APT.CONF(5) | APT | APT.CONF(5) |
NAME¶
apt.conf - Configuration file for APTDESCRIPTION¶
/etc/apt/apt.conf is the main configuration file shared by all the tools in the APT suite of tools, though it is by no means the only place options can be set. The suite also shares a common command line parser to provide a uniform environment.When an APT tool starts up it will read the configuration files in the following order:
SYNTAX¶
The configuration file is organized in a tree with options organized into functional groups. Option specification is given with a double colon notation; for instance APT::Get::Assume-Yes is an option within the APT tool group, for the Get tool. Options do not inherit from their parent groups.Syntactically the configuration language is modeled after what the ISC tools such as bind and dhcp use. Lines starting with // are treated as comments (ignored), as well as all text between /* and */, just like C/C++ comments. Each line is of the form APT::Get::Assume-Yes "true";. The quotation marks and trailing semicolon are required. The value must be on one line, and there is no kind of string concatenation. Values must not include backslashes or extra quotation marks. Option names are made up of alphanumeric characters and the characters "/-:._+". A new scope can be opened with curly braces, like this:
APT { Get { Assume-Yes "true"; Fix-Broken "true"; }; };
with newlines placed to make it more readable. Lists can be created by opening a scope and including a single string enclosed in quotes followed by a semicolon. Multiple entries can be included, separated by a semicolon.
DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt";};
In general the sample configuration file /usr/share/doc/apt/examples/configure-index.gz is a good guide for how it should look.
Case is not significant in names of configuration items, so in the previous example you could use dpkg::pre-install-pkgs.
Names for the configuration items are optional if a list is defined as can be seen in the DPkg::Pre-Install-Pkgs example above. If you don't specify a name a new entry will simply add a new option to the list. If you specify a name you can override the option in the same way as any other option by reassigning a new value to the option.
Two special commands are defined: #include (which is deprecated and not supported by alternative implementations) and #clear. #include will include the given file, unless the filename ends in a slash, in which case the whole directory is included. #clear is used to erase a part of the configuration tree. The specified element and all its descendants are erased. (Note that these lines also need to end with a semicolon.)
The #clear command is the only way to delete a list or a complete scope. Reopening a scope (or using the syntax described below with an appended ::) will not override previously written entries. Options can only be overridden by addressing a new value to them - lists and scopes can't be overridden, only cleared.
All of the APT tools take an -o option which allows an arbitrary configuration directive to be specified on the command line. The syntax is a full option name (APT::Get::Assume-Yes for instance) followed by an equals sign then the new value of the option. To append a new element to a list, add a trailing :: to the name of the list. (As you might suspect, the scope syntax can't be used on the command line.)
Note that appending items to a list using :: only works for one item per line, and that you should not use it in combination with the scope syntax (which adds :: implicitly). Using both syntaxes together will trigger a bug which some users unfortunately depend on: an option with the unusual name "::" which acts like every other option with a name. This introduces many problems; for one thing, users who write multiple lines in this wrong syntax in the hope of appending to a list will achieve the opposite, as only the last assignment for this option "::" will be used. Future versions of APT will raise errors and stop working if they encounter this misuse, so please correct such statements now while APT doesn't explicitly complain about them.
THE APT GROUP¶
This group of options controls general APT behavior as well as holding the options for all of the tools.Architecture
Architectures
Compressor
Build-Profiles
Default-Release
Ignore-Hold
Clean-Installed
Immediate-Configure
The immediate configuration marker is also applied in the potentially problematic case of circular dependencies, since a dependency with the immediate flag is equivalent to a Pre-Dependency. In theory this allows APT to recognise a situation in which it is unable to perform immediate configuration, abort, and suggest to the user that the option should be temporarily deactivated in order to allow the operation to proceed. Note the use of the word "theory" here; in the real world this problem has rarely been encountered, in non-stable distribution versions, and was caused by wrong dependencies of the package in question or by a system in an already broken state; so you should not blindly disable this option, as the scenario mentioned above is not the only problem it can help to prevent in the first place.
Before a big operation like dist-upgrade is run with this option disabled you should try to explicitly install the package APT is unable to configure immediately; but please make sure you also report your problem to your distribution and to the APT team with the buglink below, so they can work on improving or correcting the upgrade process.
