dscverify(1) [linux man page]
DSCVERIFY(1) General Commands Manual DSCVERIFY(1) NAME
dscverify - verify the validity of a Debian package SYNOPSIS
dscverify [--keyring keyring] ... changes_or_dsc_filename ... DESCRIPTION
dscverify checks that the GPG signatures on the given .changes or .dsc files are good signatures made by keys in the current Debian keyrings, found in the debian-keyring and debian-maintainers packages. (Additional keyrings can be specified using the --keyring option any number of times.) It then checks that the other files listed in the .changes or .dsc files have the correct sizes and checksums (MD5 plus SHA1 and SHA256 if the latter are present). The exit status is 0 if there are no problems and non-zero otherwise. OPTIONS
--keyring keyring Add keyring to the list of keyrings to be used. --no-default-keyrings Do not use the default set of keyrings. --no-conf, --noconf Do not read any configuration files. This can only be used as the first option given on the command-line. --nosigcheck, --no-sig-check, -u Skip the signature verification step. That is, only verify the sizes and checksums of the files listed in the .changes or .dsc files. --verbose Do not suppress GPG output. --help, -h Display a help message and exit successfully. --version Display version and copyright information and exit successfully. CONFIGURATION VARIABLES
The two configuration files /etc/devscripts.conf and ~/.devscripts are sourced by a shell in that order to set configuration variables. Environment variable settings are ignored for this purpose. If the first command line option given is --noconf or --no-conf, then these files will not be read. The currently recognised variable is: DSCVERIFY_KEYRINGS This is a colon-separated list of extra keyrings to use in addition to any specified on the command line. KEYRING
Please note that the keyring provided by the debian-keyring package can be slightly out of date. The latest version can be obtained with rsync, as documented in the README that comes with debian-keyring. If you sync the keyring to a non-standard location (see below), you can use the possibilities to specify extra keyrings, by either using the above mentioned configuration option or the --keyring option. Below is an example for an alias: alias dscverify='dscverify --keyring ~/.gnupg/pubring.gpg' STANDARD KEYRING LOCATIONS
By default dscverify searches for the debian-keyring in the following locations: - /org/keyring.debian.org/keyrings/debian-keyring.gpg - /usr/share/keyrings/debian-keyring.gpg - /usr/share/keyrings/debian-maintainers.gpg SEE ALSO
gpg(1) and devscripts.conf(5). AUTHOR
dscverify was written by Roderick Schertler <roderick@argon.org> and posted on the debian-devel@lists.debian.org mailing list, with several modifications by Julian Gilbey <jdg@debian.org>. DEBIAN Debian Utilities DSCVERIFY(1)
Check Out this Related Man Page
APT-KEY(8) APT APT-KEY(8) NAME
apt-key - APT key management utility SYNOPSIS
apt-key [--keyring filename] [command] [arguments...] DESCRIPTION
apt-key is used to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys will be considered trusted. COMMANDS
add filename Add a new key to the list of trusted keys. The key is read from filename, or standard input if filename is -. del keyid Remove a key from the list of trusted keys. export keyid Output the key keyid to standard output. exportall Output all trusted keys to standard output. list List trusted keys. finger List fingerprints of trusted keys. adv Pass advanced options to gpg. With adv --recv-key you can download the public key. update Update the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian. net-update Work similar to the update command above, but get the archive keyring from an URI instead and validate it against a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to validate. APT in Debian does not support this command and relies on update instead, but Ubuntu's APT does. OPTIONS
Note that options need to be defined before the commands described in the previous section. --keyring filename With this option it is possible to specify a specific keyring file the command should operate on. The default is that a command is executed on the trusted.gpg file as well as on all parts in the trusted.gpg.d directory, through trusted.gpg is the primary keyring which means that e.g. new keys are added to this one. FILES
/etc/apt/trusted.gpg Keyring of local trusted keys, new keys will be added here. Configuration Item: Dir::Etc::Trusted. /etc/apt/trusted.gpg.d/ File fragments for the trusted keys, additional keyrings can be stored here (by other packages or the administrator). Configuration Item Dir::Etc::TrustedParts. /etc/apt/trustdb.gpg Local trust database of archive keys. /usr/share/keyrings/debian-archive-keyring.gpg Keyring of Debian archive trusted keys. /usr/share/keyrings/debian-archive-removed-keys.gpg Keyring of Debian archive removed trusted keys. SEE ALSO
apt-get(8), apt-secure(8) BUGS
APT bug page[1]. If you wish to report a bug in APT, please see /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command. AUTHOR
APT was written by the APT team apt@packages.debian.org. AUTHOR
Jason Gunthorpe COPYRIGHT
Copyright (C) 1998-2001 Jason Gunthorpe NOTES
1. APT bug page http://bugs.debian.org/src:apt Linux 28 October 2008 APT-KEY(8)