Bug#930656: unblock: gokey/0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package gokey
The current version of gokey suffers the RC bug #930426 which makes the
RSA key generation non-deterministic. The main purpose of gokey is to
generate deterministic keys. The second upload to Debian unstable fixes
the build failure by increasing the timeout for the tests, because the
tests take very long on mips/mipsel. The gokey tests takes 11408.183 s
(= 190 min) on minkus.debian.org (mips porter box).
By the way, gokey
0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-2 is more or less
the same version as 0.0~git20190103.40eba7e-1, because there are only
two upstream commits between 20181023.b4e2780 and 20190103.40eba7e.
The debdiff is attached. My email address changes and this is not
mentioned in the changelog.
unblock gokey/0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-3
--
Benjamin Drung
System Developer
Debian & Ubuntu Developer
1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.drung@cloud.ionos.com | Web: www.ionos.de
Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss
Member of United Internet
diff -Nru gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog 2019-06-04 20:53:29.000000000 +0200
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/changelog 2019-06-17 20:04:04.000000000 +0200
@@ -1,3 +1,18 @@
+gokey (0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-3) unstable; urgency=medium
+
+ * Increase test timeout to six hours, because the tests need 190 minutes
+ on mips (Closes: #919759)
+ * Run tests for RSA2048 and RSA4096 again
+
+ -- Benjamin Drung <benjamin.drung@cloud.ionos.com> Mon, 17 Jun 2019 20:04:04 +0200
+
+gokey (0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-2) unstable; urgency=medium
+
+ * Cherry-pick patch from upstream to import deterministic RSA key generation
+ code from Go 1.10 crypto/rsa package (Closes: #930426)
+
+ -- Benjamin Drung <benjamin.drung@cloud.ionos.com> Thu, 13 Jun 2019 15:51:37 +0200
+
gokey (0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780-1) unstable; urgency=medium
* Team upload.
diff -Nru gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control 2019-06-04 20:52:40.000000000 +0200
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/control 2019-06-13 15:53:37.000000000 +0200
@@ -1,6 +1,6 @@
Source: gokey
Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org>
-Uploaders: Benjamin Drung <benjamin.drung@profitbricks.com>,
+Uploaders: Benjamin Drung <benjamin.drung@cloud.ionos.com>,
Anthony Fok <foka@debian.org>
Section: utils
Testsuite: autopkgtest-pkg-go
diff -Nru gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch 2019-06-04 20:52:40.000000000 +0200
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/0002-disable-TestGetKey-for-RSA.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,24 +0,0 @@
-Description: Disable tests for RSA2048 and RSA4096 in TestGetKey
- rsa.GenerateKey has been intentionally made non-deterministic since Go 1.11.
- This patch fixes the "gokey_test.go:161: keys with same invocation options
- do not match" error in TestGetKey with Go >= 1.11.
-Author: Anthony Fok <foka@debian.org>
-Origin: vendor
-Bug: https://github.com/cloudflare/gokey/issues/17
-Last-Update: 2018-12-31
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/gokey_test.go
-+++ b/gokey_test.go
-@@ -165,8 +165,9 @@
- func TestGetKey(t *testing.T) {
- testGetKeyType(EC256, t)
- testGetKeyType(EC521, t)
-- testGetKeyType(RSA2048, t)
-- testGetKeyType(RSA4096, t)
-+ // rsa.GenerateKey is no longer deterministic in Go >= 1.11
-+ //testGetKeyType(RSA2048, t)
-+ //testGetKeyType(RSA4096, t)
- testGetKeyType(X25519, t)
- testGetKeyType(ED25519, t)
- }
diff -Nru gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch 1970-01-01 01:00:00.000000000 +0100
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/Import-deterministic-RSA-key-generation-code-from-Go.patch 2019-06-13 15:53:37.000000000 +0200
@@ -0,0 +1,307 @@
+From 7fa426f8161136a02c3ab9aa7eca819a5f8b9157 Mon Sep 17 00:00:00 2001
+From: Ignat Korchagin <ignat.korchagin@gmail.com>
+Date: Wed, 2 Jan 2019 10:57:04 +0000
+Subject: [PATCH] Import deterministic RSA key generation code from Go 1.10
+ crypto/rsa package
+
+Go 1.11 introduced some explicit randomisation for some crypto routines, because
+they don't want callers to rely on the fact that current algorithms are
+deterministic with respect to the passed in pseudo-random stream (which is
+exactly what this package does) to be able to change the underlying algorithms
+in the future.