Force-LoopBreak
Cache-Start, Cache-Grow, Cache-Limit
Build-Essential
Get
Cache
CDROM
THE ACQUIRE GROUP¶
The Acquire group of options controls the download of packages as well as the various "acquire methods" responsible for the download itself (see also sources.list(5)).Check-Valid-Until
Max-ValidTime
Min-ValidTime
PDiffs
Two sub-options to limit the use of PDiffs are also available: FileLimit can be used to specify a maximum number of PDiff files should be downloaded to update a file. SizeLimit on the other hand is the maximum percentage of the size of all patches compared to the size of the targeted file. If one of these limits is exceeded the complete file is downloaded instead of the patches.
By-Hash
Queue-Mode
Retries
Source-Symlinks
http
Three settings are provided for cache control with HTTP/1.1 compliant proxy caches. No-Cache tells the proxy not to use its cached response under any circumstances. Max-Age sets the allowed maximum age (in seconds) of an index file in the cache of the proxy. No-Store specifies that the proxy should not store the requested archive files in its cache, which can be used to prevent the proxy from polluting its cache with (big) .deb files.
The option timeout sets the timeout timer used by the method; this value applies to the connection as well as the data timeout.
The setting Acquire::http::Pipeline-Depth can be used to enable HTTP pipelining (RFC 2616 section 8.1.2.2) which can be beneficial e.g. on high-latency connections. It specifies how many requests are sent in a pipeline. APT tries to detect and workaround misbehaving webservers and proxies at runtime, but if you know that yours does not conform to the HTTP/1.1 specification pipelining can be disabled by setting the value to 0. It is enabled by default with the value 10.
Acquire::http::AllowRedirect controls whether APT will follow redirects, which is enabled by default.
The used bandwidth can be limited with Acquire::http::Dl-Limit which accepts integer values in kilobytes per second. The default value is 0 which deactivates the limit and tries to use all available bandwidth. Note that this option implicitly disables downloading from multiple servers at the same time.
Acquire::http::User-Agent can be used to set a different User-Agent for the http download method as some proxies allow access for clients only if the client uses a known identifier.
Acquire::http::Proxy-Auto-Detect can be used to specify an external command to discover the http proxy to use. The first and only parameter is an URI denoting the host to be contacted to allow for host-specific configuration. APT expects the command to output the proxy on stdout as a single line in the style http://proxy:port/ or the word DIRECT if no proxy should be used. No output indicates that the generic proxy settings should be used. Note that auto-detection will not be used for a host if a host-specific proxy configuration is already set via Acquire::http::Proxy::HOST. See the squid-deb-proxy-client(1) package for an example implementation that uses avahi. This option takes precedence over the legacy option name ProxyAutoDetect.
https
CaInfo suboption specifies place of file that holds info about trusted certificates. <host>::CaInfo is the corresponding per-host option. Verify-Peer boolean suboption determines whether or not the server's host certificate should be verified against trusted certificates. <host>::Verify-Peer is the corresponding per-host option. Verify-Host boolean suboption determines whether or not the server's hostname should be verified. <host>::Verify-Host is the corresponding per-host option. SslCert determines what certificate to use for client authentication. <host>::SslCert is the corresponding per-host option. SslKey determines what private key to use for client authentication. <host>::SslKey is the corresponding per-host option. SslForceVersion overrides default SSL version to use. It can contain either of the strings 'TLSv1' or 'SSLv3'. <host>::SslForceVersion is the corresponding per-host option.
ftp
The option timeout sets the timeout timer used by the method; this value applies to the connection as well as the data timeout.
Several settings are provided to control passive mode. Generally it is safe to leave passive mode on; it works in nearly every environment. However, some situations require that passive mode be disabled and port mode FTP used instead. This can be done globally or for connections that go through a proxy or for a specific host (see the sample config file for examples).
It is possible to proxy FTP over HTTP by setting the ftp_proxy environment variable to an HTTP URL - see the discussion of the http method above for syntax. You cannot set this in the configuration file and it is not recommended to use FTP over HTTP due to its low efficiency.
The setting ForceExtended controls the use of RFC2428 EPSV and EPRT commands. The default is false, which means these commands are only used if the control connection is IPv6. Setting this to true forces their use even on IPv4 connections. Note that most FTP servers do not support RFC2428.
cdrom
/cdrom/::Mount "foo";
within the cdrom block. It is important to have the trailing slash. Unmount commands can be specified using UMount.
gpgv
CompressionTypes
Acquire::CompressionTypes::FileExtension "Methodname";
Also, the Order subgroup can be used to define in which order the acquire system will try to download the compressed files. The acquire system will try the first and proceed with the next compression type in this list on error, so to prefer one over the other type simply add the preferred type first - types not already added will be implicitly appended to the end of the list, so e.g.
