doc/vendors.list.5.xml

   1 <?xml version="1.0" encoding="utf-8" standalone="no"?>
   2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
   3   "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
   4
   5 <!ENTITY % aptent SYSTEM "apt.ent">
   6 %aptent;
   7
   8 ]>
   9
  10 <refentry>
  11  &apt-docinfo;
  12
  13  <refmeta>
  14    <refentrytitle>vendors.list</refentrytitle>
  15    <manvolnum>5</manvolnum>
  16  </refmeta>
  17
  18  <!-- Man page title -->
  19  <refnamediv>
  20     <refname>vendors.list</refname>
  21     <refpurpose>Security key configuration for APT</refpurpose>
  22  </refnamediv>
  23
  24  <refsect1><title>Description</title>
  25
  26    <para>The package vendor list contains a list of all vendors
  27    from whom you wish to  authenticate  downloaded  packages.
  28    For each vendor listed, it must contain the corresponding
  29    PGP key fingerprint, so that  APT  can  perform  signature
  30    verification  of the release file and subsequent checking
  31    of the checksums of each  downloaded  package.
  32    To have authentication enabled, you must add the
  33    vendor identification string  (see  below) enclosed in
  34    square braces to the sources.list line for all sites that mirror
  35    the repository provided by that vendor.</para>
  36
  37    <para>The format of this file is similar  to  the  one  used  by
  38    apt.conf.  It consists of an arbitrary number of blocks of
  39    vendors, where each block starts with a string telling the
  40    <replaceable>key_type</replaceable> and the
  41    <replaceable>vendor_id</replaceable></para>
  42
  43    <para>Some vendors may have multiple blocks that define different
  44    security policies for their distributions. Debian for instance
  45    uses a different signing methodology for stable and unstable releases.</para>
  46    <para><replaceable>key_type</replaceable> is the type of the check required.
  47    Currently, there is only one type available which is
  48    <literal>simple-key</literal>.</para>
  49
  50    <para><replaceable>vendor_id</replaceable> is the vendor identification
  51    string. It is an arbitrary string you must supply to uniquely identifify a
  52    vendor that's listed in this file.
  53
  54    Example:
  55   </para>
  56 <informalexample><programlisting>
  57 simple-key "joe"
  58 {
  59    Fingerprint "0987AB4378FSD872343298787ACC";
  60    Name "Joe Shmoe &lt;joe@shmoe.com&gt;";
  61 }
  62 </programlisting></informalexample>
  63  </refsect1>
  64
  65  <refsect1><title>The simple-key type</title>
  66
  67    <para>This type of verification is used when the vendor has a single
  68    secured key that must be used to sign the Release file. The
  69    following items should be present</para>
  70
  71    <variablelist>
  72      <varlistentry><term>Fingerprint</term>
  73      <listitem><para>
  74      The PGP fingerprint for the key. The fingerprint should be
  75      expressed in the standard notion with or without spaces.
  76      The <option>--fingerprint</option> option for
  77      <citerefentry><refentrytitle><command>gpg</command></refentrytitle><manvolnum>1</manvolnum></citerefentry>
  78      will show the fingerprint for the selected keys(s).
  79      </para>
  80      </listitem>
  81      </varlistentry>
  82
  83      <varlistentry><term>Name</term>
  84      <listitem><para>
  85      A string containing a description of the owner of
  86      the  key  or vendor.  You may put the vendor name and it's
  87      email. The string must be quoted with ".
  88      </para>
  89      </listitem>
  90      </varlistentry>
  91
  92    </variablelist>
  93  </refsect1>
  94
  95  <refsect1><title>Files</title>
  96    <para><filename>/etc/apt/vendors.list</filename></para>
  97  </refsect1>
  98
  99  <refsect1><title>See Also</title>
 100    <para>
 101    &sources-list;
 102    </para>
 103  </refsect1>
 104
 105  &manbugs;
 106  &manauthor;
 107
 108 </refentry>
 109