DEBSIGN(1)                  General Commands Manual                 DEBSIGN(1)

       debsign - sign a Debian .changes and .dsc file pair using GPG

       debsign [options] [changes-file|dsc-file|commands-file ...]

       debsign  mimics the signing aspects (and bugs) of dpkg-buildpackage(1).
       It takes a .dsc, .buildinfo, or .changes file and  signs  it,  and  any
       child .dsc, .buildinfo, or .changes files directly or indirectly refer-
       enced by it, using the GNU Privacy Guard. It is  careful  to  calculate
       the  size and checksums of any newly signed child files and replace the
       original values in the parent file.

       If no file is specified, debian/changelog is parsed  to  determine  the
       name of the .changes file to look for in the parent directory.

       If a .commands file is specified it is first validated (see the details
       at,  and  the  name
       specified in the Uploader field is used for signing.

       This  utility  is useful if a developer must build a package on one ma-
       chine where it is unsafe to sign it; they need then only  transfer  the
       small  .dsc,  .buildinfo  and .changes files to a safe machine and then
       use the debsign program to sign them  before  transferring  them  back.
       This  process  can be automated in two ways.  If the files to be signed
       live on the remote machine, the -r option may be used to copy  them  to
       the  local  machine and back again after signing.  If the files live on
       the local machine, then they may be transferred to the  remote  machine
       for  signing using debrsign(1).  However note that it is probably safer
       to have your trusted signing machine use debsign to connect to the  un-
       trusted  non-signing  machine,  rather  than using debrsign to make the
       connection in the reverse direction.

       This program can take default settings from the  devscripts  configura-
       tion files, as described below.

       -r [username@]remotehost
              The  files  to  be signed live on the specified remote host.  In
              this case, a .dsc, .buildinfo or .changes file must  be  explic-
              itly  named,  with  an absolute directory or one relative to the
              remote home directory.  scp will be used for the  copying.   The
              [username@]remotehost:filename  syntax is permitted as an alter-
              native.  Wildcards (* etc.) are allowed.

              When debsign needs to execute GPG to sign it will  run  progname
              (searching the PATH if necessary), instead of gpg.

              Specify  the maintainer name to be used for signing.  (See dpkg-
              buildpackage(1) for more information about the  differences  be-
              tween -m, -e and -k when building packages; debsign makes no use
              of these distinctions except with respect to the  precedence  of
              the  various  options.   These  multiple options are provided so
              that the program will behave as  expected  when  called  by  de-

              Same as -m but takes precedence over it.

              Specify  the key ID to be used for signing; overrides any -m and
              -e options.

       -S     Look for a source-only .changes file instead of  a  binary-build
              .changes file.

       -adebian-architecture, -tGNU-system-type
              See  dpkg-architecture(1)  for  a  description of these options.
              They affect the search for the .changes file.  They are provided
              to mimic the behaviour of dpkg-buildpackage when determining the
              name of the .changes file.

              Multiarch .changes mode: This signifies that debsign should  use
              the   most  recent  file  with  the  name  pattern  package_ver-
              sion_*+*.changes as the .changes file, allowing for the .changes
              files produced by dpkg-cross.

       --re-sign, --no-re-sign
              Recreate  signature, respectively use the existing signature, if
              the file has been signed already.  If neither  option  is  given
              and  an  already signed file is found the user is asked if he or
              she likes to use the current signature.

       --debs-dir DIR
              Look for the files to be signed in directory DIR instead of  the
              parent  of the source directory.  This should either be an abso-
              lute path or relative to the top of the source directory.

       --no-conf, --noconf
              Do not read any configuration files.  This can only be  used  as
              the first option given on the command-line.

       --help, -h
              Display a help message and exit successfully.

              Display version and copyright information and exit successfully.

       The  two configuration files /etc/devscripts.conf and ~/.devscripts are
       sourced in that order to set configuration variables.  Command line op-
       tions can be used to override configuration file settings.  Environment
       variable settings are ignored for this purpose.  The  currently  recog-
       nised variables are:

              Setting this is equivalent to giving a -p option.

              This is the -m option.

              And this is the -k option.

              Always  re-sign  files  even if they are already signed, without

              This specifies the directory in which to look for the  files  to
              be signed, and is either an absolute path or relative to the top
              of the source tree.  This corresponds to the --debs-dir  command
              line  option.  This directive could be used, for example, if you
              always use pbuilder or svn-buildpackage to build your  packages.
              Note  that  it also affects debrelease(1) in the same way, hence
              the strange name of the option.

       debrsign(1),  debuild(1),  dpkg-architecture(1),  dpkg-buildpackage(1),
       gpg(1),  gpg2(1),  md5sum(1),  sha1sum(1),  sha256sum(1),  scp(1),  de-

       This program was written by Julian Gilbey <> and is copy-
       right under the GPL, version 2 or later.

DEBIAN                         Debian Utilities                     DEBSIGN(1)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2024 Hurricane Electric. All Rights Reserved.