Acquire::CompressionTypes::Order:: "gz";
can be used to prefer gzip compressed files over all other compression formats. If xz should be preferred over gzip and bzip2 the configure setting should look like this:
Acquire::CompressionTypes::Order { "xz"; "gz"; };
It is not needed to add bz2 to the list explicitly as it will be added automatically.
Note that the Dir::Bin::Methodname will be checked at run time. If this option has been set and support for this format isn't directly built into apt, the method will only be used if this file exists; e.g. for the bzip2 method (the inbuilt) setting is:
Dir::Bin::bzip2 "/bin/bzip2";
Note also that list entries specified on the command line will be added at the end of the list specified in the configuration files, but before the default entries. To prefer a type in this case over the ones specified in the configuration files you can set the option direct - not in list style. This will not override the defined list; it will only prefix the list with this type.
The special type uncompressed can be used to give uncompressed files a preference, but note that most archives don't provide uncompressed files so this is mostly only useable for local mirrors.
GzipIndexes
Languages
The default list includes "environment" and "en". "environment" has a special meaning here: it will be replaced at runtime with the language codes extracted from the LC_MESSAGES environment variable. It will also ensure that these codes are not included twice in the list. If LC_MESSAGES is set to "C" only the Translation-en file (if available) will be used. To force APT to use no Translation file use the setting Acquire::Languages=none. "none" is another special meaning code which will stop the search for a suitable Translation file. This tells APT to download these translations too, without actually using them unless the environment specifies the languages. So the following example configuration will result in the order "en, de" in an English locale or "de, en" in a German one. Note that "fr" is downloaded, but not used unless APT is used in a French locale (where the order would be "fr, de, en").
Acquire::Languages { "environment"; "de"; "en"; "none"; "fr"; };
Note: To prevent problems resulting from APT being executed in different environments (e.g. by different users or by other programs) all Translation files which are found in /var/lib/apt/lists/ will be added to the end of the list (after an implicit "none").
ForceIPv4
ForceIPv6
MaxReleaseFileSize
EnableSrvRecords
AllowInsecureRepositories
AllowWeakRepositories
AllowDowngradeToInsecureRepositories
Changelogs::URI scope
BINARY SPECIFIC CONFIGURATION¶
Especially with the introduction of the apt binary it can be useful to set certain options only for a specific binary as even options which look like they would effect only a certain binary like APT::Get::Show-Versions effect apt-get as well as apt.Setting an option for a specific binary only can be achieved by setting the option inside the Binary::specific-binary scope. Setting the option APT::Get::Show-Versions for the apt only can e.g. by done by setting Binary::apt::APT::Get::Show-Versions instead.
Note that as seen in the DESCRIPTION section further above you can't set binary-specific options on the commandline itself nor in configuration files loaded via the commandline.
DIRECTORIES¶
The Dir::State section has directories that pertain to local state information. lists is the directory to place downloaded package lists in and status is the name of the dpkg(1) status file. preferences is the name of the APT preferences file. Dir::State contains the default directory to prefix on all sub-items if they do not start with / or ./.Dir::Cache contains locations pertaining to local cache information, such as the two package caches srcpkgcache and pkgcache as well as the location to place downloaded archives, Dir::Cache::archives. Generation of caches can be turned off by setting pkgcache or srcpkgcache to "". This will slow down startup but save disk space. It is probably preferable to turn off the pkgcache rather than the srcpkgcache. Like Dir::State the default directory is contained in Dir::Cache
Dir::Etc contains the location of configuration files, sourcelist gives the location of the sourcelist and main is the default configuration file (setting has no effect, unless it is done from the config file specified by APT_CONFIG).
The Dir::Parts setting reads in all the config fragments in lexical order from the directory specified. After this is done then the main config file is loaded.
Binary programs are pointed to by Dir::Bin. Dir::Bin::Methods specifies the location of the method handlers and gzip, bzip2, lzma, dpkg, apt-get dpkg-source dpkg-buildpackage and apt-cache specify the location of the respective programs.
The configuration item RootDir has a special meaning. If set, all paths will be relative to RootDir, even paths that are specified absolutely. So, for instance, if RootDir is set to /tmp/staging and Dir::State::status is set to /var/lib/dpkg/status, then the status file will be looked up in /tmp/staging/var/lib/dpkg/status. If you want to prefix only relative paths, set Dir instead.
