apt-transport-debtorrent(1) [linux man page]
apt-transport-debtorrent(1) General Commands Manual apt-transport-debtorrent(1) NAME
apt-transport-debtorrent -- an APT transport for communicating with DebTorrent DESCRIPTION
The apt-transport-debtorrent package contains the APT debtorrent transport, which gets installed in /usr/lib/apt/methods. It makes it pos- sible to use 'deb debtorrent://localhost:9988/foo distro main' type lines in your sources.list file. You don't need to run the method your- self, it will be started automatically by APT. This manual page documents briefly the options available to the debtorrent method. For an overview of the DebTorrent program, see the 'debtorrent' package. You don't actually need this package to use the DebTorrent program, it will work fine using the regular http:// transport. However, using this method has some advantages over HTTP. Unlike the traditional HTTP method, this transport will send all possible requests to DebTorrent as soon as it recieves them, which will speed up the download as peers can be contacted in parallel. This method also allows the DebTorrent client to return files to APT in any order, which is important since BitTorrent downloads proceed in a random order. Additionally, this method uses a very similar protocol to HTTP, and so can easily be used to access a DebTorrent client running on another host. OPTIONS
The options below are used by APT when calling the debtorrent method. For a description of how APT reads these options, see the apt.conf man page. The options are available to be modified in the /etc/apt/apt.conf.d/20debtorrent file. Acquire::debtorrent::Timeout seconds; the number of seconds of inactivity before the request will timeout and the method will give up (defaults to 300) Acquire::debtorrent::NoCache true|false; if this is true, then APT will not store copies of the downloaded package files in its cache (defaults to false) Debug::Acquire::debtorrent true|false; whether to output debugging messages while the method is downloading files (defaults to false) SEE ALSO
apt.conf(5), debtorrent-client(1) AUTHOR
This manual page was written by Cameron Dale <camrdale@gmail.com> for the Debian system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. apt-transport-debtorrent(1)
Check Out this Related Man Page
APT-TRANSPORT-HTTP(1) APT APT-TRANSPORT-HTTP(1) NAME
apt-transport-https - APT transport for downloading via the HTTP Secure protocol (HTTPS) DESCRIPTION
This APT transport allows the use of repositories accessed via the HTTP Secure protocol (HTTPS), also referred to as HTTP over TLS. It is available by default since apt 1.5 and was available before that in the package apt-transport-https. Note that a transport is never called directly by a user but used by APT tools based on user configuration. HTTP is by itself an unencrypted transport protocol (compare apt-transport-http(1)), which, as indicated by the appended S, is wrapped in an encrypted layer known as Transport Layer Security (TLS) to provide end-to-end encryption. A sufficiently capable attacker can still observe the communication partners and deeper analyse of the encrypted communication might still reveal important details. An overview over available alternative transport methods is given in sources.list(5). OPTIONS
The HTTPS protocol is based on the HTTP protocol, so all options supported by apt-transport-http(1) are also available via Acquire::https and will default to the same values specified for Acquire::http. This manpage will only document the options unique to https. Server credentials By default all certificates trusted by the system (see ca-certificates package) are used for the verification of the server certificate. An alternative certificate authority (CA) can be configured with the Acquire::https::CAInfo option and its host-specific option Acquire::https::CAInfo::host. The CAInfo option specifies a file made up of CA certificates (in PEM format) concatenated together to create the chain which APT should use to verify the path from your self-signed root certificate. If the remote server provides the whole chain during the exchange, the file need only contain the root certificate. Otherwise, the whole chain is required. If you need to support multiple authorities, the only way is to concatenate everything. A custom certificate revocation list (CRL) can be configured with the options Acquire::https::CRLFile and Acquire::https::CRLFile::host. As with the previous option, a file in PEM format needs to be specified. Disabling security During server authentication, if certificate verification fails for some reason (expired, revoked, man in the middle, etc.), the connection fails. This is obviously what you want in all cases and what the default value (true) of the option Acquire::https::Verify-Peer and its host-specific variant provides. If you know exactly what you are doing, setting this option to "false" allows you to skip peer certificate verification and make the exchange succeed. Again, this option is for debugging or testing purposes only as it removes all security provided by the use of HTTPS. Similarly the option Acquire::https::Verify-Host and its host-specific variant can be used to deactivate a security feature: The certificate provided by the server includes the identity of the server which should match the DNS name used to access it. By default, as requested by RFC 2818, the name of the mirror is checked against the identity found in the certificate. This default behavior is safe and should not be changed, but if you know that the server you are using has a DNS name which does not match the identity in its certificate, you can set the option to "false", which will prevent the comparison from being performed. Client authentication Besides supporting password-based authentication (see apt_auth.conf(5)) HTTPS also supports authentication based on client certificates via Acquire::https::SSLCert and Acquire::https::SSLKey. These should be set respectively to the filename of the X.509 client certificate and the associated (unencrypted) private key, both in PEM format. In practice the use of the host-specific variants of both options is highly recommended. EXAMPLES
Acquire::https { Proxy::example.org "DIRECT"; Proxy "socks5h://apt:pass@localhost:9050"; Proxy-Auto-Detect "/usr/local/bin/apt-https-proxy-auto-detect"; No-Cache "true"; Max-Age "3600"; No-Store "true"; Timeout "10"; Dl-Limit "42"; Pipeline-Depth "0"; AllowRedirect "false"; User-Agent "My APT-HTTPS"; SendAccept "false"; CAInfo "/path/to/ca/certs.pem"; CRLFile "/path/to/all/crl.pem"; Verify-Peer "true"; Verify-Host::broken.example.org "false"; SSLCert::example.org "/path/to/client/cert.pem"; SSLKey::example.org "/path/to/client/key.pem" }; SEE ALSO
apt-transport-http(1) apt.conf(5) apt_auth.conf(5) sources.list(5) BUGS
APT bug page[1]. If you wish to report a bug in APT, please see /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command. AUTHOR
APT team NOTES
1. APT bug page http://bugs.debian.org/src:apt APT 1.6.3ubuntu0.1 20 August 2018 APT-TRANSPORT-HTTP(1)