough that this isn't going to confuse anyone if we have to names for the same thing in different areas. In the longrun, the config options should be removed, but for now documentation hinting at the new options is good enough as these are the kind of options you set once across many systems with different apt versions, so the new way should work everywhere first before we deprecate the old way.
2015-08-10detect and error out on conflicting Trusted settingsDavid Kalnischkies
A specific trust state can be enforced via a sources.list option, but it effects all entries handled by the same Release file, not just the entry it was given on so we enforce acknowledgement of this by requiring the same value to be (not) set on all such entries.
2015-08-10bring back deb822 sources.list entries as .sourcesDavid Kalnischkies
Having two different formats in the same file is very dirty and causes external tools to fail hard trying to parse them. It is probably not a good idea for them to parse them in the first place, but they do and we shouldn't break them if there is a better way. So we solve this issue for now by giving our deb822 format a new filename extension ".sources" which unsupporting applications are likely to ignore an can begin gradually moving forward rather than waiting for the unknown applications to catch up. Currently and for the forseeable future apt is going to support both with the same feature set as documented in the manpage, with the longtime plan of adopting the 'new' format as default, but that is a long way to go and might get going more from having an easier time setting options than from us pushing it explicitely.
2015-08-10support lang= and target= sources.list optionsDavid Kalnischkies
We support arch= for a while, now we finally add lang= as well and as a first simple way of controlling which targets to acquire also target=. This asked for a redesign of the internal API of parsing and storing information about 'deb' and 'deb-src' lines. As this API isn't visible to the outside no damage done through. Beside being a nice cleanup (= it actually does more in less lines) it also provides us with a predictable order of architectures as provides in the configuration rather than based on string sorting-order, so that now the native architecture is parsed/displayed first. Observeable e.g. in apt-get output.
2014-08-26ensure that all docs use all entities filesDavid Kalnischkies
Not all are needed for all files at the moment, but the new docbook building hadn't available some of the entities it used as the files weren't correctly copied around in all cases and having the same across the bord makes working with all of them a little easier. Git-Dch: Ignore
2014-01-20add support for multipl types in one lineMichael Vogt
2014-01-20add support for multiple URIs in deb822 style sources.listMichael Vogt
2014-01-20add support for Enabled: no in deb822 sources.listMichael Vogt
2014-01-20add Description tag for deb822 sourcesMichael Vogt
2014-01-18rename "Suite/Section" to pluralMichael Vogt
2014-01-17implement suggestion by donkult (thanks!)Michael Vogt
2014-01-16rename URL to Uri in deb822-sourcesMichael Vogt
2014-01-16rename "distribution" in sources.list to "suite"Michael Vogt
2014-01-06document deb822 style sources.listMichael Vogt
2013-11-30add a vendor specific file to have configurable entitiesDavid Kalnischkies
manpages sometimes refer to distro-specific things like the name of the package providing the achive-keyring. Having a central place to configure this helps in having it consistent in the manpages and allows to load this info from other places in the buildsystem as well later.
2013-07-11implement arch+= and arch-= for sources.listDavid Kalnischkies
Default is to acquire all architectures from APT::Architectures which can be changed by arch=, but this isn't very flexible if you want "mostly" the default as you have to hardcode the architectures then, so arch-= and arch+= can be used to add/remove architectures from the default set. On a machine with 'amd64' and 'i386' configured the lines: deb [arch+=armel] http://example.org/debian wheezy rocks deb [arch-=amd64] http://example.org/debian jessie rocks will result in the download of: wheezy Packages for 'amd64', 'i386' and 'armel' jessie Packages for 'i386'
2012-06-09updating <date> tags and the po files for the manpagesDavid Kalnischkies
2012-06-08* sources.list.5.xml:Justin B Rye
- review and fix typo, grammar and style issues
2012-06-06* doc/apt-key.8.xml, doc/apt-mark.8.xml,Justin B Rye
doc/apt_preferences.5.xml: - review and fix spelling issues
2012-05-25* doc/apt-cdrom.8.xml:Justin B Rye
- it's multi-CD and a run-on setence "ends" with;
2012-05-24* doc/*.xml:Justin B Rye
- remove 'GNU/Linux' from 'Debian systems' strings as Debian has more systems than just GNU/Linux nowadays
2012-05-23use docbook DTD 4.5 instead of 4.2 to have valid docsDavid Kalnischkies
2012-05-23* doc/*.xml:David Kalnischkies
- mark even more stuff as untranslateable and improve the markup here and there (no real text change)
2012-05-21auto-generate the correct <date> translationDavid Kalnischkies
2012-05-19fix authenificated→authenticated typo in sources.list manpageChris Leick
2011-12-19merged from debian-sidMichael Vogt
2011-11-20* German manpage translation updateChris Leick
* doc/*.xml: - find and fix a bunch of misspellings
2011-07-14* apt-pkg/deb/debmetaindex.cc:David Kalnischkies
- add trusted=yes option to mark unsigned (local) repository as trusted based on a patch from Ansgar Burchardt, thanks a lot! (Closes: #596498) Note that "apt-get update" still warns about unknown signatures even when [trusted=yes] is given for the source.
2011-07-05cherrypick sources.list option documentation from my sid branchDavid Kalnischkies
2011-07-05* doc/sources.list.5.xml:David Kalnischkies
- document available [options] for sources.list entries (Closes: 632441)
2011-02-07a notice is printed for ignored files (Closes: #597615)David Kalnischkies
2011-01-14* doc/sources.list.5.xml:David Kalnischkies
- remove obsolete references to non-us (Closes: #594495)
2010-10-14* doc/apt.ent:David Kalnischkies
- move some strings into apt-verbatim.ent to avoid showing them in apt-doc.pot as they are untranslatable anyway (e.g. manpage references)