Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Deb (file format)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Signed packages=== Debian-based distributions support [[OpenPGP]] signature verification of signed Debian packages, but most (if not all) have this feature disabled by default.<ref name="packagecloud20141028">{{cite web |author=Joe Damato |date=28 Oct 2014 |title=HOWTO: GPG sign and verify deb packages and APT repositories |url=https://blog.packagecloud.io/eng/2014/10/28/howto-gpg-sign-verify-deb-packages-apt-repositories/ |access-date=26 Aug 2016 |website=packagecloud.io}}</ref> Instead packages are verified by signing the repository metadata (i.e. <kbd>Release</kbd> files). The metadata files in turn include checksums for the repository files as a means to verify authenticity of the files.<ref>{{cite web |author=<!--Staff writers; no by-line.--> |date=4 Aug 2015 |title=APT repository internals |url=https://blog.packagecloud.io/eng/2015/08/04/apt-repository-internals/ |access-date=26 Aug 2016 |website=packagecloud.io}}</ref><ref>{{cite web|url=https://wiki.debian.org/SecureApt|title=SecureApt - All about secure apt|author=<!--Staff writers; no by-line.-->|date=22 Sep 2015|website=debian.org|access-date=26 Aug 2016}}</ref> Currently there are two different implementations for signing individual packages. The first is done via the <kbd>debsigs</kbd> / <kbd>debsig-verify</kbd> toolset, which is supported by [[dpkg]].<ref name="packagecloud20141028"/><ref>{{cite web|url=https://manpages.debian.org/unstable/debsig-verify.1|title=debsig-verify(1) man page|author=<!--Staff writers; no by-line.-->|website=manpages.debian.org|access-date=2017-04-23}}</ref> The second is done through the <kbd>dpkg-sig</kbd> program which is not supported by [[dpkg]], so the packages have to be manually checked with the <kbd>dpkg-sig</kbd> program.<ref name="packagecloud20141028"/><ref>{{cite web|url=https://manpages.debian.org/unstable/debsigs.1|title=debsigs(1) man page|author=<!--Staff writers; no by-line.-->|website=manpages.debian.org|access-date=2017-04-23}}</ref><ref>{{cite web|url=http://dpkg-sig.turmzimmer.net/ |title=Integrating signatures into Debian archive files |author=Andreas Barth |date=29 Dec 2003 |website=turmzimmer.net |access-date=29 Dec 2003 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20060222013602/http://dpkg-sig.turmzimmer.net/ |archive-date=2006-02-22}}</ref><ref>{{cite web|url=http://dpkg-sig.turmzimmer.net/policy.html |title=policy for debsigs |date=1 Feb 2004 |website=turmzimmer.net |access-date=1 Feb 2004 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20060714233154/http://dpkg-sig.turmzimmer.net/policy.html |archive-date=2006-07-14}}</ref> Both formats add new sections to the [[Ar (Unix)|ar archive]] to store the signature information, but the formats are not compatible with one another.<ref name="packagecloud20141028"/> Neither of the modifications to the package format are listed in the official Debian handbook or [[man page]] about the binary package format.<ref>{{cite web|url=https://www.debian.org/doc/manuals/debian-handbook/packaging-system.en.html|title=The Debian Administrator's Handbook - Ch5. Packaging System: Tools and Fundamental Principles|author=<!--Staff writers; no by-line.-->|date=n.d.|website=debian.org|access-date=26 Aug 2016}}</ref><ref name="manpagedeb5"/>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)