summaryrefslogtreecommitdiffstats
path: root/scripts/dscverify.1
blob: 5f065f339209abc3fc3a12d06d1f300aec4e2d70 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
.TH DSCVERIFY 1 "Debian Utilities" "DEBIAN" \" -*- nroff -*-
.SH NAME
dscverify \- verify the validity of a Debian package
.SH SYNOPSIS
\fBdscverify\fR [\fB\-\-keyring \fIkeyring\fR] ... \fIchanges_or_buildinfo_or_dsc_filename\fR ...
.SH DESCRIPTION
\fBdscverify\fR checks that the GPG signatures on the given
\fI.changes\fR, \fI.buildinfo\fP or \fI.dsc\fR files are good signatures
made by keys in the current Debian keyrings, found in the \fIdebian-keyring\fR
package.  (Additional keyrings can be specified using the
\fB--keyring\fR option any number of times.)  It then checks that the
other files listed in the \fI.changes\fR, \fI.buildinfo\fP or \fI.dsc\fR
files have the
correct sizes and checksums (MD5 plus SHA1 and SHA256 if the latter are
present).  The exit status is 0 if there are no problems and non-zero
otherwise.
.SH OPTIONS
.TP
.BI \-\-keyring " " \fIkeyring\fR
Add \fIkeyring\fR to the list of keyrings to be used.
.TP
\fB\-\-no-default-keyrings\fR
Do not use the default set of keyrings.
.TP
\fB\-\-no-conf\fR, \fB\-\-noconf\fR
Do not read any configuration files.  This can only be used as the
first option given on the command-line.
.TP
\fB\-\-nosigcheck\fR, \fB\-\-no\-sig\-check\fR, \fB-u\fR
Skip the signature verification step. That is, only verify the sizes and
checksums of the files listed in the \fI.changes\fR, \fI.buildinfo\fP or
\fI.dsc\fR files.
.TP
\fB\-\-verbose\fR
Do not suppress GPG output.
.TP
.TP
.BR \-\-help ", " \-h
Display a help message and exit successfully.
.TP
.B \-\-version
Display version and copyright information and exit successfully.
.SH "CONFIGURATION VARIABLES"
The two configuration files \fI/etc/devscripts.conf\fR and
\fI~/.devscripts\fR are sourced by a shell in that order to set
configuration variables.  Environment variable settings are ignored
for this purpose.  If the first command line option given is
\fB\-\-noconf\fR or \fB\-\-no-conf\fR, then these files will not be
read.  The currently recognised variable is:
.TP
.B DSCVERIFY_KEYRINGS
This is a colon-separated list of extra keyrings to use in addition to
any specified on the command line.
.SH KEYRING
Please note that the keyring provided by the debian-keyring package
can be slightly out of date. The latest version can be obtained with
rsync, as documented in the README that comes with debian-keyring.
If you sync the keyring to a non-standard location (see below),
you can use the possibilities to specify extra keyrings, by either
using the above mentioned configuration option or the \-\-keyring option.

Below is an example for an alias:

alias dscverify='dscverify \-\-keyring ~/.gnupg/pubring.gpg'
.SH STANDARD KEYRING LOCATIONS
By default dscverify searches for the debian-keyring in the following
locations:

- ~/.gnupg/trustedkeys.gpg

- /srv/keyring.debian.org/keyrings/debian-keyring.gpg

- /usr/share/keyrings/debian-keyring.gpg

- /usr/share/keyrings/debian-maintainers.gpg

- /usr/share/keyrings/debian-nonupload.gpg
.SH "SEE ALSO"
.BR gpg (1),
.BR gpg2 (1),
.BR devscripts.conf (5)

.SH AUTHOR
\fBdscverify\fR was written by Roderick Schertler <roderick@argon.org>
and posted on the debian-devel@lists.debian.org mailing list,
with several modifications by Julian Gilbey <jdg@debian.org>.