Man Linux: Main Page and Category List


       debsign - sign a Debian changes and dsc file pair using GPG/PGP


       debsign [options] [changes-file|dsc-file|commands-file ...]


       debsign  mimics the signing aspects (and bugs) of dpkg-buildpackage(1).
       It takes either an unsigned .dsc file  or  an  unsigned  .changes  file
       (along  with  the  associated unsigned .dsc file found by replacing the
       architecture name and .changes by .dsc if it appears  in  the  .changes
       file),  and  signs  them  using  the  GNU  Privacy Guard or PGP.  It is
       careful to calculate the size and checksums of the  newly  signed  .dsc
       file and replace the original values in the .changes file.

       If  a  .changes,  .dsc  or  .commands  file is specified, it is signed,
       otherwise, debian/changelog is parsed to  determine  the  name  of  the
       .changes file to look for in the parent directory.

       If a .commands file is specified it is first validated (see the details
       at,  and  the  name
       specified in the Uploader field is used for signing.

       This  utility  is  useful  if  a  developer must build a package on one
       machine where it is unsafe to sign it; they need then only transfer the
       small  .dsc  and  .changes  files  to  a  safe machine and then use the
       debsign program to sign  them  before  transferring  them  back.   This
       process  can  be automated in two ways.  If the files to be signed live
       on the remote machine, the -r option may be used to copy  them  to  the
       local  machine  and back again after signing.  If the files live on the
       local machine, then they may be transferred to the remote  machine  for
       signing using debrsign(1).

       This   program   can   take   default   settings  from  the  devscripts
       configuration files, as described below.


       -r [username@]remotehost
              The .changes and .dsc files live on the specified  remote  host.
              In  this case, a .changes file must be explicitly named, with an
              absolute directory or one relative to the remote home directory.
              scp     will     be     used     for     the    copying.     The
              [username@]remotehost:changes  syntax   is   permitted   as   an
              alternative.  Wildcards (* etc.) are allowed.

              progname  is  one  of  pgp  or  gpg, and specifies which signing
              program  is   to   be   called.    The   default   is   gpg   if
              ~/.gnupg/secring.gpg exists and pgp otherwise.

              Specify  the maintainer name to be used for signing.  (See dpkg-
              buildpackage(1)  for  more  information  about  the  differences
              between  -m,  -e and -k when building packages; debsign makes no
              use of these distinctions except with respect to the  precedence
              of  the various options.  These multiple options are provided so
              that  the  program  will  behave  as  expected  when  called  by

              Same as -m but takes precedence over it.

              Specify  the key ID to be used for signing; overrides any -m and
              -e options.

       -spgp, -sgpg
              Whether the signing program is to be called  with  command  line
              arguments like those of pgp or gpg.

       -S     Look  for  a source-only .changes file instead of a binary-build
              changes file.

       -adebian-architecture, -tGNU-system-type
              See dpkg-architecture(1) for a  description  of  these  options.
              They affect the search for the .changes file.  They are provided
              to mimic the behaviour of dpkg-buildpackage when determining the
              name of the .changes file.

              Multiarch  changes  mode: This signifies that debsign should use
              the    most    recent    file    with    the    name     pattern
              package_version_*+*.changes  as  the  changes file, allowing for
              the changes files produced by dpkg-cross.

       --re-sign, --no-re-sign
              Recreate signature, respectively use the existing signature,  if
              the  file  has  been signed already.  If neither option is given
              and an already signed file is found the user is asked if  he  or
              she likes to use the current signature.

       --debs-dir DIR
              Look for the .changes and .dsc files in directory DIR instead of
              the parent of the source directory.  This should  either  be  an
              absolute path or relative to the top of the source directory.

       --no-conf, --noconf
              Do  not  read any configuration files.  This can only be used as
              the first option given on the command-line.

       --help, -h
              Display a help message and exit successfully.

              Display version and copyright information and exit successfully.


       The  two configuration files /etc/devscripts.conf and ~/.devscripts are
       sourced in that order to set  configuration  variables.   Command  line
       options   can   be   used  to  override  configuration  file  settings.
       Environment variable  settings  are  ignored  for  this  purpose.   The
       currently recognised variables are:

              Setting this is equivalent to giving a -p option.

              This  must be gpg or pgp and is equivalent to using either -sgpg
              or -spgp respectively.

              This is the -m option.

              And this is the -k option.

              Always re-sign files even if they are  already  signed,  without

              This  specifies  the directory in which to look for the .changes
              and .dsc files, and is either an absolute path  or  relative  to
              the  top of the source tree.  This corresponds to the --debs-dir
              command line option.  This directive could be used, for example,
              if  you  always  use  pbuilder or svn-buildpackage to build your
              packages.  Note that it also affects debrelease(1) in  the  same
              way, hence the strange name of the option.


       debrsign(1),  dpkg-buildpackage(1),  dpkg-architecture(1),  debuild(1),
       md5sum(1),  sha1sum(1),  sha256sum(1),  gpg(1),  pgp(1),   scp(1)   and


       This  program  was  written  by  Julian  Gilbey <> and is
       copyright under the GPL, version 2 or later.