Package: nanopub
We are in the process of preparing an update to the rust random
stack, due to the number of packages involved, we plan to handle
this in multiple phases.
In the first phase we plan to update getrandom, rand-core,
rand-chacha and rand, while introducing semver-suffix packages
for rand-core-0.6 rand-chacha-0.2 and rand-0.8. We do not
plan to introduce a semver-suffix package for getrandom.
In commit 372445a710784c8d7d3261b019f4de41f6b3e5b7 upstream
updated getrandom to 0.3, and stopped using rand. They also
made a number of other unrelated changes in the same commit,
I backported relavent parts of the commit to the Debian
package and further bumped getrandom to 0.4. A debdiff
is attatched.
diff -Nru nanopub-0.2.0+ds/debian/changelog nanopub-0.2.0+ds/debian/changelog
--- nanopub-0.2.0+ds/debian/changelog 2026-02-25 11:55:33.000000000 +0000
+++ nanopub-0.2.0+ds/debian/changelog 2026-03-11 08:36:24.000000000 +0000
@@ -1,3 +1,12 @@
+nanopub (0.2.0+ds-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Add patch based on upstream commit to update getrandom and eliminate
+ dependency on rand.
+ * Adjust debian build-dependencies.
+
+ -- Peter Michael Green <[email protected]> Wed, 11 Mar 2026 08:36:24 +0000
+
nanopub (0.2.0+ds-1) unstable; urgency=medium
[ upstream ]
diff -Nru nanopub-0.2.0+ds/debian/control nanopub-0.2.0+ds/debian/control
--- nanopub-0.2.0+ds/debian/control 2026-02-25 11:55:33.000000000 +0000
+++ nanopub-0.2.0+ds/debian/control 2026-03-11 08:36:24.000000000 +0000
@@ -11,13 +11,12 @@
librust-clap-dev,
librust-clap-complete-dev,
librust-futures-dev,
- librust-getrandom-dev,
+ librust-getrandom-0.4-dev,
librust-openssl-probe-dev,
librust-oxjsonld-dev,
librust-oxrdf-dev,
librust-oxrdfio-dev,
librust-oxttl-dev,
- librust-rand-core-dev,
librust-regex-dev,
librust-reqwest-dev,
librust-rsa-dev,
diff -Nru nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch
nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch
--- nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch 1970-01-01
00:00:00.000000000 +0000
+++ nanopub-0.2.0+ds/debian/patches/0001_getrandom_rand.patch 2026-03-11
08:36:24.000000000 +0000
@@ -0,0 +1,100 @@
+Description: update getrandom to 0.4
+ This patch adopts portions of upstream commit
372445a710784c8d7d3261b019f4de41f6b3e5b7
+ and futher bumps getrandom to version 0.4.
+Author: Peter Michael Green <[email protected]>
+Forwarded: not-needed
+Last-Update: 2026-03-11
+
+Index: nanopub-0.2.0+ds/lib/Cargo.toml
+===================================================================
+--- nanopub-0.2.0+ds.orig/lib/Cargo.toml
++++ nanopub-0.2.0+ds/lib/Cargo.toml
+@@ -27,12 +27,15 @@ regex = "1.10"
+ serde = { version = "1.0", features = ["derive"] }
+ chrono = "0.4.35"
+ reqwest = { version = "0.12", default-features = false }
+-rand = { version = "0.8", features = ["std", "std_rng"], default-features =
false }
+-getrandom = { version = "0.2", features = ["js"] }
++getrandom = { version = "0.4", default-features = false }
++
++# TODO: use rsa 0.10 when out
++# rsa = { version = "0.10.0-rc.15", default-features = false, features =
["encoding", "sha2" ] }
++# rand = { version = "0.10", features = ["std", "std_rng", "sys_rng"],
default-features = false }
++# getrandom = { version = "0.4", features = ["wasm_js"] }
+ # openssl-probe = "0.1"
+
+ # reqwest = { version = "0.11", features = ["rustls-tls"], default-features =
false }
+-# rand = { version = "0.8", features = ["std_rng"], default-features = false }
+ # log = { version = "0.0.2", features = ["std"] }
+ # futures = "0.3"
+ # sophia = { version = "0.8.0-alpha.3", git =
"https://github.com/pchampin/sophia_rs.git";, rev = "ec13628", features =
["jsonld"] }
+Index: nanopub-0.2.0+ds/lib/src/profile.rs
+===================================================================
+--- nanopub-0.2.0+ds.orig/lib/src/profile.rs
++++ nanopub-0.2.0+ds/lib/src/profile.rs
+@@ -1,6 +1,4 @@
+ use base64::{engine, Engine as _};
+-use rand::rngs::StdRng;
+-use rand::SeedableRng;
+ use rsa::pkcs1::{DecodeRsaPrivateKey, DecodeRsaPublicKey};
+ use rsa::pkcs8::{DecodePrivateKey, DecodePublicKey, EncodePrivateKey,
EncodePublicKey};
+ use rsa::{RsaPrivateKey, RsaPublicKey};
+@@ -238,9 +236,36 @@ pub fn get_pubkey_str(pubkey: &RsaPublic
+
+ /// Generate private/public key pair
+ pub fn gen_keys() -> Result<(String, String), NpError> {
+- let mut rng = StdRng::from_entropy();
+- let bits = 2048;
+- let priv_key = RsaPrivateKey::new(&mut rng, bits).expect("failed to
generate a key");
++ // rsa 0.9 requires rand_core 0.6 traits; rand 0.9 uses rand_core 0.9, so
we can't use rand directly
++ // Bridge: implement rand_core 0.6's RngCore+CryptoRng on a wrapper
backed by getrandom::fill.
