--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package gokey
The current version of gokey suffers the RC bug #930426 which makes the
RSA key generation non-deterministic. The main purpose of gokey is to
generate deterministic keys. The second upload to Debian unstable fixes
the build failure by increasing the timeout for the tests, because the
tests take very long on mips/mipsel. The gokey tests takes 11408.183 s
(= 190 min) on minkus.debian.org (mips porter box).
By the way, gokey
0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-2 is more or less
the same version as 0.0~git20190103.40eba7e-1, because there are only
two upstream commits between 20181023.b4e2780 and 20190103.40eba7e.
The debdiff is attached. My email address changes and this is not
mentioned in the changelog.
unblock gokey/0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-3
--
Benjamin Drung
System Developer
Debian & Ubuntu Developer
1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: [email protected] | Web: www.ionos.de
Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss
Member of United Internet
diff -Nru
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog
---
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog
2019-06-04 20:53:29.000000000 +0200
+++
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog
2019-06-17 20:04:04.000000000 +0200
@@ -1,3 +1,18 @@
+gokey (0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-3) unstable;
urgency=medium
+
+ * Increase test timeout to six hours, because the tests need 190 minutes
+ on mips (Closes: #919759)
+ * Run tests for RSA2048 and RSA4096 again
+
+ -- Benjamin Drung <[email protected]> Mon, 17 Jun 2019 20:04:04
+0200
+
+gokey (0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-2) unstable;
urgency=medium
+
+ * Cherry-pick patch from upstream to import deterministic RSA key generation
+ code from Go 1.10 crypto/rsa package (Closes: #930426)
+
+ -- Benjamin Drung <[email protected]> Thu, 13 Jun 2019 15:51:37
+0200
+
gokey (0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-1) unstable;
urgency=medium
* Team upload.
diff -Nru
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control
2019-06-04 20:52:40.000000000 +0200
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control
2019-06-13 15:53:37.000000000 +0200
@@ -1,6 +1,6 @@
Source: gokey
Maintainer: Debian Go Packaging Team <[email protected]>
-Uploaders: Benjamin Drung <[email protected]>,
+Uploaders: Benjamin Drung <[email protected]>,
Anthony Fok <[email protected]>
Section: utils
Testsuite: autopkgtest-pkg-go
diff -Nru
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch
---
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch
2019-06-04 20:52:40.000000000 +0200
+++
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch
1970-01-01 01:00:00.000000000 +0100
@@ -1,24 +0,0 @@
-Description: Disable tests for RSA2048 and RSA4096 in TestGetKey
- rsa.GenerateKey has been intentionally made non-deterministic since Go 1.11.
- This patch fixes the "gokey_test.go:161: keys with same invocation options
- do not match" error in TestGetKey with Go >= 1.11.
-Author: Anthony Fok <[email protected]>
-Origin: vendor
-Bug: https://github.com/cloudflare/gokey/issues/17
-Last-Update: 2018-12-31
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/gokey_test.go
-+++ b/gokey_test.go
-@@ -165,8 +165,9 @@
- func TestGetKey(t *testing.T) {
- testGetKeyType(EC256, t)
- testGetKeyType(EC521, t)
-- testGetKeyType(RSA2048, t)
-- testGetKeyType(RSA4096, t)
-+ // rsa.GenerateKey is no longer deterministic in Go >= 1.11
-+ //testGetKeyType(RSA2048, t)
-+ //testGetKeyType(RSA4096, t)
- testGetKeyType(X25519, t)
- testGetKeyType(ED25519, t)
- }
diff -Nru
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch
---
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch
1970-01-01 01:00:00.000000000 +0100
+++
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch
2019-06-13 15:53:37.000000000 +0200
@@ -0,0 +1,307 @@
+From 7fa426f8161136a02c3ab9aa7eca819a5f8b9157 Mon Sep 17 00:00:00 2001
+From: Ignat Korchagin <[email protected]>
+Date: Wed, 2 Jan 2019 10:57:04 +0000
+Subject: [PATCH] Import deterministic RSA key generation code from Go 1.10
+ crypto/rsa package
+
+Go 1.11 introduced some explicit randomisation for some crypto routines,
because
+they don't want callers to rely on the fact that current algorithms are
+deterministic with respect to the passed in pseudo-random stream (which is
+exactly what this package does) to be able to change the underlying algorithms
+in the future.
