debsign mimics the signing aspects (and bugs) of
dpkg-buildpackage(1). It takes either an unsigned .dsc
file or an unsigned .changes file (along with the associated
unsigned .dsc file found by replacing the architecture name and
.changes by .dsc if it appears in the .changes
file), and signs them using the GNU Privacy Guard or PGP. It is
careful to calculate the size and MD5 sum of the newly signed
.dsc file and replace the original values in the .changes
file.
If a .changes, .dsc or .commands file is specified,
it is signed, otherwise, debian/changelog is parsed to determine
the name of the .changes file to look for in the parent
directory.
This utility is useful if a developer must build a package on one
machine where it is unsafe to sign it; they need then only transfer
the small .dsc and .changes files to a safe machine and
then use the debsign program to sign them before
transferring them back. This process can be automated in two ways.
If the files to be signed live on the remote machine, the -r
option may be used to copy them to the local machine and back again
after signing. If the files live on the local machine, then they may
be transferred to the remote machine for signing using
debrsign(1).
This program can take default settings from the devscripts
configuration files, as described below.
OPTIONS
-r [username@]remotehost
The .changes and .dsc files live on the specified remote
host. In this case, a .changes file must be explicitly named,
with an absolute directory or one relative to the remote home
directory. SSH will be used for the copying. The
[username@]remotehost:changes syntax is
permitted as an alternative.
-pprogname
progname is one of pgp or gpg, and specifies which
signing program is to be called. The default is gpg if
~/.gnupg/secring.gpg exists and pgp otherwise.
-mmaintainer
Specify the maintainer name to be used for signing. (See
dpkg-buildpackage(1) for more information about the differences
between -m, -e and -k when building packages;
debsign makes no use of these distinctions except with respect
to the precedence of the various options. These multiple options are
provided so that the program will behave as expected when called by
debuild(1).)
-emaintainer
Same as -m but takes precedence over it.
-kkeyid
Specify the key ID to be used for signing; overrides any -m
and -e options.
-spgp, -sgpg
Whether the signing program is to be called with command line
arguments like those of pgp or gpg.
-S
Look for a source-only .changes file instead of a binary-build
changes file.
-adebian-architecture, -tGNU-system-type
See dpkg-architecture(1) for a description of these options.
They affect the search for the .changes file. They are provided
to mimic the behaviour of dpkg-buildpackage when determining the
name of the .changes file.
--multi
Multiarch changes mode: This signifies that debrsign should
use the most recent file with the name pattern
package_version_*+*.changes as the changes file, allowing for the
changes files produced by dpkg-cross.
--no-conf, --noconf
Do not read any configuration files. This can only be used as the
first option given on the command-line.
--help, -h
Display a help message and exit successfully.
--version
Display version and copyright information and exit successfully.
CONFIGURATION VARIABLES
The two configuration files /etc/devscripts.conf and
~/.devscripts are sourced in that order to set configuration
variables. Command line options can be used to override configuration
file settings. Environment variable settings are ignored for this
purpose. The currently recognised variables are:
DEBSIGN_PROGRAM
Setting this is equivalent to giving a -p option.
DEBSIGN_SIGNLIKE
This must be gpg or pgp and is equivalent to using either
-sgpg or -spgp respectively.
