You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

547 lines
27 KiB

  1. <?xml version="1.0" encoding="utf-8" standalone="no"?>
  2. <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  3. "" [
  4. <!ENTITY % aptent SYSTEM "apt.ent"> %aptent;
  5. <!ENTITY % aptverbatiment SYSTEM "apt-verbatim.ent"> %aptverbatiment;
  6. <!ENTITY % aptvendor SYSTEM "apt-vendor.ent"> %aptvendor;
  7. ]>
  8. <refentry>
  9. <refentryinfo>
  10. &apt-author.jgunthorpe;
  11. &;
  12. &apt-email;
  13. &apt-product;
  14. <!-- The last update date -->
  15. <date>2017-09-10T00:00:00Z</date>
  16. </refentryinfo>
  17. <refmeta>
  18. <refentrytitle>sources.list</refentrytitle>
  19. <manvolnum>5</manvolnum>
  20. <refmiscinfo class="manual">APT</refmiscinfo>
  21. </refmeta>
  22. <!-- Man page title -->
  23. <refnamediv>
  24. <refname>sources.list</refname>
  25. <refpurpose>List of configured APT data sources</refpurpose>
  26. </refnamediv>
  27. <refsect1><title>Description</title>
  28. <para>
  29. The source list <filename>/etc/apt/sources.list</filename> and the
  30. files contained in <filename>/etc/apt/sources.list.d/</filename> are
  31. designed to support any number of active sources and a variety of source
  32. media. The files list one source per line (one-line style) or contain multiline
  33. stanzas defining one or more sources per stanza (deb822 style), with the
  34. most preferred source listed first (in case a single version is
  35. available from more than one source). The information available from the
  36. configured sources is acquired by <command>apt-get update</command> (or
  37. by an equivalent command from another APT front-end).
  38. </para>
  39. </refsect1>
  40. <refsect1><title>sources.list.d</title>
  41. <para>The <filename>/etc/apt/sources.list.d</filename> directory provides
  42. a way to add sources.list entries in separate files.
  43. Two different file formats are allowed as described in the next two sections.
  44. Filenames need to have either the extension <filename>.list</filename> or
  45. <filename>.sources</filename> depending on the contained format.
  46. The filenames may only contain letters (a-z and A-Z),
  47. digits (0-9), underscore (_), hyphen (-) and period (.) characters.
  48. Otherwise APT will print a notice that it has ignored a file, unless that
  49. file matches a pattern in the <literal>Dir::Ignore-Files-Silently</literal>
  50. configuration list - in which case it will be silently ignored.</para>
  51. </refsect1>
  52. <refsect1><title>One-Line-Style Format</title>
  53. <para>
  54. Files in this format have the extension <filename>.list</filename>.
  55. Each line specifying a source starts with a type (e.g. <literal>deb-src</literal>)
  56. followed by options and arguments for this type.
  57. Individual entries cannot be continued onto a following line. Empty lines
  58. are ignored, and a <literal>#</literal> character anywhere on a line marks
  59. the remainder of that line as a comment. Consequently an entry can be
  60. disabled by commenting out the entire line.
  61. If options should be provided they are separated by spaces and all of
  62. them together are enclosed by square brackets (<literal>[]</literal>)
  63. included in the line after the type separated from it with a space.
  64. If an option allows multiple values these are separated from each other
  65. with a comma (<literal>,</literal>). An option name is separated from its
  66. value(s) by an equals sign (<literal>=</literal>). Multivalue options also
  67. have <literal>-=</literal> and <literal>+=</literal> as separators, which
  68. instead of replacing the default with the given value(s) modify the default
  69. value(s) to remove or include the given values.
  70. </para><para>
  71. This is the traditional format and supported by all apt versions.
  72. Note that not all options as described below are supported by all apt versions.
  73. Note also that some older applications parsing this format on their own might not
  74. expect to encounter options as they were uncommon before the introduction of
  75. multi-architecture support.
  76. </para>
  77. </refsect1>
  78. <refsect1><title>deb822-Style Format</title>
  79. <para>
  80. Files in this format have the extension <filename>.sources</filename>.
  81. The format is similar in syntax to other files used by Debian and its
  82. derivatives, such as the metadata files that apt will download from the configured
  83. sources or the <filename>debian/control</filename> file in a Debian source package.
