diff options
Diffstat (limited to '')
-rw-r--r-- | scripts/debsign.1 | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/scripts/debsign.1 b/scripts/debsign.1 new file mode 100644 index 0000000..900a61c --- /dev/null +++ b/scripts/debsign.1 @@ -0,0 +1,146 @@ +.TH DEBSIGN 1 "Debian Utilities" "DEBIAN" \" -*- nroff -*- +.SH NAME +debsign \- sign a Debian .changes and .dsc file pair using GPG +.SH SYNOPSIS +\fBdebsign\fR [\fIoptions\fR] [\fIchanges-file\fR|\fIdsc-file\fR|\fIcommands-file\fR ...] +.SH DESCRIPTION +\fBdebsign\fR mimics the signing aspects (and bugs) of +\fBdpkg-buildpackage\fR(1). It takes a \fI.dsc\fR, \fI.buildinfo\fR, or +\fI.changes\fR file and signs it, and any child \fI.dsc\fR, +\fI.buildinfo\fR, or \fI.changes\fR files directly or indirectly +referenced by it, using the GNU Privacy Guard. It is careful to +calculate the size and checksums of any newly signed child files and +replace the original values in the parent file. +.PP +If no file is specified, \fIdebian/changelog\fR is parsed to determine +the name of the \fI.changes\fR file to look for in the parent +directory. +.PP +If a \fI.commands\fR file is specified it is first validated (see the +details at \fIftp://ftp.upload.debian.org/pub/UploadQueue/README\fR), +and the name specified in the Uploader field is used for signing. +.PP +This utility is useful if a developer must build a package on one +machine where it is unsafe to sign it; they need then only transfer +the small \fI.dsc\fR, \fI.buildinfo\fR and \fI.changes\fR files to a +safe machine and then use the \fBdebsign\fR program to sign them before +transferring them back. This process can be automated in two ways. +If the files to be signed live on the \fBremote\fR machine, the +\fB\-r\fR option may be used to copy them to the local machine and back +again after signing. If the files live on the \fBlocal\fR machine, then +they may be transferred to the remote machine for signing using +\fBdebrsign\fR(1). However note that it is probably safer to have your +trusted signing machine use \fBdebsign\fR to connect to the untrusted +non-signing machine, rather than using \fBdebrsign\fR to make the +connection in the reverse direction. +.PP +This program can take default settings from the \fBdevscripts\fR +configuration files, as described below. +.SH OPTIONS +.TP +.B \-r \fR[\fIusername\fB@\fR]\fIremotehost\fR +The files to be signed live on the specified remote host. In this case, +a \fI.dsc\fR, \fI.buildinfo\fR or \fI.changes\fR file must be explicitly +named, with an absolute directory or one relative to the remote home +directory. \fBscp\fR will be used for the copying. The +\fR[\fIusername\fB@\fR]\fIremotehost\fB:\fIfilename\fR syntax is +permitted as an alternative. Wildcards (\fB*\fR etc.) are allowed. +.TP +.B \-p\fIprogname\fR +When \fBdebsign\fR needs to execute GPG to sign it will run \fIprogname\fR +(searching the \fBPATH\fR if necessary), instead of \fBgpg\fR. +.TP +.B \-m\fImaintainer\fR +Specify the maintainer name to be used for signing. (See +\fBdpkg-buildpackage\fR(1) for more information about the differences +between \fB\-m\fR, \fB\-e\fR and \fB\-k\fR when building packages; +\fBdebsign\fR makes no use of these distinctions except with respect +to the precedence of the various options. These multiple options are +provided so that the program will behave as expected when called by +\fBdebuild\fR(1).) +.TP +.B \-e\fImaintainer\fR +Same as \fB\-m\fR but takes precedence over it. +.TP +.B \-k\fIkeyid\fR +Specify the key ID to be used for signing; overrides any \fB\-m\fR +and \fB\-e\fR options. +.TP +\fB\-S\fR +Look for a source-only \fI.changes\fR file instead of a binary-build +\fI.changes\fR file. +.TP +\fB\-a\fIdebian-architecture\fR, \fB\-t\fIGNU-system-type\fR +See \fBdpkg-architecture\fR(1) for a description of these options. +They affect the search for the \fI.changes\fR file. They are provided +to mimic the behaviour of \fBdpkg-buildpackage\fR when determining the +name of the \fI.changes\fR file. +.TP +\fB\-\-multi\fR +Multiarch \fI.changes\fR mode: This signifies that \fBdebsign\fR should +use the most recent file with the name pattern +\fIpackage_version_*+*.changes\fR as the \fI.changes\fR file, allowing for the +\fI.changes\fR files produced by \fBdpkg-cross\fR. +.TP +\fB\-\-re\-sign\fR, \fB\-\-no\-re\-sign\fR +Recreate signature, respectively use the existing signature, if the +file has been signed already. If neither option is given and an already +signed file is found the user is asked if he or she likes to use the +current signature. +.TP +\fB\-\-debs\-dir\fR \fIDIR\fR +Look for the files to be signed in directory \fIDIR\fR instead of the +parent of the source directory. This should either be an absolute path +or relative to the top of the source directory. +.TP +\fB\-\-no-conf\fR, \fB\-\-noconf\fR +Do not read any configuration files. This can only be used as the +first option given on the command-line. +.TP +.BR \-\-help ", " \-h +Display a help message and exit successfully. +.TP +.B \-\-version +Display version and copyright information and exit successfully. +.SH "CONFIGURATION VARIABLES" +The two configuration files \fI/etc/devscripts.conf\fR and +\fI~/.devscripts\fR are sourced in that order to set configuration +variables. Command line options can be used to override configuration +file settings. Environment variable settings are ignored for this +purpose. The currently recognised variables are: +.TP +.B DEBSIGN_PROGRAM +Setting this is equivalent to giving a \fB\-p\fR option. +.TP +.B DEBSIGN_MAINT +This is the \fB\-m\fR option. +.TP +.B DEBSIGN_KEYID +And this is the \fB\-k\fR option. +.TP +.B DEBSIGN_ALWAYS_RESIGN +Always re-sign files even if they are already signed, without prompting. +.TP +.B DEBRELEASE_DEBS_DIR +This specifies the directory in which to look for the files to be +signed, and is either an absolute path or relative to the top of the +source tree. This corresponds to the \fB\-\-debs\-dir\fR command line +option. This directive could be used, for example, if you always use +\fBpbuilder\fR or \fBsvn-buildpackage\fR to build your packages. Note +that it also affects \fBdebrelease\fR(1) in the same way, hence the +strange name of the option. +.SH "SEE ALSO" +.BR debrsign (1), +.BR debuild (1), +.BR dpkg-architecture (1), +.BR dpkg-buildpackage (1), +.BR gpg (1), +.BR gpg2 (1), +.BR md5sum (1), +.BR sha1sum (1), +.BR sha256sum (1), +.BR scp (1), +.BR devscripts.conf (5) +.SH AUTHOR +This program was written by Julian Gilbey <jdg@debian.org> and is +copyright under the GPL, version 2 or later. |