debsig-verify(1)
NAME
debsig-verify - Verify signatures for a Debian format package
SYNOPSIS
debsig-verify [option...] deb
DESCRIPTION
This program is part of a security model that verifies the source and
validity of a Debian format package (commonly referred to as a deb).
This program implements the verification specs defined in the document,
"Package Verification with dpkg: Implementation", which is a more
complete reference for the verification procedure.
The program generally takes one argument, the deb file to be verified.
It will then check the origin signature of the deb, find its Public Key
ID (long format), and use that as the name for a policy subdirectory.
If this subdirectory does not exist, then the verification fails
immediately.
In this subdirectory, the program finds one or more files named with
the .pol file extension, which signifies an XML format policy
definition. This file contains three main parts.
Origin Information about the origin of this policy.
Selection
Rules used to decide if this policy is pertinent to this deb's
verification.
Verification
Rules that are used to actually verify the deb.
The policy files will reference keyrings by a filename. These keyrings
will be looked for in a subdirectory of the keyring directory. The
subdirectory has the same name as the policy subdirectory (previously
determined by the Origin's Public Key ID).
The program will, after first parsing the entire file, check the Origin
ID against the Public Key ID of the origin signature in the deb. If
these match (which they should, else something is really wrong), then
it will proceed to the Selection rules.
The Selection rules decide whether this policy is suitable for
verifying this deb. If these rules fail, then the program will proceed
to the next policy. If it passes, then the program commits to using
this policy for verification, and no other policies will be referenced.
The last verification step relies on the Verification rules. These are
similar in format to the Selection rules, but are usually more
constrained. If these rules fail, the program exits with a non-zero
status. If they pass, then it exits with a zero status.
OPTIONS
-q, --quiet
Causes the program to send no output, other than fatal errors.
This is useful when being called from another program, where you
rely on the exit value only.
-v, --verbose
Causes the program to send more output on execution, so as to
follow the steps it is taking while trying to verify the deb.
-d, --debug
Outputs even more info than the -v option. This is mainly for
debugging.
--help Outputs the usage information for the program.
--version
Outputs the version information for the program. This includes
the policy format version. This option does not require any
other arguments.
--list-policies
Outputs a list of the policies that passed the Selection phase
of the verification process. In other words, those that could
potentially verify the deb. The output is one line showing the
directory selected by the origin signature, and then a single
line for any policy files in that directory that pass the
Selection rules. This option will NOT verify the deb.
--use-policy policy
This option takes one argument, which is the name of the policy
file (as shown by the --list-policies option). Note, this is
just a file, and not a full path. You cannot specify arbitrary
policies. This option is useful if more than one policy applies
to potentially verifying the deb. The program will then use this
policy, and only this policy, to try and verify the deb.
--policies-dir directory
Use a different directory when looking up for policies.
--keyrings-dir directory
Use a different directory when looking up for keyrings.
--root directory
Use a different root directory when looking up for policies and
keyrings.
EXIT STATUS
0 The requested operation completed successfully.
1 General non-success exit value. This occurs for non-verification
operations.
10 Either no signatures are contained in the deb or no origin
signature was found.
11 An origin signature was found, but it does not have a
corresponding subdirectory in the policies directory.
12 The origin was found, and is present. However, no policies were
found that passed the selection phase of the process. Thus, no
verification was performed.
13 The package failed the verification phase of the process. More
than likely, this occurs due to a bad signature, or because not
all criteria of the verification block of the policy were
passed.
14 An internal error occurred. This is an unrecoverable error.
Either the deb is corrupt, gpg failed abnormally, or some other
uncontrollable failure.
ENVIRONMENT
DEBSIG_GNUPG_PROGRAM
The name (or pathname) of the GnuPG program to use.
FILES
/etc/debsig/policies/
Directory containing the policy (.pol) definitions.
/etc/debsig/policies/*/*.pol
XML format policy files.
/usr/share/debsig/keyrings/
Directory containing the keyrings that coincide with the
policies.
/usr/share/debsig/keyrings/*/*.gpg
GnuPG format keyrings for use by the policies.
SEE ALSO
debsigs(1), gpg(1), deb(5).
AUTHOR
Ben Collins <bcollins@debian.org>
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