  84. Individual entries are separated by an empty line; additional empty
  85. lines are ignored, and a <literal>#</literal> character at the start of
  86. the line marks the entire line as a comment. An entry can hence be
  87. disabled by commenting out each line belonging to the stanza, but it is
  88. usually easier to add the field "Enabled: no" to the stanza to disable
  89. the entry. Removing the field or setting it to yes reenables it.
  90. Options have the same syntax as every other field: A fieldname separated by
  91. a colon (<literal>:</literal>) and optionally spaces from its value(s).
  92. Note especially that multiple values are separated by whitespaces (like spaces,
  93. tabs and newlines), not by commas as in the one-line format.
  94. Multivalue fields like <literal>Architectures</literal> also have
  95. <literal>Architectures-Add</literal> and <literal>Architectures-Remove</literal>
  96. to modify the default value rather than replacing it.
  97. </para><para>
  98. This is a new format supported by apt itself since version 1.1. Previous
  99. versions ignore such files with a notice message as described earlier.
  100. It is intended to make this format gradually the default format,
  101. deprecating the previously described one-line-style format, as it is
  102. easier to create, extend and modify for humans and machines alike
  103. especially if a lot of sources and/or options are involved.
  104. Developers who are working with and/or parsing apt sources are highly
  105. encouraged to add support for this format and to contact the APT team
  106. to coordinate and share this work. Users can freely adopt this format
  107. already, but may encounter problems with software not supporting
  108. the format yet.
  109. </para>
  110. </refsect1>
  111. <refsect1><title>The deb and deb-src Types: General Format</title>
  112. <para>The <literal>deb</literal> type references a typical two-level Debian
  113. archive, <filename>distribution/component</filename>. The
  114. <literal>distribution</literal> is generally a suite name like
  115. <literal>stable</literal> or <literal>testing</literal> or a codename like
  116. <literal>&debian-stable-codename;</literal> or <literal>&debian-testing-codename;</literal>
  117. while component is one of <literal>main</literal>, <literal>contrib</literal> or
  118. <literal>non-free</literal>. The
  119. <literal>deb-src</literal> type references a Debian distribution's source
  120. code in the same form as the <literal>deb</literal> type.
  121. A <literal>deb-src</literal> line is required to fetch source indexes.</para>
  122. <para>The format for two one-line-style entries using the
  123. <literal>deb</literal> and <literal>deb-src</literal> types is:</para>
  124. <literallayout>deb [ option1=value1 option2=value2 ] uri suite [component1] [component2] [...]
  125. deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [...]</literallayout>
  126. <para>Alternatively the equivalent entry in deb822 style looks like this:
  127. <literallayout>
  128. Types: deb deb-src
  129. URIs: uri
  130. Suites: suite
  131. Components: [component1] [component2] [...]
  132. option1: value1
  133. option2: value2
  134. </literallayout>
  135. </para>
  136. <para>The URI for the <literal>deb</literal> type must specify the base of the
  137. Debian distribution, from which APT will find the information it needs.
  138. <literal>suite</literal> can specify an exact path, in which case the
  139. components must be omitted and <literal>suite</literal> must end with
  140. a slash (<literal>/</literal>). This is useful for the case when only a
  141. particular sub-directory of the archive denoted by the URI is of interest.
