debsig-verify - Verify signatures for a Debian format package
This program is part of a security model that verifies the source and validity
of a Debian format package (commonly referred to as a deb
This program implements the verification specs defined in the document, "
Package Verification with dpkg: Implementation
", which is a more
complete reference for the verification procedure.
The program generally takes one argument, the deb
file to be verified. It
will then check the origin
signature of the deb
, find its Public
Key ID (long format), and use that as the name for a policy subdirectory. If
this subdirectory does not exist, then the verification fails immediately.
In this subdirectory, the program finds one or more files named with the
file extension, which signifies an XML format policy definition.
This file contains three main parts.
- Information about the origin of this policy.
- Rules used to decide if this policy is pertinent to this deb's
- Rules that are used to actually verify the deb.
The policy files will reference keyrings by a filename. These keyrings will be
looked for in a subdirectory of the keyring directory. The subdirectory has
the same name as the policy subdirectory (previously determined by the
Origin's Public Key ID).
The program will, after first parsing the entire file, check the Origin ID
against the Public Key ID of the origin
signature in the deb
these match (which they should, else something is really wrong), then it will
proceed to the Selection
rules decide whether this policy is suitable for verifying
. If these rules fail, then the program will proceed to the
next policy. If it passes, then the program commits to using this policy for
verification, and no other policies will be referenced.
The last verification step relies on the Verification
rules. These are
similar in format to the Selection
rules, but are usually more
constrained. If these rules fail, the program exits with a non-zero status. If
they pass, then it exits with a zero status.
- -q, --quiet
- Causes the program to send no output, other than fatal errors. This is
useful when being called from another program, where you rely on the exit
- -v, --verbose
- Causes the program to send more output on execution, so as to follow the
steps it is taking while trying to verify the deb.
- -d, --debug
- Outputs even more info than the -v option. This is mainly for
- Outputs the usage information for the program.
- Outputs the version information for the program. This includes the policy
format version. This option does not require any other arguments.
- Outputs a list of the policies that passed the Selection phase of
the verification process. In other words, those that could potentially
verify the deb. The output is one line showing the directory
selected by the origin signature, and then a single line for any
policy files in that directory that pass the Selection rules. This
option will NOT verify the deb.
- --use-policy policy
- This option takes one argument, which is the name of the policy file (as
shown by the --list-policies option). Note, this is just a file,
and not a full path. You cannot specify arbitrary policies. This option is
useful if more than one policy applies to potentially verifying the
deb. The program will then use this policy, and only this policy,
to try and verify the deb.
- --policies-dir directory
- Use a different directory when looking up for policies.
- --keyrings-dir directory
- Use a different directory when looking up for keyrings.
- --root directory
- Use a different root directory when looking up for policies and
- The requested operation completed successfully.
- General non-success exit value. This occurs for non-verification
- Either no signatures are contained in the deb or no origin
signature was found.
- An origin signature was found, but it does not have a corresponding
subdirectory in the policies directory.
- The origin was found, and is present. However, no policies were
found that passed the selection phase of the process. Thus, no
verification was performed.
- The package failed the verification phase of the process. More than
likely, this occurs due to a bad signature, or because not all criteria of
the verification block of the policy were passed.
- An internal error occurred. This is an unrecoverable error. Either the
deb is corrupt, gpg failed abnormally, or some other uncontrollable
- The name (or pathname) of the GnuPG program to use.
- Directory containing the policy (.pol) definitions.
- XML format policy files.
- Directory containing the keyrings that coincide with the policies.
- GnuPG format keyrings for use by the policies.
Ben Collins <email@example.com>