+
+Since we do need the key generation algorithms to be deterministic, we just
+import the algorithm to our package. This will also ensure consistent output
+for generated RSA keys should the standard crypto/rsa package change its
+generation algorithm.
+---
+ keygen.go | 4 +-
+ rsa/keygen.go | 108 ++++++++++++++++++++++++++++++++++++
+ rsa/keygen_test.go | 133 +++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 243 insertions(+), 2 deletions(-)
+ create mode 100644 rsa/keygen.go
+ create mode 100644 rsa/keygen_test.go
+
+diff --git a/keygen.go b/keygen.go
+index e1398bf..00be7c9 100644
+--- a/keygen.go
++++ b/keygen.go
+@@ -4,12 +4,12 @@ import (
+ "crypto"
+ "crypto/ecdsa"
+ "crypto/elliptic"
+- "crypto/rsa"
+ "errors"
+ "io"
+ "strings"
+ "unicode"
+
++ deterministicRsaKeygen "github.com/cloudflare/gokey/rsa"
+ "golang.org/x/crypto/ed25519"
+ )
+
+@@ -166,7 +166,7 @@ func (keygen *KeyGen) generateRsa(kt KeyType) (crypto.PrivateKey, error) {
+ return nil, errors.New("invalid RSA key size requested")
+ }
+
+- return rsa.GenerateKey(keygen.rng, bits)
++ return deterministicRsaKeygen.GenerateKey(keygen.rng, bits)
+ }
+
+ func (keygen *KeyGen) generateEc(kt KeyType) (crypto.PrivateKey, error) {
+diff --git a/rsa/keygen.go b/rsa/keygen.go
+new file mode 100644
+index 0000000..e4ebe9d
+--- /dev/null
++++ b/rsa/keygen.go
+@@ -0,0 +1,108 @@
++package rsa
++
++import (
++ "crypto/rand"
++ "crypto/rsa"
++ "errors"
++ "io"
++ "math"
++ "math/big"
++)
++
++// below is taken from https://github.com/golang/go/blob/161874da2ab6d5372043a1f3938a81a19d1165ad/src/crypto/rsa/rsa.go#L220
++// because later versions in standard crypto/rsa package are not deterministic
++var bigOne = big.NewInt(1)
++
++func GenerateKey(random io.Reader, bits int) (*rsa.PrivateKey, error) {
++ return generateMultiPrimeKey(random, 2, bits)
++}
++
++func generateMultiPrimeKey(random io.Reader, nprimes int, bits int) (*rsa.PrivateKey, error) {
++ priv := new(rsa.PrivateKey)
++ priv.E = 65537
++
++ if nprimes < 2 {
++ return nil, errors.New("gokey/rsa: GenerateMultiPrimeKey: nprimes must be >= 2")
++ }
++
++ if bits < 64 {
++ primeLimit := float64(uint64(1) << uint(bits/nprimes))
++ // pi approximates the number of primes less than primeLimit
++ pi := primeLimit / (math.Log(primeLimit) - 1)
++ // Generated primes start with 11 (in binary) so we can only
++ // use a quarter of them.
++ pi /= 4
++ // Use a factor of two to ensure that key generation terminates
++ // in a reasonable amount of time.
++ pi /= 2
++ if pi <= float64(nprimes) {
++ return nil, errors.New("gokey/rsa: too few primes of given length to generate an RSA key")
++ }
++ }
++
++ primes := make([]*big.Int, nprimes)
++
++NextSetOfPrimes:
++ for {
++ todo := bits
++ // crypto/rand should set the top two bits in each prime.
++ // Thus each prime has the form
++ // p_i = 2^bitlen(p_i) × 0.11... (in base 2).
++ // And the product is:
++ // P = 2^todo × α
++ // where α is the product of nprimes numbers of the form 0.11...
