APT-SECURE(8) APT APT-SECURE(8) apt-secure - APT Starting with version 0.6, APT contains code that does signature checking of the Release file for all repositories. This ensures that data like packages in the archive can't be modified by people who have no access to the Release file signing key. Starting with version 1.1 APT requires repositories to provide recent authentication information for unimpeded usage of the repository. Since version 1.5 changes in the information contained in the Release file about the repository need to be confirmed before APT continues to apply updates from this repository. : apt-get(8)aptitude(8)synaptic(8) APT man APT UNSIGNED REPOSITORIES Release Release APT update apt-get Acquire::AllowInsecureRepositories true APT sources.list(5) allow-insecure=yes apt Trusted sources.list(5) update APT Acquire::AllowDowngradeToInsecureRepositories true sources.list(5) allow-downgrade-to-insecure=yes SIGNED REPOSITORIES APT apt-secure apt-secure debsig-verify debsign (debsig-verify devscripts ) Debian () Debian Debian (debian-keyring ) ID Debian Packages Packages Release Release Debian Debian Packages debian-archive-keyring Debian Release APT 2 o () (ARP DNS ) o () Release INFORMATION CHANGES A Release file contains beside the checksums for the files in the repository also general information about the repository like the origin, codename or version number of the release. This information is shown in various places so a repository owner should always ensure correctness. Further more user configuration like apt_preferences(5) can depend and make use of this information. Since version 1.5 the user must therefore explicitly confirm changes to signal that the user is sufficiently prepared e.g. for the new major release of the distribution shipped in the repository (as e.g. indicated by the codename). apt-key APT sources.list(5) Signed-By apt-key ()apt-key apt-get update apt InRelease Release.gpg REPOSITORY CONFIGURATION o Release apt-ftparchive release (apt-utils ) o gpg --clearsign -o InRelease Release gpg -abs -o Release.gpg Release o debian-archive-keyring Debian o () () 2 apt.conf(5), apt-get(8), sources.list(5), apt-key(8), apt- ftparchive(1), debsign(1), debsig-verify(1), gpg(1) Securing Debian Manual (harden-doc ) Debian Security Infrastructure[1] V. Alex Brennen Strong Distribution HOWTO[2] APT [3] APT /usr/share/doc/debian/bug-reporting.txt reportbug(1) APT APT Javier Fernandez-Sanguino Pena, Isaac Jones, Colin Walters, Florian Weimer, Michael Vogt (2003-2006,2009-2012), Takuma Yamada (2016), Debian JP Documentation ML Gunthorpe Jason[FAMILY Given] [FAMILY Given] 1. Debian Security Infrastructure http://www.debian.org/doc/manuals/securing-debian-howto/ch7 2. Strong Distribution HOWTO http://www.cryptnet.net/fdp/crypto/strong_distro.html 3. APT https://bugs.debian.org/src:apt APT 2.9.6 06 8 2016 APT-SECURE(8)