+
+Since we do need the key generation algorithms to be deterministic, we just
+import the algorithm to our package. This will also ensure consistent output
+for generated RSA keys should the standard crypto/rsa package change its
+generation algorithm.
+---
+ keygen.go | 4 +-
+ rsa/keygen.go | 108 ++++++++++++++++++++++++++++++++++++
+ rsa/keygen_test.go | 133 +++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 243 insertions(+), 2 deletions(-)
+ create mode 100644 rsa/keygen.go
+ create mode 100644 rsa/keygen_test.go
+
+diff --git a/keygen.go b/keygen.go
+index e1398bf..00be7c9 100644
+--- a/keygen.go
++++ b/keygen.go
+@@ -4,12 +4,12 @@ import (
+ "crypto"
+ "crypto/ecdsa"
+ "crypto/elliptic"
+- "crypto/rsa"
+ "errors"
+ "io"
+ "strings"
+ "unicode"
+
++ deterministicRsaKeygen "github.com/cloudflare/gokey/rsa"
+ "golang.org/x/crypto/ed25519"
+ )
+
+@@ -166,7 +166,7 @@ func (keygen *KeyGen) generateRsa(kt KeyType)
(crypto.PrivateKey, error) {
+ return nil, errors.New("invalid RSA key size requested")
+ }
+
+- return rsa.GenerateKey(keygen.rng, bits)
++ return deterministicRsaKeygen.GenerateKey(keygen.rng, bits)
+ }
+
+ func (keygen *KeyGen) generateEc(kt KeyType) (crypto.PrivateKey, error) {
+diff --git a/rsa/keygen.go b/rsa/keygen.go
+new file mode 100644
+index 0000000..e4ebe9d
+--- /dev/null
++++ b/rsa/keygen.go
+@@ -0,0 +1,108 @@
++package rsa
++
++import (
++ "crypto/rand"
++ "crypto/rsa"
++ "errors"
++ "io"
++ "math"
++ "math/big"
++)
++
++// below is taken from
https://github.com/golang/go/blob/161874da2ab6d5372043a1f3938a81a19d1165ad/src/crypto/rsa/rsa.go#L220
++// because later versions in standard crypto/rsa package are not deterministic
++var bigOne = big.NewInt(1)
++
++func GenerateKey(random io.Reader, bits int) (*rsa.PrivateKey, error) {
++ return generateMultiPrimeKey(random, 2, bits)
++}
++
++func generateMultiPrimeKey(random io.Reader, nprimes int, bits int)
(*rsa.PrivateKey, error) {
++ priv := new(rsa.PrivateKey)
++ priv.E = 65537
++
++ if nprimes < 2 {
++ return nil, errors.New("gokey/rsa: GenerateMultiPrimeKey:
nprimes must be >= 2")
++ }
++
++ if bits < 64 {
++ primeLimit := float64(uint64(1) << uint(bits/nprimes))
++ // pi approximates the number of primes less than primeLimit
++ pi := primeLimit / (math.Log(primeLimit) - 1)
++ // Generated primes start with 11 (in binary) so we can only
++ // use a quarter of them.
++ pi /= 4
++ // Use a factor of two to ensure that key generation terminates
++ // in a reasonable amount of time.
++ pi /= 2
++ if pi <= float64(nprimes) {
++ return nil, errors.New("gokey/rsa: too few primes of
given length to generate an RSA key")
++ }
++ }
++
++ primes := make([]*big.Int, nprimes)
++
++NextSetOfPrimes:
++ for {
++ todo := bits
++ // crypto/rand should set the top two bits in each prime.
++ // Thus each prime has the form
++ // p_i = 2^bitlen(p_i) × 0.11... (in base 2).
++ // And the product is:
++ // P = 2^todo × α
++ // where α is the product of nprimes numbers of the form 0.11...
++ //
++ // If α < 1/2 (which can happen for nprimes > 2), we need to
++ // shift todo to compensate for lost bits: the mean value of
0.11...