++ //
++ // If α < 1/2 (which can happen for nprimes > 2), we need to
++ // shift todo to compensate for lost bits: the mean value of 0.11...
++ // is 7/8, so todo + shift - nprimes * log2(7/8) ~= bits - 1/2
++ // will give good results.
++ if nprimes >= 7 {
++ todo += (nprimes - 2) / 5
++ }
++ for i := 0; i < nprimes; i++ {
++ var err error
++ primes[i], err = rand.Prime(random, todo/(nprimes-i))
++ if err != nil {
++ return nil, err
++ }
++ todo -= primes[i].BitLen()
++ }
++
++ // Make sure that primes is pairwise unequal.
++ for i, prime := range primes {
++ for j := 0; j < i; j++ {
++ if prime.Cmp(primes[j]) == 0 {
++ continue NextSetOfPrimes
++ }
++ }
++ }
++
++ n := new(big.Int).Set(bigOne)
++ totient := new(big.Int).Set(bigOne)
++ pminus1 := new(big.Int)
++ for _, prime := range primes {
++ n.Mul(n, prime)
++ pminus1.Sub(prime, bigOne)
++ totient.Mul(totient, pminus1)
++ }
++ if n.BitLen() != bits {
++ // This should never happen for nprimes == 2 because
++ // crypto/rand should set the top two bits in each prime.
++ // For nprimes > 2 we hope it does not happen often.
++ continue NextSetOfPrimes
++ }
++
++ priv.D = new(big.Int)
++ e := big.NewInt(int64(priv.E))
++ ok := priv.D.ModInverse(e, totient)
++
++ if ok != nil {
++ priv.Primes = primes
++ priv.N = n
++ break
++ }
++ }
++
++ priv.Precompute()
++ return priv, nil
++}
+diff --git a/rsa/keygen_test.go b/rsa/keygen_test.go
+new file mode 100644
+index 0000000..960a58f
+--- /dev/null
++++ b/rsa/keygen_test.go
+@@ -0,0 +1,133 @@
++package rsa_test
++
++import (
++ "bytes"
++ "encoding/pem"
++ "strings"
++ "testing"
++
++ "github.com/cloudflare/gokey"
++)
++
++func pemEqual(pem1, pem2 string, t *testing.T) bool {
++ b1, err := pem.Decode([]byte(pem1))
++ if b1 == nil {
++ t.Fatalf("failed to decode %v: %v", pem1, err)
++ }
++
++ b2, err := pem.Decode([]byte(pem2))
++ if b2 == nil {
++ t.Fatalf("failed to decode %v: %v", pem2, err)
++ }
++
++ return b1.Type == b2.Type && bytes.Equal(b1.Bytes, b2.Bytes)
++}
++
++func getKey(kt gokey.KeyType, t *testing.T) string {
++ priv, err := gokey.GetKey("pass", "example.com", nil, kt, true)
++ if err != nil {
++ t.Fatal(err)
++ }
++
++ var b strings.Builder
