SYNOPSIS
debsigs --list|-l [-v] file [file...]debsigs --sign=type [--default-key=keyID] [-v] file [file...]
debsigs --verify|--check|-c file [file...]
debsigs --delete=type file [file...]
DESCRIPTION
debsigs is used to manipulate the cryptographic signatures stored inside a .deb file. It is not used to verify those signatures; for that purpose, see debsig-verify(1).OPTIONS
- --list or -l or -t
- Lists the signatures found in the specified file.
- --sign=type
- Creates a new signature of the type specified in the given file. The signature will be created using the default key for your GPG keyring. See ``SIGNATURE TYPES'' below for possible values of the "type" field.
- --default-key=keyID
- Uses a key other than the default for signing the package.
- --secret-keyring=file or -K file
- Uses a keyring other than the default for signing the package. This option is passed along to GPG verbatim; see the discussion in the gpg(1) manpage for information on how to specify the keyring file.
- -v
- Displays verbose output.
- --verify or --check or -c
- Invokes debsig-verify to check the validity of the signature on this package.
- --delete=type
- Deletes the signature of the specified type from the package.
SIGNATURE TYPES
A Debian package may carry different types of signatures. The most commonly-used ones are:-
"origin"
The official signature of the organization which distributes the package, usually the Debian Project or a GNU/Linux distribution derived from it. This signature may be added automatically.
-
"maint"
The signature of the maintainer of the Debian package. This signature should be added by the maintainer before uploading the package.
-
"archive"
An automatically-added signature renewed periodically to ensure that a package downloaded from an online archive is indeed the latest version distributed by the organization.
See the /usr/share/doc/debsigs/signing-policy.txt file for more information and rationale for the different signature types.