++ // is 7/8, so todo + shift - nprimes * log2(7/8) ~= bits - 1/2
++ // will give good results.
++ if nprimes >= 7 {
++ todo += (nprimes - 2) / 5
++ }
++ for i := 0; i < nprimes; i++ {
++ var err error
++ primes[i], err = rand.Prime(random, todo/(nprimes-i))
++ if err != nil {
++ return nil, err
++ }
++ todo -= primes[i].BitLen()
++ }
++
++ // Make sure that primes is pairwise unequal.
++ for i, prime := range primes {
++ for j := 0; j < i; j++ {
++ if prime.Cmp(primes[j]) == 0 {
++ continue NextSetOfPrimes
++ }
++ }
++ }
++
++ n := new(big.Int).Set(bigOne)
++ totient := new(big.Int).Set(bigOne)
++ pminus1 := new(big.Int)
++ for _, prime := range primes {
++ n.Mul(n, prime)
++ pminus1.Sub(prime, bigOne)
++ totient.Mul(totient, pminus1)
++ }
++ if n.BitLen() != bits {
++ // This should never happen for nprimes == 2 because
++ // crypto/rand should set the top two bits in each
prime.
++ // For nprimes > 2 we hope it does not happen often.
++ continue NextSetOfPrimes
++ }
++
++ priv.D = new(big.Int)
++ e := big.NewInt(int64(priv.E))
++ ok := priv.D.ModInverse(e, totient)
++
++ if ok != nil {
++ priv.Primes = primes
++ priv.N = n
++ break
++ }
++ }
++
++ priv.Precompute()
++ return priv, nil
++}
+diff --git a/rsa/keygen_test.go b/rsa/keygen_test.go
+new file mode 100644
+index 0000000..960a58f
+--- /dev/null
++++ b/rsa/keygen_test.go
+@@ -0,0 +1,133 @@
++package rsa_test
++
++import (
++ "bytes"
++ "encoding/pem"
++ "strings"
++ "testing"
++
++ "github.com/cloudflare/gokey"
++)
++
++func pemEqual(pem1, pem2 string, t *testing.T) bool {
++ b1, err := pem.Decode([]byte(pem1))
++ if b1 == nil {
++ t.Fatalf("failed to decode %v: %v", pem1, err)
++ }
++
++ b2, err := pem.Decode([]byte(pem2))
++ if b2 == nil {
++ t.Fatalf("failed to decode %v: %v", pem2, err)
++ }
++
++ return b1.Type == b2.Type && bytes.Equal(b1.Bytes, b2.Bytes)
++}
++
++func getKey(kt gokey.KeyType, t *testing.T) string {
++ priv, err := gokey.GetKey("pass", "example.com", nil, kt, true)
++ if err != nil {
++ t.Fatal(err)
++ }
++
++ var b strings.Builder
++ err = gokey.EncodeToPem(priv, &b)
++ if err != nil {
++ t.Fatal(err)
++ }
++
++ return b.String()
++}
++
