Linux Manpages Online - man.cx manual pages

NAME

debsigs - process signatures in .deb packages

SYNOPSIS

debsigs --list|-l [-v] file [file...]

debsigs --sign=type [--default-key=keyID] [-v] file [file...]

debsigs --verify|--check|-c file [file...]

debsigs --delete=type file [file...]

DESCRIPTION

debsigs is used to manipulate the cryptographic signatures stored inside a .deb file. It is not used to verify those signatures; for that purpose, see debsig-verify(1).

OPTIONS

--list or -l or -t

Lists the signatures found in the specified file.

--sign=type

Creates a new signature of the type specified in the given file. The signature will be created using the default key for your GPG keyring. See " SIGNATURE TYPES" below for possible values of the "type" field.

--default-key=keyID

Uses a key other than the default for signing the package.

--secret-keyring=file or -K file

Uses a keyring other than the default for signing the package. This option is passed along to GPG verbatim; see the discussion in the gpg(1) manpage for information on how to specify the keyring file.

-v

Displays verbose output.

--verify or --check or -c

Invokes debsig-verify to check the validity of the signature on this package.

--delete=type

Deletes the signature of the specified type from the package.

SIGNATURE TYPES

A Debian package may carry different types of signatures. The most commonly-used ones are:

•

"origin"

The official signature of the organization which distributes the package, usually the Debian Project or a GNU/Linux distribution derived from it. This signature may be added automatically.

•

"maint"

The signature of the maintainer of the Debian package. This signature should be added by the maintainer before uploading the package.

•

"archive"

An automatically-added signature renewed periodically to ensure that a package downloaded from an online archive is indeed the latest version distributed by the organization.

See the /usr/share/doc/debsigs/signing-policy.txt file for more information and rationale for the different signature types.

FUTURE DIRECTIONS

It would be nice to have a command-line option to change the command used for signing, instead of hard-coding "gpg".

AUTHOR

John Goerzen <jgoerzen [AT] progenylinux.com>