aptitude-doc-en 0.8.10-6ubuntu1 / usr / share / doc / aptitude / html / en / ch02s02s05.html

This file is indexed.

/usr/share/doc/aptitude/html/en/ch02s02s05.html is in aptitude-doc-en 0.8.10-6ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Understanding and managing package trust</title><link rel="stylesheet" type="text/css" href="aptitude.css" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="home" href="index.html" title="aptitude user's manual" /><link rel="up" href="ch02s02.html" title="Managing packages" /><link rel="prev" href="ch02s02s04.html" title="Downloading, installing, and removing packages" /><link rel="next" href="ch02s02s06.html" title="Managing automatically installed packages" /><link rel="preface" href="pr01.html" title="Introduction" /><link rel="chapter" href="ch01.html" title="Chapter 1. Getting started" /><link rel="chapter" href="ch02.html" title="Chapter 2. aptitude reference guide" /><link rel="chapter" href="ch03.html" title="Chapter 3. aptitude frequently asked questions" /><link rel="chapter" href="ch04.html" title="Chapter 4. Credits" /><link rel="reference" href="rn01.html" title="Command-line reference" /><link rel="refentry" href="rn01re01.html" title="aptitude" /><link rel="refentry" href="rn01re02.html" title="aptitude-create-state-bundle" /><link rel="refentry" href="rn01re03.html" title="aptitude-run-state-bundle" /><link rel="subsection" href="ch02s02s05.html#idm1858" title="Understanding trust" /><link rel="subsection" href="ch02s02s05.html#idm1883" title="Trusting additional keys" /></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Understanding and managing package trust</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ch02s02s04.html"><img src="images/prev.gif" alt="Prev" /></a> </td><th width="60%" align="center">Managing packages</th><td width="20%" align="right"> <a accesskey="n" href="ch02s02s06.html"><img src="images/next.gif" alt="Next" /></a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="secTrust"></a>Understanding and managing package trust</h3></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="ch02s02s05.html#idm1858">Understanding trust</a></span></dt><dt><span class="section"><a href="ch02s02s05.html#idm1883">Trusting additional keys</a></span></dt></dl></div><p>
	  <code class="systemitem">apt</code>'s ability to access multiple package sources leads to
	  a potential security vulnerability.  Suppose you add an
	  archive of packages published by Joe Random Hacker to your
	  <code class="filename">sources.list</code> file in order to install
	  Joe's <code class="systemitem">gargleblast</code> package.  It is
	  possible, however, that -- unbeknownst to you -- Joe's
	  archive also contains his own <span class="quote"><span class="quote">customized</span></span>
	  versions of packages such as <code class="systemitem">libc6</code>
	  and <code class="systemitem">ssh</code>...versions that steal your
	  private information or open backdoors on your system!  If
	  these packages have higher version numbers than the
	  legitimate Debian packages, <code class="systemitem">apt</code> will blithely install them
	  on your system during your next upgrade, allowing Joe to do
	  his dirty work undetected.  Joe could also break into your
	  mirror of the Debian archives and replace the legitimate
	  software with his doctored version.
	</p><p>
	  Luckily, newer versions of <code class="systemitem">apt</code> and <span class="command"><strong>aptitude</strong></span>, such as the
	  version documented in this manual, have built-in safeguards
	  to help defeat this type of attack.  <code class="systemitem">apt</code> uses strong
	  security mechanisms based on the popular <a class="ulink" href="http://www.gnupg.org" target="_top">GPG</a> encryption software
	  to verify that the packages being distributed from the
	  official Debian mirrors are the same packages that were
	  uploaded by the Debian developers.  <span class="command"><strong>aptitude</strong></span> will then
	  warn you if you attempt to install a package from a
	  non-Debian source, or if you attempt to upgrade a package
	  that was installed from a Debian source to a version that
	  came from a non-Debian source.
	</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="images/warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
	    The security mechanisms in <code class="systemitem">apt</code> provide a near-perfect
	    guarantee that the contents of your archive mirror are
	    identical to the contents of the master Debian archive.
	    However, they are not a panacea: for instance, there are
	    many ways that a tampered package could theoretically find
	    its way into the master Debian archive.
	  </p><p>
	    Ensuring that you only install software from a trusted
	    source will give you an important degree of protection
	    against malicious packages, but it cannot eliminate all
	    the risks inherent in installing software.
	  </p></td></tr></table></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="idm1858"></a>Understanding trust</h4></div></div></div><p>
	    <code class="systemitem">apt</code> allows the administrator of an archive to provide a
	    <em class="firstterm">signature</em> of the archive's index.