++// generated by "$ gokey -p pass -r example.com -u -t rsa2048" with Go < 1.11
++var knownRsa2048 = `-----BEGIN RSA PRIVATE KEY-----
++MIIEowIBAAKCAQEAqIT/jlQnJAIxS2h/AEz6RSiN9/GWY8lh9V81vfpzjZ069NOH
++fVL0rQiRj11GqReHTUOjuOiCwYn6d6tPSCVC8fDyBjQ6cf9tm0G+lMf8LsMCPFTL
++PDivqH8KwXLgC2+Zmm906nGkGUZ79AdOa6A2k07PbQ791/7s6ghWU6Dx6lPqiHC+
++jFfQctQWNUdIchYt1X9eARNTcJQAYBAikH0X+dZwcm9sfTRtJCo7WvjOBwxIk/XA
++k9GcoR2bbGrN8wnVGO2Luw9exg/GavfpkWI1jRx82Hfqfd+Ux3478yOS2Z1kbve1
++g3DI8qscaN8oZugw4R/EBg0jOOinDwE9oISZ3wIDAQABAoIBAGJooE/+RokZmq29
++jQSg7zl5sEYNV1RYYpMGkXyqh9Y37hjQefuueOGe8lm1D7Fo4wM0r6Qoa0sYByLg
++8EBiOhDNMph64XJ2xgv3PZLmohawnFqc7b3yIGoWHjLPoZQsDJgJ5E2QJVL5PSNJ
++LPteqOAnEqxOJ+B9pt4YFklp4DuE6H21pgM8tn0azH5Hf4w6LDrkjk4+WVAFrQqj
++UJFSVVQ6Vq54BxnBUJzGCmlKCqDbUrOLQ2TrDodDVPHzmzxX69WVtwqtkiJ6X7HH
++pnodlRV9LwLMkZwgQBEcoZnQkWLimGBRBaO/uuZewmXJ9u6HgXIL9+VVHFnkcdZs
++S6QwLxECgYEA3ghowXxlR7GsC8+07YJUJV+KvKNK4qEZVp2MMscxOPWjcO1tWO88
++8K/E54Gp8ktsqmejQjnUD7749h2pEUZHfy2sCpWOHjXzLouCkZlSZQpsWVcFkFLL
++qZvwv+pCV9osxpf8o2n/ZuKGP3VgKeSlql6eHLdRV6edEUEJogwFgykCgYEAwkzR
++d5uqToUlbz3fKTs9c4bTt+xnhlOyXPdnbRph/N96Yp0eIi2v7F0FBB5qzKZKy72M
++4+DHvWrpAruh14nryXolQ/OesT27R00auxjOAWM2v2BFeNjBadwnlYfbzCtM+1Wd
++6U+Ahd6Nkdk5tAkMvP03RwPxOTPXuXOtJNFgHccCgYEApbq1JqdJmegeuXpCXH5J
++fNQB5KgmP19sYGCcw1I3hYKkiqhOVHHOlQE+AmegiMCPzeopzEcJ6O7tOhgNmF1T
++BLT8k7HqMNaoO/fab/93pv/OvCjeeEm0x1ckrruW5ahuf5X296so/ozbFAbyzpJi
++rfaOInUa/EiaTsSzAgfjHXECgYA13opsuPHc1zlrwCGxEsWU1Bq68YY6TdYzxDwe
++maP1MhiCYsFKBJSz2Y5cd/pwRuKR3jnDrDx0ncGAinjyg0CmGYFfd5nV1iGoQQ5a
++NSRYaiNxp8VbHe1x5iHraUFdN9weCry/RNWDSBLEDw/ahG/Nrf63Z7Znf6Idvp6Q
++iKQ3XQKBgGpKBezvB82Jk0suZZdqZIs3OVDy7i6SIwS3MgABRE5pYgDWhlnEzGFS
++Tk4zAHR2tIeN4RjOcanspxKbN+Qfm1TkeFwRq5553f0ypMz7xkCdUCKIAeCfTkbs
++qkciBuCm/Oa4RlB/LwH+paBV3RvQOYLXw50/uzAr5S2+2wPx4wMT
++-----END RSA PRIVATE KEY-----`
++
++// generated by "$ gokey -p pass -r example.com -u -t rsa4096" with Go < 1.11
++var knownRsa4096 = `-----BEGIN RSA PRIVATE KEY-----
++MIIJKQIBAAKCAgEAxVvkLK1k8W62pevv0YTpS5AzWTGKnKAcoE/ysAcDpTnpkEut
++FLqQPqSBeMoWliD17DeMTFq76BNbEB4H+K7Gb+UZ4VA+wH2v7e0FegDt576fWatV
++A9FaL3Dt4QvaqUtDD/7aDCL11IA4eAGQn7gb4ACd/MzBCSY9UAJ4OXkmKnMGfwLS