++ err = gokey.EncodeToPem(priv, &b)
++ if err != nil {
++ t.Fatal(err)
++ }
++
++ return b.String()
++}
++
++// generated by "$ gokey -p pass -r example.com -u -t rsa2048" with Go < 1.11
++var knownRsa2048 = `-----BEGIN RSA PRIVATE KEY-----
++MIIEowIBAAKCAQEAqIT/jlQnJAIxS2h/AEz6RSiN9/GWY8lh9V81vfpzjZ069NOH
++fVL0rQiRj11GqReHTUOjuOiCwYn6d6tPSCVC8fDyBjQ6cf9tm0G+lMf8LsMCPFTL
++PDivqH8KwXLgC2+Zmm906nGkGUZ79AdOa6A2k07PbQ791/7s6ghWU6Dx6lPqiHC+
++jFfQctQWNUdIchYt1X9eARNTcJQAYBAikH0X+dZwcm9sfTRtJCo7WvjOBwxIk/XA
++k9GcoR2bbGrN8wnVGO2Luw9exg/GavfpkWI1jRx82Hfqfd+Ux3478yOS2Z1kbve1
++g3DI8qscaN8oZugw4R/EBg0jOOinDwE9oISZ3wIDAQABAoIBAGJooE/+RokZmq29
++jQSg7zl5sEYNV1RYYpMGkXyqh9Y37hjQefuueOGe8lm1D7Fo4wM0r6Qoa0sYByLg
++8EBiOhDNMph64XJ2xgv3PZLmohawnFqc7b3yIGoWHjLPoZQsDJgJ5E2QJVL5PSNJ
++LPteqOAnEqxOJ+B9pt4YFklp4DuE6H21pgM8tn0azH5Hf4w6LDrkjk4+WVAFrQqj
++UJFSVVQ6Vq54BxnBUJzGCmlKCqDbUrOLQ2TrDodDVPHzmzxX69WVtwqtkiJ6X7HH
++pnodlRV9LwLMkZwgQBEcoZnQkWLimGBRBaO/uuZewmXJ9u6HgXIL9+VVHFnkcdZs
++S6QwLxECgYEA3ghowXxlR7GsC8+07YJUJV+KvKNK4qEZVp2MMscxOPWjcO1tWO88
++8K/E54Gp8ktsqmejQjnUD7749h2pEUZHfy2sCpWOHjXzLouCkZlSZQpsWVcFkFLL
++qZvwv+pCV9osxpf8o2n/ZuKGP3VgKeSlql6eHLdRV6edEUEJogwFgykCgYEAwkzR
++d5uqToUlbz3fKTs9c4bTt+xnhlOyXPdnbRph/N96Yp0eIi2v7F0FBB5qzKZKy72M
++4+DHvWrpAruh14nryXolQ/OesT27R00auxjOAWM2v2BFeNjBadwnlYfbzCtM+1Wd
++6U+Ahd6Nkdk5tAkMvP03RwPxOTPXuXOtJNFgHccCgYEApbq1JqdJmegeuXpCXH5J
++fNQB5KgmP19sYGCcw1I3hYKkiqhOVHHOlQE+AmegiMCPzeopzEcJ6O7tOhgNmF1T
++BLT8k7HqMNaoO/fab/93pv/OvCjeeEm0x1ckrruW5ahuf5X296so/ozbFAbyzpJi
++rfaOInUa/EiaTsSzAgfjHXECgYA13opsuPHc1zlrwCGxEsWU1Bq68YY6TdYzxDwe
++maP1MhiCYsFKBJSz2Y5cd/pwRuKR3jnDrDx0ncGAinjyg0CmGYFfd5nV1iGoQQ5a
++NSRYaiNxp8VbHe1x5iHraUFdN9weCry/RNWDSBLEDw/ahG/Nrf63Z7Znf6Idvp6Q
++iKQ3XQKBgGpKBezvB82Jk0suZZdqZIs3OVDy7i6SIwS3MgABRE5pYgDWhlnEzGFS
++Tk4zAHR2tIeN4RjOcanspxKbN+Qfm1TkeFwRq5553f0ypMz7xkCdUCKIAeCfTkbs
++qkciBuCm/Oa4RlB/LwH+paBV3RvQOYLXw50/uzAr5S2+2wPx4wMT
++-----END RSA PRIVATE KEY-----`
++
++// generated by "$ gokey -p pass -r example.com -u -t rsa4096" with Go < 1.11
++var knownRsa4096 = `-----BEGIN RSA PRIVATE KEY-----
++MIIJKQIBAAKCAgEAxVvkLK1k8W62pevv0YTpS5AzWTGKnKAcoE/ysAcDpTnpkEut
++FLqQPqSBeMoWliD17DeMTFq76BNbEB4H+K7Gb+UZ4VA+wH2v7e0FegDt576fWatV
