Provided by: dpkg-sig_0.13.1+nmu4_all bug


       dpkg-sig - Debian package archive (.deb) signature generation and verification tool


       dpkg-sig [options] --sign role [archive|changes]+

       dpkg-sig [options] --verify [archive]+

       dpkg-sig [options] --verify-role role [archive]+

       dpkg-sig [options] --verify-exact member [archive]+

       dpkg-sig [options] --list [archive]+

       dpkg-sig [options] --get-hashes role [archive|changes]+

       dpkg-sig [options] --sign-hashes [hashes-archive]+

       dpkg-sig [options] --write-signature [hashes-archive]+


       dpkg-sig creates and verifies signatures on Debian archives (.deb-files).

       Use higher-level tools to install and remove packages from your system, and to verify a
       signature as acceptable for your system.

       A usage example can be found at the end of this man page.


       --sign, -s role
           Signs a standard-conforming Debian archive. role gives the name of the signature
           (usually 'builder' for the builder of the .deb).  The signature is made using your
           default key, unless specified via any explicit or implicit option (see below).

           If one or more .changes-files are given, the md5sums inside the .changes file(s) are
           also updated.

           If a .changes file was gpg-signed, the signature is removed when updating the md5sums.

       --verify, -c; --verify-role; --verify-exact
           Verifies a signature on the given archive file. --verify and -c just check all
           signatures; --verify-role verifies all signatures with a given role, and
           --verify-exact wants the exact name of the archive member (without the leading _gpg).
           However, both commands also accept perl regular expressions as the name.

           All verify variants output (in turn for each signature) either a line consisting of
           GOODSIG, role, gpg-fingerprint and signature time (in seconds since 1970-1-1 0:00:00
           UTC), or BADSIG.

           Starting from version 0.12, dpkg-sig returns 2 if a bad signature was found when
           trying to verify. If an unknown key was used to sign a .deb, dpkg-sig returns 3.

       --list, -l, -t
           Lists all names inside the deb that look like a signature.

       --get-hashes, --sign-hashes, --write-signature
           --get-hashes creates an ar(1) archive containing a control file part and files with
           the digests of all the .debs specified on the command-line or named in the .changes
           file(s) specified on the command-line.

           After that, you can transfer this (small) file to another machine, for example an
           offline system containing your gpg keys. (Yep, that's paranoid!)

           --sign-hashes then signs this file containing the digests (in fact, it replaces the
           digests parts with their signatures).

           Now transfer the signed file back to the machine where you created the hashes and use
           --write-signature to add the signatures from the archive to the deb.


       -m maintainer
           Specify the maintainer name to be used for signing.

       -e maintainer
           Same as -m but takes precedence.

       -k keyid
           Specify the key ID to be used for signing; overrides any -e or -m option.

           Get some more details.

           Gurantees that the non-verbose output will not change. Use this if you want to parse
           the output.

           The signature format changed between version 0.10 and 0.11. If you want to verify old
           signatures too, try this switch.

           The signature format changed between version 0.2 and 0.3. If you want to verify old
           signatures too, try this switch.

       --cache-passphrase, -p
           Caches the gpg-passphrase inside dpkg-sig. This needs the suggested package

           Be warned: Doing this is insecure, dpkg-sig doesn't protect the memory it uses to
           store the passphrase.

       --sign-changes, -a [ no | auto | yes | full | force_full ]
           Tells whether also sign the .changes and .dsc-files. The default is auto, which means
           that the .changes-file is re-signed if it was signed before.

           The other values are no (don't sign .changes, and remove an existing signature), yes
           (always add a signature to .changes), full (always add a signature to .changes, and
           also sign the .dsc-file if there was no previous signature; otherwise ask) and
           force_full (always add a signature to both the .changes and .dsc files).

       --remote-dpkg-sig, -r path
           Use this if you want to specify where dpkg-sig can find the dpkg-sig executable on the
           remote machine.

           This is useful if you're not able/allowed to install dpkg-sig as a .deb.  To do that,
           copy the script to something like ~/bin/dpkg-sig on the remote system. After that, you
           can call your local dpkg-sig with something like the following to use the remote
           signing/verifying features:

           "dpkg-sig --sign builder -r ~/bin/dpkg-sig

       --remote-ssh-port, -o port
           Port of the sshd on the remote host. Default value is 22.