  142. If <literal>suite</literal> does not specify an exact path, at least
  143. one <literal>component</literal> must be present.</para>
  144. <para><literal>suite</literal> may also contain a variable,
  145. <literal>$(ARCH)</literal>
  146. which expands to the Debian architecture (such as <literal>amd64</literal> or
  147. <literal>armel</literal>) used on the system. This permits architecture-independent
  148. <filename>sources.list</filename> files to be used. In general this is only
  149. of interest when specifying an exact path; <literal>APT</literal> will
  150. automatically generate a URI with the current architecture otherwise.</para>
  151. <para>Especially in the one-line-style format since only one distribution
  152. can be specified per line it may be necessary to have multiple lines for
  153. the same URI, if a subset of all available distributions or components at
  154. that location is desired. APT will sort the URI list after it has
  155. generated a complete set internally, and will collapse multiple
  156. references to the same Internet host, for instance, into a single
  157. connection, so that it does not inefficiently establish a
  158. connection, close it, do something else, and then re-establish a
  159. connection to that same host. APT also parallelizes connections to
  160. different hosts to more effectively deal with sites with low
  161. bandwidth.</para>
  162. <para>It is important to list sources in order of preference, with the most
  163. preferred source listed first. Typically this will result in sorting
  164. by speed from fastest to slowest (CD-ROM followed by hosts on a local
  165. network, followed by distant Internet hosts, for example).</para>
  166. <para>As an example, the sources for your distribution could look like this
  167. in one-line-style format:
  168. <literallayout>&sourceslist-list-format;</literallayout> or like this in
  169. deb822 style format:
  170. <literallayout>&sourceslist-sources-format;</literallayout></para>
  171. </refsect1>
  172. <refsect1><title>The deb and deb-src types: Options</title>
  173. <para>Each source entry can have options specified to modify which source
  174. is accessed and how data is acquired from it. Format, syntax and names
  175. of the options vary between the one-line-style and deb822-style formats
  176. as described, but they both have the same options available. For simplicity
  177. we list the deb822 fieldname and provide the one-line name in brackets.
  178. Remember that besides setting multivalue options explicitly, there is also
  179. the option to modify them based on the default, but we aren't listing those
  180. names explicitly here. Unsupported options are silently ignored by all
  181. APT versions.
  182. <itemizedlist>
  183. <listitem><para><option>Architectures</option>
  184. (<option>arch</option>) is a multivalue option defining for
  185. which architectures information should be downloaded. If this
  186. option isn't set the default is all architectures as defined by
  187. the <option>APT::Architectures</option> config option.
  188. </para></listitem>
  189. <listitem><para><option>Languages</option>
  190. (<option>lang</option>) is a multivalue option defining for
  191. which languages information such as translated package
  192. descriptions should be downloaded. If this option isn't set
  193. the default is all languages as defined by the
  194. <option>Acquire::Languages</option> config option.
  195. </para></listitem>
  196. <listitem><para><option>Targets</option>
  197. (<option>target</option>) is a multivalue option defining
  198. which download targets apt will try to acquire from this
  199. source. If not specified, the default set is defined by the
  200. <option>Acquire::IndexTargets</option> configuration scope
  201. (targets are specified by their name in the
  202. <literal>Created-By</literal> field).
  203. Additionally, targets can be enabled or disabled by using the
  204. <literal>Identifier</literal> field as an option with a boolean
  205. value instead of using this multivalue option.
  206. </para></listitem>
  207. <listitem><para><option>PDiffs</option> (<option>pdiffs</option>)
  208. is a yes/no value which controls if APT should try to use PDiffs
  209. to update old indexes instead of downloading the new indexes
  210. entirely. The value of this option is ignored if the repository
  211. doesn't announce the availability of PDiffs. Defaults to the
  212. value of the option with the same name for a specific index file
  213. defined in the <option>Acquire::IndexTargets</option> scope,
  214. which itself defaults to the value of configuration option
  215. <option>Acquire::PDiffs</option> which defaults to
  216. <literal>yes</literal>.
  217. </para></listitem>
  218. <listitem><para><option>By-Hash</option> (<option>by-hash</option>)
  219. can have the value <literal>yes</literal>, <literal>no</literal>
  220. or <literal>force</literal> and controls if APT should try to
  221. acquire indexes via a URI constructed from a hashsum of the
  222. expected file instead of using the well-known stable filename
  223. of the index. Using this can avoid hashsum mismatches, but
  224. requires a supporting mirror. A <literal>yes</literal> or
  225. <literal>no</literal> value activates/disables the use of this
  226. feature if this source indicates support for it, while
  227. <literal>force</literal> will enable the feature regardless of
  228. what the source indicates. Defaults to the value of the option
  229. of the same name for a specific index file defined in the
  230. <option>Acquire::IndexTargets</option> scope, which itself
  231. defaults to the value of configuration option
  232. <option>Acquire::By-Hash</option> which defaults to
  233. <literal>yes</literal>.
  234. </para></listitem>
  235. </itemizedlist>
  236. Furthermore, there are options which if set affect
  237. <emphasis>all</emphasis> sources with the same URI and Suite, so they
  238. have to be set on all such entries and can not be varied between
  239. different components. APT will try to detect and error out on such
  240. anomalies.