The Ignore-Files-Silently list can be used to specify which files APT should silently ignore while parsing the files in the fragment directories. Per default a file which end with .disabled, ~, .bak or .dpkg-[a-z]+ is silently ignored. As seen in the last default value these patterns can use regular expression syntax.
APT IN DSELECT¶
When APT is used as a dselect(1) method several configuration directives control the default behavior. These are in the DSelect section.Clean
options
Updateoptions
PromptAfterUpdate
HOW APT CALLS DPKG(1)¶
Several configuration directives control how APT invokes dpkg(1). These are in the DPkg section.options
Pre-Invoke, Post-Invoke
Pre-Install-Pkgs
Version 2 of this protocol sends more information through the requested file descriptor: a line with the text VERSION 2, the APT configuration space, and a list of package actions with filename and version information.
Each configuration directive line has the form key=value. Special characters (equal signs, newlines, nonprintable characters, quotation marks, and percent signs in key and newlines, nonprintable characters, and percent signs in value) are %-encoded. Lists are represented by multiple key::=value lines with the same key. The configuration section ends with a blank line.
Package action lines consist of five fields in Version 2: package name (without architecture qualification even if foreign), old version, direction of version change (< for upgrades, > for downgrades, = for no change), new version, action. The version fields are "-" for no version at all (for example when installing a package for the first time; no version is treated as earlier than any real version, so that is an upgrade, indicated as - < 1.23.4). The action field is "**CONFIGURE**" if the package is being configured, "**REMOVE**" if it is being removed, or the filename of a .deb file if it is being unpacked.
In Version 3 after each version field follows the architecture of this version, which is "-" if there is no version, and a field showing the MultiArch type "same", "foreign", "allowed" or "none". Note that "none" is an incorrect typename which is just kept to remain compatible, it should be read as "no" and users are encouraged to support both.
The version of the protocol to be used for the command cmd can be chosen by setting DPkg::Tools::options::cmd::Version accordingly, the default being version 1. If APT isn't supporting the requested version it will send the information in the highest version it has support for instead.
The file descriptor to be used to send the information can be requested with DPkg::Tools::options::cmd::InfoFD which defaults to 0 for standard input and is available since version 0.9.11. Support for the option can be detected by looking for the environment variable APT_HOOK_INFO_FD which contains the number of the used file descriptor as a confirmation.
Run-Directory
Build-options
DPkg::ConfigurePending
PERIODIC AND ARCHIVES OPTIONS¶
APT::Periodic and APT::Archives groups of options configure behavior of apt periodic updates, which is done by the /usr/lib/apt/apt.systemd.daily script. See the top of this script for the brief documentation of these options.DEBUG OPTIONS¶
Enabling options in the Debug:: section will cause debugging information to be sent to the standard error stream of the program utilizing the apt libraries, or enable special program modes that are primarily useful for debugging the behavior of apt. Most of these options are not interesting to a normal user, but a few may be:A full list of debugging options to apt follows.
Debug::Acquire::cdrom
Debug::Acquire::ftp
Debug::Acquire::http
Debug::Acquire::https
Debug::Acquire::gpgv
Debug::aptcdrom
Debug::BuildDeps
Debug::Hashes
Debug::IdentCDROM
Debug::NoLocking
Debug::pkgAcquire
Debug::pkgAcquire::Auth
Debug::pkgAcquire::Diffs
Debug::pkgAcquire::RRed
Debug::pkgAcquire::Worker
Debug::pkgAutoRemove
Debug::pkgDepCache::AutoInstall
Debug::pkgDepCache::Marker
Debug::pkgDPkgPM
Debug::pkgDPkgProgressReporting
Debug::pkgOrderList
Debug::pkgPackageManager
Debug::pkgPolicy
Debug::pkgProblemResolver
Debug::pkgProblemResolver::ShowScores
Debug::sourceList
Debug::RunScripts
EXAMPLES¶
/usr/share/doc/apt/examples/configure-index.gz is a configuration file showing example values for all possible options.FILES¶
/etc/apt/apt.conf/etc/apt/apt.conf.d/
SEE ALSO¶
apt-cache(8), apt-config(8), apt_preferences(5).BUGS¶
APT bug page[1]. If you wish to report a bug in APT, please see /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command.AUTHORS¶
Jason GunthorpeAPT team
Daniel Burrows <dburrows@debian.org>
NOTES¶
- 1.
- APT bug page
25 November 2016 | APT 1.4.9 |