Provided by: devscripts_2.22.1ubuntu1_amd64 bug


       debsign - sign a Debian .changes and .dsc file pair using GPG


       debsign [options] [changes-file|dsc-file|commands-file ...]


       debsign  mimics  the signing aspects (and bugs) of dpkg-buildpackage(1).  It takes a .dsc,
       .buildinfo, or .changes file and signs it, and any child  .dsc,  .buildinfo,  or  .changes
       files  directly or indirectly referenced by it, using the GNU Privacy Guard. It is careful
       to calculate the size and checksums of any  newly  signed  child  files  and  replace  the
       original values in the parent file.

       If  no file is specified, debian/changelog is parsed to determine the name of the .changes
       file to look for in the parent directory.

       If  a  .commands  file  is  specified  it  is  first  validated  (see   the   details   at,   and   the  name  specified  in  the
       Uploader field is used for signing.

       This utility is useful if a developer must build a package on  one  machine  where  it  is
       unsafe  to  sign  it; they need then only transfer the small .dsc, .buildinfo and .changes
       files to a safe machine and then use the debsign program to sign them before  transferring
       them  back.  This process can be automated in two ways.  If the files to be signed live on
       the remote machine, the -r option may be used to copy them to the local machine  and  back
       again after signing.  If the files live on the local machine, then they may be transferred
       to the remote machine for signing using debrsign(1).  However note  that  it  is  probably
       safer  to  have  your trusted signing machine use debsign to connect to the untrusted non-
       signing machine, rather than  using  debrsign  to  make  the  connection  in  the  reverse

       This  program  can  take  default  settings  from  the  devscripts configuration files, as
       described below.


       -r [username@]remotehost
              The files to be signed live on the specified remote host.  In this  case,  a  .dsc,
              .buildinfo or .changes file must be explicitly named, with an absolute directory or
              one relative to the remote home directory.  scp will be used for the copying.   The
              [username@]remotehost:filename syntax is permitted as an alternative.  Wildcards (*
              etc.) are allowed.

              When debsign needs to execute GPG to sign it will run progname (searching the  PATH
              if necessary), instead of gpg.

              Specify  the maintainer name to be used for signing.  (See dpkg-buildpackage(1) for
              more information about  the  differences  between  -m,  -e  and  -k  when  building
              packages;  debsign  makes  no  use of these distinctions except with respect to the
              precedence of the various options.  These multiple options are provided so that the
              program will behave as expected when called by debuild(1).)

              Same as -m but takes precedence over it.

              Specify the key ID to be used for signing; overrides any -m and -e options.

       -S     Look for a source-only .changes file instead of a binary-build .changes file.

       -adebian-architecture, -tGNU-system-type
              See  dpkg-architecture(1)  for  a  description  of  these options.  They affect the
              search for the .changes file.  They are provided to mimic the  behaviour  of  dpkg-
              buildpackage when determining the name of the .changes file.

              Multiarch  .changes  mode:  This  signifies that debsign should use the most recent
              file with the  name  pattern  package_version_*+*.changes  as  the  .changes  file,
              allowing for the .changes files produced by dpkg-cross.

       --re-sign, --no-re-sign
              Recreate  signature,  respectively use the existing signature, if the file has been
              signed already.  If neither option is given and an already signed file is found the
              user is asked if he or she likes to use the current signature.

       --debs-dir DIR
              Look  for  the  files  to  be  signed in directory DIR instead of the parent of the
              source directory.  This should either be an absolute path or relative to the top of
              the source directory.

       --no-conf, --noconf
              Do  not  read  any  configuration files.  This can only be used as the first option
              given on the command-line.

       --help, -h
              Display a help message and exit successfully.

              Display version and copyright information and exit successfully.


       The two configuration files /etc/devscripts.conf and ~/.devscripts  are  sourced  in  that
       order  to  set  configuration  variables.   Command  line  options can be used to override
       configuration file settings.  Environment variable settings are ignored for this  purpose.
       The currently recognised variables are:

              Setting this is equivalent to giving a -p option.

              This is the -m option.

              And this is the -k option.

              Always re-sign files even if they are already signed, without prompting.

              This  specifies  the  directory in which to look for the files to be signed, and is
              either an absolute  path  or  relative  to  the  top  of  the  source  tree.   This
              corresponds  to  the --debs-dir command line option.  This directive could be used,
              for example, if you always use pbuilder or svn-buildpackage to build your packages.
              Note  that it also affects debrelease(1) in the same way, hence the strange name of
              the option.


       debrsign(1),  debuild(1),  dpkg-architecture(1),  dpkg-buildpackage(1),  gpg(1),  gpg2(1),
       md5sum(1), sha1sum(1), sha256sum(1), scp(1), devscripts.conf(5)


       This program was written by Julian Gilbey <> and is copyright under the GPL,
       version 2 or later.