++ struct GetrandomRng;
++ impl rsa::rand_core::RngCore for GetrandomRng {
++ fn next_u32(&mut self) -> u32 {
++ let mut b = [0u8; 4];
++ getrandom::fill(&mut b).expect("getrandom failed");
++ u32::from_le_bytes(b)
++ }
++ fn next_u64(&mut self) -> u64 {
++ let mut b = [0u8; 8];
++ getrandom::fill(&mut b).expect("getrandom failed");
++ u64::from_le_bytes(b)
++ }
++ fn fill_bytes(&mut self, dest: &mut [u8]) {
++ getrandom::fill(dest).expect("getrandom failed");
++ }
++ fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(),
rsa::rand_core::Error> {
++ getrandom::fill(dest).expect("getrandom failed");
++ Ok(())
++ }
++ }
++ impl rsa::rand_core::CryptoRng for GetrandomRng {}
++ // TODO: waiting for rsa v0.10
++ // use rand::rngs::{StdRng, SysRng};
++ // use rand::SeedableRng;
++ // let mut rng = StdRng::try_from_rng(&mut SysRng).expect("failed to seed
RNG");
++ // let priv_key = RsaPrivateKey::new(&mut rng, 2048).expect("failed to
generate a key");
++
++ let priv_key = RsaPrivateKey::new(&mut GetrandomRng, 2048).expect("failed
to generate a key");
+ let pub_key = RsaPublicKey::from(&priv_key);
+ Ok((
+ normalize_key(&priv_key.to_pkcs8_pem(rsa::pkcs8::LineEnding::LF)?)?,
+Index: nanopub-0.2.0+ds/lib/src/utils.rs
+===================================================================
+--- nanopub-0.2.0+ds.orig/lib/src/utils.rs
++++ nanopub-0.2.0+ds/lib/src/utils.rs
+@@ -1,4 +1,4 @@
+-use getrandom::getrandom;
++use getrandom::fill;
+ use oxjsonld::JsonLdParser;
+ use oxrdf::{
+ Dataset, GraphNameRef, NamedNode, NamedNodeRef, NamedOrBlankNodeRef,
QuadRef, TermRef,
+@@ -85,7 +85,7 @@ pub fn get_np_server(random: bool) -> &'
+ }
+ // Generate a random number
+ let mut buf = [0u8; 4];
+- getrandom(&mut buf).expect("Failed to generate random number");
++ fill(&mut buf).expect("Failed to generate random number");
+ let num = u32::from_ne_bytes(buf);
+ let index = num as usize % LIST_SERVERS.len();
+ LIST_SERVERS[index]
diff -Nru nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch
nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch
--- nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch 2026-02-25
11:55:21.000000000 +0000
+++ nanopub-0.2.0+ds/debian/patches/2003_no_wasm.patch 2026-03-11
08:26:43.000000000 +0000
@@ -15,14 +15,3 @@
]
[workspace.package]
---- a/lib/Cargo.toml
-+++ b/lib/Cargo.toml
-@@ -28,7 +28,7 @@
- chrono = "0.4.35"
- reqwest = { version = "0.12", default-features = false }
- rand = { version = "0.8", features = ["std", "std_rng"], default-features =
false }
--getrandom = { version = "0.2", features = ["js"] }
-+getrandom = { version = "0.2" }
- # openssl-probe = "0.1"
-
- # reqwest = { version = "0.11", features = ["rustls-tls"], default-features =
false }
diff -Nru nanopub-0.2.0+ds/debian/patches/series
nanopub-0.2.0+ds/debian/patches/series
--- nanopub-0.2.0+ds/debian/patches/series 2026-02-25 11:55:21.000000000
+0000
+++ nanopub-0.2.0+ds/debian/patches/series 2026-03-11 08:36:24.000000000
+0000
@@ -1,3 +1,4 @@
+0001_getrandom_rand.patch
1001_wasm-pack.patch
2001_privacy.patch
2003_no_net.patch
