145 lines
6.1 KiB
Groff
145 lines
6.1 KiB
Groff
.TH DEBSIGN 1 "Debian Utilities" "DEBIAN" \" -*- nroff -*-
|
|
.SH NAME
|
|
debsign \- sign a Debian .changes and .dsc file pair using GPG
|
|
.SH SYNOPSIS
|
|
\fBdebsign\fR [\fIoptions\fR] [\fIchanges-file\fR|\fIdsc-file\fR|\fIcommands-file\fR ...]
|
|
.SH DESCRIPTION
|
|
\fBdebsign\fR mimics the signing aspects (and bugs) of
|
|
\fBdpkg-buildpackage\fR(1). It takes a \fI.dsc\fR, \fI.buildinfo\fR, or
|
|
\fI.changes\fR file and signs it, and any child \fI.dsc\fR,
|
|
\fI.buildinfo\fR, or \fI.changes\fR files directly or indirectly
|
|
referenced by it, using the GNU Privacy Guard. It is careful to
|
|
calculate the size and checksums of any newly signed child files and
|
|
replace the original values in the parent file.
|
|
.PP
|
|
If no file is specified, \fIdebian/changelog\fR is parsed to determine
|
|
the name of the \fI.changes\fR file to look for in the parent
|
|
directory.
|
|
.PP
|
|
If a \fI.commands\fR file is specified it is first validated (see the
|
|
details at \fIftp://ftp.upload.debian.org/pub/UploadQueue/README\fR),
|
|
and the name specified in the Uploader field is used for signing.
|
|
.PP
|
|
This utility is useful if a developer must build a package on one
|
|
machine where it is unsafe to sign it; they need then only transfer
|
|
the small \fI.dsc\fR, \fI.buildinfo\fR and \fI.changes\fR files to a
|
|
safe machine and then use the \fBdebsign\fR program to sign them before
|
|
transferring them back. This process can be automated in two ways.
|
|
If the files to be signed live on the \fBremote\fR machine, the
|
|
\fB\-r\fR option may be used to copy them to the local machine and back
|
|
again after signing. If the files live on the \fBlocal\fR machine, then
|
|
they may be transferred to the remote machine for signing using
|
|
\fBdebrsign\fR(1). However note that it is probably safer to have your
|
|
trusted signing machine use \fBdebsign\fR to connect to the untrusted
|
|
non-signing machine, rather than using \fBdebrsign\fR to make the
|
|
connection in the reverse direction.
|
|
.PP
|
|
This program can take default settings from the \fBdevscripts\fR
|
|
configuration files, as described below.
|
|
.SH OPTIONS
|
|
.TP
|
|
.B \-r \fR[\fIusername\fB@\fR]\fIremotehost\fR
|
|
The files to be signed live on the specified remote host. In this case,
|
|
a \fI.dsc\fR, \fI.buildinfo\fR or \fI.changes\fR file must be explicitly
|
|
named, with an absolute directory or one relative to the remote home
|
|
directory. \fBscp\fR will be used for the copying. The
|
|
\fR[\fIusername\fB@\fR]\fIremotehost\fB:\fIfilename\fR syntax is
|
|
permitted as an alternative. Wildcards (\fB*\fR etc.) are allowed.
|
|
.TP
|
|
.B \-p\fIprogname\fR
|
|
When \fBdebsign\fR needs to execute GPG to sign it will run \fIprogname\fR
|
|
(searching the \fBPATH\fR if necessary), instead of \fBgpg\fR.
|
|
.TP
|
|
.B \-m\fImaintainer\fR
|
|
Specify the maintainer name to be used for signing. (See
|
|
\fBdpkg-buildpackage\fR(1) for more information about the differences
|
|
between \fB\-m\fR, \fB\-e\fR and \fB\-k\fR when building packages;
|
|
\fBdebsign\fR makes no use of these distinctions except with respect
|
|
to the precedence of the various options. These multiple options are
|
|
provided so that the program will behave as expected when called by
|
|
\fBdebuild\fR(1).)
|
|
.TP
|
|
.B \-e\fImaintainer\fR
|
|
Same as \fB\-m\fR but takes precedence over it.