  241. <itemizedlist>
  242. <listitem><para><option>Allow-Insecure</option> (<option>allow-insecure</option>),
  243. <option>Allow-Weak</option> (<option>allow-weak</option>) and
  244. <option>Allow-Downgrade-To-Insecure</option> (<option>allow-downgrade-to-insecure</option>)
  245. are boolean values which all default to <literal>no</literal>.
  246. If set to <literal>yes</literal> they circumvent parts of &apt-secure;
  247. and should therefore not be used lightly!
  248. </para></listitem>
  249. <listitem><para><option>Trusted</option> (<option>trusted</option>)
  250. is a tri-state value which defaults to APT deciding if a source
  251. is considered trusted or if warnings should be raised before e.g.
  252. packages are installed from this source. This option can be used
  253. to override that decision. The value <literal>yes</literal> tells APT
  254. always to consider this source as trusted, even if it doesn't pass
  255. authentication checks. It disables parts of &apt-secure;, and should
  256. therefore only be used in a local and trusted context (if at all) as
  257. otherwise security is breached. The value <literal>no</literal> does
  258. the opposite, causing the source to be handled as untrusted even if
  259. the authentication checks passed successfully. The default value can't
  260. be set explicitly.
  261. </para></listitem>
  262. <listitem><para><option>Signed-By</option> (<option>signed-by</option>)
  263. is either an absolute path to a keyring file (has to be
  264. accessible and readable for the <literal>_apt</literal> user,
  265. so ensure everyone has read-permissions on the file) or one or
  266. more fingerprints of keys either in the
  267. <filename>trusted.gpg</filename> keyring or in the
  268. keyrings in the <filename>trusted.gpg.d/</filename> directory
  269. (see <command>apt-key fingerprint</command>). If the option is
  270. set, only the key(s) in this keyring or only the keys with these
  271. fingerprints are used for the &apt-secure; verification of this
  272. repository. Defaults to the value of the option with the same name
  273. if set in the previously acquired <filename>Release</filename> file.
  274. Otherwise all keys in the trusted keyrings are considered valid
  275. signers for this repository.
  276. </para></listitem>
  277. <listitem><para><option>Check-Valid-Until</option> (<option>check-valid-until</option>)
  278. is a yes/no value which controls if APT should try to detect
  279. replay attacks. A repository creator can declare a time until
  280. which the data provided in the repository should be considered valid,
  281. and if this time is reached, but no new data is provided, the data
  282. is considered expired and an error is raised. Besides
  283. increasing security, as a malicious attacker can't send old data
  284. forever to prevent a user from upgrading to a new version,
  285. this also helps users identify mirrors which are no longer
  286. updated. However, some repositories such as historic archives
  287. are not updated any more by design, so this check can be
  288. disabled by setting this option to <literal>no</literal>.
  289. Defaults to the value of configuration option
  290. <option>Acquire::Check-Valid-Until</option> which itself
  291. defaults to <literal>yes</literal>.
  292. </para></listitem>
  293. <listitem><para><option>Valid-Until-Min</option>
  294. (<option>valid-until-min</option>) and
  295. <option>Valid-Until-Max</option>
  296. (<option>valid-until-max</option>) can be used to raise or
  297. lower the time period in seconds in which the data from this
  298. repository is considered valid. -Max can be especially useful
  299. if the repository provides no Valid-Until field on its Release
  300. file to set your own value, while -Min can be used to increase
  301. the valid time on seldom updated (local) mirrors of a more
  302. frequently updated but less accessible archive (which is in the
  303. sources.list as well) instead of disabling the check entirely.
  304. Default to the value of the configuration options
  305. <option>Acquire::Min-ValidTime</option> and
  306. <option>Acquire::Max-ValidTime</option> which are both unset by
  307. default.
