Have you ever had the problem that you could not build and sign a debian package because gpg/debsign/dpkg-buildpackage did claim that your secret key was not available although the key was there and you used the -k option to tell dpkg which key to use and the environment variable DEBFULLNAME and DEBEMAIL were set?
Well, dpkg does something very stupid: It takes the Name and Email from the last changelog entry (Ok, so far) and does a full string match (Ouch!!!)! Why is this stupid? Because my key contains an alias, and if you’re reading this yours probably, too.
I don’t want my alias in the changelog entry, but until now this is the only solution I’ve found for this issue.
So, if you get errors like this:
Now signing changes and any dsc files... signfile package_0.1-1.dsc Firstname Lastname <email@example.com> gpg: skipped "Firstname Lastname <firstname.lastname@example.org>": secret key not available gpg: /tmp/debsign.XdvV0Yi2/package_0.1-1.dsc: clearsign failed: secret key not available debsign: gpg error occurred! Aborting.... debuild: fatal error at line 1246: running debsign failed debuild -i -I returned 29 Couldn't run 'debuild -i -I'
Then you should look at the output of gpg -K and the last debian/changelog entry:
sec 2048D/DEADBEEF 2010-01-01 uid Firstname Lastname (nickname) <email@example.com> package (0.0.1-1) unstable; urgency=low * Initial release -- Firstname Lastname <firstname.lastname@example.org> Mon, 06 Dec 2010 18:22:40 +0100
The problem here was the last line of the latest changelog entry. After changing it to
-- Firstname Lastname (nickname) <email@example.com> Mon, 06 Dec 2010 18:22:40 +0100
If you ask me: This is a bug with dpkg which should be fixed.