Provided by: devscripts_2.16.2ubuntu3_amd64 bug


       debsign - sign a Debian .changes and .dsc file pair using GPG


       debsign [options] [changes-file|dsc-file|commands-file ...]


       debsign mimics the signing aspects (and bugs) of dpkg-buildpackage(1).  It takes either an
       unsigned .dsc file or an unsigned .changes file (along with the associated  unsigned  .dsc
       file  found  by  replacing the architecture name and .changes by .dsc if it appears in the
       .changes file), and signs them using the GNU Privacy Guard.  It is  careful  to  calculate
       the  size  and  checksums of the newly signed .dsc file and replace the original values in
       the .changes file.

       If  a  .changes,  .dsc  or  .commands  file  is  specified,  it  is   signed,   otherwise,
       debian/changelog  is  parsed to determine the name of the .changes file to look for in the
       parent directory.

       If  a  .commands  file  is  specified  it  is  first  validated  (see   the   details   at,   and   the  name  specified  in  the
       Uploader field is used for signing.

       This utility is useful if a developer must build a package on  one  machine  where  it  is
       unsafe  to  sign  it;  they need then only transfer the small .dsc and .changes files to a
       safe machine and then use the debsign program to sign them before transferring them  back.
       This  process  can be automated in two ways.  If the files to be signed live on the remote
       machine, the -r option may be used to copy them to the local machine and back again  after
       signing.   If  the  files  live  on the local machine, then they may be transferred to the
       remote machine for signing using debrsign(1).

       This program can take  default  settings  from  the  devscripts  configuration  files,  as
       described below.


       -r [username@]remotehost
              The  .changes  and  .dsc  files live on the specified remote host.  In this case, a
              .changes file must be explicitly named, with an absolute directory or one  relative
              to   the   remote  home  directory.   scp  will  be  used  for  the  copying.   The
              [username@]remotehost:changes syntax is permitted as an alternative.  Wildcards  (*
              etc.) are allowed.

              When  debsign needs to execute GPG to sign it will run progname (searching the PATH
              if necessary), instead of gpg.

              Specify the maintainer name to be used for signing.  (See dpkg-buildpackage(1)  for
              more  information  about  the  differences  between  -m,  -e  and  -k when building
              packages; debsign makes no use of these distinctions except  with  respect  to  the
              precedence of the various options.  These multiple options are provided so that the
              program will behave as expected when called by debuild(1).)

              Same as -m but takes precedence over it.

              Specify the key ID to be used for signing; overrides any -m and -e options.

       -S     Look for a source-only .changes file instead of a binary-build .changes file.

       -adebian-architecture, -tGNU-system-type
              See dpkg-architecture(1) for a description  of  these  options.   They  affect  the
              search  for  the  .changes file.  They are provided to mimic the behaviour of dpkg-
              buildpackage when determining the name of the .changes file.

              Multiarch .changes mode: This signifies that debsign should  use  the  most  recent
              file  with  the  name  pattern  package_version_*+*.changes  as  the .changes file,
              allowing for the .changes files produced by dpkg-cross.

       --re-sign, --no-re-sign
              Recreate signature, respectively use the existing signature, if the file  has  been
              signed already.  If neither option is given and an already signed file is found the
              user is asked if he or she likes to use the current signature.

       --debs-dir DIR
              Look for the .changes and .dsc files in directory DIR instead of the parent of  the
              source directory.  This should either be an absolute path or relative to the top of
              the source directory.

       --no-conf, --noconf
              Do not read any configuration files.  This can only be used  as  the  first  option
              given on the command-line.

       --help, -h
              Display a help message and exit successfully.

              Display version and copyright information and exit successfully.


       The  two  configuration  files  /etc/devscripts.conf and ~/.devscripts are sourced in that
       order to set configuration variables.  Command  line  options  can  be  used  to  override
       configuration  file settings.  Environment variable settings are ignored for this purpose.
       The currently recognised variables are:

              Setting this is equivalent to giving a -p option.

              This is the -m option.

              And this is the -k option.

              Always re-sign files even if they are already signed, without prompting.

              This specifies the directory in which to look for the .changes and .dsc files,  and
              is  either  an  absolute  path  or  relative  to  the top of the source tree.  This
              corresponds to the --debs-dir command line option.  This directive could  be  used,
              for example, if you always use pbuilder or svn-buildpackage to build your packages.
              Note that it also affects debrelease(1) in the same way, hence the strange name  of
              the option.


       debrsign(1),  debuild(1),  dpkg-architecture(1),  dpkg-buildpackage(1),  gpg(1),  gpg2(1),
       md5sum(1), sha1sum(1), sha256sum(1), scp(1), devscripts.conf(5)


       This program was written by Julian Gilbey <> and is copyright under the GPL,
       version 2 or later.