       These options should normally not be used, but are here for completeness.  Be warned: Use
       them only if you really know what you are doing.

       --gpgoptions, -g gpg options
           Use this to pass arbitrary options to gpg(1) whenever a file is signed. As this can
           lead to broken signatures, test your changes carefully.

       --passphrase-file, -f passphrase file
           Tells gpg to use the passphrase in file to sign.

           Be warned: Doing this is insecure, DON'T use this feature.  However, in some cases
           (e.g. automatic signing on a buildd) this could be useful, and is still better than
           using a gpg-key without passphrase. You can gain at least some security by putting
           this file on a ramdisk, but it would be better to use gpg-agent(1).


       The two configuration files /etc/devscripts.conf and ~/.devscripts are sourced in that
       order to set configuration variables.  Command line options can be used to override
       configuration file settings.  Environment variable settings are ignored for this purpose.
       The currently recognised variables are:

           This is the -m option.

           This is the -k option, and DPKGSIG_KEYID has most precedence.

           This is the --sign-changes option. Valid values are no, auto, yes, full and

           This is the --cache-passphrase option. Set this to a true value to enable it.


       The signatures created by dpkg-sig are added in a strict standard-conforming way to the
       .deb archive file. The signature itself is made on a file formatted like a Debian control
       file. The fields of this file are: Version, specifying a dpkg-sig file version number;
       Signer, giving the name of the signer; Date and Role, and finally Files, which gives the
       digests of the prior contents of the .deb archive file.  Note that this includes any prior
       signatures made by dpkg-sig. Thus it is possible to verify any signature by hand with just
       ar(1), md5sum(1), sha1sum(1) and gpg(1).  Signing a list of digests has the advantage that
       it is possible to perform remote signatures without transferring the whole archive file.
       This does require one to trust the remote machine, though!


       dpkg-sig can sign remote files using ssh(1) without transferring the whole file to the
       local machine, or the key to the remote machine. Simply specify the file with
       "ssh://[user@]machine:/path/to/file", and have dpkg-sig installed on the remote machine.
       (See also the --remote-dpkg-sig option above.)

       Remote signing supports the usual filename globbing.

       Remote signing has been tested, but is at the moment considered a more experimental


       dpkg-sig should be able to also verify signatures made by older code.  This may be added
       in a later version.

       dpkg-sig assumes that any given archive is strictly standard-compatible.  This is valid
       for archives created by dpkg-deb - but if you're not sure about a archive, verify this
       yourself, or live with the risk of a bad signature.

       More documentation about the signature format should be added.

       Deal better with expired etc. keys and signatures.

       Better inclusion into the other tools like dpkg-buildpackage.

       And of course: Still missing is testing, testing and testing dpkg-sig.


       A typical use is to sign packages before a (maintainer-)upload. This can be done by
       running dpkg-buildpackage and afterwards calling "dpkg-sig --sign builder *.changes".

       If you want to do all signing with dpkg-sig you could run "dpkg-buildpackage -uc -us" and
       afterwards call "dpkg-sig --sign builder --sign-changes full *.changes".  If you do this,
       there is no need to call debsign any more, as dpkg-sig does all the signing for you.

       If you don't want to type in your passphrase multiple times, then you could add the option

       The options --sign-changes and --cache-passphrase could be replaced with setting the
       variables DPKGSIG_SIGN_CHANGES respectivly DPKGSIG_CACHE_PASS (set the later one set to a
       true value) in ~/.devscripts.

       The key-id is automatically set from /etc/devscripts.conf and ~/.devscripts, but could be
       overridden via the -m, -e or -k command line options (see above).


       deb(5), debsign(1), dpkg-deb(8), /usr/share/doc/dpkg-sig/


       dpkg-sig and this manpage were written by Andreas Barth and Marc Brockschmidt. They are
       Copyright (C) 2003-2006 by them and released under the GNU General Public Licence version
       2 or later; there is NO WARRANTY.  See /usr/share/doc/dpkg-sig/copyright and
       /usr/share/common-licenses/GPL for details. Some parts of this manpage are taken from