summaryrefslogtreecommitdiffstats
path: root/scripts/debsign.1
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 20:32:59 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 20:32:59 +0000
commit4d57e0a8dab2139a631a21aab862487481548702 (patch)
treef7cea0b9939e2ecb7a301de6c83bada29452046d /scripts/debsign.1
parentInitial commit. (diff)
downloaddevscripts-upstream.tar.xz
devscripts-upstream.zip
Adding upstream version 2.23.7.upstream/2.23.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'scripts/debsign.1')
-rw-r--r--scripts/debsign.1146
1 files changed, 146 insertions, 0 deletions
diff --git a/scripts/debsign.1 b/scripts/debsign.1
new file mode 100644
index 0000000..900a61c
--- /dev/null
+++ b/scripts/debsign.1
@@ -0,0 +1,146 @@
+.TH DEBSIGN 1 "Debian Utilities" "DEBIAN" \" -*- nroff -*-
+.SH NAME
+debsign \- sign a Debian .changes and .dsc file pair using GPG
+.SH SYNOPSIS
+\fBdebsign\fR [\fIoptions\fR] [\fIchanges-file\fR|\fIdsc-file\fR|\fIcommands-file\fR ...]
+.SH DESCRIPTION
+\fBdebsign\fR mimics the signing aspects (and bugs) of
+\fBdpkg-buildpackage\fR(1). It takes a \fI.dsc\fR, \fI.buildinfo\fR, or
+\fI.changes\fR file and signs it, and any child \fI.dsc\fR,
+\fI.buildinfo\fR, or \fI.changes\fR files directly or indirectly
+referenced by it, using the GNU Privacy Guard. It is careful to
+calculate the size and checksums of any newly signed child files and
+replace the original values in the parent file.
+.PP
+If no file is specified, \fIdebian/changelog\fR is parsed to determine
+the name of the \fI.changes\fR file to look for in the parent
+directory.
+.PP
+If a \fI.commands\fR file is specified it is first validated (see the
+details at \fIftp://ftp.upload.debian.org/pub/UploadQueue/README\fR),
+and the name specified in the Uploader field is used for signing.
+.PP
+This utility is useful if a developer must build a package on one
+machine where it is unsafe to sign it; they need then only transfer
+the small \fI.dsc\fR, \fI.buildinfo\fR and \fI.changes\fR files to a
+safe machine and then use the \fBdebsign\fR program to sign them before
+transferring them back. This process can be automated in two ways.
+If the files to be signed live on the \fBremote\fR machine, the
+\fB\-r\fR option may be used to copy them to the local machine and back
+again after signing. If the files live on the \fBlocal\fR machine, then
+they may be transferred to the remote machine for signing using
+\fBdebrsign\fR(1). However note that it is probably safer to have your
+trusted signing machine use \fBdebsign\fR to connect to the untrusted
+non-signing machine, rather than using \fBdebrsign\fR to make the
+connection in the reverse direction.
+.PP
+This program can take default settings from the \fBdevscripts\fR
+configuration files, as described below.
+.SH OPTIONS
+.TP
+.B \-r \fR[\fIusername\fB@\fR]\fIremotehost\fR
+The files to be signed live on the specified remote host. In this case,
+a \fI.dsc\fR, \fI.buildinfo\fR or \fI.changes\fR file must be explicitly
+named, with an absolute directory or one relative to the remote home
+directory. \fBscp\fR will be used for the copying. The
+\fR[\fIusername\fB@\fR]\fIremotehost\fB:\fIfilename\fR syntax is
+permitted as an alternative. Wildcards (\fB*\fR etc.) are allowed.
+.TP
+.B \-p\fIprogname\fR
+When \fBdebsign\fR needs to execute GPG to sign it will run \fIprogname\fR
+(searching the \fBPATH\fR if necessary), instead of \fBgpg\fR.
