88 lines
3.2 KiB
Groff
88 lines
3.2 KiB
Groff
.TH DSCVERIFY 1 "Debian Utilities" "DEBIAN" \" -*- nroff -*-
|
|
.SH NAME
|
|
dscverify \- verify the validity of a Debian package
|
|
.SH SYNOPSIS
|
|
\fBdscverify\fR [\fB\-\-keyring \fIkeyring\fR] ... \fIchanges_or_buildinfo_or_dsc_filename\fR ...
|
|
.SH DESCRIPTION
|
|
\fBdscverify\fR checks that the GPG signatures on the given
|
|
\fI.changes\fR, \fI.buildinfo\fP or \fI.dsc\fR files are good signatures
|
|
made by keys in the current Debian keyrings, found in the \fIdebian-keyring\fR
|
|
and \fIdebian-tag2upload-keyring\fR
|
|
packages. (Additional keyrings can be specified using the
|
|
\fB--keyring\fR option any number of times.) It then checks that the
|
|
other files listed in the \fI.changes\fR, \fI.buildinfo\fP or \fI.dsc\fR
|
|
files have the
|
|
correct sizes and checksums (MD5 plus SHA1 and SHA256 if the latter are
|
|
present). The exit status is 0 if there are no problems and non-zero
|
|
otherwise.
|
|
.SH OPTIONS
|
|
.TP
|
|
.BI \-\-keyring " " \fIkeyring\fR
|
|
Add \fIkeyring\fR to the list of keyrings to be used.
|
|
.TP
|
|
\fB\-\-no-default-keyrings\fR
|
|
Do not use the default set of keyrings.
|
|
.TP
|
|
\fB\-\-no-conf\fR, \fB\-\-noconf\fR
|
|
Do not read any configuration files. This can only be used as the
|
|
first option given on the command-line.
|
|
.TP
|
|
\fB\-\-nosigcheck\fR, \fB\-\-no\-sig\-check\fR, \fB-u\fR
|
|
Skip the signature verification step. That is, only verify the sizes and
|
|
checksums of the files listed in the \fI.changes\fR, \fI.buildinfo\fP or
|
|
\fI.dsc\fR files.
|
|
.TP
|
|
\fB\-\-verbose\fR
|
|
Do not suppress GPG output.
|
|
.TP
|
|
.TP
|
|
.BR \-\-help ", " \-h
|
|
Display a help message and exit successfully.
|
|
.TP
|
|
.B \-\-version
|
|
Display version and copyright information and exit successfully.
|
|
.SH "CONFIGURATION VARIABLES"
|
|
The two configuration files \fI/etc/devscripts.conf\fR and
|
|
\fI~/.devscripts\fR are sourced by a shell in that order to set
|
|
configuration variables. Environment variable settings are ignored
|
|
for this purpose. If the first command line option given is
|
|
\fB\-\-noconf\fR or \fB\-\-no-conf\fR, then these files will not be
|
|
read. The currently recognised variable is:
|
|
.TP
|
|
.B DSCVERIFY_KEYRINGS
|
|
This is a colon-separated list of extra keyrings to use in addition to
|
|
any specified on the command line.
|
|
.SH KEYRING
|
|
Please note that the keyring provided by the debian-keyring package
|
|
can be slightly out of date. The latest version can be obtained with
|
|
rsync, as documented in the README that comes with debian-keyring.
|
|
If you sync the keyring to a non-standard location (see below),
|
|
you can use the possibilities to specify extra keyrings, by either
|
|
using the above mentioned configuration option or the \-\-keyring option.
|
|
|
|
Below is an example for an alias:
|
|
|
|
alias dscverify='dscverify \-\-keyring ~/.gnupg/pubring.gpg'
|
|
.SH STANDARD KEYRING LOCATIONS
|
|
By default dscverify searches for the debian-keyring in the following
|
|
locations:
|
|
|
|
- ~/.gnupg/trustedkeys.gpg
|
|
|
|
- /srv/keyring.debian.org/keyrings/debian-keyring.gpg
|
|
|
|
- /usr/share/keyrings/debian-keyring.gpg
|
|
|
|
- /usr/share/keyrings/debian-tag2upload.pgp
|
|
|
|
- /usr/share/keyrings/debian-maintainers.gpg
|
|
|
|
- /usr/share/keyrings/debian-nonupload.gpg
|
|
.SH "SEE ALSO"
|
|
.BR gpg (1),
|
|
.BR devscripts.conf (5)
|
|
|
|
.SH AUTHOR
|
|
\fBdscverify\fR was written by Roderick Schertler <roderick@argon.org>
|
|
and posted on the debian-devel@lists.debian.org mailing list,
|
|
with several modifications by Julian Gilbey <jdg@debian.org>.
|