diff options
| author | Julian Andres Klode <jak@debian.org> | 2022-02-22 17:45:08 +0100 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2022-02-22 18:25:06 +0100 |
| commit | 9aee35d1acafde2e443741160d13d365345383ab (patch) | |
| tree | 8b6d3c2c6511705cf3c3ea3d80c67d3dc1167733 | |
| parent | 975c55803caca0e34524d6177724ce334b3ffff8 (diff) | |
Improve the documentation for /etc/apt/keyrings
| -rw-r--r-- | doc/apt-key.8.xml | 4 | ||||
| -rw-r--r-- | doc/sources.list.5.xml | 5 |
2 files changed, 6 insertions, 3 deletions
diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml index 6167a7826..5f2701e0c 100644 --- a/doc/apt-key.8.xml +++ b/doc/apt-key.8.xml @@ -202,14 +202,14 @@ <para>If your existing use of <command>apt-key add</command> looks like this:</para> <para><literal>wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -</literal></para> -<para>Then you can directly replace this with:</para> +<para>Then you can directly replace this with (though note the recommendation below):</para> <para><literal>wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc</literal></para> <para>Make sure to use the "<literal>asc</literal>" extension for ASCII armored keys and the "<literal>gpg</literal>" extension for the binary OpenPGP format (also known as "GPG key public ring"). The binary OpenPGP format works for all apt versions, while the ASCII armored format works for apt version >= 1.4.</para> -<para>Instead of placing keys into the <filename>/etc/apt/trusted.gpg.d</filename> +<para><emphasis>Recommended:</emphasis> Instead of placing keys into the <filename>/etc/apt/trusted.gpg.d</filename> directory, you can place them anywhere on your filesystem by using the <literal>Signed-By</literal> option in your <literal>sources.list</literal> and pointing to the filename of the key. See &sources-list; for details. diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml index 261c90656..6c278dd61 100644 --- a/doc/sources.list.5.xml +++ b/doc/sources.list.5.xml @@ -299,7 +299,10 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [. It is specified as a list of absolute paths to keyring files (have to be accessible and readable for the <literal>_apt</literal> system user, so ensure everyone has read-permissions on the file) and fingerprints - of keys to select from these keyrings. If no keyring files are specified + of keys to select from these keyrings. The recommended locations for keyrings + are <filename>/usr/share/keyrings</filename> for keyrings managed by packages, + and <filename>/etc/apt/keyrings</filename> for keyrings managed by the system operator. + If no keyring files are specified the default is the <filename>trusted.gpg</filename> keyring and all keyrings in the <filename>trusted.gpg.d/</filename> directory (see <command>apt-key fingerprint</command>). If no fingerprint is |