How can I properly sign a package I modified and recompiled?

I ran dpkg-buildpackage after getting a apt-get source nginx of a backports version of nginx and modifying debian/rules to include the uwsgi module. The last results of the command were:

dpkg-deb: building package `nginx' in `../nginx_0.7.67-3~bpo50+1_i386.deb'.
dpkg-deb: building package `nginx-dbg' in `../nginx-dbg_0.7.67-3~bpo50+1_i386.deb'.
 signfile nginx_0.7.67-3~bpo50+1.dsc
gpg: keyring `/home/shogun/.gnupg/secring.gpg' created
gpg: skipped "Faidon Liambotis <[email protected]>": secret key not available
gpg: [stdin]: clearsign failed: secret key not available

 dpkg-genchanges  >../nginx_0.7.67-3~bpo50+1_i386.changes
dpkg-genchanges: warning: the current version (0.7.67-3~bpo50+1) is smaller than the previous one (0.7.67-3)
dpkg-genchanges: not including original source code in upload
dpkg-buildpackage: binary and diff upload (original source NOT included)
dpkg-buildpackage: warning: Failed to sign .dsc and .changes file

It complains that because I'm not the original maintainer of the package, my key didnt match.

Is this really necessary and if so how can I make it use my keys to do the gpg matching?


PGP-signing Debian packages is not necessary if you built them for your own private use. It's just the common authentication method for (official) Debian developers when they upload new packages into the Debian "unstable" branch.

To avoid the error message just use:

dpkg-buildpackage -uc -us

(see also the manpage of dpkg-buildpackage)


When you make a different version of a package (as you did, since you changed the build rules), you should really add a changelog entry. That way, your package will have a different version number (so you'll know immediately that it's not the standard package from the distribution), and you'll have a trace of what you changed.

Edit debian/changelog, and add an entry mimicking the format of existing entries. Date it from today, and pick a version number like 0.7.67-3~bpo50+meder1 (you want something for which dpkg --compare-versions says your version is more recent). Put your email address as maintainer; that way, you have a clear indication that this is a package you modified, and dpkg-buildpackage will ask for your GPG passphrase.

If you're an Emacs user, install the dpkg-dev-el package, and use the C-c C-a and C-c C-c commands to add and finalize your changelog entry.