diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-11-22 13:02:48 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2016-11-25 00:15:12 +0100 |
| commit | f77ea8235cafb258d1cb0b2b90e95aa36e5c4650 (patch) | |
| tree | c1c071d4b809cd719d2817f6617599250aee31a7 /doc/apt-key.8.xml | |
| parent | 2906182db398419a9c59a928b7ae73cf7c7aa307 (diff) | |
document which keyring formats are supported by apt-key
* the good old 'simple' keyring format
* the ascii armored variant since 1.4
Not supported is the (new in gpg 2.1) keybox format.
Closes: 844724
Diffstat (limited to 'doc/apt-key.8.xml')
| -rw-r--r-- | doc/apt-key.8.xml | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml index 57200b1ed..6c639a674 100644 --- a/doc/apt-key.8.xml +++ b/doc/apt-key.8.xml @@ -47,6 +47,20 @@ </para> </refsect1> +<refsect1><title>Supported keyring files</title> +<para>apt-key supports only the binary OpenPGP format (also known as "GPG key + public ring") in files with the "<literal>gpg</literal>" extension, not + the keybox database format introduced in newer &gpg; versions as default + for keyring files. Binary keyring files intended to be used with any apt + version should therefore always be created with <command>gpg --export</command>. +</para> +<para>Alternatively, if all systems which should be using the created keyring + have at least apt version >= 1.4 installed, you can use the ASCII armored + format with the "<literal>asc</literal>" extension instead which can be + created with <command>gpg --armor --export</command>. +</para> +</refsect1> + <refsect1><title>Commands</title> <variablelist> <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term> @@ -63,10 +77,10 @@ otherwise the &apt-secure; infrastructure is completely undermined. </para> <para> - Instead of using this command a keyring can be placed directly in the - <filename>/etc/apt/trusted.gpg.d/</filename> directory with a descriptive name - (same rules for filename apply as for &apt-conf; files) and "<literal>gpg</literal>" - as file extension. + <emphasis>Note</emphasis>: Instead of using this command a keyring + should be placed directly in the <filename>/etc/apt/trusted.gpg.d/</filename> + directory with a descriptive name and either "<literal>gpg</literal>" or + "<literal>asc</literal>" as file extension. </para> </listitem> </varlistentry> @@ -139,7 +153,7 @@ <para> Note that a distribution does not need to and in fact should not use this command any longer and instead ship keyring files in the - <filename>/etc/apt/trusted.gpg</filename> directory directly as this + <filename>/etc/apt/trusted.gpg.d/</filename> directory directly as this avoids a dependency on <package>gnupg</package> and it is easier to manage keys by simply adding and removing files for maintainers and users alike. </para> |