How can I properly sign a package I modified and recompiled?

dpkg keys

I ran dpkg-buildpackage after getting a apt-get source nginx of a backports version of nginx and modifying debian/rules to include the uwsgi module. The last results of the command were:

dpkg-deb: building package `nginx' in `../nginx_0.7.67-3~bpo50+1_i386.deb'.
dpkg-deb: building package `nginx-dbg' in `../nginx-dbg_0.7.67-3~bpo50+1_i386.deb'.
 signfile nginx_0.7.67-3~bpo50+1.dsc
gpg: keyring `/home/shogun/.gnupg/secring.gpg' created
gpg: skipped "Faidon Liambotis <[email protected]>": secret key not available
gpg: [stdin]: clearsign failed: secret key not available

 dpkg-genchanges  >../nginx_0.7.67-3~bpo50+1_i386.changes
dpkg-genchanges: warning: the current version (0.7.67-3~bpo50+1) is smaller than the previous one (0.7.67-3)
dpkg-genchanges: not including original source code in upload
dpkg-buildpackage: binary and diff upload (original source NOT included)
dpkg-buildpackage: warning: Failed to sign .dsc and .changes file

It complains that because I'm not the original maintainer of the package, my key didnt match.

Is this really necessary and if so how can I make it use my keys to do the gpg matching?


PGP-signing Debian packages is not necessary if you built them for your own private use. It's just the common authentication method for (official) Debian developers when they upload new packages into the Debian "unstable" branch.

To avoid the error message just use:

dpkg-buildpackage -uc -us

(see also the manpage of dpkg-buildpackage)


When you make a different version of a package (as you did, since you changed the build rules), you should really add a changelog entry. That way, your package will have a different version number (so you'll know immediately that it's not the standard package from the distribution), and you'll have a trace of what you changed.

Edit debian/changelog, and add an entry mimicking the format of existing entries. Date it from today, and pick a version number like 0.7.67-3~bpo50+meder1 (you want something for which dpkg --compare-versions says your version is more recent). Put your email address as maintainer; that way, you have a clear indication that this is a package you modified, and dpkg-buildpackage will ask for your GPG passphrase.

If you're an Emacs user, install the dpkg-dev-el package, and use the C-c C-a and C-c C-c commands to add and finalize your changelog entry.

Related

"Error Applying Security - Access is denied" while changing file permissions on windows server 2008
nginx: [emerg] "stream" directive is not allowed here
Use iptables to forward ipv6 to ipv4?
How to make iptables rules expire?
what is Centos 5's apache user/group [closed]
How can this tool find out registered domains from an IP address?
How is session stickiness achieved across multiple web servers?
Is it bad to mount a rack mountable server vertically?
Why is response time exploding when request frequency drops?
How bad is it to have multiple devices with the same SSH server keys?
console-kit-daemon - can it be stopped?
How to prepare computers for donation