Marc Haber wrote... > On Wed, Dec 21, 2016 at 09:31:23AM +0100, Joerg Jaspert wrote: > > Now, if you want to manually download a .deb and dpkg -i it - then you > > have to manually do the same steps apt & co do: Get the corresponding > > packages and (In)Release files, verify its signature validates against > > the archive key, then verify the checksum of the Packages and then the > > .deb file. If you don't follow this, you lost, but you asked for it. > > Do we have a tool that does this kind of verification of a locally > present .deb automatically?
If it's about a package in the configured sources.list, you can just apt-get download it. Else I'd set up a virtual environment for the selected dist and arch, then apt-get download as above. There are several tools for that, chdist (src:devscripts) worked fine for me. Christoph
signature.asc
Description: Digital signature