++4mjTM6/Y4QGZgR71c8weCsbk+T0VVhcBS9rrpmDibpSDIOCjc9eKGzAPAVdY97fh
++JkUfCKkHJVqzdZvXUqWs4DOYhXoxbX9yQ/9Y4kzKnxbiq0Vs0+LKi5TaUVNtT7B0
++cDIjHCZtmTno7v+IM3Hropf76nFf5mSRV248rnNsjb9kiV8MbIIE4yCJXdpfcRGC
++DNX8I7hgRfR+BffntGL8k6zBro+N7ElsCTLvXlfBlFgnnuPZw57HHLZVR7I1HbOv
++sGIWKP806fiar2ka51+M0JIdOJbyiw3byEMpOjsSeIpTgcV3SLxmrk/0yE+Mdokl
++Uv38AQ5svekP1Htk0qbwod8CzvumYV7GLmBUac9hKwIX0xnoKv/9yZY2ELMz9Zoa
++Sds3eJRK3D3nAUYjrCWTTLevd67Idsu0iJGjQ1haLR9jcFKqLo/4SiAxM3CeqZdD
++ExnyoM9caQvfnwGpgwRXyEdO1Zt2g1kJ8OBlrLlz5YM3qwEUrQ+4lGSastsCAwEA
++AQKCAgA4NUCZ/NQ38qkwPi7yBCGRdMM7DuIEU5FzkvFycrz2DLVZdEQaGDxGqwF4
++zk16em6v1O4vPNQxd3nC8Fqi19wKODyTsA//MIyvfYbGxYb8Lo0hs6slyDUgN9B3
++/LFM7/Nslc+yDy7mU5JBk2iGJKBDvslAG2yK14o0xE9LRxa4lkPuXnaDJwmnudhR
++1OvMG24aibKwrQ6/cUcnWqvy16mvm/5BMijabz/+GQ/rSFetsRvUiVklViBNjh5L
++5DYiM70ye57tx6QTt8ZmAhsgBJRi9y3p+1GZJ8+j1P6MnFtFODZ0sLOo1I6tUMB8
++GEMf9kTrKfHLP+/uSFXgvxmpxeqf4B8hEoHe82K5lu8YVs2tsXFemcNrrsFaPBfS
++vCOpuhXLfA+JLOY4E1yMeW49lSRP9cobyNr/Sr2RROuazKg3CVsPwIt9p1JD2pIv
++U/5fu94qiT2EgXp3QOKn11iTYw6lzSsE+cPFx+Dd9AB0eIoWPUNtxBF8VnQZpZxk
++0BPm+CaqOXB3Qmn3jEFl41AC9I5AGvWLPZPNROWfSfGJa2qJkeMbFtvY5GeX+Sc3
++abHn0KACtAKONpSgPw50cSJhwlL2GAQnnRQYOR8lXeUwYb1t7ikCPRHPqH+f+Ehb
++aPYWwGQikJ9XYo7iWD93I+jIycGa7gX+cVdRkO0lLCy0EaPtIQKCAQEA9Kf8DbbM
++euLtzx+9itydUZJvkgQhs+GhE7aG8YH2LwgBR2GuK2gPw0i1DfZpLBmr10g0e/mr
++wQB5OmvNv5mNUltI4hKWnlNsUqWjilSdpY99Hp/W+gHQONhCGoRHzU2e/oMZlQQJ
++qk9CuF0rQU/NaOtdwa+pGIXWDr5V6/H30ppMDtzWjCoGH+QXsDQPqgSo+w/k5PEW
++YNMhtaCXkPeL+iP5yyKJGiISJKFPgOlzWuPFtt4IQ2to4OxoNYzr0VwJ9lHIMs6S
++vTkMJEubszgH39FzIGEO6KE4h3JaGkcG7S3REELaiU62YjaveFbXnT+HnRIi9gye
++39hgEKsB674l0QKCAQEAzoJ/tEySJnQfELMmaLOP17gPyapBLpIKh8cEdCxbFhXC
++JFrzmU5AICHU/QREJ6vPB1n8STUC3xUXD9fq7tjBFlIZ5UA+cUpag6/Z0K/DzTOh
++V975lJwoqv46DjRr0tW17fH4Qmwnj0bUslQJGVW8IkhX5B8gfsR+8Q9a91wrvgOX
++QciYoftxuILE8npHW24DqYQkWDkzTDW+x7Liiizvc4B3AG1B09N26XeXETaJCuvO
++SvnCdOmlxm4NP4CnpS4h/A33wlr+5VDldGBSxBHEQJgZz8W9HVgmIdzsUkiYbhaS
++PxtcdIXV95+K+YMSNIJYTV/t7dMa1FmxFnQQmGE86wKCAQEA1uz/43hT+ByE93EV
++zPh0B6YR939DsEelfrDZqS4XfEeXAANSw3Uea9rim0p+KCzBJlWbLdIuzVVCKk1s
++KUaWvOPOijP0N1BoF87FdY9SEpCURSP78hNHvbhVkf/lJ/lplILNJXivmPsaTOYk
