From 851b6a097165af4d51c0db01b5e05256e5006896 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:00:48 +0200 Subject: Adding upstream version 2.6.1. Signed-off-by: Daniel Baumann --- doc/sources.list.5.xml | 606 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 606 insertions(+) create mode 100644 doc/sources.list.5.xml (limited to 'doc/sources.list.5.xml') diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml new file mode 100644 index 0000000..478694c --- /dev/null +++ b/doc/sources.list.5.xml @@ -0,0 +1,606 @@ + + %aptent; + %aptverbatiment; + %aptvendor; +]> + + + + + &apt-author.jgunthorpe; + &apt-author.team; + &apt-email; + &apt-product; + + 2023-01-29T00:00:00Z + + + + sources.list + 5 + APT + + + + + sources.list + List of configured APT data sources + + + Description + + The source list /etc/apt/sources.list and the + files contained in /etc/apt/sources.list.d/ are + designed to support any number of active sources and a variety of source + media. The files list one source per line (one-line style) or contain multiline + stanzas defining one or more sources per stanza (deb822 style), with the + most preferred source listed first (in case a single version is + available from more than one source). The information available from the + configured sources is acquired by apt-get update (or + by an equivalent command from another APT front-end). + + + + sources.list.d + The /etc/apt/sources.list.d directory provides + a way to add sources.list entries in separate files. + Two different file formats are allowed as described in the next two sections. + Filenames need to have either the extension .list or + .sources depending on the contained format. + The filenames may only contain letters (a-z and A-Z), + digits (0-9), underscore (_), hyphen (-) and period (.) characters. + Otherwise APT will print a notice that it has ignored a file, unless that + file matches a pattern in the Dir::Ignore-Files-Silently + configuration list - in which case it will be silently ignored. + + + One-Line-Style Format + + Files in this format have the extension .list. + Each line specifying a source starts with a type (e.g. deb-src) + followed by options and arguments for this type. + + Individual entries cannot be continued onto a following line. Empty lines + are ignored, and a # character anywhere on a line marks + the remainder of that line as a comment. Consequently an entry can be + disabled by commenting out the entire line. + + If options should be provided they are separated by spaces and all of + them together are enclosed by square brackets ([]) + included in the line after the type separated from it with a space. + If an option allows multiple values these are separated from each other + with a comma (,). An option name is separated from its + value(s) by an equals sign (=). Multivalue options also + have -= and += as separators, which + instead of replacing the default with the given value(s) modify the default + value(s) to remove or include the given values. + + This is the traditional format and supported by all apt versions. + Note that not all options as described below are supported by all apt versions. + Note also that some older applications parsing this format on their own might not + expect to encounter options as they were uncommon before the introduction of + multi-architecture support. + + + + deb822-Style Format + + Files in this format have the extension .sources. + The format is similar in syntax to other files used by Debian and its + derivatives, such as the metadata files that apt will download from the configured + sources or the debian/control file in a Debian source package. + + Individual entries are separated by an empty line; additional empty + lines are ignored, and a # character at the start of + the line marks the entire line as a comment. An entry can hence be + disabled by commenting out each line belonging to the stanza, but it is + usually easier to add the field "Enabled: no" to the stanza to disable + the entry. Removing the field or setting it to yes re-enables it. + + Options have the same syntax as every other field: A field name separated by + a colon (:) and optionally spaces from its value(s). + Note especially that multiple values are separated by whitespaces (like spaces, + tabs and newlines), not by commas as in the one-line format. + + Multivalue fields like Architectures also have + Architectures-Add and Architectures-Remove + to modify the default value rather than replacing it. + + This is a new format supported by apt itself since version 1.1. Previous + versions ignore such files with a notice message as described earlier. + It is intended to make this format gradually the default format, + deprecating