	    This signature, which (for all practical purposes) cannot
	    be forged, indicates that the package files listed in the
	    index are the same files that the administrator intended
	    to place in the archive: ie, that the contents of the
	    archive have not been tampered with since it was
	    created.<a href="#ftn.idm1863" class="footnote" id="idm1863"><sup class="footnote">[9]</sup></a> The signature can
	    be validated by checking that it corresponds to the
	    administrator's <em class="firstterm">public key</em>.  The
	    public key of the Debian archive is distributed with
	    <code class="systemitem">apt</code>, typically on your Debian CD.
	  </p><p>
	    When <span class="command"><strong>aptitude</strong></span> downloads an archive index, it will check
	    whether the index is properly signed.  If it is unsigned,
	    <span class="command"><strong>aptitude</strong></span> will not trust package files from that
	    archive. (see below for information on what this means) If
	    it has a signature but the signature is incorrect or
	    cannot be verified, a warning will be printed and
	    <span class="command"><strong>aptitude</strong></span> will refuse to trust packages from that
	    archive.
	  </p><p>
	    Later, when you perform an <a class="link" href="ch02s02s04.html" title="Downloading, installing, and removing packages">install run</a>, <span class="command"><strong>aptitude</strong></span>
	    will check whether the packages are from trusted sources.
	    If an untrusted package is being installed, or a package
	    is being upgraded from a trusted to an untrusted version,
	    a warning will be displayed and you will have the
	    opportunity to abort the download:
	  </p><div class="screenshot"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" style="cellpadding: 0; cellspacing: 0;" width="100%"><tr><td><img src="images/trust-snapshot.png" width="100%" alt="[untrusted packages/versions warning]" /></td></tr></table><div class="longdesc-link" align="right"><br clear="all" /><span class="longdesc-link">[<a href="ld-idm1876.html" target="longdesc">D</a>]</span></div></div></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="idm1883"></a>Trusting additional keys</h4></div></div></div><p>
	    You might find it useful to allow <code class="systemitem">apt</code> to trust
	    additional archives, besides the main Debian archive.  For
	    each archive that you want to trust, you will have to
	    acquire the public key that is used to sign the archive's
	    package index.  This is typically a text file whose name
	    ends in <code class="filename">.asc</code>; it might be provided by
	    the site administrator or downloadable from a public
	    keyserver.  For more information on what public keys are
	    and how to get them, see the <a class="ulink" href="http://www.gnupg.org" target="_top">GPG web page</a>.
	  </p><p>
	    The list of keys that apt will trust is stored in the
	    <em class="firstterm">keyring file</em>
	    <code class="filename">/etc/apt/trusted.gpg</code>.  Once you have
	    the GPG key, you can add it to this file by executing the
	    command <span class="command"><strong>gpg --no-default-keyring --keyring
	    /etc/apt/trusted.gpg --import
	    <em class="replaceable"><code>newkey.asc</code></em></strong></span>.
	    <span class="command"><strong>aptitude</strong></span> will then trust any archive that is signed with
	    the key contained in <code class="filename">newkey.asc</code>.
	  </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Warning"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Warning]" src="images/warning.png" /></td><th align="left">Warning</th></tr><tr><td align="left" valign="top"><p>
	      Once an archive's key has been added to the APT keyring,
	      it will be trusted just as much as the main Debian
	      mirrors themselves!  You should only do this if you are
	      very confident that the key you are adding is correct
	      <span class="emphasis"><em>and</em></span> that the person who holds the
	      key is trustworthy and competent.
	    </p></td></tr></table></div></div><div class="footnotes"><br /><hr style="width:100; text-align:left;margin-left: 0" /><div id="ftn.idm1863" class="footnote"><p><a href="#idm1863" class="para"><sup class="para">[9] </sup></a>As noted above, it does
	    <span class="emphasis"><em>not</em></span> indicate that the packages in the
	    archive are secure, or even non-malicious; it merely shows
	    that they are genuine.</p></div></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ch02s02s04.html"><img src="images/prev.gif" alt="Prev" /></a> </td><td width="20%" align="center"><a accesskey="u" href="ch02s02.html"><img src="images/up.gif" alt="Up" /></a></td><td width="40%" align="right"> <a accesskey="n" href="ch02s02s06.html"><img src="images/next.gif" alt="Next" /></a></td></tr><tr><td width="40%" align="left" valign="top">Downloading, installing, and removing packages </td><td width="20%" align="center"><a accesskey="h" href="index.html"><img src="images/home.gif" alt="Home" /></a></td><td width="40%" align="right" valign="top"> Managing automatically installed packages</td></tr></table></div></body></html>

APT Browse - Built by Thomas Orozco.