|
|
.TP
|
|
.B \-k\fIkeyid\fR
|
|
Specify the key ID to be used for signing; overrides any \fB\-m\fR
|
|
and \fB\-e\fR options.
|
|
.TP
|
|
\fB\-S\fR
|
|
Look for a source-only \fI.changes\fR file instead of a binary-build
|
|
\fI.changes\fR file.
|
|
.TP
|
|
\fB\-a\fIdebian-architecture\fR, \fB\-t\fIGNU-system-type\fR
|
|
See \fBdpkg-architecture\fR(1) for a description of these options.
|
|
They affect the search for the \fI.changes\fR file. They are provided
|
|
to mimic the behaviour of \fBdpkg-buildpackage\fR when determining the
|
|
name of the \fI.changes\fR file.
|
|
.TP
|
|
\fB\-\-multi\fR
|
|
Multiarch \fI.changes\fR mode: This signifies that \fBdebsign\fR should
|
|
use the most recent file with the name pattern
|
|
\fIpackage_version_*+*.changes\fR as the \fI.changes\fR file, allowing for the
|
|
\fI.changes\fR files produced by \fBdpkg-cross\fR.
|
|
.TP
|
|
\fB\-\-re\-sign\fR, \fB\-\-no\-re\-sign\fR
|
|
Recreate signature, respectively use the existing signature, if the
|
|
file has been signed already. If neither option is given and an already
|
|
signed file is found the user is asked if he or she likes to use the
|
|
current signature.
|
|
.TP
|
|
\fB\-\-debs\-dir\fR \fIDIR\fR
|
|
Look for the files to be signed in directory \fIDIR\fR instead of the
|
|
parent of the source directory. This should either be an absolute path
|
|
or relative to the top of the source directory.
|
|
.TP
|
|
\fB\-\-no-conf\fR, \fB\-\-noconf\fR
|
|
Do not read any configuration files. This can only be used as the
|
|
first option given on the command-line.
|
|
.TP
|
|
.BR \-\-help ", " \-h
|
|
Display a help message and exit successfully.
|
|
.TP
|
|
.B \-\-version
|
|
Display version and copyright information and exit successfully.
|
|
.SH "CONFIGURATION VARIABLES"
|
|
The two configuration files \fI/etc/devscripts.conf\fR and
|
|
\fI~/.devscripts\fR are sourced in that order to set configuration
|
|
variables. Command line options can be used to override configuration
|
|
file settings. Environment variable settings are ignored for this
|
|
purpose. The currently recognised variables are:
|
|
.TP
|
|
.B DEBSIGN_PROGRAM
|
|
Setting this is equivalent to giving a \fB\-p\fR option.
|
|
.TP
|
|
.B DEBSIGN_MAINT
|
|
This is the \fB\-m\fR option.
|
|
.TP
|
|
.B DEBSIGN_KEYID
|
|
And this is the \fB\-k\fR option.
|
|
.TP
|
|
.B DEBSIGN_ALWAYS_RESIGN
|
|
Always re-sign files even if they are already signed, without prompting.
|
|
.TP
|
|
.B DEBRELEASE_DEBS_DIR
|
|
This specifies the directory in which to look for the files to be
|
|
signed, and is either an absolute path or relative to the top of the
|
|
source tree. This corresponds to the \fB\-\-debs\-dir\fR command line
|
|
option. This directive could be used, for example, if you always use
|
|
\fBpbuilder\fR or \fBsvn-buildpackage\fR to build your packages. Note
|
|
that it also affects \fBdebrelease\fR(1) in the same way, hence the
|
|
strange name of the option.
|
|
.SH "SEE ALSO"
|
|
.BR debrsign (1),
|
|
.BR debuild (1),
|
|
.BR dpkg-architecture (1),
|
|
.BR dpkg-buildpackage (1),
|
|
.BR gpg (1),
|
|
.BR md5sum (1),
|
|
.BR sha1sum (1),
|
|
.BR sha256sum (1),
|
|
.BR scp (1),
|
|
.BR devscripts.conf (5)
|
|
.SH AUTHOR
|
|
This program was written by Julian Gilbey <jdg@debian.org> and is
|
|
copyright under the GPL, version 2 or later.
|