the previously described one-line-style format, as it is + easier to create, extend and modify for humans and machines alike + especially if a lot of sources and/or options are involved. + + Developers who are working with and/or parsing apt sources are highly + encouraged to add support for this format and to contact the APT team + to coordinate and share this work. Users can freely adopt this format + already, but may encounter problems with software not supporting + the format yet. + + + + The deb and deb-src Types: General Format + The deb type references a typical two-level Debian + archive, distribution/component. The + distribution is generally a suite name like + stable or testing or a codename like + &debian-stable-codename; or &debian-testing-codename; + while component is one of main, contrib, + non-free or non-free-firmware. The + deb-src type references a Debian distribution's source + code in the same form as the deb type. + A deb-src line is required to fetch source indexes. + + The format for two one-line-style entries using the + deb and deb-src types is: + + deb [ option1=value1 option2=value2 ] uri suite [component1] [component2] [...] +deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [...] + + Alternatively the equivalent entry in deb822 style looks like this: + + Types: deb deb-src + URIs: uri + Suites: suite + Components: [component1] [component2] [...] + option1: value1 + option2: value2 + + + + The URI for the deb type must specify the base of the + Debian distribution, from which APT will find the information it needs. + suite can specify an exact path, in which case the + components must be omitted and suite must end with + a slash (/). This is useful for the case when only a + particular sub-directory of the archive denoted by the URI is of interest. + If suite does not specify an exact path, at least + one component must be present. + + suite may also contain a variable, + $(ARCH) + which expands to the Debian architecture (such as amd64 or + armel) used on the system. This permits architecture-independent + sources.list files to be used. In general this is only + of interest when specifying an exact path; APT will + automatically generate a URI with the current architecture otherwise. + + Especially in the one-line-style format since only one distribution + can be specified per line it may be necessary to have multiple lines for + the same URI, if a subset of all available distributions or components at + that location is desired. APT will sort the URI list after it has + generated a complete set internally, and will collapse multiple + references to the same Internet host, for instance, into a single + connection, so that it does not inefficiently establish a + connection, close it, do something else, and then re-establish a + connection to that same host. APT also parallelizes connections to + different hosts to more effectively deal with sites with low + bandwidth. + + It is important to list sources in order of preference, with the most + preferred source listed first. Typically this will result in sorting + by speed from fastest to slowest (CD-ROM followed by hosts on a local + network, followed by distant Internet hosts, for example). + + As an example, the sources for your distribution could look like this + in one-line-style format: + &sourceslist-list-format; or like this in + deb822 style format: + &sourceslist-sources-format; + + + The deb and deb-src types: Options + Each source entry can have options specified to modify which source + is accessed and how data is acquired from it. Format, syntax and names + of the options vary between the one-line-style and deb822-style formats + as described, but they both have the same options available. For simplicity + we list the deb822 field name and provide the one-line name in brackets. + Remember that besides setting multivalue options explicitly, there is also + the option to modify them based on the default, but we aren't listing those + names explicitly here. Unsupported options are silently ignored by all + APT versions. + + + + () is a multivalue option defining for + which architectures information should be downloaded. If this + option isn't set the default is all architectures as defined by + the config option. + + + + () is a multivalue option defining for + which languages information such as translated package + descriptions should be downloaded. If this option isn't set + the default is all languages as defined by the + config option. + + + + () is a multivalue option defining + which download targets apt will try to acquire from this + source. If not specified, the default set is defined by the + configuration scope + (targets are specified by their