++SrL1a5dg/Pb5IL7qRnd0+drOcCf2axQcMnP0f22cVcHWhPClFjFnTqxwkUzJD0rt
+++39Ma8nQ9l/3e4q0z5MaSdBL82unVDeHoNqp/vYPsgODYp9tbQN5URDiHfMQtI3r
++US0G1dulPKunMjv3ch3GA9GjxxZ508Q3QWpxlKQf0CLSNaUK2LSHHAoIQ/NMqTfh
++bxzTEQKCAQBNQQqPI5oFIqnAcJSs1Ie6NpRJaBTMXDvuQWiMIU/N+kPPn+rDbj+V
++BbMNGDx67s4bPPGhXWB+ngAroCW2RoYtWHdxiNATR7KG0xFT/XztViREoBiUHLsm
++BMcpKzku/V367utlxdoiwmetcryYqrcfyBqBL5fTdKTcf1cTdHq0sdky9d0Ls+n+
++EYWmBFKPhJ+AGfwSuQtUtkJxqJ0Q/fByMBvUoArhOJmii2eLO/CWklJxP/AcFpA6
++pE72c6XDqHd0OLF4FtyGYvYDzEkKKm9VjtERJjMyOBjD0EbkHV5QyMbbLtwuhybd
++ZOTzpLH5zM1F3N5AexntWMRj1vWiW7YTAoIBAQC3Rs1pQkMFfbi6izdUBfWBdm3q
++iAsltebEWOZWyEFGoOrXw2wBbglq2Q/X3m1uajnx862cReggoRj/g3kOrJg7XCBF
++Ql+E5ia0GJNevW7T1Aw4Lee1xb5icf6LTHmdZu1HHj41stvDqptRwXcB3uwrhRZq
++nH5GeAEk9ABOPMhz2p6y9qJP0pPC5XSUosCuk+Hrcug/jLDLEbWo15WCdjzXN8fF
++IvI5ZWJf0uWn9lBfoCHXP1aRgI7aXbjOvUsKQd+yXYWn710oll55mG5UR+M8TCB4
++PdfdeaG2sFFBX0tIDg9sAcCStbp1x7rbt9tcI9bACZgq3rQ5EXs8AlKTXzUe
++-----END RSA PRIVATE KEY-----`
++
++func TestKnownKey(t *testing.T) {
++ rsa2048 := getKey(gokey.RSA2048, t)
++ if !pemEqual(rsa2048, knownRsa2048, t) {
++ t.Fatal("generated RSA 2048 does not match the expected result")
++ }
++
++ rsa4096 := getKey(gokey.RSA4096, t)
++ if !pemEqual(rsa4096, knownRsa4096, t) {
++ t.Fatal("generated RSA 4096 does not match the expected result")
++ }
++}
+--
+2.20.1
+
diff -Nru
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series
---
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series
2019-06-04 20:52:40.000000000 +0200
+++
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series
2019-06-17 13:59:49.000000000 +0200
@@ -1 +1 @@
-0002-disable-TestGetKey-for-RSA.patch
+Import-deterministic-RSA-key-generation-code-from-Go.patch
diff -Nru
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules
gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules
2019-06-04 20:46:43.000000000 +0200
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules
2019-06-17 19:59:50.000000000 +0200
@@ -16,5 +16,8 @@
dh_auto_build
pandoc -s -t man gokey.1.md -o gokey.1
+override_dh_auto_test:
+ dh_auto_test -- -timeout 6h
+
override_dh_missing:
dh_missing --fail-missing
--- End Message ---
signature.asc
