This document explains how to create and verify tar archives using GNU Swbis using particular methods and policy suited for free software distribution tar files. The primary motivation for using Swbis is that it can create packages with an embedded GPG signature.
The creation method described uses swign which employs swpackage and tar so that the archive is written entirely by tar. The packaging policy is designed so there are no package layout changes except for the addition of the meta-data directory catalog. This is accomplished by specifying the POSIX control directory as empty strings "" and using a implementation extension option to set the path name prefix to the package Name-Version. The catalog directory conforms to the POSIX packaging standard ISO/IEC 15068-2:1999.
The verification methods described include a procedure that does not require any part of Swbis. It uses tar, gpg, and a few other GNU utilities plus a Ext2 compatible file system to verify the package data.