debsigs-installer - process signatures in .deb packages
is designed to be called in an automated fashion from
an installer. It is given one or more files on the command line. For each
file, it will apply the origin signature and make sure that the resulting
package verifies (it will fail to verify if it is missing one of the other
required signatures). It will try its best to do either an all or nothing
approach; that is, if there is a problem with any .deb, all of them will be
unmodified and error code is returned. It can assure this for all except
system call failures (can't copy files, etc.) If success is returned, all
files should be assumed to have succeeded. If failure is returned, all files
should be assumed to have failed.
This program isn't finished yet. It uses hard-coded values for the key ID, key
type (see debsigs
(1)), keyring file, and temporary directory.
John Goerzen <email@example.com>