++A9FaL3Dt4QvaqUtDD/7aDCL11IA4eAGQn7gb4ACd/MzBCSY9UAJ4OXkmKnMGfwLS
++4mjTM6/Y4QGZgR71c8weCsbk+T0VVhcBS9rrpmDibpSDIOCjc9eKGzAPAVdY97fh
++JkUfCKkHJVqzdZvXUqWs4DOYhXoxbX9yQ/9Y4kzKnxbiq0Vs0+LKi5TaUVNtT7B0
++cDIjHCZtmTno7v+IM3Hropf76nFf5mSRV248rnNsjb9kiV8MbIIE4yCJXdpfcRGC
++DNX8I7hgRfR+BffntGL8k6zBro+N7ElsCTLvXlfBlFgnnuPZw57HHLZVR7I1HbOv
++sGIWKP806fiar2ka51+M0JIdOJbyiw3byEMpOjsSeIpTgcV3SLxmrk/0yE+Mdokl
++Uv38AQ5svekP1Htk0qbwod8CzvumYV7GLmBUac9hKwIX0xnoKv/9yZY2ELMz9Zoa
++Sds3eJRK3D3nAUYjrCWTTLevd67Idsu0iJGjQ1haLR9jcFKqLo/4SiAxM3CeqZdD
++ExnyoM9caQvfnwGpgwRXyEdO1Zt2g1kJ8OBlrLlz5YM3qwEUrQ+4lGSastsCAwEA
++AQKCAgA4NUCZ/NQ38qkwPi7yBCGRdMM7DuIEU5FzkvFycrz2DLVZdEQaGDxGqwF4
++zk16em6v1O4vPNQxd3nC8Fqi19wKODyTsA//MIyvfYbGxYb8Lo0hs6slyDUgN9B3
++/LFM7/Nslc+yDy7mU5JBk2iGJKBDvslAG2yK14o0xE9LRxa4lkPuXnaDJwmnudhR
++1OvMG24aibKwrQ6/cUcnWqvy16mvm/5BMijabz/+GQ/rSFetsRvUiVklViBNjh5L
++5DYiM70ye57tx6QTt8ZmAhsgBJRi9y3p+1GZJ8+j1P6MnFtFODZ0sLOo1I6tUMB8
++GEMf9kTrKfHLP+/uSFXgvxmpxeqf4B8hEoHe82K5lu8YVs2tsXFemcNrrsFaPBfS
++vCOpuhXLfA+JLOY4E1yMeW49lSRP9cobyNr/Sr2RROuazKg3CVsPwIt9p1JD2pIv
++U/5fu94qiT2EgXp3QOKn11iTYw6lzSsE+cPFx+Dd9AB0eIoWPUNtxBF8VnQZpZxk
++0BPm+CaqOXB3Qmn3jEFl41AC9I5AGvWLPZPNROWfSfGJa2qJkeMbFtvY5GeX+Sc3
++abHn0KACtAKONpSgPw50cSJhwlL2GAQnnRQYOR8lXeUwYb1t7ikCPRHPqH+f+Ehb
++aPYWwGQikJ9XYo7iWD93I+jIycGa7gX+cVdRkO0lLCy0EaPtIQKCAQEA9Kf8DbbM
++euLtzx+9itydUZJvkgQhs+GhE7aG8YH2LwgBR2GuK2gPw0i1DfZpLBmr10g0e/mr
++wQB5OmvNv5mNUltI4hKWnlNsUqWjilSdpY99Hp/W+gHQONhCGoRHzU2e/oMZlQQJ
++qk9CuF0rQU/NaOtdwa+pGIXWDr5V6/H30ppMDtzWjCoGH+QXsDQPqgSo+w/k5PEW
++YNMhtaCXkPeL+iP5yyKJGiISJKFPgOlzWuPFtt4IQ2to4OxoNYzr0VwJ9lHIMs6S
++vTkMJEubszgH39FzIGEO6KE4h3JaGkcG7S3REELaiU62YjaveFbXnT+HnRIi9gye
++39hgEKsB674l0QKCAQEAzoJ/tEySJnQfELMmaLOP17gPyapBLpIKh8cEdCxbFhXC
++JFrzmU5AICHU/QREJ6vPB1n8STUC3xUXD9fq7tjBFlIZ5UA+cUpag6/Z0K/DzTOh
++V975lJwoqv46DjRr0tW17fH4Qmwnj0bUslQJGVW8IkhX5B8gfsR+8Q9a91wrvgOX
++QciYoftxuILE8npHW24DqYQkWDkzTDW+x7Liiizvc4B3AG1B09N26XeXETaJCuvO
++SvnCdOmlxm4NP4CnpS4h/A33wlr+5VDldGBSxBHEQJgZz8W9HVgmIdzsUkiYbhaS
++PxtcdIXV95+K+YMSNIJYTV/t7dMa1FmxFnQQmGE86wKCAQEA1uz/43hT+ByE93EV
++zPh0B6YR939DsEelfrDZqS4XfEeXAANSw3Uea9rim0p+KCzBJlWbLdIuzVVCKk1s
