1DEBSIGN(1)                  General Commands Manual                 DEBSIGN(1)
2
3
4

NAME

6       debsign - sign a Debian .changes and .dsc file pair using GPG
7

SYNOPSIS

9       debsign [options] [changes-file|dsc-file|commands-file ...]
10

DESCRIPTION

12       debsign  mimics the signing aspects (and bugs) of dpkg-buildpackage(1).
13       It takes a .dsc, .buildinfo, or .changes file and  signs  it,  and  any
14       child .dsc, .buildinfo, or .changes files directly or indirectly refer‐
15       enced by it, using the GNU Privacy Guard. It is  careful  to  calculate
16       the  size and checksums of any newly signed child files and replace the
17       original values in the parent file.
18
19       If no file is specified, debian/changelog is parsed  to  determine  the
20       name of the .changes file to look for in the parent directory.
21
22       If a .commands file is specified it is first validated (see the details
23       at ftp://ftp.upload.debian.org/pub/UploadQueue/README),  and  the  name
24       specified in the Uploader field is used for signing.
25
26       This  utility  is  useful  if  a  developer must build a package on one
27       machine where it is unsafe to sign it; they need then only transfer the
28       small  .dsc,  .buildinfo  and .changes files to a safe machine and then
29       use the debsign program to sign them  before  transferring  them  back.
30       This  process  can be automated in two ways.  If the files to be signed
31       live on the remote machine, the -r option may be used to copy  them  to
32       the  local  machine and back again after signing.  If the files live on
33       the local machine, then they may be transferred to the  remote  machine
34       for  signing using debrsign(1).  However note that it is probably safer
35       to have your trusted signing machine use  debsign  to  connect  to  the
36       untrusted  non-signing  machine, rather than using debrsign to make the
37       connection in the reverse direction.
38
39       This program can take default settings from the  devscripts  configura‐
40       tion files, as described below.
41

OPTIONS

43       -r [username@]remotehost
44              The  files  to  be signed live on the specified remote host.  In
45              this case, a .dsc, .buildinfo or .changes file must  be  explic‐
46              itly  named,  with  an absolute directory or one relative to the
47              remote home directory.  scp will be used for the  copying.   The
48              [username@]remotehost:filename  syntax is permitted as an alter‐
49              native.  Wildcards (* etc.) are allowed.
50
51       -pprogname
52              When debsign needs to execute GPG to sign it will  run  progname
53              (searching the PATH if necessary), instead of gpg.
54
55       -mmaintainer
56              Specify  the maintainer name to be used for signing.  (See dpkg-
57              buildpackage(1)  for  more  information  about  the  differences
58              between  -m,  -e and -k when building packages; debsign makes no
59              use of these distinctions except with respect to the  precedence
60              of  the various options.  These multiple options are provided so
61              that  the  program  will  behave  as  expected  when  called  by
62              debuild(1).)
63
64       -emaintainer
65              Same as -m but takes precedence over it.
66
67       -kkeyid
68              Specify  the key ID to be used for signing; overrides any -m and
69              -e options.
70
71       -S     Look for a source-only .changes file instead of  a  binary-build
72              .changes file.
73
74       -adebian-architecture, -tGNU-system-type
75              See  dpkg-architecture(1)  for  a  description of these options.
76              They affect the search for the .changes file.  They are provided
77              to mimic the behaviour of dpkg-buildpackage when determining the
78              name of the .changes file.
79
80       --multi
81              Multiarch .changes mode: This signifies that debsign should  use
82              the   most  recent  file  with  the  name  pattern  package_ver‐
83              sion_*+*.changes as the .changes file, allowing for the .changes
84              files produced by dpkg-cross.
85
86       --re-sign, --no-re-sign
87              Recreate  signature, respectively use the existing signature, if
88              the file has been signed already.  If neither  option  is  given
89              and  an  already signed file is found the user is asked if he or
90              she likes to use the current signature.
91
92       --debs-dir DIR
93              Look for the files to be signed in directory DIR instead of  the
94              parent  of the source directory.  This should either be an abso‐
95              lute path or relative to the top of the source directory.
96
97       --no-conf, --noconf
98              Do not read any configuration files.  This can only be  used  as
99              the first option given on the command-line.
100
101       --help, -h
102              Display a help message and exit successfully.
103
104       --version
105              Display version and copyright information and exit successfully.
106

CONFIGURATION VARIABLES

108       The  two configuration files /etc/devscripts.conf and ~/.devscripts are
109       sourced in that order to set  configuration  variables.   Command  line
110       options  can be used to override configuration file settings.  Environ‐
111       ment variable settings are ignored for  this  purpose.   The  currently
112       recognised variables are:
113
114       DEBSIGN_PROGRAM
115              Setting this is equivalent to giving a -p option.
116
117       DEBSIGN_MAINT
118              This is the -m option.
119
120       DEBSIGN_KEYID
121              And this is the -k option.
122
123       DEBSIGN_ALWAYS_RESIGN
124              Always  re-sign  files  even if they are already signed, without
125              prompting.
126
127       DEBRELEASE_DEBS_DIR
128              This specifies the directory in which to look for the  files  to
129              be signed, and is either an absolute path or relative to the top
130              of the source tree.  This corresponds to the --debs-dir  command
131              line  option.  This directive could be used, for example, if you
132              always use pbuilder or svn-buildpackage to build your  packages.
133              Note  that  it also affects debrelease(1) in the same way, hence
134              the strange name of the option.
135

SEE ALSO

137       debrsign(1),  debuild(1),  dpkg-architecture(1),  dpkg-buildpackage(1),
138       gpg(1),   gpg2(1),   md5sum(1),   sha1sum(1),   sha256sum(1),   scp(1),
139       devscripts.conf(5)
140

AUTHOR

142       This program was written by Julian Gilbey <jdg@debian.org> and is copy‐
143       right under the GPL, version 2 or later.
144
145
146
147DEBIAN                         Debian Utilities                     DEBSIGN(1)
Impressum