+.TP
+.B \-m\fImaintainer\fR
+Specify the maintainer name to be used for signing. (See
+\fBdpkg-buildpackage\fR(1) for more information about the differences
+between \fB\-m\fR, \fB\-e\fR and \fB\-k\fR when building packages;
+\fBdebsign\fR makes no use of these distinctions except with respect
+to the precedence of the various options. These multiple options are
+provided so that the program will behave as expected when called by
+\fBdebuild\fR(1).)
+.TP
+.B \-e\fImaintainer\fR
+Same as \fB\-m\fR but takes precedence over it.
+.TP
+.B \-k\fIkeyid\fR
+Specify the key ID to be used for signing; overrides any \fB\-m\fR
+and \fB\-e\fR options.
+.TP
+\fB\-S\fR
+Look for a source-only \fI.changes\fR file instead of a binary-build
+\fI.changes\fR file.
+.TP
+\fB\-a\fIdebian-architecture\fR, \fB\-t\fIGNU-system-type\fR
+See \fBdpkg-architecture\fR(1) for a description of these options.
+They affect the search for the \fI.changes\fR file. They are provided
+to mimic the behaviour of \fBdpkg-buildpackage\fR when determining the
+name of the \fI.changes\fR file.
+.TP
+\fB\-\-multi\fR
+Multiarch \fI.changes\fR mode: This signifies that \fBdebsign\fR should
+use the most recent file with the name pattern
+\fIpackage_version_*+*.changes\fR as the \fI.changes\fR file, allowing for the
+\fI.changes\fR files produced by \fBdpkg-cross\fR.
+.TP
+\fB\-\-re\-sign\fR, \fB\-\-no\-re\-sign\fR
+Recreate signature, respectively use the existing signature, if the
+file has been signed already. If neither option is given and an already
+signed file is found the user is asked if he or she likes to use the
+current signature.
+.TP
+\fB\-\-debs\-dir\fR \fIDIR\fR
+Look for the files to be signed in directory \fIDIR\fR instead of the
+parent of the source directory. This should either be an absolute path
+or relative to the top of the source directory.
+.TP
+\fB\-\-no-conf\fR, \fB\-\-noconf\fR
+Do not read any configuration files. This can only be used as the
+first option given on the command-line.
+.TP
+.BR \-\-help ", " \-h
+Display a help message and exit successfully.
+.TP
+.B \-\-version
+Display version and copyright information and exit successfully.
+.SH "CONFIGURATION VARIABLES"
+The two configuration files \fI/etc/devscripts.conf\fR and
+\fI~/.devscripts\fR are sourced in that order to set configuration
+variables. Command line options can be used to override configuration
+file settings. Environment variable settings are ignored for this
+purpose. The currently recognised variables are:
+.TP
+.B DEBSIGN_PROGRAM
+Setting this is equivalent to giving a \fB\-p\fR option.
+.TP
+.B DEBSIGN_MAINT
+This is the \fB\-m\fR option.
+.TP
+.B DEBSIGN_KEYID
+And this is the \fB\-k\fR option.
+.TP
+.B DEBSIGN_ALWAYS_RESIGN
+Always re-sign files even if they are already signed, without prompting.
+.TP
+.B DEBRELEASE_DEBS_DIR
+This specifies the directory in which to look for the files to be
+signed, and is either an absolute path or relative to the top of the
+source tree. This corresponds to the \fB\-\-debs\-dir\fR command line
+option. This directive could be used, for example, if you always use
+\fBpbuilder\fR or \fBsvn-buildpackage\fR to build your packages. Note
+that it also affects \fBdebrelease\fR(1) in the same way, hence the
+strange name of the option.
+.SH "SEE ALSO"
+.BR debrsign (1),
+.BR debuild (1),
+.BR dpkg-architecture (1),
+.BR dpkg-buildpackage (1),
+.BR gpg (1),
+.BR gpg2 (1),
+.BR md5sum (1),
+.BR sha1sum (1),
+.BR sha256sum (1),
+.BR scp (1),
+.BR devscripts.conf (5)
+.SH AUTHOR
+This program was written by Julian Gilbey <jdg@debian.org> and is
+copyright under the GPL, version 2 or later.