Provided by: debsig-verify_0.7_i386 bug

NAME

       debsig-verify - Verify signatures for a Debian format package

SYNOPSIS

       debsig-verify [options] <deb>

DESCRIPTION

       This  program  is part of a security model that verifies the source and
       validity of a Debian format package (commonly refered to as a deb).

       This program implements the verification specs defined in the document,
       "Package  Verification  with  dpkg:  Implementation",  which  is a more
       complete reference for the verification procedure.

       The program generally takes one argument, the deb file to be  verified.
       It will then check the origin signature of the deb, find its Public Key
       ID (long format), and use that as the name for a  policy  subdirectory.
       If  this  subdirectory  does  not  exist,  then  the verification fails
       immediately.

       In this subdirectory, the program finds one or more  files  named  with
       the   .pol  file  extension,  which  signifies  an  XML  format  policy
       definition. This file contains three main parts.

       Origin Information about the origin of this policy.

       Selection
              Rules used to decide if this policy is pertinent to  this  deb's
              verification.

       Verification
              Rules that are used to actually verify the deb.

       The  policy files will reference keyrings by a filename. These keyrings
       will be looked for in a subdirectory  of  the  keyring  directory.  The
       subdirectory  has  the same name as the policy subdirectory (previously
       determined by the Origin's Public Key ID).

       The program will, after first parsing the entire file, check the Origin
       ID  against  the  Public Key ID of the origin signature in the deb.  If
       these match (which they should, else something is really  wrong),  then
       it will proceed to the Selection rules.

       The  Selection  rules  decide  whether  this  policy  is  suitable  for
       verifying this deb. If these rules fail, then the program will  proceed
       to  the  next  policy.  If it passes, then the program commits to using
       this policy for verification, and no other policies will be referenced.

       The last verification step relies on the Verification rules. These  are
       similar  in  format  to  the  Selection  rules,  but  are  usually more
       constrained. If these rules fail, the program  exits  with  a  non-zero
       status. If they pass, then it exits with a zero status.

OPTIONS

       -q     Causes  the  program to send no output, other than fatal errors.
              This is useful when being called from another program, where you
              rely on the exit value only.

       -v     Causes  the  program  to send more output on execution, so as to
              follow the steps it is taking while trying to verify the deb.

       -d     Outputs even more info than the -v option. This  is  mainly  for
              debugging.

       --version
              Outputs  the  version information for the program. This includes
              the policy format version. This  option  does  not  require  any
              other arguments.

       --list-policies
              Outputs  a  list of the policies that passed the Selection phase
              of the verification process. In other words,  those  that  could
              potentially  verify  the deb. The output is one line showing the
              directory selected by the origin signature, and  then  a  single
              line  for  any  policy  files  in  that  directory that pass the
              Selection rules. This option will NOT verify the deb.

       --use-policy <pol>
              This option takes one argument, which is the name of the  policy
              file  (as  shown  by  the --list-policies option). Note, this is
              just a file, and not a full path. You cannot specifiy  arbitrary
              policies.  This option is useful if more than one policy applies
              to potentially verifying the deb. The program will then use this
              policy, and only this policy, to try and verify the deb.

FILES

       /etc/debsig/policies/
              Directory containing the policy (.pol) definitions.

       /etc/debsig/policies/*/*.pol
              XML format policy files.

       /usr/share/debsig/keyrings/
              Directory   containing  the  keyrings  that  coincide  with  the
              policies.

       /usr/share/debsig/keyrings/*/*.gpg
              GPG format keyrings for use by the policies.

SEE ALSO

       deb(5),

AUTHOR

       Ben Collins <bcollins@debian.org>

                                                              DEBSIG-VERIFY(1)