  308. </para></listitem>
  309. </itemizedlist>
  310. </para>
  311. </refsect1>
  312. <refsect1><title>URI Specification</title>
  313. <para>The currently recognized URI types are:
  314. <variablelist>
  315. <varlistentry><term><command>http</command></term>
  316. <listitem><para>
  317. The http scheme specifies an HTTP server for an archive and is the most
  318. commonly used method, with many options in the
  319. <literal>Acquire::http</literal> scope detailed in &apt-conf;. The URI can
  320. directly include login information if the archive requires it, but the use
  321. of &apt-authconf; should be preferred. The method also supports SOCKS5 and
  322. HTTP(S) proxies either configured via apt-specific configuration or
  323. specified by the environment variable <envar>http_proxy</envar> in the
  324. format (assuming an HTTP proxy requiring authentication)
  325. <replaceable>http://user:pass@server:port/</replaceable>.
  326. The authentication details for proxies can also be supplied via
  327. &apt-authconf;.</para>
  328. <para>Note that these forms of authentication are insecure as the whole
  329. communication with the remote server (or proxy) is not encrypted so a
  330. sufficiently capable attacker can observe and record login as well as all
  331. other interactions. The attacker can <emphasis>not</emphasis> modify the
  332. communication through as APTs data security model is independent of the
  333. chosen transport method. See &apt-secure; for details.</para></listitem>
  334. </varlistentry>
  335. <varlistentry><term><command>https</command></term>
  336. <listitem><para>
  337. The https scheme specifies an HTTPS server for an archive and is very
  338. similar in use and available options to the http scheme. The main
  339. difference is that the communication between apt and server (or proxy) is
  340. encrypted. Note that the encryption does not prevent an attacker from
  341. knowing which server (or proxy) apt is communicating with and deeper
  342. analyses can potentially still reveal which data was downloaded. If this is
  343. a concern the Tor-based schemes mentioned further below might be a suitable
  344. alternative.</para></listitem>
  345. </varlistentry>
  346. <varlistentry><term><command>file</command></term>
  347. <listitem><para>
  348. The file scheme allows an arbitrary directory in the file system to be
  349. considered an archive. This is useful for NFS mounts and local mirrors or
  350. archives.</para></listitem>
  351. </varlistentry>
  352. <varlistentry><term><command>cdrom</command></term>
  353. <listitem><para>
  354. The cdrom scheme allows APT to use a local CD-ROM, DVD or USB drive with media
  355. swapping. Use the &apt-cdrom; program to create cdrom entries in the
  356. source list.</para></listitem>
  357. </varlistentry>
  358. <varlistentry><term><command>ftp</command></term>
  359. <listitem><para>
  360. The ftp scheme specifies an FTP server for an archive. Use of FTP is on the
  361. decline in favour of <literal>http</literal> and <literal>https</literal>
  362. and many archives either never offered or are retiring FTP access. If you
  363. still need this method many configuration options for it are available in
  364. the <literal>Acquire::ftp</literal> scope and detailed in &apt-conf;.</para>
  365. <para>Please note that an FTP proxy can be specified
  366. by using the <envar>ftp_proxy</envar> environment variable. It is possible
  367. to specify an HTTP proxy (HTTP proxy servers often understand FTP URLs)
  368. using this environment variable and <emphasis>only</emphasis> this
  369. environment variable. Proxies using HTTP specified in
  370. the configuration file will be ignored.</para></listitem>
  371. </varlistentry>
  372. <varlistentry><term><command>copy</command></term>
  373. <listitem><para>
  374. The copy scheme is identical to the file scheme except that packages are
  375. copied into the cache directory instead of used directly at their location.
  376. This is useful for people using removable media to copy files around with APT.</para></listitem>
  377. </varlistentry>
  378. <varlistentry><term><command>rsh</command></term><term><command>ssh</command></term>
  379. <listitem><para>
  380. The rsh/ssh method invokes RSH/SSH to connect to a remote host and
  381. access the files as a given user. Prior configuration of rhosts or RSA keys
  382. is recommended. The standard <command>find</command> and <command>dd</command>
  383. commands are used to perform the file transfers from the remote host.
  384. </para></listitem>
  385. </varlistentry>
  386. <varlistentry><term>adding more recognizable URI types</term>
  387. <listitem><para>
  388. APT can be extended with more methods shipped in other optional packages, which should
  389. follow the naming scheme <package>apt-transport-<replaceable>method</replaceable></package>.
  390. For instance, the APT team also maintains the package <package>apt-transport-tor</package>,
  391. which provides access methods for HTTP and HTTPS URIs routed via the Tor network.