name in the + Created-By field). + Additionally, targets can be enabled or disabled by using the + Identifier field as an option with a boolean + value instead of using this multivalue option. + + + () + is a yes/no value which controls if APT should try to use PDiffs + to update old indexes instead of downloading the new indexes + entirely. The value of this option is ignored if the repository + doesn't announce the availability of PDiffs. Defaults to the + value of the option with the same name for a specific index file + defined in the scope, + which itself defaults to the value of configuration option + which defaults to + yes. + + + () + can have the value yes, no + or force and controls if APT should try to + acquire indexes via a URI constructed from a hashsum of the + expected file instead of using the well-known stable filename + of the index. Using this can avoid hashsum mismatches, but + requires a supporting mirror. A yes or + no value activates/disables the use of this + feature if this source indicates support for it, while + force will enable the feature regardless of + what the source indicates. Defaults to the value of the option + of the same name for a specific index file defined in the + scope, which itself + defaults to the value of configuration option + which defaults to + yes. + + + + + Furthermore, there are options which if set affect + all sources with the same URI and Suite, so they + have to be set on all such entries and can not be varied between + different components. APT will try to detect and error out on such + anomalies. + + + (), + () and + () + are boolean values which all default to no. + If set to yes they circumvent parts of &apt-secure; + and should therefore not be used lightly! + + + () + is a tri-state value which defaults to APT deciding if a source + is considered trusted or if warnings should be raised before e.g. + packages are installed from this source. This option can be used + to override that decision. The value yes tells APT + always to consider this source as trusted, even if it doesn't pass + authentication checks. It disables parts of &apt-secure;, and should + therefore only be used in a local and trusted context (if at all) as + otherwise security is breached. The value no does + the opposite, causing the source to be handled as untrusted even if + the authentication checks passed successfully. The default value can't + be set explicitly. + + + () + is an option to require a repository to pass &apt-secure; verification + with a certain set of keys rather than all trusted keys apt has configured. + It is specified as a list of absolute paths to keyring files (have to be + accessible and readable for the _apt system user, + so ensure everyone has read-permissions on the file) and fingerprints + of keys to select from these keyrings. The recommended locations for keyrings + are /usr/share/keyrings for keyrings managed by packages, + and /etc/apt/keyrings for keyrings managed by the system operator. + If no keyring files are specified + the default is the trusted.gpg keyring and + all keyrings in the trusted.gpg.d/ directory + (see apt-key fingerprint). If no fingerprint is + specified all keys in the keyrings are selected. A fingerprint will + accept also all signatures by a subkey of this key, if this isn't + desired an exclamation mark (!) can be appended to + the fingerprint to disable this behaviour. + The option defaults to the value of the option with the same name + if set in the previously acquired Release file + of this repository (only fingerprints can be specified there through). + Otherwise all keys in the trusted keyrings are considered valid + signers for this repository. + + The option may also be set directly to an embedded GPG public key block. Special + care is needed to encode the empty line with leading spaces and ".": + Types: deb +URIs: https://deb.debian.org +Suites: stable +Components: main contrib non-free non-free-firmware +Signed-By: + -----BEGIN PGP PUBLIC KEY BLOCK----- + . + mDMEYCQjIxYJKwYBBAHaRw8BAQdAD/P5Nvvnvk66SxBBHDbhRml9ORg1WV5CvzKY + CuMfoIS0BmFiY2RlZoiQBBMWCgA4FiEErCIG1VhKWMWo2yfAREZd5NfO31cFAmAk + IyMCGyMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQREZd5NfO31fbOwD6ArzS + dM0Dkd5h2Ujy1b6KcAaVW9FOa5UNfJ9FFBtjLQEBAJ7UyWD3dZzhvlaAwunsk7DG + 3bHcln8DMpIJVXht78sL + =IE0r + -----END PGP PUBLIC KEY BLOCK----- + + + () + is a yes/no value which controls if APT should try to detect + replay attacks. A repository creator can declare a time until + which the data provided in the repository should be considered valid, + and if this time is reached, but no new data is provided, the data + is considered expired and an error is raised. Besides + increasing security, as