++KUaWvOPOijP0N1BoF87FdY9SEpCURSP78hNHvbhVkf/lJ/lplILNJXivmPsaTOYk
++SrL1a5dg/Pb5IL7qRnd0+drOcCf2axQcMnP0f22cVcHWhPClFjFnTqxwkUzJD0rt
+++39Ma8nQ9l/3e4q0z5MaSdBL82unVDeHoNqp/vYPsgODYp9tbQN5URDiHfMQtI3r
++US0G1dulPKunMjv3ch3GA9GjxxZ508Q3QWpxlKQf0CLSNaUK2LSHHAoIQ/NMqTfh
++bxzTEQKCAQBNQQqPI5oFIqnAcJSs1Ie6NpRJaBTMXDvuQWiMIU/N+kPPn+rDbj+V
++BbMNGDx67s4bPPGhXWB+ngAroCW2RoYtWHdxiNATR7KG0xFT/XztViREoBiUHLsm
++BMcpKzku/V367utlxdoiwmetcryYqrcfyBqBL5fTdKTcf1cTdHq0sdky9d0Ls+n+
++EYWmBFKPhJ+AGfwSuQtUtkJxqJ0Q/fByMBvUoArhOJmii2eLO/CWklJxP/AcFpA6
++pE72c6XDqHd0OLF4FtyGYvYDzEkKKm9VjtERJjMyOBjD0EbkHV5QyMbbLtwuhybd
++ZOTzpLH5zM1F3N5AexntWMRj1vWiW7YTAoIBAQC3Rs1pQkMFfbi6izdUBfWBdm3q
++iAsltebEWOZWyEFGoOrXw2wBbglq2Q/X3m1uajnx862cReggoRj/g3kOrJg7XCBF
++Ql+E5ia0GJNevW7T1Aw4Lee1xb5icf6LTHmdZu1HHj41stvDqptRwXcB3uwrhRZq
++nH5GeAEk9ABOPMhz2p6y9qJP0pPC5XSUosCuk+Hrcug/jLDLEbWo15WCdjzXN8fF
++IvI5ZWJf0uWn9lBfoCHXP1aRgI7aXbjOvUsKQd+yXYWn710oll55mG5UR+M8TCB4
++PdfdeaG2sFFBX0tIDg9sAcCStbp1x7rbt9tcI9bACZgq3rQ5EXs8AlKTXzUe
++-----END RSA PRIVATE KEY-----`
++
++func TestKnownKey(t *testing.T) {
++ rsa2048 := getKey(gokey.RSA2048, t)
++ if !pemEqual(rsa2048, knownRsa2048, t) {
++ t.Fatal("generated RSA 2048 does not match the expected result")
++ }
++
++ rsa4096 := getKey(gokey.RSA4096, t)
++ if !pemEqual(rsa4096, knownRsa4096, t) {
++ t.Fatal("generated RSA 4096 does not match the expected result")
++ }
++}
+--
+2.20.1
+
diff -Nru gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series 2019-06-04 20:52:40.000000000 +0200
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/patches/series 2019-06-17 13:59:49.000000000 +0200
@@ -1 +1 @@
-0002-disable-TestGetKey-for-RSA.patch
+Import-deterministic-RSA-key-generation-code-from-Go.patch
diff -Nru gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules
--- gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules 2019-06-04 20:46:43.000000000 +0200
+++ gokey-0.0~git20190103.40eba7e+really0.0~git20181023.b4e2780/debian/rules 2019-06-17 19:59:50.000000000 +0200
@@ -16,5 +16,8 @@
dh_auto_build
pandoc -s -t man gokey.1.md -o gokey.1
+override_dh_auto_test:
+ dh_auto_test -- -timeout 6h
+
override_dh_missing:
dh_missing --fail-missing
Reply to: