06 Dec 2010, 19:56

debsign: clearsing failed: secret key not available


Have you ever had the problem that you could not build and sign a debian package because gpg/debsign/dpkg-buildpackage did claim that your secret key was not available although the key was there and you used the -k option to tell dpkg which key to use and the environment variable DEBFULLNAME and DEBEMAIL were set?

Well, dpkg does something very stupid: It takes the Name and Email from the last changelog entry (Ok, so far) and does a full string match (Ouch!!!)! Why is this stupid? Because my key contains an alias, and if you’re reading this yours probably, too.

I don’t want my alias in the changelog entry, but until now this is the only solution I’ve found for this issue.

So, if you get errors like this:

Now signing changes and any dsc files...
signfile package_0.1-1.dsc Firstname Lastname <user@domain.tld>
gpg: skipped "Firstname Lastname <user@domain.tld>": secret key not available
gpg: /tmp/debsign.XdvV0Yi2/package_0.1-1.dsc: clearsign failed: secret key not available
debsign: gpg error occurred!  Aborting....
debuild: fatal error at line 1246:
running debsign failed
debuild -i -I returned 29
Couldn't run 'debuild -i -I'

Then you should look at the output of gpg -K and the last debian/changelog entry:

sec   2048D/DEADBEEF 2010-01-01
uid                  Firstname Lastname (nickname) <firstname.lastname@domain.tld>

package (0.0.1-1) unstable; urgency=low

* Initial release

-- Firstname Lastname <user@domain.tld>  Mon, 06 Dec 2010 18:22:40 +0100

The problem here was the last line of the latest changelog entry. After changing it to

-- Firstname Lastname (nickname) <user@domain.tld>  Mon, 06 Dec 2010 18:22:40 +0100

everything worked.

If you ask me: This is a bug with dpkg which should be fixed.