a malicious attacker can't send old data + forever to prevent a user from upgrading to a new version, + this also helps users identify mirrors which are no longer + updated. However, some repositories such as historic archives + are not updated any more by design, so this check can be + disabled by setting this option to no. + Defaults to the value of configuration option + which itself + defaults to yes. + + + + () and + + () can be used to raise or + lower the time period in seconds in which the data from this + repository is considered valid. -Max can be especially useful + if the repository provides no Valid-Until field on its Release + file to set your own value, while -Min can be used to increase + the valid time on seldom updated (local) mirrors of a more + frequently updated but less accessible archive (which is in the + sources.list as well) instead of disabling the check entirely. + Default to the value of the configuration options + and + which are both unset by + default. + + + () + is a yes/no value which controls if APT should consider + the machine's time correct and hence perform time related + checks, such as verifying that a Release file is not + from the future. Disabling it also disables the + option + mentioned above. + + + + () controls how far + from the future a repository may be. + Default to the value of the configuration option + which is + 10 seconds by default. + + + () + determines the path to the InRelease file, relative + to the normal position of an InRelease file. + By default, this option is unset and APT will try to fetch an InRelease + or, if that fails, a Release file and its associated Release.gpg file. By setting this option, + the specified path will be tried instead of the InRelease file, + and the fallback to Release files will be disabled. + + + + + + + + URI Specification + + The currently recognized URI types are: + + http (&apt-transport-http;) + + The http scheme specifies an HTTP server for an archive and is the most + commonly used method. The URI can directly include login information if the + archive requires it, but the use of &apt-authconf; should be preferred. + The method also supports SOCKS5 and HTTP(S) proxies either configured via + apt-specific configuration or specified by the environment variable + http_proxy in the format (assuming an HTTP proxy requiring + authentication) http://user:pass@server:port/. + The authentication details for proxies can also be supplied via + &apt-authconf;. + Note that these forms of authentication are insecure as the whole + communication with the remote server (or proxy) is not encrypted so a + sufficiently capable attacker can observe and record login as well as all + other interactions. The attacker can not modify the + communication through as APT's data security model is independent of the + chosen transport method. See &apt-secure; for details. + + + https (&apt-transport-https;) + + The https scheme specifies an HTTPS server for an archive and is very + similar in use and available options to the http scheme. The main + difference is that the communication between apt and server (or proxy) is + encrypted. Note that the encryption does not prevent an attacker from + knowing which server (or proxy) apt is communicating with and deeper + analysis can potentially still reveal which data was downloaded. If this is + a concern the Tor-based schemes mentioned further below might be a suitable + alternative. + + + mirror, mirror+scheme (&apt-transport-mirror;) + + The mirror scheme specifies the location of a mirrorlist. By default the + scheme used for the location is http, but any other + scheme can be used via mirror+scheme. + The mirrorlist itself can contain many different URIs for mirrors the APT client + can transparently pick, choose and fallback between intended to help both + with distributing the load over the available mirrors and ensuring that + clients can acquire data even if some configured mirrors are not available. + + + + file + + The file scheme allows an arbitrary directory in the file system to be + considered an archive. This is useful for NFS mounts and local mirrors or + archives. + + + cdrom + + The cdrom scheme allows APT to use a local CD-ROM, DVD or USB drive with media + swapping. Use the &apt-cdrom; program to create cdrom entries in the + source list. + + + ftp + + The ftp scheme specifies an FTP server for an archive. Use of FTP is on the + decline in favour of http and https + and many archives either never offered or are retiring FTP access. If you + still need this method many configuration options for it are available in + the Acquire::ftp scope and detailed in &apt-conf;. + Please note that an FTP proxy can be specified + by using the ftp_proxy environment variable. It is possible + to specify an HTTP proxy (HTTP proxy servers often understand FTP URLs) + using this environment variable and only this + environment variable. Proxies using HTTP specified in + the configuration file will be ignored. + + + copy + + The copy scheme is identical to the file scheme except that packages are + copied into the cache directory instead of used directly at their location. + This is useful for people using removable media to copy files around with APT. + + + rshssh + + The rsh/ssh method invokes RSH/SSH to connect to a remote host and + access the files as a given user. Prior configuration of rhosts or RSA keys + is recommended. The standard find and dd + commands are used to perform the file transfers from the remote host. + + + + adding more recognizable URI types + + APT can be extended with more methods shipped in other optional packages, which should + follow the naming scheme apt-transport-method. + For instance, the APT team also maintains the package apt-transport-tor, + which provides access methods for HTTP and HTTPS URIs routed via the Tor network. + + + + + + + Examples + Uses the archive stored locally (or NFS mounted) at /home/apt/debian + for stable/main, stable/contrib, stable/non-free and stable/non-free-firmware. + deb file:/home/apt/debian stable main contrib non-free non-free-firmware + Types: deb +URIs: file:/home/apt/debian +Suites: stable +Components: main contrib non-free non-free-firmware + + As above, except this uses the unstable (development) distribution. + deb file:/home/apt/debian unstable main contrib non-free non-free-firmware + Types: deb +URIs: file:/home/apt/debian +Suites: unstable +Components: main contrib non-free non-free-firmware + + Sources specification for the above. + deb-src file:/home/apt/debian unstable main contrib non-free non-free-firmware + Types: deb-src +URIs: file:/home/apt/debian +Suites: unstable +Components: main contrib non-free non-free-firmware + + The first line gets package information for the architectures in APT::Architectures + while the second always retrieves amd64 and armel. + deb http://deb.debian.org/debian &debian-stable-codename; main +deb [ arch=amd64,armel ] http://deb.debian.org/debian &debian-stable-codename; main + Types: deb +URIs: http://deb.debian.org/debian +Suites: &debian-stable-codename; +Components: main + +Types: deb +URIs: http://deb.debian.org/debian +Suites: &debian-stable-codename; +Components: main +Architectures: amd64 armel + + + Uses HTTP to access the archive at archive.debian.org, and uses only + the hamm/main area. + deb http://archive.debian.org/debian-archive hamm main + Types: deb +URIs: http://archive.debian.org/debian-archive +Suites: hamm +Components: main + + Uses FTP to access the archive at ftp.debian.org, under the debian + directory, and uses only the &debian-stable-codename;/contrib area. + deb ftp://ftp.debian.org/debian &debian-stable-codename; contrib + Types: deb +URIs: ftp://ftp.debian.org/debian +Suites: &debian-stable-codename; +Components: contrib + + Uses FTP to access the archive at ftp.debian.org, under the debian + directory, and uses only the unstable/contrib area. If this line appears as + well as the one in the previous example in sources.list + a single FTP session will be used for both resource lines. + deb ftp://ftp.debian.org/debian unstable contrib + Types: deb +URIs: ftp://ftp.debian.org/debian +Suites: unstable +Components: contrib + + Uses HTTP to access the archive at ftp.tlh.debian.org, under the + universe directory, and uses only files found under + unstable/binary-i386 on i386 machines, + unstable/binary-amd64 on amd64, and so + forth for other supported architectures. [Note this example only + illustrates how to use the substitution variable; official debian + archives are not structured like this] + deb http://ftp.tlh.debian.org/universe unstable/binary-$(ARCH)/ + Types: deb +URIs: http://ftp.tlh.debian.org/universe +Suites: unstable/binary-$(ARCH)/ + + + Uses HTTP to get binary packages as well as sources from the stable, testing and unstable + suites and the components main and contrib. + deb http://deb.debian.org/debian stable main contrib +deb-src http://deb.debian.org/debian stable main contrib +deb http://deb.debian.org/debian testing main contrib +deb-src http://deb.debian.org/debian testing main contrib +deb http://deb.debian.org/debian unstable main contrib +deb-src http://deb.debian.org/debian unstable main contrib + Types: deb deb-src +URIs: http://deb.debian.org/debian +Suites: stable testing unstable +Components: main contrib + + + + + See Also + &apt-get;, &apt-conf;, &apt-acquire-additional-files; + + + &manbugs; + + -- cgit v1.2.3