1DEBSIGN(1) General Commands Manual DEBSIGN(1)
2
3
4
6 debsign - sign a Debian .changes and .dsc file pair using GPG
7
9 debsign [options] [changes-file|dsc-file|commands-file ...]
10
12 debsign mimics the signing aspects (and bugs) of dpkg-buildpackage(1).
13 It takes a .dsc, .buildinfo, or .changes file and signs it, and any
14 child .dsc, .buildinfo, or .changes files directly or indirectly refer‐
15 enced by it, using the GNU Privacy Guard. It is careful to calculate
16 the size and checksums of any newly signed child files and replace the
17 original values in the parent file.
18
19 If no file is specified, debian/changelog is parsed to determine the
20 name of the .changes file to look for in the parent directory.
21
22 If a .commands file is specified it is first validated (see the details
23 at ftp://ftp.upload.debian.org/pub/UploadQueue/README), and the name
24 specified in the Uploader field is used for signing.
25
26 This utility is useful if a developer must build a package on one
27 machine where it is unsafe to sign it; they need then only transfer the
28 small .dsc, .buildinfo and .changes files to a safe machine and then
29 use the debsign program to sign them before transferring them back.
30 This process can be automated in two ways. If the files to be signed
31 live on the remote machine, the -r option may be used to copy them to
32 the local machine and back again after signing. If the files live on
33 the local machine, then they may be transferred to the remote machine
34 for signing using debrsign(1). However note that it is probably safer
35 to have your trusted signing machine use debsign to connect to the
36 untrusted non-signing machine, rather than using debrsign to make the
37 connection in the reverse direction.
38
39 This program can take default settings from the devscripts configura‐
40 tion files, as described below.
41
43 -r [username@]remotehost
44 The files to be signed live on the specified remote host. In
45 this case, a .dsc, .buildinfo or .changes file must be explic‐
46 itly named, with an absolute directory or one relative to the
47 remote home directory. scp will be used for the copying. The
48 [username@]remotehost:filename syntax is permitted as an alter‐
49 native. Wildcards (* etc.) are allowed.
50
51 -pprogname
52 When debsign needs to execute GPG to sign it will run progname
53 (searching the PATH if necessary), instead of gpg.
54
55 -mmaintainer
56 Specify the maintainer name to be used for signing. (See dpkg-
57 buildpackage(1) for more information about the differences
58 between -m, -e and -k when building packages; debsign makes no
59 use of these distinctions except with respect to the precedence
60 of the various options. These multiple options are provided so
61 that the program will behave as expected when called by
62 debuild(1).)
63
64 -emaintainer
65 Same as -m but takes precedence over it.
66
67 -kkeyid
68 Specify the key ID to be used for signing; overrides any -m and
69 -e options.
70
71 -S Look for a source-only .changes file instead of a binary-build
72 .changes file.
73
74 -adebian-architecture, -tGNU-system-type
75 See dpkg-architecture(1) for a description of these options.
76 They affect the search for the .changes file. They are provided
77 to mimic the behaviour of dpkg-buildpackage when determining the
78 name of the .changes file.
79
80 --multi
81 Multiarch .changes mode: This signifies that debsign should use
82 the most recent file with the name pattern package_ver‐
83 sion_*+*.changes as the .changes file, allowing for the .changes
84 files produced by dpkg-cross.
85
86 --re-sign, --no-re-sign
87 Recreate signature, respectively use the existing signature, if
88 the file has been signed already. If neither option is given
89 and an already signed file is found the user is asked if he or
90 she likes to use the current signature.
91
92 --debs-dir DIR
93 Look for the files to be signed in directory DIR instead of the
94 parent of the source directory. This should either be an abso‐
95 lute path or relative to the top of the source directory.
96
97 --no-conf, --noconf
98 Do not read any configuration files. This can only be used as
99 the first option given on the command-line.
100
101 --help, -h
102 Display a help message and exit successfully.
103
104 --version
105 Display version and copyright information and exit successfully.
106
108 The two configuration files /etc/devscripts.conf and ~/.devscripts are
109 sourced in that order to set configuration variables. Command line
110 options can be used to override configuration file settings. Environ‐
111 ment variable settings are ignored for this purpose. The currently
112 recognised variables are:
113
114 DEBSIGN_PROGRAM
115 Setting this is equivalent to giving a -p option.
116
117 DEBSIGN_MAINT
118 This is the -m option.
119
120 DEBSIGN_KEYID
121 And this is the -k option.
122
123 DEBSIGN_ALWAYS_RESIGN
124 Always re-sign files even if they are already signed, without
125 prompting.
126
127 DEBRELEASE_DEBS_DIR
128 This specifies the directory in which to look for the files to
129 be signed, and is either an absolute path or relative to the top
130 of the source tree. This corresponds to the --debs-dir command
131 line option. This directive could be used, for example, if you
132 always use pbuilder or svn-buildpackage to build your packages.
133 Note that it also affects debrelease(1) in the same way, hence
134 the strange name of the option.
135
137 debrsign(1), debuild(1), dpkg-architecture(1), dpkg-buildpackage(1),
138 gpg(1), gpg2(1), md5sum(1), sha1sum(1), sha256sum(1), scp(1),
139 devscripts.conf(5)
140
142 This program was written by Julian Gilbey <jdg@debian.org> and is copy‐
143 right under the GPL, version 2 or later.
144
145
146
147DEBIAN Debian Utilities DEBSIGN(1)