What is the apt equivalent of rpm -K *.rpm, where -K is defined as verifying the signature of the repository in man rpm and in Maximum RPM?
Example of a situation:
sudo rpm --import https://mirrors.example.com/rpm/RPM-GPG-KEY-release &&
rpm -K example.rpm
The equivalent is debsig-verify, which verifies embedded signatures in .deb packages using locally-stored keys and policies.
Unfortunately this isn’t useful in general because Debian packages are usually not signed individually; in fact, as far as I’m aware, the Debian archives reject individually signed uploads. Debian signs repositories as a whole, rather than individual packages, which means that packages can be verified as they’re downloaded, but not necessarily afterwards. (See How is the authenticity of Debian packages guaranteed? for details of repository authentication.) apt will verify packages before installing them, using its locally-cached information and locally-stored keys, but I don’t think there’s a way to ask it to verify a package as a separate task.
dpkgis the equivalent torpmnotapt. Do have a.debyou wish to install but want to verify the integrity of or are you installing something from your repositories? – kemotep Mar 14 '19 at 11:05.debonly anrpm. I could usealiento convert it into a.debthough. Or rather, I have been but not properly as whenever I've tried to verify the signature (probably incorrectly) i get errors et al. – tsujp Mar 15 '19 at 02:54alien. I do not believe that it can verify signatures, or if it could it alters the contents of the package so the signature would not match between thedebandrpmanyway. As user Stephen Kitt points out, if the maintainers of the package did not usedebsig-verifyfor thedebversion of your software, the package won't be signed in the first place. Please edit your question to be more specific to the steps you are taking to reach your issues. Thank you. – kemotep Mar 15 '19 at 10:45