  392. </para></listitem>
  393. </varlistentry>
  394. </variablelist>
  395. </para>
  396. </refsect1>
  397. <refsect1><title>Examples</title>
  398. <para>Uses the archive stored locally (or NFS mounted) at /home/apt/debian
  399. for stable/main, stable/contrib, and stable/non-free.</para>
  400. <literallayout>deb file:/home/apt/debian stable main contrib non-free</literallayout>
  401. <literallayout>Types: deb
  402. URIs: file:/home/apt/debian
  403. Suites: stable
  404. Components: main contrib non-free</literallayout>
  405. <para>As above, except this uses the unstable (development) distribution.</para>
  406. <literallayout>deb file:/home/apt/debian unstable main contrib non-free</literallayout>
  407. <literallayout>Types: deb
  408. URIs: file:/home/apt/debian
  409. Suites: unstable
  410. Components: main contrib non-free</literallayout>
  411. <para>Sources specification for the above.</para>
  412. <literallayout>deb-src file:/home/apt/debian unstable main contrib non-free</literallayout>
  413. <literallayout>Types: deb-src
  414. URIs: file:/home/apt/debian
  415. Suites: unstable
  416. Components: main contrib non-free</literallayout>
  417. <para>The first line gets package information for the architectures in <literal>APT::Architectures</literal>
  418. while the second always retrieves <literal>amd64</literal> and <literal>armel</literal>.</para>
  419. <literallayout>deb &debian-stable-codename; main
  420. deb [ arch=amd64,armel ] &debian-stable-codename; main</literallayout>
  421. <literallayout>Types: deb
  422. URIs:
  423. Suites: &debian-stable-codename;
  424. Components: main
  425. Types: deb
  426. URIs:
  427. Suites: &debian-stable-codename;
  428. Components: main
  429. Architectures: amd64 armel
  430. </literallayout>
  431. <para>Uses HTTP to access the archive at, and uses only
  432. the hamm/main area.</para>
  433. <literallayout>deb hamm main</literallayout>
  434. <literallayout>Types: deb
  435. URIs:
  436. Suites: hamm
  437. Components: main</literallayout>
  438. <para>Uses FTP to access the archive at, under the debian
  439. directory, and uses only the &debian-stable-codename;/contrib area.</para>
  440. <literallayout>deb &debian-stable-codename; contrib</literallayout>
  441. <literallayout>Types: deb
  442. URIs:
  443. Suites: &debian-stable-codename;
  444. Components: contrib</literallayout>
  445. <para>Uses FTP to access the archive at, under the debian
  446. directory, and uses only the unstable/contrib area. If this line appears as
  447. well as the one in the previous example in <filename>sources.list</filename>
  448. a single FTP session will be used for both resource lines.</para>
  449. <literallayout>deb unstable contrib</literallayout>
  450. <literallayout>Types: deb
  451. URIs:
  452. Suites: unstable
  453. Components: contrib</literallayout>
  454. <para>Uses HTTP to access the archive at, under the
  455. universe directory, and uses only files found under
  456. <filename>unstable/binary-i386</filename> on i386 machines,
  457. <filename>unstable/binary-amd64</filename> on amd64, and so
  458. forth for other supported architectures. [Note this example only
  459. illustrates how to use the substitution variable; official debian
  460. archives are not structured like this]
  461. <literallayout>deb unstable/binary-$(ARCH)/</literallayout>
  462. <literallayout>Types: deb
  463. URIs:
  464. Suites: unstable/binary-$(ARCH)/</literallayout>
  465. </para>
  466. <para>Uses HTTP to get binary packages as well as sources from the stable, testing and unstable
  467. suites and the components main and contrib.</para>
  468. <literallayout>deb stable main contrib
  469. deb-src stable main contrib
  470. deb testing main contrib
  471. deb-src testing main contrib
  472. deb unstable main contrib
  473. deb-src unstable main contrib</literallayout>
  474. <literallayout>Types: deb deb-src
  475. URIs:
  476. Suites: stable testing unstable
  477. Components: main contrib
  478. </literallayout>
  479. </refsect1>
  480. <refsect1><title>See Also</title>
  481. <para>&apt-get;, &apt-conf;, &apt-acquire-additional-files;</para>
  482. </refsect1>
  483. &manbugs;
  484. </refentry>