1VENDORS.LIST(5) VENDORS.LIST(5)
2
3
4
6 vendors.list - Security key configuration for APT
7
9 The package vendor list contains a list of all vendors from whom you
10 wish to authenticate downloaded packages. For each vendor listed,
11 it must contain the corresponding PGP key fingerprint, so that APT
12 can perform signature verification of the release file and subse‐
13 quent checking of the checksums of each downloaded package. To have
14 authentication enabled, you must add the vendor identification string
15 (see below) enclosed in square braces to the sources.list line for all
16 sites that mirror the repository provided by that vendor.
17
18 The format of this file is similar to the one used by apt.conf.
19 It consists of an arbitrary number of blocks of vendors, where each
20 block starts with a string telling the key_type and the vendor_id.
21
22 Some vendors may have multiple blocks that define different security
23 policies for their distributions. Debian for instance uses a different
24 signing methodology for stable and unstable releases.
25
26 key_type is the type of the check required. Currently, there is only
27 one type available which is simple-key.
28
29 vendor_id is the vendor identification string. It is an arbitrary
30 string you must supply to uniquely identifify a vendor that's listed in
31 this file. Example:
32
33 simple-key "joe"
34 {
35 Fingerprint "0987AB4378FSD872343298787ACC";
36 Name "Joe Shmoe <joe@shmoe.com>";
37 }
38
40 This type of verification is used when the vendor has a single secured
41 key that must be used to sign the Release file. The following items
42 should be present
43
44 Fingerprint
45 The PGP fingerprint for the key. The fingerprint should be
46 expressed in the standard notion with or without spaces. The
47 --fingerprint option for gpg(1) will show the fingerprint for
48 the selected keys(s).
49
50 Name A string containing a description of the owner of the key or
51 vendor. You may put the vendor name and it's email. The string
52 must be quoted with ".
53
55 /etc/apt/vendors.list
56
58 sources.list(5)
59
61 See the APT bug page <URL:http://bugs.debian.org/src:apt>. If you wish
62 to report a bug in APT, please see /usr/share/doc/debian/bug-report‐
63 ing.txt or the reportbug(1) command.
64
66 APT was written by the APT team <apt@packages.debian.org>.
67
68
69
70 02 August 2007 VENDORS.LIST(5)