swign(1)

Contents

NAME

       swign -- Tar archive signing utility for source distributions.

SYNOPSIS

       swign [options] [-u gpg-name] [--homedir=gpg-homedir] @-

       swign -S [options] [-u gpg-name] [--homedir=gpg-homedir]

DESCRIPTION

       swign  loads  a signed metadata catalog file into the current directory
       and then, using GNU tar and the  distribution  file  list,  writes  the
       archive  to stdout.  The contents of the archive is the contents of the
       current directory ".".  The pathnames in the archive  are  prefixed  by
       the directory name of ".".  The owner and group of all the files in the
       emitted archive are specified by the PSF file and command line options.

       If  a  PSF is provided using the -s option then the specified ownership
       must be consistent with the 'swign' command line options for ownerships
       otherwise  the signature will not be valid.  The default ownerships for
       all the files are the current user's owner and group.  If  the  -o  (or
       -g) option is used with a empty string for the option arg then the file
       ownerships of the source files are used.  This script assumes  GNU  tar
       is installed.

       After  writing  the ./catalog/ file and before writing the archive, the
       file list stored in ./catalog/dfiles/files is compared to  the  current
       directory contents, if any difference is found the archive is not writ-
       ten and error returned.

OPTIONS

       --help
              show help.

       --psf
              show the PSF to stdout, and then exit.

       -u, --local-user name
              Use name as the user ID to sign.

       --homedir=DIR
              Set the name of the home directory to  DIR.   If  not  specified
              then use "~/.gnupg".

       -s, --source=FILE
              Specify  a  PSF or '-' for stdin.  If this is not given then the
              internally generated PSF is used.

       -T, --show-names-only
              show some info (for help and debugging) and exit.

       -t, --run-sanity-check
              Instead  of  writing  stdout,  write  the  archive  to  ../pack-
              ageDirName.swigntest.tar.gz and run some sanity tests.

       -S, --sign-this
              Write  the  ./catalog/  file containing the digest and signature
              into "." and then exit without writing the archive to stdout.

       -D, --with-checksig FILE
              Include the checksig control script sourced from FILE.

       -o, --owner OWNER
              Specify owner.  Use an empty string ""  to  specify  the  source
              file owner.

       -g, --group GROUP
              Specify  group.   Use  an  empty string "" to specify the source
              file group.

       -x format
              Specify the archive format.  Must  be  one  of  the  formats  of
              swpackage.

       @-
              Target, only supported target is standard output.

EXTERNAL EFFECTS

       The program will remove and replace a file in "." named ./catalog/.

       When  using  the  '-t'  option  an  archive file is written to ../pack-
       ageDirName.swigntest.tar.gz

TESTING

       After running successfully with options -S  and -D FILE  the  following
       should be true (report no error).

                 swverify --checksig .




       Similarly,

                 swign -u gpgname @- | swverify --checksig -


       If  a checksig script is included then you should unpack the package at
       a new location and run  swverify --checksig "." in the new location.

       Swign can be used to sign any directory using the  file  ownerships  of
       the  source files.  The following commands act as a test of swpackage's
       ability to generate an archive identical to  GNU  tar.   (Note:  check-
       sig.sh is found in ./bin of the source distribution.)

              swign -D $HOME/checksig.sh -u "Test User" -o "" -g "" -S;
              swverify -d @.

ENVIRONMENT

       The  environment  variable  SWPACKAGEPASSFD  sets  the  passphrase file
       descriptor.

RETURN VALUE

       0 on success, non-zero on failure.

FILES

         <path>/catalog/

SEE ALSO

       info swbis

       swpackage(8), gpg

IDENTIFICATION

        swign(1): The source directory signing utility of the swbis project.
        Author: J. Lowe jhlowe@acm.org
        Version: 0.473
        Date: 2005-11-05
        Copying: GNU Free Documentation License

BUGS

       If a directory is signed using the '-S' option  and  has  a  file  path
       greater  than  99  chars  in length then it will be unverifiable if the
       'ustar0' format and GNU tar 1.13.25 was used.

       Verification  of  the  directory  form  of  a  distribution  (i.e.  the
       installed  tarball  path  name prefix) such as running 'swverify -d @.'
       after running 'swign -S' will fail if the order of directory entries is
       not compatible with traditional Unix file system directory entry order-
       ing.  This incompatibility may be present in the  Ext3,  reiserFS,  and
       DarwinOS et.al file systems.

       Use of the '-o USER -g GROUP' is dependent on the checksig script.  The
       default file ownership policies of this program are suited to  packaged
       products  where  file user and group ownerships are not a critical fea-
       ture.



                                                                      swign(1)

[ Index ] [ Back ]